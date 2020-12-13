Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 15th of December 2020 12:04:35 AM
Security
  • New Windows Trojan Steals Browser Credentials, Outlook Files | Threatpost

    The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.

    Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files.

    The trojan, called PyMicropsia (due to it being built with Python) has been developed by threat group AridViper, researchers said, which is known for targeting organizations in the Middle East.

    “AridViper is an active threat group that continues developing new tools as part of their arsenal,” researchers with Palo Alto’s Unit42 research team said in a Monday analysis. “Also, based on different aspects of PyMicropsia that we analyzed, several sections of the malware are still not used, indicating that it is likely a malware family under active development by this actor.”

  • Committee or Community: Slowing down the future – Open Source Security

    I wrote a blog post about looking back, and I have a bit of snark in there where I talk about slowing down the future. I wanted to explain this a bit more and give everyone some food for thought around how we used to do things and how we should do them moving forward. There are groups and people that exist to slow things down. Sometimes that’s on purpose for good reasons, sometimes it’s on purpose for bad reasons, sometimes it’s not on purpose at all.

    I want to start with the idea that a lot of standards are there to slow us down on purpose. This isn’t meant to be a hot take, this is the actual truth and it’s a good thing. Standards exist to help everyone work together. If standards change too quickly it creates barriers instead of opportunities. Imagine if HTTP or TCP/IP changed drastically every year. It would be horrible, the internet wouldn’t look anything like it does today.

    Now, there are times when slow change is the opposite of what we want to do. Emerging technologies are a great example of this. Imagine if the Linux Kernel API changes had to pass a standards committee. There would be no progress, development would grind to a halt and nobody would want to contribute to such a project. The project wouldn’t be the success it is today.

    There are some standards groups where being slow actually helps progress, and there are some groups that hurt progress by moving slowly. For the purpose of this blog post, let’s focus on new technologies. New technology needs to move fast and iterate without a committee telling them what to do. New technologies should work more like an open source project to move forward. In the world of open source it’s easier to build an example then talk about what the example does. The work is fast and the work itself is the discussion. This model has mostly taken over the world. It is fast, open, and makes it easy to help.

  • Hackers are abusing a disputed vulnerability to launch attacks on Linux machines [Ed: This is ZDNet FUD being recycled]

    “We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL,” note the Palo Alto Networks Unit42 researchers.

    The researchers explain that PGMiner hunts for PostgreSQL installations whose administrators have forgotten to disable the default ‘postgres’ administrator user account. It then brute-forces its way to the account’s password, before exploiting PostgreSQL’s controversial copy from program feature to start mining.

  • Why getting voting right is hard, Part II: Hand-Counted Paper Ballots - The Mozilla Blog

    In Part I we looked at desirable properties for voting system. In this post, I want to look at the details of a specific system: hand-counted paper ballots.

Security updates for Monday

Submitted by Roy Schestowitz on Tuesday 15th of December 2020 12:09:29 AM.
  • Security updates for Monday

    Security updates have been issued by Debian (lxml, openexr, openssl, and openssl1.0), Fedora (libpri, libxls, mediawiki, nodejs, opensc, php-wikimedia-assert, php-zordius-lightncandy, squeezelite, and wireshark), openSUSE (curl, openssh, openssl-1_0_0, python-urllib3, and rpmlint), Red Hat (libexif, libpq, and thunderbird), Slackware (p11), SUSE (kernel, Kubernetes, etcd, helm, openssl, openssl-1_0_0, and python), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi).

More in Tux Machines

today's howtos

  • 4 Easy Ways to Remove/Delete a PPA on Ubuntu

    We are all software hunters and would like to immediately check out the updated app to get new features. Most distributors do not have this feature due to the standard release path. But this feature is present in Ubuntu and its derivatives because users can maintain and publish the latest software as Personal Package Archive (PPAs).

  • LFCS - Logging | Linux.org

    System logging is a very important aspect of maintaining a system and monitoring it for issues. Making logs, implementing your items to log and checking those logs can help you keep systems running smoothly.

  • mv command in Linux with Useful Example – TecAdmin

    mv command is used to move files from one directory to other directory. Also mv command is used to rename file in Linux systems. It is an frequently uses command by the Linux users. You must learn about mv command in Linux and its parameters.

  • Set up an Ansible lab in 20 minutes | Opensource.com

    Being able to build and tear down a public cloud environment is very useful, but most of us don’t have easy access to a public cloud. The next best thing would be to have a lab on your local machine, but even running on a local machine brings performance, flexibility, and other challenges. Most of the time, the additional workloads on our local machines interfere with doing our daily job, and they certainly prevent having a readily available environment to play and experiment with new software. My team and I encountered this challenge a few years ago when we were starting to learn Ansible. We couldn’t find an environment that we could use individually, and our frustration with the situation caused some of us to stop experimenting. We knew we needed to find a solution.

  • Adding an IP address to a Bridge | Adam Young’s Web Log

    OpenShift requires a load balancer for providing access to the hosted applications. Although I can run a three node cluster, I need a fourth location to provide a load balancer that can then provide access to the cluster. For my home lab set up, this means I want to run one on my bastion host….but it is already running HTTP and (FreeIPA) Red Hat IdM. I don’t want to break that. So, I want to add a second IP address to the bastion host, and have all of the existing services make use of the existing IP address. Only the new HA Proxy instance will use the new IP address. This would be trivial for a simple Ethernet port, but I am using a Bridge, which makes it a touch trickier, but not terribly so.

  • How to Create and Manage Archive Files in Linux - Linux Foundation - Training

    In a nutshell, an archive is a single file that contains a collection of other files and/or directories. Archive files are typically used for a transfer (locally or over the internet) or make a backup copy of a collection of files and directories which allow you to work with only one file (if compressed, it has a lower size than the sum of all files within it) instead of many. Likewise, archives are used for software application packaging. This single file can be easily compressed for ease of transfer while the files in the archive retain the structure and permissions of the original files.

Version 3.0 of QSoas is out

After almost two years of development, version 3.0 of QSoas is finally out ! It brings in a number of new features. Read more

Sxmo 1.2.0 adds support for gesture controls

And then there’s Sxmo. Described as a “collection of simple and suckless X programs and scripts,” this made-for-Pinephone software lets you navigate using the phone’s power and volume keys. For example, you can open an application-specific context menu by tapping the volume up key, then use the up and down arrows to navigate and the power button to select your choice. It’s… honestly kind of tedious. Fortunately Sxmo also supports touch input. So you can, for example, tap the power button once to bring up an on-screen keyboard and then type out a search or command. And now, starting with Sxmo version 1.2.0, you can also use gesture-based navigation for a bunch of actions. Read more

Tomasz Torcz: k3s is tiny and cute

After KubeCon I've decided to give k3s a try. And I'm impressed! K3s is a small distribution of Kubernetes (k8s), Linux container orchestrator system. It's really tiny while being functional. One starts with a single 52MiB binary and after few seconds there's a functional installation with half a dozen of system pods. It's a far cry from OKD and its resource hunger. Of course, compared to OKD, there's much less functionality in k3s, but enough for most cases (including mine). First, I'm writing now, because only recently cgroupsv2 support was added to k3s. Previously it just didn't work on modern systems, like Fedora. Second, the etcd database, widely perceived as a mandatory part of k8s, is optional in k3s! By default embedded SQLite is used – enough for simple scenarios. I'm particularly happy for Postgresql support. Yes, you can have your Kubernetes working with pgsql. But K3s is not a single-node solution only. Adding worker nodes is simple; High-Availability solutions for control-plane looks sound (haven't tried yet, but it's on my TODO). Read more

