Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Failures

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (python-pysaml2 and redis), Fedora (buildah, containernetworking-plugins, containers-common, libmysofa, libpq, podman, postgresql, skopeo, xen, and xterm), openSUSE (nghttp2), Oracle (firefox and thunderbird), SUSE (glibc, ImageMagick, python-Jinja2, and salt), and Ubuntu (python2.7, python2.7, python3.4, python3.5, python3.6, python3.8, and tiff).

  • DHS Secretary Mayorkas announces new initiative to fight 'epidemic' of cyberattacks [iophk: Windows TCO]

    Homeland Security Secretary Alejandro Mayorkas on Thursday announced new funding and initiatives to prioritize the nation’s cybersecurity, particularly in order to confront what he described as an “epidemic” of ransomware attacks.

    Mayorkas announced during a virtual speech that current cybersecurity grants from the Federal Emergency Management Agency would be increased by $25 million across the nation and that the Department of Homeland Security (DHS) was evaluating further cyber grants to help the Cybersecurity and Infrastructure Security Agency (CISA) assist state and local governments.

  • Google Discloses Details of Remote Code Execution Vulnerability in Windows

    The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

    A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for all affected operating systems. The list includes Windows 10, Windows Server 2016 and 2019, and Windows Server.

  • VMWare Patches Critical RCE Flaw in vCenter Server

    The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.

  • How $100M in Jobless Claims Went to Inmates

    The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud.

  • Microsoft Failed to Shore Up Defences That Could Have Limited SolarWinds Hack, US Senator Says

    Microsoft's failure to fix known problems with its cloud software facilitated the massive SolarWinds hack that compromised at least nine federal government agencies, according to security experts and the office of US Senator Ron Wyden.

    A vulnerability first publicly revealed by researchers in 2017 allows hackers to fake the identity of authorized employees to gain access to customers' cloud services. The technique was one of many used in the SolarWinds hack.

    Wyden, who has faulted tech companies on security and privacy issues as a member of the Senate Intelligence Committee, blasted Microsoft for not doing more to prevent forged identities or warn customers about it.

  • Apple Releases macOS Big Sur 11.2.2 to Prevent MacBooks From Being Damaged by Third-Party Non-Compliant Docks

    Many of the complaints were from M1 Mac users who had a MacBook Pro or a ‌MacBook Air‌, but Apple's release notes suggest other models were affected as well.

  • Apple releases macOS update to prevent damage from third-party docks and dongles

    Most of the issues seemed to come from using a third-party dock, and while some of them seem to be from pretty obscure brands, there are a few recognizable ones that are reported to have killed laptops. For its part, Apple calls them “non-compliant powered USB-C hubs and docks” in the new update’s notes.

More in Tux Machines

Android Leftovers

Best Free Android Apps: Joplin – note taking and to-do application

There’s a strict eligibility criteria for inclusion in this series. See the Eligibility Criteria section below. Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organized into notebooks. The notes are searchable, can be copied, tagged and modified. Read more

How I digitized my CD collection with open source tools

The restrictions on getting out and about during the pandemic occasionally remind me that time is slipping by—although some days, "slipping" doesn't quite feel like the right word. But it also reminds me there are more than a few tasks around the house that can be great for restoring the sense of accomplishment that so many of us have missed. One such task, in my home anyway, is converting our CD collection to FLAC and storing the files on our music server's hard drive. Considering we don't have a huge collection (at least, by some people's standards), I'm surprised we still have so many CDs awaiting conversion—even excluding all the ones that fail to impress and therefore don't merit the effort. Read more

Hyperbola Linux Review: Systemd-Free Arch With Linux-libre Kernel

In the last month of 2019, the Hyperbola project took a major decision of ditching Linux in favor of OpenBSD. We also had a chat with Hyperbola co-founder Andre Silva, who detailed the reason for dropping Hyperbola OS and starting a new HyperbolaBSD. HyperbolaBSD is still under development and its alpha release will be ready by September 2021 for initial testing. The current Hyperbola GNU/Linux-libre v0.3.1 Milky Way will be supported until the legacy Linux-libre kernel reaches the end of life in 2022. I thought of giving it a try before it goes away and switches to BSD completely. Read more