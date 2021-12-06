Security Leftovers
-
Simple Ways to Generate a Random Password on Linux Shell
Having a strong password when authenticating to a service by username and password is very important. Sometimes, you need to protect your account or server, and try to keep your data safe and secure. It is often said that a strong password must have a minimum of 14 characters with variations like you may have lowercases/uppercases in the characters and alphabets. Mostly the long password is considered to be much more secure than a short one since it is hard to get. In this tutorial, we will see many ways to generate a strong password from Linux command line. We will have a look at many different means to create a stronger password that is secure enough, using the Linux command line. You need to generate a stronger password from the command line so, it has various different methods and utilities that are already available. We will be discussing many of the methods and you may choose any of the ways for generation of a password as per your need.
-
Security bug in Linux kernel netfilter lets attackers gain root access [Ed: So Linux has some privilege escalation flaws; meanwhile, Microsoft has remotely-exploitable flaws that require no account on the target]
Sophos researcher Nick Gregory has uncovered a dangerous security bug in Linux's netfilter application which could enable a local attacker to escalate privileges...
-
Gas pumps happen to be about as insecure as your typical router - CNX Software
Gas pumps have a lot more in common with routers than I initially thought, as reported by FOX 8, many models come with a default passcode that may not always be changed by the gas station’s manager, and using a special remote it’s possible to change the price and other parameters. Some gas stations are also part of the Internet of Things with all gas pumps connected to the Cloud through gateways (called “embedded box” below) to enable remote monitoring, but that also introduces security vulnerabilities as noted in a Kaspersky study in 2018.
-
NOPEN Season: China Once Again Accuses US NSA of Cyber Espionage, Says Found Spying Tool
When it comes to cybersecurity issues, hackers from China, Russia, and North Korea take the maximum attention due to their notorious activities over the years. But now some latest analyses are highlighting that another country may also be behind such data safety issues.
According to a new report by the Chinese government mouthpiece Global Times, the National Computer Virus Emergency Response Center in China stated that the US National Security Agency (NSA) had deployed a spy tool capable of lurking in a victim’s computer and accessing sensitive information, as well as controlling global internet equipment and stealing large amounts of data from users.
It was reported that NOPEN—a remote-controlled tool for Trojan horse for Unix/Linux computer systems—has been found. It is mostly used to steal files, get access to systems, divert network communication and examine information on a target device.
-
China detects spy virus developed by the US - Prensa Latina
According to the Global Times newspaper, a specialized institution in the country discovered the Trojan, called Nopen, a tool operated remotely. The Trojan mainly attacks machines with Unix/Linux operating systems.
It is capable of controlling Internet traffic on computers, stealing large amounts of user information and monitoring user activities.
-
China: Attacks from US IP addresses hit us, moved on to Russia and Ukraine
China's Cyberspace Administration has claimed that "since late February" it has observed continuous attacks on the Chinese internet and computers in the nation by people who used the resources to also target Russia, Belarus, and Ukraine.
The allegation, the title of which translates as, "My country's internet suffers from overseas cyber attacks," was posted on Friday and includes a list of IP addresses China's Cyberspace Administration (CAC) claims is the source or target of the attacks.
-
Viasat, Rosneft hit by cyberattacks • The Register
Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February – the day Russia invaded Ukraine.
-
Russia's invasion of Ukraine tears open political rift between cybercriminals [Ed: The cost of using Microsoft in Ukraine; this article uses Microsoft proxies to distract from the role played by Windows]
These political divides played out in the Conti leak. After the notorious ransomware group announced its unwavering support for President Vladimir Putin and his occupation of Ukraine, plus its intent to use "all possible resources to strike back" should anyone launch a cyberattack against Russia, the crew suffered a security breach of its own.
-
New Unix rootkit used to steal ATM banking data [Ed: ATMs are typically compromised due to Windows, so Microsoft boosting sites issue headlines like these, instead]
LightBasin's new rootkit is a Unix kernel module named "Caketap" that is deployed on servers running the Oracle Solaris operating system.
-
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln [Ed: Microsoft Windows helps Russia attack nations digitally]
State-sponsored threat actors from Russia over the last year breached a non-governmental organization (NGO) by leveraging multifactor authentication (MFA) defaults and exploiting the PrintNightmare vulnerability in Windows Print Spooler.
The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks.
In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO.
The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw – tracked as CVE-2021-34527 – to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.
-
- Login or register to post comments
- Printer-friendly version
- 445 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Snap vs. AppImage vs. Flatpak: What Is the Difference and Which Is Best for You?
Linux systems are popular for many reasons, but installing applications is not one of them. Apps in Linux are delivered as packages and come in all sorts of flavors. Packaging systems differ in terms of installation, usability, and update mechanisms. Below, we'll look at and compare three prominent package formats: Snap, AppImage, and Flatpak, all distro independent.
Best Free and Open Source Alternative to Apple Bonjour
Apple, Microsoft, Alphabet (Google’s parent), Amazon and Facebook dominate the tech landscape. Their dominance is so broad they account for more than 20% of the S&P 500. There are many things to admire about Apple’s hardware and software. Apple make great looking (albeit expensive) hardware. Over the years key successes include the iPhone, iPad, iPod, and the MacBook Air. The company designs its own hardware and software. This gives them the power to make an operating system and suite of apps that are tailor-made and optimized for their hardware. Apple also operates the Apple Music and Apple TV media distribution platforms. Mac OS X is Apple’s proprietary operating system for its line of Macintosh computers. Its interface, known as Aqua, is highly polished and built on top of a BSD derivative (Darwin). There’s a whole raft of proprietary applications that are developed by Apple for their operating software. This software is not available for Linux and there’s no prospect of that position changing. In 2020, Apple began the Apple silicon transition, using self-designed, 64-bit ARM-based Apple M1 processors on new Mac computers. Maybe it’s the perfect time to move away from the proprietary world of Apple, and embrace the open source Linux scene.
What the new PowerVR driver means for mobile
The PowerVR GPUs are in quite a lot of mobile devices. It's one of the larger GPU vendor for ARM hardware and even some x86 platforms. These GPUs have been long renowned for being a problem on Linux. From the PowerVR smartphones to the early Intel Atom CPUs. For the other GPUs like ARM Mali, Qualcomm Adreno and Vivante, there are already well established open source drivers which is why the current Linux phones have selected hardware that use these GPUs like the Mali GPU in the PinePhone and the Vivante GPU in the Librem 5. The lack of open drivers for PowerVR has been a huge problem for Linux phone projects dating back to the Nokia N900. The hardware for the N900 is pretty outdated for today's standards, but its GPU can still provide a smooth user experience. There are some projects to use the closed, user space PowerVR driver from Imagination on this hardware, with some shims which give distributions like Maemo Leste GPU acceleration on PowerVR phones, but this is not an ideal situation.
Security Leftovers
Recent comments
29 min 38 sec ago
2 hours 46 min ago
4 hours 5 min ago
10 hours 30 min ago
11 hours 23 min ago
17 hours 42 min ago
19 hours 39 min ago
19 hours 41 min ago
19 hours 44 min ago
20 hours 6 min ago