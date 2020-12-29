Security: Solarwinds Incidents and Latest Patches
DOJ, US Court System Latest To Announce They're Victims Of The Massive Solarwinds Hack
The hits just keep on coming for US federal agencies affected by the massive Solarwinds hack. State-sponsored hackers -- presumably Russian -- leveraged Solarwinds' massive customer base and compromised update server to infect systems around the world. Here in the United States, a possible 18,000 Solarwinds customers are affected… as are their users and customers, which brings the possible number of infected back up into the millions.
SolarWinds Hack: CISA Asks Agencies To Conduct Forensic Analysis By Month-End
All other versions of the SolarWinds Orion platforms, regardless of whether included in the original range identified in ED 21-01, have been identified as not containing that malicious backdoor (“unaffected versions”).
Security updates for Tuesday
Security updates have been issued by openSUSE (chromium), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), Slackware (sudo), SUSE (firefox, nodejs10, nodejs12, and nodejs14), and Ubuntu (apt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-hwe-5.8, linux-oem-5.6, linux-oracle, linux-oracle-5.4, nvidia-graphics-drivers-390, nvidia-graphics-drivers-450, nvidia-graphics-drivers-460, python-apt, and xdg-utils).
Email security firm Mimecast says [attackers] hijacked its products to spy on customers
Email security provider Mimecast said on Tuesday that [attackers] had hijacked its products in order to spy on its customers.
The company said it had been alerted to the attack by investigators at Microsoft and that "a sophisticated threat actor" had compromised the certificate used to guard connections between its products and Microsoft's cloud services.
In a four-paragraph statement, the company said around 10% of its more than 36,000 customers had been affected, but it believed "a low single digit number" of users had been specifically targeted.
Linux at Home: Creative Writing with Linux
We are told by our governments that in the current crisis the single most important action we can take is to stay at home and minimise the amount of contact with others. The new variant of Covid-19 is much more transmissible than the virus’s previous version. The advice to stay safe is therefore even more important. It’s only with everyone abiding by the law can we protect our health services and save lives. In this series, we look at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged. The change of lifestyle enforced by Covid-19 is an opportunity to expand our horizons, and spend more time on activities we have neglected in the past.
Twake – A Modern Open-Source Collaboration Platform
Twake is a modern open-source collaborative workspace that allows you to keep all of your data in one centralized location and to manage your projects using a single UI that features integrated support for all your favourite collaborative tools. Its beautiful user interface offers a rich user experience that is easy to get accustomed to whether you use it for chatting with your team, managing tasks, managing events using its calendar, or storing files. There is modern-styled online documentation to assist developers and users in having the best possible experience, and an external collaborator feature that allows for specialized discussion channels where Twake members and non-members can collaborate on projects simultaneously. Best of all, you can use it for free, subscribe to its paid plan, or host it yourself just like you would OwnCloud and NextCloud.
Stable Kernels: 5.10.7, 5.4.89, 4.19.167, 4.14.215, 4.9.251 , and 4.4.251
I'm announcing the release of the 5.10.7 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s... thanks, greg k-hAlso: Linux 5.4.89 Linux 4.19.167 Linux 4.14.215 Linux 4.9.251 Linux 4.4.251
DIGITAL HOARDING: UBUNTU MIRROR
I have a bunch of Ubuntu machines on my local network at home. They all periodically need to check for updates then download & install them. Rather than have them all reach out to the official mirrors externally to my network, I decided to run my own mirror internally. This post is just a set of notes for anyone else who might be looking to do something similar. I also do a lot of software building, and re-building, which pulls all kinds of random libraries, compilers and other packages from the archive. Having it local saves me repeatedly downloading from the ‘net while the kids are on Netflix School Zoom classes. Don’t do this if you’re on a super slow connection because the mirror will probably never finish building. Also probably don’t do it if you have a per-byte billing arrangement with your provider. This will chew quite a bit of bandwidth, especially the first run. But even subsequent runs can do too, depending on how much chrurn in the Ubuntu Archive there’s been since it was last executed.
