Security and Proprietary Software
-
Complete Guide to Installing Security Updates in Debian & Ubuntu
Whether you are a DevSecOps engineer responsible for managing your organization’s application infrastructure or you have your own personal Linux server that you use at home, the importance of keeping your systems safe and secure against malicious attacks by bad actors cannot be over emphasized.
While there are many aspects with regards to securing systems, one fundamental best practice is to continuously patch your systems and applications as soon as they are made available. The infamous WannaCry ransomware attack from the summer of 2017, that caused much grief to millions of users is a case in point. While the patch was made available much ahead of the actual attack, it was due to a sheer lack of security discipline that the attack was successful.
-
SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild
SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild.
The vulnerability, discovered by Microsoft's Threat Intelligence Center (MSTIC) and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds. The Redmond crew also said a "single threat actor" was abusing the programming blunder (CVE-2021-35211) though it's not known how many customers are affected.
"This attack is a Return Oriented Programming (ROP) attack," said SolarWinds in an advisory. "When exploited, the vulnerability causes the Serv-U product to throw an exception and then intercepts the exception handling code to run commands. Please note, several reasons exist for exceptions to be thrown, so an exception itself is not necessarily an indicator of attack."
-
With a straight face, Putin agrees to do something about ransomware coming out of Russia, apparently [Ed: Distraction and deflection from Microsoft back doors and insecurity by design]
ate last week, President Biden said he brought up the epidemic of ransomware hitting American businesses in a phone call with his Russian counterpart, and hinted America may start hitting back.
Biden said he and Vladimir Putin not only discussed the matter, their two countries are apparently going to try to coordinate some action to tackle the waves of extortionware infections, which seem to be mainly orchestrated by miscreants in Russia and typically avoid compromising computers configured to use the Russian language.
IT management software made by Kaseya was lately exploited to install REvil ransomware on as many as 1,500 businesses. The crew behind that software nasty is said to avoid targeting Russian organizations.
-
Ransomware Attacks Hit Closer To Home
Fifteen hundred organizations around the world had their data locked up in the latest ransomware, including grocery store chains and schools. It’s unclear if any IBM i shops were included in the attack, which a Russian hacking group claimed credit for. But it’s clear that ransomware is a growing threat to all organizations, including IBM i shops.
-
Don’t get tricked by this crashtastic iPhone Wi-Fi hack!
About a month ago, a security researcher revealed what turned out to be zero-day bug in Apple’s Wi-Fi software, apparently without meaning to...
-
Microsoft broke British and European competition laws, UK reseller tells High Court
Microsoft's attempts to kill off resellable perpetual software licences infringe the EU constitution and UK competition law alike, according to the legal filings of a reseller suing Redmond for £270m in London's High Court.
Details of ValueLicensing's lawsuit against Microsoft are now in the public domain after the US-based software megalith filed an acknowledgement of service earlier this month.
-
New FinOps for Engineering Training Now Available [Ed: Linux Foundation (LF) trying to reinvent itself as buzzwords mill now that it has sold out fully and cannot profit from events]
- Login or register to post comments
- Printer-friendly version
- 2753 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago