Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

Filed under
Security
  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel.

GPS not reliable, due to bugs

  • Global Displacement System, A Gpsd Bug Will Hit Unpatched Systems This Sunday - PC Perspective

    You might not remember what Gpsd is but it is in the news every 19.6 years, or more specifically every 1024 weeks, thanks to lazy timekeeping implementation for GPS satellites, which keep track of the number of weeks since January 5, 1980 as an unsigned 10-bit integer. That means when it hits 1023, the next week it rolls over to 0 and many systems which interface with GPS using timestamps will suddenly have corrupted location data.

    Gpsd is an example of this, it is a a service daemon that translates data from Global Positioning System (GPS), Global Navigation Satellite System (GNSS), and Automatic Identification System (AIS) and is used in a huge variety of applications. Some applications such as Kismet, GpsDrive, and roadmap will be affected but are not necessarily mission critical but more an annoyance when they stop functioning properly. However Gpsd is also used in things driverless cars, marine navigation, and military IFF; small errors in those systems can have large real world effects.

  • CISA: GPS software bug may cause unexpected behavior this Sunday

    The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol (NTP) servers running the GPS Daemon (GPSD) software.

  • Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs

    On Sunday, you might find some equipment thinks it’s 2002. That’s because of a weird bug in gpsd—the code on which a bunch of Network Time Protocol servers rely.

  • A GPS-Based Bug Could Roll Back Your Devices to 2002 [Ed: Put another way, GPS (US) basically broken. There are alternatives to it.]
  • If your apps or gadgets break down on Sunday, this may be why: Gpsd bug to roll back clocks to 2002

    Come Sunday, October 24, 2021, those using applications that rely on gpsd for handling time data may find that they're living 1,024 weeks – 19.6 years – in the past.

    A bug in gpsd that rolls clocks back to March, 2002, is set to strike this coming weekend.

    The programming blunder was identified on July 24, 2021, and the errant code commit, written two years ago, has since been fixed. Now it's just a matter of making sure that every application and device deploying gpsd has applied the patch.

    The Network Time Protocol (NTP) provides a way for devices and services to keep accurate time using a hierarchical set of servers rated in terms of precision, with "stratum 0" representing the most accurate time sources.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Graphics: DXVK-NVAPI, Wayland, Resizable BAR

  • DXVK-NVAPI 0.5.2 Released With Entry Points For NVIDIA PhysX - Phoronix

    DXVK-NVAPI as the open-source project implementing support for NVIDIA's NVAPI within the realm of DXVK is out with a new release, which is exciting for NVIDIA Linux gamers. DXVK-NVAPI is an important project for NVIDIA Linux gamers enjoying Valve's Steam Play (Proton) or outside of it as well if using DXVK otherwise. DXVK-NVAPI provides an NVAPI library implementation that can be used by the Windows games that make use of this NVIDIA API. DXVK-NVAPI is already used for Deep Learning Super Sampling (DLSS), NVAPI D3D11 extensions, and other features.

  • Wayland Testing New Protocol Extension To Handle Session Locking - Phoronix

    Wayland Protocols 1.25 was released today as the collection of testing and stable Wayland protocols. New to Wayland Protocols 1.25 is the session-lock-v1 protocol being experimental and responsible to handle session locking. The session-lock-v1 protocol is the main addition of Wayland Protocols 1.25 and allows for privileged Wayland clients to lock the session and display arbitrary graphics while in the locked mode. That authenticated client is responsible for handling user authentication and interfacing with the compositor for disabling the session lock when appropriate.

  • Intel Preparing Resizable BAR Support For Their Arc Graphics On Linux - Phoronix

    Ahead of the Intel Arc "Alchemist" graphics cards shipping this year, Intel's open-source developers have continued ironing out the Linux driver support. The most recent kernel patches are for getting their Resizable BAR "ReBAR" support in order. Sent out this week were a set of patches for small BAR recovery support for the Intel kernel graphics driver on Linux.

Kubernetes Leftovers

  • How to Tackle the Cloud Native Trends of 2022 | SUSE Communities

    At SUSE, we partner with several top-notch managed service providers to deliver the whole enterprise package — our open, interoperable offerings backed by their proven ops teams. We help MSPs more easily and securely deliver objectives despite the increasing complexity of the cloud and Kubernetes, while they help our enterprises get up and stay up, running faster, while cutting costs. We provide that much needed abstraction layer so they can focus on your enterprise modernizing securely.

  • Securing Kubernetes at the Infrastructure Level

    Infrastructure security is important to get right so that attacks can be prevented—or, in the case of a successful attack, damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure. Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening and network security. [...] I have listed 10 best practices for securing Kubernetes at the infrastructure level. While this is certainly not an exhaustive list by any means, it should give you the foundation to make a good start. I recommend reading chapter two of Kubernetes security and observability: A holistic approach to securing containers and cloud-native applications, an O’Reilly book I co-authored, to learn about these best practices in further detail and to discover additional best practices for infrastructure security.

