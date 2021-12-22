Proprietary Software Leftovers
-
Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809) | CISA
Microsoft has released an advisory to address CVE-2022-26809, a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.
-
Ukraine says it stopped a Russian cyberattack on its power grid
This attempted attack involved a wide variety of malware, according to ESET, including the recently discovered CaddyWiper. ESET also found a new piece of malware, which it calls Industroyer2. The original Industroyer was used in a successful 2016 cyberattack that cut off power in parts of Kyiv, according to the security firm, probably by the same group behind this month’s foiled attack. Industroyer isn’t widely used by [crackers] — ESET notes that it’s only seen it used twice (earlier this month and in 2016), which implies that it’s written for very specific uses.
-
APT Actors Target ICS/SCADA Devices
CISA, the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools.
-
Microsoft Patch Tuesday, April 2022 Edition
-
Researchers find new malware variant after stopping attack on Ukrainian energy provider [iophk: Windows TCO]
In an explainer on the situation, ESET said it also saw the attackers use several other destructive malware families including CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED.
-
Why So Many Outages?
For some customers, JIRA and some other Atlassian products have been down for an entire week. Some are reporting that Atlassian is saying that it could be another 2 weeks until the products are back up and running. Chalk that up worse than Roblox's 3 day outage back in October 2021. Why so many outages?
-
Fortnite Developer Epic Games Draws $1 Billion Investment From Sony Group Amid Metaverse Concert Rush
Sony Group Corporation’s billion-dollar investment in the Harmonix owner Epic Games arrives one year after the Japanese company fronted $200 million for a different Epic funding round yet. And while this April of 2021 raise brought with it a $28.7 billion equity valuation, today’s round (which also includes a $1 billion contribution from The Lego Group owner KIRKBI) came with a post-money valuation of $31.5 billion.
(Significantly, Sony previously came up with $250 million for a 2020 round from Epic Games, which was then valued at a comparatively modest $17.3 billion.)
Regarding Epic’s plans for this newest capital influx, founder and CEO Tim Sweeney emphasized the perceived potential (for both players and brands) of building an all-encompassing metaverse social platform.
-
File transfers via the parallel port on DOS using LapLink
Surprisingly, there is very little history available online about the DOS versions of LapLink, and I’m not sure when its parallel cable was actually introduced. The “LapLink cable” Wikipedia page mentions 1983, but that seems strange, as LapLink 2.15 from 1987 does not have any way to configure the software for using a parallel port cable. LapLink 3.00 from 1989 does.
For the purpose of this article, I decided to use the latest DOS version available, which appears to be LapLink 5.00, released in 1993. It comes with an improved UI using redefined characters including cute files and folder icons, along with some subtle animations. I’ve been using the standard color theme.
-
CISA Adds 10 Known Exploited Vulnerabilities to Catalog [Ed: Microsoft, Microsoft, Adobe, Adobe, Adobe, Adobe, Adobe, Adobe, Kaseya (Windows)...]
CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
-
- Login or register to post comments
- Printer-friendly version
- 551 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Open Source Firmware on TigerLake platforms - part 1
If somebody would tell 7 years ago that Intel will support open source firmware, he would be laughed at instantly. If we recall time, like 15 years ago where the datasheets were more open and were sufficient to write open source firmware, today it is not possible. Silicon vendors are hiding the intellectual property contained in the processors. It would seem like the open source firmware is doomed, but… Thankfully there are companies and Intel employees that try to make impact and change this situation. For example Google supporting the coreboot project on their Chromebooks encourage Intel to release the Firmware Support Package (FSP). The FSP is a bundled silicon initialization code in a binary form with well documented interface and configuration options. It simplifies new hardware enabling and reduces cost of overall firmware development. While it doesn’t solve all problems and sometimes causes issues, kudos should go to Intel for supporting the open source firmware. Special credits should go to the open source firmware community members from Intel: Nathaniel DeSimone, Vincent Zimmer, Brian Richardson and Isaac Oram. Also: Open Source BIOS Runs on Alder Lake Motherboard for the First Time
Software: FitoTrack, Reproducible Builds/Projects, and hledger
Devices: e-con Systems and Arduino Projects
Updates on Boatswain
Since I wrote the announcement of Boatswain, things have progressed quite a lot. As I prepare for the 1.0 release, more features and bugfixes get in, and it’s getting dangerously close to achieving all features I personally want from it. Stream Deck Mini & Original (v1) Thanks to a generous Stream Deck Mini donation, I managed to fix a couple of bugs in the HID code that controls is. It is now able to upload icons to buttons, and properly fetch the serial number of the device. Later on, a kind individual helped testing and debugging the Stream Deck Original (v1) code. I only have a 2nd generation Original, and the HID protocol changed significantly between them, so this testing was invaluable. There were another couple of bugs specific to Original v1 fixed in no time after they were reported. Because Stream Deck Original (v2), XL, and MK.2 seem to share the same HID protocol, I’m cautiously confident that they all should be fine.
Recent comments
42 min 14 sec ago
45 min 41 sec ago
46 min 25 sec ago
47 min 19 sec ago
55 min 52 sec ago
1 hour 4 min ago
1 hour 12 min ago
1 hour 34 min ago
1 hour 47 min ago
6 hours 53 min ago