Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

Filed under
Security
  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel.

GPS not reliable, due to bugs

  • Global Displacement System, A Gpsd Bug Will Hit Unpatched Systems This Sunday - PC Perspective

    You might not remember what Gpsd is but it is in the news every 19.6 years, or more specifically every 1024 weeks, thanks to lazy timekeeping implementation for GPS satellites, which keep track of the number of weeks since January 5, 1980 as an unsigned 10-bit integer. That means when it hits 1023, the next week it rolls over to 0 and many systems which interface with GPS using timestamps will suddenly have corrupted location data.

    Gpsd is an example of this, it is a a service daemon that translates data from Global Positioning System (GPS), Global Navigation Satellite System (GNSS), and Automatic Identification System (AIS) and is used in a huge variety of applications. Some applications such as Kismet, GpsDrive, and roadmap will be affected but are not necessarily mission critical but more an annoyance when they stop functioning properly. However Gpsd is also used in things driverless cars, marine navigation, and military IFF; small errors in those systems can have large real world effects.

  • CISA: GPS software bug may cause unexpected behavior this Sunday

    The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol (NTP) servers running the GPS Daemon (GPSD) software.

  • Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs

    On Sunday, you might find some equipment thinks it’s 2002. That’s because of a weird bug in gpsd—the code on which a bunch of Network Time Protocol servers rely.

  • A GPS-Based Bug Could Roll Back Your Devices to 2002 [Ed: Put another way, GPS (US) basically broken. There are alternatives to it.]
  • If your apps or gadgets break down on Sunday, this may be why: Gpsd bug to roll back clocks to 2002

    Come Sunday, October 24, 2021, those using applications that rely on gpsd for handling time data may find that they're living 1,024 weeks – 19.6 years – in the past.

    A bug in gpsd that rolls clocks back to March, 2002, is set to strike this coming weekend.

    The programming blunder was identified on July 24, 2021, and the errant code commit, written two years ago, has since been fixed. Now it's just a matter of making sure that every application and device deploying gpsd has applied the patch.

    The Network Time Protocol (NTP) provides a way for devices and services to keep accurate time using a hierarchical set of servers rated in terms of precision, with "stratum 0" representing the most accurate time sources.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

GeckoLinux ROLLING Now Ships with Linux 5.16, Improved PipeWire Configuration

GeckoLinux ROLLING is derived from the openSUSE Tumbleweed and Packman repositories, which means that if follows a rolling release model where you install once and receive updates forever. But, from time to time, the developer of this distribution generates new installation images for better hardware compatibility. As such, the new GeckoLinux ROLLING update is here to further improve the Calamares graphical installer to no longer create a Btrfs subvolume for the /tmp directory. Read more

RK3566-based PineNote E-Ink tablet ships at $399

Pine64 launched a $399 “PineNote” tablet with 10.1-inch, E-Ink touchscreen, 4GB LPDDR4, and 128GB eMMC that runs Linux on a Rockchip RK3566. The company also recently launched the $399 PinePhone Pro and a PinePhone Keyboard and a PineDIO USB LoRa adapter. Pine64 announced its PineNote E-ink reader in August and launched its first developer version of its second-gen PinePhone Pro Explorer Edition smartphone in October. The company has now launched the PineNote for developers only, and recently launched a less bleeding-edge version of PinePhone Pro, which is available for the same $399 price with shipments due in late February (see farther below). Earlier in the month, Pine64 launched its $50 PinePhone Keyboard case, which supports both the PinePhone and PinePhone Pro. There is also a new, $15 PineDio USB LoRa Adapter that works with any USB-connected device. A $20 case model packages the adapter for use with the PinePhone or PinePhone Pro (see farther below). Read more Also: Pine64 should re-evaluate their community priorities

VirtualBox 6.1.32 Fixes Access to Some USB Devices on Linux Hosts, Improves Shared Clipboard

