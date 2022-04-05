Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Traps

Submitted by Roy Schestowitz on Wednesday 4th of May 2022 01:38:57 PM Filed under
Security
  • SolarWinds hackers set up phony media outlets to trick targets

    The Russian hacking group behind the SolarWinds hack, Nobelium, is setting up new infrastructure to launch attacks using old tricks, researchers at Recorded Future found. The findings, published Tuesday and shared first with CyberScoop, demonstrate how the group has evolved in recent months in an effort to avoid researcher detection.

    Researchers identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands. The tactic, in which hackers register potentially misspelled versions of real brand domains to trick targets, is known as “typosquatting.”

  • Identity Theft

    Last year we danced in court with a Patent Troll and they eventually backed off. This year SparkFun is a victim of Identity Theft. Yes - a company can also get its identity stolen. Let me explain.

    There is a website www.sparkfunn.com that was privately registered on January 8th and updated on January 10th, 2022. Notice the extra n in funn. Cute right? It reminds me of when I tell people my name is spelled with two n’s, not one. Close but that’s not my name or SparkFun’s.

    With the domain sparkfunn.com officially registered, these scammers are sending emails using this domain with actual names of SparkFun employees to get other companies to ship them product. The email address is a digital sleight of hand to get in the door, but the actual PO attached to their email is pretty brazen.

  • TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches

    Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm 2.0, the vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities expanding the reach of TLStorm to millions of additional enterprise-grade network infrastructure devices.

    [...]

    In March 2022, Armis first disclosed TLStorm, three critical vulnerabilities in APC Smart-UPS devices that allow an attacker to gain control of them from the internet with no user interaction, resulting in the UPS overloading and eventually destroying itself in a cloud of smoke.

  • Botnet that hid for 18 months boasted some of the coolest tradecraft ever [Ed: Microsoft Windows TCO]

    “Once UNC3524 successfully obtained privileged credentials to the victim’s mail environment, they began making Exchange Web Services (EWS) API requests to either the on-premises Microsoft Exchange or Microsoft 365 Exchange Online environment,” the Mandiant researchers wrote. “In each of the UNC3524 victim environments, the threat actor would target a subset of mailboxes….”

  • New Sophisticated Malware
  • Security Researchers Find Nearly 400,000 Exposed Databases

    As per Trend Micro’s recent international Cyber Risk Index (CRI) findings for the second quarter of 2021, 76% of those surveyed anticipate a breach within the next 12 months. While this represents a 10% decline, it still indicates critical security holes. Over one-third of organizations experienced seven or more impactful cyberattacks in the preceding 12 months, a 10% rise from the previous year.

  • OpenPGP keys and SHA-1

    As you may know, Thunderbird offers email encryption and digital email signatures using the OpenPGP technology and uses Ribose’s RNP library that provides the underlying functionality.

    To strengthen the security of the OpenPGP implementation, a recent update of the RNP library had included changes to refuse the use of several unsafe algorithms, such as MD5 and SHA-1. The Thunderbird team had delivered RNP version 0.16.0 as part of the Thunderbird 91.8.0 update.

    Unfortunately, this change resulted in some users no longer being able to use their OpenPGP keys. We learned that the affected users still depend on keys that were created or modified with OpenPGP software that used SHA-1 for the signatures that are part of OpenPGP keys.

  • Musk says Twitter may see 'slight cost' for businesses and governments

    Business and government users on Twitter may need to pay a "slight" fee to stay on the social media platform, Tesla boss Elon Musk has said.

    It comes after the board of Twitter agreed to a $44bn (£34.5bn) takeover offer from Mr Musk.

    However, Mr Musk said the site would always be free for "casual users".

  • We Cannot Rely on Billionaires to Create Necessary Guardrails on Social Media

    “The most epic troll ever.” That’s how one Twitter employee described Elon Musk’s offer to buy the platform, and how it has largely been covered—as the latest entrepreneurial romp in the billionaire’s ever-growing cult of personality. A self-proclaimed “free speech absolutist” who sees Twitter as the “de facto public town square,” Musk did what any zillionaire with a savior complex would: purchase the town square, for $44 billion.

»

More in Tux Machines

Android Leftovers

Stats Suggest the Steam Deck May Have Influenced an Increase in Linux Gaming

Since the late 90s, Valve has been a force to be reckoned with in game development, as well as being the dominant global superpower in the PC storefront market. With the company's Aperture Desk Job game continuing to tease future projects, it's clear that Gabe Newell and the team at Valve still have a lot up their metaphorical sleeves. On top of that, the Steam Deck has been impressing a lot of people in both the industry and the community at large, and it's possible that this may have led to an increase in gamers using alternative operating systems. According to official Steam statistics from April, there has been a rise in the number of people using Linux on home PC, going up to 1.14%. A recent report from TechRadar says that while this is only a small increase, with previous stats showing Linux accounted for exactly 1%, this is quite significant, especially with the Steam Deck having been released just a couple of months ago. It's therefore possible that it may have had a direct influence on this rise in gamers opting for the open-source OS. Read more

Linux Lite: A Simple, Fast and Free Linux Lightweight Distro

No doubt, Linux Lite is a very simple, free, and minimalist distro. It is highly recommended for new users, basic users, and users with old specifications PC. This lightweight distro is indeed powerful enough to handle your general everyday task. Besides, it can offer you sufficient apps and a very user-friendly interface. That’s why it should always be your must-try if you are not a power user. Hopefully, you have got enough idea about this lightweight Linux distro from this article. If this is helpful, you can share it with your friends. And also, if you plan to give Linux Lite a try, don’t forget to inform us how it works on your system. Thank you in advance. Read more

Calamares Future

Calamares serves the needs of several dozen Linux distributions, large and small. It’s been around for 2892 days, give-or-take, nearly eight years. So what have we got for this anniversary? It is week 18 of 2022 when I write this. We’ve had 8 releases in 2022 (3.2.50 through 3.2.57), which is roughly every two weeks. This regular short-cycle pattern has been going for two or three years now. I’ve described the development workflow before. I still think it’s quite effective at getting things out to users, although I can also say that getting fixes for annoying, hard-to-reach bugs out is very slow going. Often branches get interrupted by small things that do fit in a short-cycle. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6