  • Should You Learn Kubernetes? – CloudSavvy IT

    Kubernetes has seen a surge of adoption over the past few years as companies have pivoted towards containers and cloud-native deployment methods. The platform’s become the leading orchestration solution for running containers in production. This means people who are skilled in using and managing Kubernetes clusters are now in-demand across the industry. In this article, we’ll look at whether you should learn Kubernetes based on your current role and future objectives. If you’re not being tasked with managing a cluster, the decision ultimately comes down to the skill set you want to acquire and the areas you might move into down the line.

  • Declarative vs Imperative Kubernetes Object Management – CloudSavvy IT

    Kubernetes is usually described as a declarative system. Most of the time you work with YAML that defines what the end state of the system should look like. Kubernetes supports imperative APIs too though, where you issue a command and get an immediate output. In this article, we’ll explore the differences between these two forms of object management. The chances are you’ve already used both even if you don’t recognize the terms.

Security Leftovers

  • Security updates for Friday [LWN.net]

    Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (graphicsmagick), Fedora (grafana), Mageia (aom and roundcubemail), openSUSE (log4j and qemu), Oracle (parfait:0.5), Red Hat (java-1.7.1-ibm and java-1.8.0-openjdk), Slackware (expat), SUSE (containerd, docker, log4j, and strongswan), and Ubuntu (cpio, shadow, and webkit2gtk).

  • Reproducible Builds (diffoscope): diffoscope 202 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 202. This version includes the following changes:

    [ Chris Lamb ]
    * Don't fail if comparing a nonexistent file with a .pyc file (and add test).
      (Closes: #1004312)
    * Drop a reference in the manual page which claims the ability to compare
      non-existent files on the command-line. This has not been possible since
      version 32 which was released in September 2015. (Closes: #1004182)
    * Add experimental support for incremental output support with a timeout.
      Passing, for example, --timeout=60 will mean that diffoscope will not
      recurse into any sub-archives after 60 seconds total execution time has
      elapsed and mark the diff as being incomplete. (Note that this is not a
      fixed/strict timeout due to implementation issues.)
      (Closes: reproducible-builds/diffoscope#301)
    * Don't return with an exit code of 0 if we encounter device file such as
      /dev/stdin with human-readable metadata that matches literal, non-device,
      file contents. (Closes: #1004198)
    * Correct a "recompile" typo.
    
    [ Sergei Trofimovich ]
    * Fix/update whitespace for Black 21.12.

  • CISA Adds Eight Known Exploited Vulnerabilities to Catalog | CISA

    CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

today's howtos

  • Single-command Docker environments on any machine with Multipass | Ubuntu

    Multipass has a new workflow tailored to run Docker containers on macOS, Windows or Linux. One single command, no dependencies, full flexibility. Multipass exists to bring Ubuntu-based development to the operating system of your choice. Whether you prefer the GUI of macOS (even on M1), Windows or any other Linux, the unmatched experience of developing software on Ubuntu is there at your fingertips, just one “multipass launch” away. Today, the Multipass team is delighted to enhance this experience for developers working with containerised applications!

  • How to create fillable forms in ONLYOFFICE Docs 7.0

    ONLYOFFICE Docs is an open-source office suite distributed under GNU AGPL v3.0. It comprises web-based viewers and collaborative editors for text documents, spreadsheets, and presentations highly compatible with OOXML formats. ONLYOFFICE Docs can be integrated with various cloud services such as Nextcloud, Seafile, Redmine, Alfresco, etc., as well as embedded into your own solution. The editors can also be used as a part of the complete productivity solution ONLYOFFICE Workspace. With the latest major update, the ONLYOFFICE developers added online form functionality allowing users to create, collaborate on and fill in forms to create documents from templates. Forms can be exported in fillable PDF and DOCX. In this tutorial, we’ll learn how to create a fillable form with ONLYOFFICE Docs.

  • 10 Funny Commands in Linux

    On Linux, the Terminal is used quite often to maintain the system. But besides doing serious work, there are also some funny commands, which I will show you below. Here, we are using Ubuntu 20.04, but you can basically use any other Linux operating system.

  • GNU Linux Debian – very fast and easy semi-automatic online install Debian 11 (non-free)

    given the fact – that once installed – GNU Linux Debian can boot (almost) anywhere, the fastest and easiest way to “install” it is to simply 1:1 copy it on whatever the user wants to boot from (harddisk or usb stick (some sticks can not be made bootable, try at least 3 different vendors)). So… this install script 1:1 copy installs Debian 11 (non-free) on any laptop/desktop/server (depending on internet speed) very fast & easy. The process can be automated (on similar hardware or on hardware where /dev/sda is always the device the user wants to 1:1 overwrite).

  • What to do when App Window is larger than Screen Height in Ubuntu | UbuntuHandbook

    For Ubuntu PC or laptop with a low resolution monitor, some app windows may be bigger than screen height, thus it’s NOT fully accessible especially for the bottom part. This usually happens in some Qt apps and Gnome Extension settings dialog in my Ubuntu laptop with 1366×768 screen resolution. A workaround is moving the app window above the top of the screen. Here’s how to do the trick in Ubuntu!