Language Selection

English French German Italian Portuguese Spanish

Security and FUD (Fear, Uncertainty, Doubt)

                   

  • Ransomware took heavy toll on US in 2020: researchers [iophk: Windows TCO]

                     

                       

    The study released Monday by the security firm Emsisoft said ransomware attacks -- which encrypt and disable computer systems while demanding a ransom -- affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year.

                       

    "The attacks caused significant, and sometimes life-threatening, disruption: ambulances carrying emergency patients had to be redirected, cancer treatments were delayed, lab test results were inaccessible, hospital employees were furloughed and 911 (emergency) services were interrupted," the report said.

  • Security updates for Thursday

    Security updates have been issued by Debian (mutt), Fedora (libntlm, mingw-python-pillow, python-pillow, and sudo), Mageia (kernel), SUSE (gdk-pixbuf, perl-Convert-ASN1, samba, and yast2-multipath), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.4, linux-hwe-5.8, linux-oracle). 

  •  

  • Pwnable Document Format: Windows PDF viewers outperformed by browser, macOS, Linux counterparts

    PDF viewers built into leading web browsers and applications for macOS and Linux were only susceptible to comparatively trivial attacks such as denial of service (DoS).

    [...]

    Susceptible to eight of 10 attack techniques, the worst culprits overall were PDF-Xchange Viewer and PDF-Xchange Viewer for Windows.

    PDFelement and iSkysoft, prone only to DoS, were honorable exceptions to the otherwise unimpressive Windows scorecard.

  •  

  • 'FreakOut' Botnet Targets Unpatched Linux Systems [Ed: This is FUD and not about "Linux"; it's about unpatched programs that have nothing to do with Linux, but they ascribe guilt by association (human error/negligence)]

    Researchers are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. Botnet operators have been mass-scanning for vulnerable Linux devices, and the command-and-control server associated with FreakOut has now targeted several hundred vulnerable devices.

  • Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems [Ed: Same as above]
  • List of DNSpooq vulnerability advisories, patches, and updates [Ed: Microsoft-connected sites keep trying to blame this on "Linux"]

    Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices.

More in Tux Machines

IBM/Red Hat: Kafka Monthly Digest, Red Hat Upselling, and Cockpit 239

  • Kafka Monthly Digest – February 2021

    This is the 37th edition of the Kafka Monthly Digest! In this edition, I’ll cover what happened in the Apache Kafka community in February 2021.

  • 5 ways Red Hat Insights can improve your sysadmin Life

    The way we do things is changing fast. This has become a necessity as our systems get more complex, our workloads evolve, and our deployments rapidly grow in size. Thanks to the innovations brought about by openness and collaboration, we can develop tools and services to cope with these quickly evolving times. For us to reap the benefits of these advancements, we should open ourselves to carefully exploring how various tools suit our requirements and fit into or change our norms. By doing so, we may simplify a lot of our mundane tasks, reduce overhead, and address the major pain points in our operations. Having worked as a sysadmin in the past, I've discovered many automation tools and services that have made my life easier. One of the most recent is Red Hat Insights. In this article, I share five ways this service that is included with your Red Hat Enterprise Linux (RHEL) subscription can improve your life as an admin.

  • Cockpit Project: Cockpit 239

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from Cockpit version 239.

LibreOffice 7.1.1 Community available for download

LibreOffice 7.1.1 Community, the first minor release of the LibreOffice 7.1 family, targeted at technology enthusiasts and power users, is available for download from https://www.libreoffice.org/download/. LibreOffice 7.1.1 includes over 90 bug fixes and improvements to document compatibility. For enterprise-class deployments, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners, with long-term support options, professional assistance, custom features and Service Level Agreements: https://www.libreoffice.org/download/libreoffice-in-business/. LibreOffice Community and the LibreOffice Enterprise family of products are based on the LibreOffice Technology platform, the result of years of development efforts with the objective of providing a state of the art office suite not only for the desktop but also for mobile and the cloud. Products based on LibreOffice Technology are available for major desktop operating systems (Windows, macOS, Linux and Chrome OS), mobile platforms (Android and iOS) and the cloud. They may have a different name, according to each company brand strategy, but they share the same LibreOffice unique advantages, robustness and flexibility. Read more

croc Is A Tool For Resumable, Encrypted File And Folder Transfers Between Computers (Command Line)

croc is a free and open source command line tool for secure file transfers between computers. It uses relay-assisted peer-to-peer transactions and end-to-end encryption via password-authenticated key exchange. The program is written in Go and is available for Microsoft Windows, macOS, Linux and *BSD. The idea behind croc is being able to transfer files and folders between cross-platform computers securely, fast and easy. With support for resumable, peer-to-peer transfers. As a bonus feature, croc is also able to securely transfer a short text or URL directly. The data transfer is done using a relay, either using raw TCP sockets or websockets. When the sender and the receiver are on the same LAN, croc uses a local relay, otherwise a public relay is used. Thanks to this, croc can send files between computers in the same LAN, or over the Internet, without having port-forwarding enabled. The data going through the relay is encrypted using a PAKE-generated session key. For this, croc uses code phrases, a combination of three random words. By default, a code phrase can only be used once between two parties, so an attacker would have a chance of less than 1 in 4 billion to guess the code phrase correctly to steal the data. Read more

Linux distributions: All the talent and hard work that goes into building a good one

I regularly read the Linux Mint Blog, not only because it is useful to keep up with what is happening with the Linux Mint distribution but also because it occasionally gives very interesting insights into the development and maintenance of a Linux distribution in general, and the Linux Mint distribution(s) in particular. To be honest, I was disappointed some years ago when Clem (Clement Lefebvre) discontinued his Segfault blog, because it always contained good technical information and interesting insights. Read more