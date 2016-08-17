Security and Proprietary Software
Germany: Trojans for all
The German Bundestag passed new wiretapping laws for secret services and the Federal Police
Seven-year-old make-me-root bug in Linux kernel patched
In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit that is used in systemd, a common Linux system and service manager component.
CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets [Ed: Funny how they fail to mention a particular OS]
Mysterious Custom [Windows] Malware Collects Billions of Stolen Data Points
Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.
Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches
Each year, the number of data breaches grows by 30% while the number of records compromised increases by an average of 224%. 2021 is far from over, but we’re already on pace for another record-setting year. In fact, Imperva research finds that more records were compromised in January alone than in all of 2017.
Microsoft: Big Cryptomining Attacks Hit Kubeflow
Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters.
Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency.
The Kubeflow open-source project is a popular framework for running machine learning (ML) tasks in Kubernetes, while TensorFlow is an end-to-end, open-source ML platform.
Given that the attack is still active, any new Kubernetes clusters that run Kubeflow could be compromised, according to Microsoft.
The Trump administration forced Apple to secretly reveal at least two Democrats’ data
By now, you may have heard that Trump’s Department of Justice secretly seized the phone records of journalists working for The New York Times, CNN, and The Washington Post, in the hopes of revealing their sources and stopping leaks to the press. But the NYT is now reporting that Trump didn’t stop at journalists — in 2017 and 2018, it forced Apple to cough up metadata on at least two Democratic members of the House Intelligence Committee, including current chairman Adam Schiff and representative Eric Swalwell, and as many as a dozen people tied to that committee in total, including family members and at least one child.
Like the media outlets, Apple was under a gag order and unable to tell anyone until it expired this year — the only reason we’re learning about this now is because the new administration’s Justice Department decided to reveal the subpoenas and gag orders to the press.
Kaspersky trio spots Vista-era zero-days exploited through Chrome
Global security firm Kaspersky has revealed that targeted attacks against a number of companies, which it noticed in April, initially used a vulnerability in Google's Chrome browser and then linked this to two zero-days in the Microsoft Windows 10 kernel.
EA got hit by a data breach, and hackers are selling source code
Source code is a big deal in programing, so it’s a big deal when companies lose control over it, and the gaming industry has seen some huge thefts recently: hackers stole CD Projekt Red’s source code for Cyberpunk 2077 and The Witcher 3 in February and in July of 2020, Nintendo saw the source code for many SNES and Nintendo 64 games, including Super Mario Kart and an unreleased Zelda game, released into the wild in what’s been dubbed the “Nintendo Gigaleak.”
Security Leftovers
I'm back in the boat
In mid-2014 I first heard about Jolla and Sailfish OS and immediately bought a Jolla 1; wrote apps; participated in the IGG campaign for Jolla Tablet; bought the TOHKBD2; applied for (and got) Jolla C. Sounds like the beginning of a good story doesn’t it? Well, by the beginning of 2017 I had sold everything (except the tablet, we all know what happened to that one). So what happened?? I was a happy Sailfish user, but Jolla’s false promises disappointed me. Yet, despite all that, I still think about Sailfish OS to this day. I think it’s because, despite some proprietary components, the ecosystem around Sailfish OS is ultimately open source. And that’s what interests me. It also got a fresh update which solves some of the problems that where there 5 years ago. Nowadays, thanks to the community, Sailfish OS can be installed on many devices, even if with some less components, but I’m looking for that complete experience and so I asked on the forum if there was someone willing to sell his Xperia device with or without the license… and I got one for free. Better still, in exchange for some apps!
today's howtos
elementary OS 6 beta promises great things in the same beautiful package
Every so often I'm reminded of the Rush song, "Circumstances." Back in my days of high school, I remember first hearing the line, "plus ça change, plus c'est la même chose," ("the more things change, the more they stay the same"), and being absolutely floored by its paradoxical statement. Since then, I've run into so many instances where the idiom applied. Within the realm of open-source, elementary OS is living proof that the saying can have perfect relevance. [...] I was not surprised when I fired it up and instantly thought of that Rush song, because elementary 6 looks very, very familiar. If you used elementary OS 5, you might think you've mistakenly installed that release, instead of the beta for 6—that's a good thing. You see, so often a group of developers and designers get something so right that their best path forward is one of refinement, not change. That's what Cassidy James Blaede and the gang have done. Instead of making change for change's sake, they simply improve on what they already know works. elementary OS has worked to perfection for a while. It should come as little surprise that the Pantheon desktop, which elementary OS uses as its default, remains (on the surface) the same (Figure A). That doesn't mean the developers haven't brought some serious goodness to bear on what lies beneath the surface.
