Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

    FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data.

  • Multiple vulnerabilities in Pandora FMS could trigger remote execution attack

    Critical vulnerabilities lurking in Pandora FMS could have led to the full compromise of enterprise infrastructure and networks.

    Developed by Ártica ST, Pandora FMS is an open source solution that provides an interface for monitoring network connections, app management, event alerts, and both agent and agentless monitoring for Windows, Linux, Unix, and Android systems.

    On September 22, SonarSource cybersecurity researcher Dennis Brinkrolf explained the potential impact of four vulnerabilities recently discovered in Pandora FMS version 742. All flaws have since been patched.

  • Introducing “YAYA”, a New Threat Hunting Tool From EFF Threat Lab

    At the EFF Threat Lab we spend a lot of time hunting for malware that targets vulnerable populations, but we also spend time trying to classify malware samples that we have come across. One of the tools we use for this is YARA. YARA is described as “The Pattern Matching Swiss Knife for Malware Researchers.” Put simply, YARA is a program that lets you create descriptions of malware (YARA rules) and scan files or processes with them to see if they match. 

    The community of malware researchers has amassed a great deal of useful YARA rules over the years, and we use many of them in our own malware research efforts. One such repository of YARA rules is the Awesome YARA guide, which contains links to dozens of high-quality YARA repositories. 

  • EU Still Asking For The Impossible (And The Unnecessary): 'Lawful Access' To Encrypted Material That Doesn't Break Encryption

    A few months ago, Techdirt wrote about a terrible bill in the US that would effectively destroy privacy and security on the Internet by undermining encryption. Sadly, that's nothing new: the authorities have been whining about things "going dark" for years now. Moreover, this latest proposal is not just some US development. In an official document obtained by Statewatch (pdf), the current German Presidency of the Council of the European Union (one of the key organizations in the EU) has announced that it wants to move in the same direction (found via Netzpolitik). It aims to prepare:

  • 'BootHole' implications for 'isorespin.sh'

    When it was discovered that GRUB2 contained various vulnerabilities that would allow UEFI Secure Boot to be bypassed and which became known as the “BootHole” vulnerability (CVE-2020-10713), the recommendation was that all operating systems using GRUB2 with Secure Boot must release new installers and bootloaders.

    I reviewed 'isorespin.sh' at that time as one of it's key features is the option to add a GRUB2 bootloader to allow ISOs to boot on the many Intel devices limited by their BIOS requiring a 32-bit bootloader to boot a 64-bit OS.

    My initial 'fix' was based around Ubuntu's response by recompiling and adding the latest fixed GRUB2 bootloader from 'groovy' (Ubuntu 20.10) and let the Ubuntu package manager 'apt' install the appropriate GRUB2 binaries to the ISO whilst being respun.

  • Bug Bounty FAQ: Top Questions, Expert Answers

    Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.

  • Update Infrastructure Access – Adios http

    Earlier this year we enabled access to the update infrastructure through the data center. This was made possible by a refresh of the update infrastructure last year. Also earlier this year SUSE Linux Enterprise Server 11 SP4 reached EOL w.r.t on-demand image maintenance and this allowed us to switch all our traffic to run over https. The redirection of traffic from http to https happened shortly after SLES 11 SP4 images reached EOL but until now we didn’t come around with making this change stick on the client side.

More in Tux Machines

Freespire 7.0 Released with the Xfce Desktop, Based on Ubuntu 20.04 LTS

Arriving more than nine months after Freespire 6.0, the Freespire 7.0 release is based on the Ubuntu 20.04 LTS (Focal Fossa) operating system series with the long-term supported Linux 5.4 kernel and uses the latest Xfce 4.14 desktop environment by default. Freespire 7.0 is packed with many popular applications, including the latest Chromium 86 web browser, Mozilla Thunderbird 68.12 email client, Synaptic package manager, Abiword word processor, Gnumeric spreadsheet editor, Parole media player, Transmission torrent downloader, KolourPaint digital painting app, as well as the KPatience card sorting game and DreamChess chess game. Read more