VirtualBox 6.1.32 arrives almost two months after VirtualBox 6.1.30 to fix a bunch of bugs. For example, it fixes access to some USB devices on Linux hosts as the device class wasn’t handled correctly, fixes the wrong mouse position if guest is in text mode, fixes copying of folders from host to guest and vice versa, and fixes UNICODE handling. Also fixed in this release is the accidental creation of an empty debug log file when the OSS (Open Sound System) audio backend was configured, the loss of keyboard focus under rare circumstances when using the mini toolbar in full-screen mode, the link status reporting for certain Linux kernels, as well as packaging and installer regressions affecting Solaris hosts. Read more

today's howtos

  • How To Install Ansible on Fedora 35 - idroot

    In this tutorial, we will show you how to install Ansible on Fedora 35. For those of you who didn’t know, Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. Ansible automates and simplifies repetitive, complex, and tedious operations. It’s a free tool written in Python. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Ansible automation tool on a Fedora 35.

  • Install PHP 8 on Ubuntu 22.04 - kifarunix.com

    In this tutorial, you will learn how to install PHP 8 on Ubuntu 22.04. PHP 8 is a major update of the PHP language. It contains many new features and optimizations including named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and improvements in the type system, error handling, and consistency.

  • How to keep your Debian updated

    A Linux OS is a collection of multiple packages interlinked in a very complex network. These packages offer all the necessary files and binaries that make up the operating system. These packages need regular updates. It may be security patches, bug fixes, or feature improvements. As such, it is critical to keep all the packages up-to-date.

  • How to install Debian 11

    Debian 11.0 was released on August 14th, 2021, with the codename Bullseye. After approximately two years of development, the Debian projects presented a stable version of Debian 11 which will be supported for the next five years. This new distribution whips with over 11294 new packages to count 59551 packages.

  • Allow/Deny SSH Access To a Particular User Or Group In Linux

    In this article we will be allowing or denying SSH access to a particular user or Group by making a few changes in SSH Configuration file. First, we will see how to allow or enable SSH access to a user and group. Please note that all commands given below should be run as root or sudo user.

  • 3 Linux commands to shut down the system and you will able to do it easily

    Hi Guys, In this guide, we will illustrate the difference between shutdown, poweroff, halt and reboot command in Linux.

  • Set Date and Time for Each Command You Execute in Bash History

    Hi guys, In this article, we will show you how you can configure time stamp information when each command in the history was executed to be displayed. All commands executed by Bash on the command line are stored in history or in a file called ~/.bash_history. Also you can list all of the commands executed by users on the system or a user can view the command history using the history command as shown below.

  • How to install Gitea on a fresh Ubuntu/Debian server

    Gitea an open source easy-to-use self hosted git server written in Go. It has many features like time tracking, repository branching, file logging, notifications, built-in wiki and much more. Gitea is an lightweight application meaning that it can be run on lower spec systems too. It is an great lightweight alternative to GitLab. It’s really easy to setup and you will find most of the features that you will find in typical source control platform. This tutorial will show you how to install Gitea on Ubuntu Or Debian Systems

  • How to Install and Configure Kibana on Ubuntu 20.04 – Citizix

    Kibana is a proprietary data visualization dashboard software for Elasticsearch, whose open source successor in OpenSearch is OpenSearch Dashboards. It is a data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence use cases. It offers powerful and easy-to-use features such as histograms, line graphs, pie charts, heat maps, and built-in geospatial support. Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster — as well as the centralized hub for built-in solutions developed on the Elastic Stack.

  • How to install and Configure HAProxy load balancer on Ubuntu 20.04

    HAProxy is a free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It distributes the load among the web and application servers. Haproxy is popular for load balancing because of its efficiency, reliability, and low memory and CPU footprint. Load balancing is a common solution for distributing web applications horizontally across multiple hosts while providing the users with a single point of access to the service. It is available for install on major Linux distributions. In this guide we will learn how to install and configure HAProxy load balancer on Ubuntu 20.04.

  • How to Install an RPM File in Linux

    Did you download an RPM file, and you’re not sure what it is or what do with it? It’s one of the file types used to install applications in Red Hat Enterprise Linux-based distributions, and we’ll show you how to use them.

  • Install PHP 7.1/7.2/7.3/7.4 on Ubuntu 22.04 - kifarunix.com

    Did you download an RPM file, and you’re not sure what it is or what do with it? It’s one of the file types used to install applications in Red Hat Enterprise Linux-based distributions, and we’ll show you how to use them.