Security Leftovers
-
Hey Missouri: stop electing technically illiterate dipshits. First you had Claire McCaskill, one of the key sponsors of FOSTA (who is still defending it years later). You got rid of her, but replaced her with Josh Hawley, who seems to think his main job in the Senate (besides whipping up support for insurrectionists and planning his run for the Presidency) is to destroy the internet and reshape it according to his own personal vision.
-
Cybersecurity threats have significantly increased since March of 2020 when much of the economy was forced online to help us cope with the Covid crisis, including a number of high profile attacks by international criminal groups and adversarial governments. This past June, FBI Director Christopher Wray compared the danger of ransomware attacks on US firms by Russian criminal groups to the 9/11 terrorist attacks. When Biden and Putin met in Geneva a few weeks later, cyberweapons control was at the top of the agenda, a spot previously occupied by the control of nuclear weapons.
It’s been clear for a while that in a world increasingly governed by digital data and transactions, our existing cybersecurity methods have been far from adequate. To learn more about this very important area, earlier this year I joined CAMS, MIT’s interdisciplinary cybersecurity initiative, and started attending its research seminars.
At a recent seminar, I heard a very interesting presentation on Compliance and Cybersecurity by CAMS research affiliate Angelica Marotta. Her seminar was based on Convergence and divergence of regulatory compliance and cybersecurity, a recent paper she co-authored with MIT professor Stuart Madnick.
-
Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?
In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.
-
Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.
-
A steady drumbeat from some of the most influential executives in the technology industry has emerged in recent months to push the idea that the U.S. government should invest in a "national research cloud" — a hub for U.S. research into artificial intelligence where researchers from academia and smaller tech companies could share data sets and other resources.
It's an idea that has been backed by a government commission led by ex-Google CEO Eric Schmidt and including executives from Amazon, Microsoft and Oracle, which recommended that the Biden administration create a hub for U.S. research into artificial intelligence. The White House has warmed up to the idea, ordering another report on it due next year with an eye toward competing with China on the development of artificial intelligence.
-
A number of Windows ransomware gangs have reacted to the reported takedown of the REvil gang, with one of them, Darkside, now known as BlackMatter, moving some of the bitcoin it holds, according to a statement from the cryptocurrency tracking firm Elliptic.
-
But financial advisers see this differently. By some estimates, an investment of $1,000 in a retirement account today would balloon to about $17,000 in 30 years.
In other words, $700 to $1,000 — the price range of modern smartphones — is a big purchase. Fewer than half of American adults have enough savings set aside to cover three months of emergency expenses, according to the Pew Research Center. Yet one in five people surveyed by the financial website WalletHub thought a new phone was worth going into debt for.
-
Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.
-
A typical infection would consist of a malicious document, such as an RTF file exploiting CVE-2017-11882, a stack overflow vulnerability that enables arbitrary code execution on a vulnerable version of Microsoft Office.
The recon phase deployed a custom file enumerator and infector module. This module aimed to discover all the different Office files on an infected endpoint. The infector module is meant to weaponize all .doc, .docx and .rtf files present in removable drives connected to the system to exploit CVE-2017-11882.
The attack phase consists of deploying RAT payloads, such as DcRAT and QuasarRAT, to the victim's endpoint instead of the file recon and infector modules seen previously. All the malware observed in the attack phase of the campaign consisted of commodity RATs compiled and deployed with minimal changes.
today's howtos
-
When you try to add a new software repository then there are chances you face the “add-apt-repository command not found’ Ubuntu error, this article shows you to FIX it for good. This is used to indicate that its package is missing from the system.
-
Let’s look at some of the differences between Jenkins freestyle and pipeline jobs.
-
Let’s look at playbooks, modules, and collections in Ansible. These are basic concepts, but you must know this to get started with Ansible. This guide will describe their roles in the automation process.
-
Let’s try to automate something and write our Ansible playbook. For our first example playbook, we’ll configure a server to run a web server using Nginx.
-
PHP (Hypertext Preprocessor) is the most commonly used server-side scripting language that is used to create dynamic websites. All most popular CMS (Content Management Systems) and frameworks such as WordPress, Laravel, and Magento are built in PHP programming. You will explore in this guide how you can install PHP 7.4 version on CentOS 8 system. Different PHP versions are available for installation on CentOS 8. Before choosing a PHP version for installation from all of them, make sure this version must meet the application requirements.
-
Today we are looking at how to install FreeOffice on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
-
ownCloud is an efficient cross-platform software used for file hosting services. Originally, ownCloud works pretty much like Dropbox, however, there are such plugins available with the help of which you can make it function like Google Drive. In this article, we want to share with you the steps of installing ownCloud on a Linux Mint 20 system.
-
In this tutorial, we will show you how to install ONLYOFFICE Desktop Editors on Ubuntu 20.04 LTS. For those of you who didn’t know, ONLYOFFICE offers a secure online office suite highly compatible with MS Office formats (DOCX, XLSX, PPTX). ONLYOFFICE is available for Linux, Windows, and macOS users. Freely distributed under the terms of AGPL v3.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the ONLYOFFICE Desktop Editors free and open-source office suite on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.
-
Apt (Advanced Packaging Tool) is a command-line package installation and dependency management utility in Debian-based distributions.
When you install packages in Debian using the apt-get or apt command, a copy of the .deb file is saved in the /var/cache/apt/archives directory. If you uninstall and reinstall a package, your system will look for it in the cache and download it from there rather than downloading it again.
If you run out of disk space on your Debian system, you can clear the apt-cache and free up some space.