LibreOffice 7.0.3 Released With 90+ Bug Fixes and More Compatibility

The bleeding-edge version of LibreOffice 7.0.3 is released by The Document Foundation (TDF) and it is immediately available for download or update. This is the third point release in the LibreOffice 7.0 release which brings a huge set of changes to this free and open-source office suite. Read more

today's howtos

  • Grub Boot Loader Full Tutorial – Linux Hint

    A boot loader is, by default, the first program that starts as soon as you turn on your computer system, i.e., it starts even before the operating system. In fact, the boot loader is responsible for loading your operating system. In the absence of a boot loader, it is technically impossible to load your operating system, hence, you will not be able to access your computer system. This program is presented to us by GNU. Initially, this program was developed only for Linux-based systems, however, today it supports multiple operating systems including, macOS, Windows, BSD, and Solaris. Most of the users get familiar with the Grub Boot Loader only once they install more than one operating system on their machine. By doing this, they essentially cause the Grub Boot Loader to present a menu at the boot-up time through which they can explicitly choose which operating system they want to load. In this article, we would like to share with you a complete tutorial on Grub Boot Loader, which will be based on customizing this program according to your choice. After going through this tutorial, you will be in a very good position to customize the Grub Boot Loader just the way you want, and hence you can make the experience of seeing the boot-up process all the more interesting.

  • Blender Knife Tool – Linux Hint

    A knife tool is used to subdivide any surface of a mesh by drawing lines. In other words, a knife tool is a modeling tool to form new edge loops and vertices. The knife tool is pretty straightforward. To select the knife tool, you must enable Edit Mode.

  • Blender Bevel Tool – Linux Hint

    In real life, no surface is perfectly sharp. Bevel helps in bringing out the detail. With bevel applied, objects look much more appealing than without bevel. This effect can be exaggerated or subtle one, it depends on the shape of the mesh and your preference. The bevel allows you to chamfer the corners and edges of a mesh. The beveled edges catch light and change shading around corners, which gives realism to the mesh.

  • An Introduction to Linux’s dmesg Command – Linux Hint

    Every operating system, including Linux, performs some activities silently without notifying the user. Although the user is unaware of these activities, it may be necessary to check these activities to identify operating system issues and the devices attached to the computer system. Luckily, for the Linux operating system, all these activities are logged in the ring buffer, which can be accessed by using the diagnostic messages (or dmesg) command. The dmesg command in Linux can be used to display all the messages related to the events taking place within your operating system. This article will teach you how to use this helpful command in Linux.

  • How to Setup Raspberry Pi Bluetooth – Linux Hint

    Bluetooth is a very popular communication protocol for short-distance wireless communication. There are many Bluetooth devices such as keyboards, mouses, headphones, speakers, etc. that you can connect to your Raspberry Pi using Bluetooth. If you need to transfer small files between your Raspberry Pi and another device like a laptop, or a smartphone, Bluetooth can also come in handy. In this article, I am going to show you how to setup Bluetooth devices on your Raspberry Pi running the Raspberry Pi OS. So, let’s get started.

  • Killing frozen applications in Ubuntu – Linux Hint

    Sometimes, the applications running on your system freeze and stop responding. A frozen application cannot be closed by simply using the x button in the upper-right corner of the interface, but rebooting the system is not always a good solution—especially if the system is running critical services. In Ubuntu, there are several methods that can be used to kill frozen applications safely and quickly without rebooting your system: xkill, system monitor utilities, and the commands kill, pkill, and killall. In this article, we will discuss these methods on a machine running Ubuntu 20.04 LTS (Focal Fossa).

  • How do I Upgrade Ubuntu from the Terminal? – Linux Hint

    If you are a computer enthusiast, you might have experience working with multiple operating systems. For a given operating system, it is good to use the latest release for several reasons. First, the latest release includes the latest software upgrades, which will protect you from potential bugs. Second, newer versions tend to be more secure than older versions. In this article, we will teach you how to upgrade Ubuntu from the Linux terminal. Note that, in this article, we use Ubuntu 20.04 LTS.

  • Amazing Useful Raspberry Pi Commands Cheat Sheet | Itsubuntu.com

    Amazing Useful Raspberry Pi Commands Cheat Sheet Let’s have a look into the some of the useful Raspberry Pi commands cheat sheet.

Best Comic Book Reading Apps for Linux

This article will list comic book reading applications available for Linux. Some of these applications are specially designed for reading comic books while others are e-book readers and general purpose document readers that support multiple digital comic book file formats. Read more