In this guide, you will learn how to clear the apt-cache on Debian.
-
There are tons of browsers available to install on any operating system. Although many people prefer Chromium browsers, some users prefer something different depending on their needs. Dooble is one browser that helps users to customize their internet browsing. Today I will show you how to install a highly customizable and privacy-focused browser that makes your workflow professional. The Dooble browser does things that other browsers might not be able to do in some cases. To follow along, you will need a running Ubuntu 20.04 LTS instance.
-
Krita is an exclusive painting program that helps artists to unleash their professional skills in the digital world. It uses the latest KD supported technologies to help digital artists to create digital art. Krita is tightly bonded with KDE and works flawlessly on any distribution. I am using Ubuntu 20.04 LTS and will guide you to install Krita on your Ubuntu system.
-
Throughout this post, we will take you to step by step to install Nginx with PHP-FPM on Debian 11.
Before we start, it is necessary to explain what Nginx and PHP-FPM are to get a better understanding of the process.
Nginx is an open-source HTTP web server that stands out for being very fast and efficient. In addition, Nginx is ready to be used as a reverse proxy. In this mode, it is used to balance the load between back-end servers, as well as to be used as a cache on a slower back-end server.
One of the main advantages of using Nginx is that it processes tens of thousands of simultaneous connections in a compact, multi-core CPU process. This is why it is so lightweight, efficient, and above all robust.
-
In this guide we are going to explore how to run Mysql 8 locally with docker and docker compose. This can be helpful if you want to run Mysql 8 locally without installing it in your machine or if you want to run multiple versions of Mysql seamlessly.
-
In Ubuntu, we can use text editors for the configuration of files, editing files, writing codes, and much more.
There are two types of text editors;
Command-line Interface (CLI) and Graphical User Interface (GUI).
Today in this article, I will discuss the most commonly used text editors in Ubuntu 20.04.
-
In the past months I’ve set up LDAP at home, to avoid having different user accounts for the services that I run on my home hardware. Rather than the venerable OpenLDAP I settled for 389 Directory Server, commercially known as Red Hat Directory Server, mainly because I was more familiar with it. Rather than describing how to set that up (Red Hat’s own documentation is excellent on that regard), this post will focus on the steps required to enable encryption using Let’s Encrypt certificates.
-
Do you want to switch to the old Ambiance app theme on Ubuntu 20.04 LTS Focal Fossa? Then via this article, we let you know how to do that in a very easy way.
Well, earlier in the old versions of Ubuntu we were getting Ambiance or Radiance as the default theme. However, this got changed with the release of Ubuntu 19.10 because since then we have had Yaru as the default one. Nevertheless, that doesn’t mean we cannot switch back to the old days (themes) on the newer versions of Ubuntu. After all, it is just a theme but may give some a familiar feeling.
And the best thing is the package to install the Ambiance theme is available in the default official repo of Ubuntu, hence just follow the given steps.
Wine 6.20
-
The Wine development release 6.20 is now available.
What's new in this release (see below for details):
- MSXml, XAudio, DInput and a few other modules converted to PE.
- A few system libraries are bundled with the source to support PE builds.
- HID joystick is now the only supported joystick backend in DirectInput.
- Better support for MSVCRT builds in Winelib.
- Various bug fixes.
The source is available from the following locations:
https://dl.winehq.org/wine/source/6.x/wine-6.20.tar.xz
http://mirrors.ibiblio.org/wine/source/6.x/wine-6.20.tar.xz
Binary packages for various distributions will be available from:
https://www.winehq.org/download
You will find documentation on https://www.winehq.org/documentation
You can also get the current source directly from the git
repository. Check https://www.winehq.org/git for details.
Wine is available thanks to the work of many people. See the file
AUTHORS in the distribution for the complete list.
-
Additionally, we can note the formation of a release of the Wine Staging 6.20 project , within which extended Wine assemblies are formed, including incompletely finished or risky patches that are not yet suitable for adoption into the main Wine branch. Compared to Wine, Wine Staging provides 557 additional patches.
The new release provides synchronization with the Wine 6.20 codebase. 5 patches related to joystick support in DirectInput and COM initialization when windows are activated in imm32 have been transferred to the main Wine composition. Updated patches eventfd_synchronization and ntdll-NtAlertThreadByThreadId. Temporarily disabled the mfplat-streaming patch set and all remaining dinput patches (to coordinate with the new HID backend).
-
Wine 6.20 was released today as the latest bi-weekly development release of this open-source software for enjoying Windows games and applications on Linux and other platforms.
Wine 6.20 continues the recent trend of converting more modules over to the PE (Portable Executable) format. The latest Portable Executable conversion work is for MSXml, XAudio, and DInput, among others. There are also some system libraries bundled with the source to support PE builds.
Our journey to open source during Google Summer of Code
Every year, Google organizes a program called Summer of Code (GSoC). Students worldwide can write open source code under an open source mentoring organization and get paid to do so! You get to work on cool open source projects, network with talented engineers, and get paid during the summer break. How cool is that!?
In this blog post, we'll guide you through our GSoC experience and give you tips and tricks so that you can have a fantastic experience like we did. We'll also share our differing perspectives based on our different interests and challenges.
Recent comments
1 hour 39 sec ago
1 hour 2 min ago
1 hour 10 min ago
1 hour 14 min ago
1 hour 16 min ago
1 hour 20 min ago
1 hour 34 min ago
1 hour 49 min ago
2 hours 30 min ago
3 hours 18 min ago