Fedora, Red Hat, and IBM Leftovers
Red Hat has expanded its Red Hat Cloud Services that support the OpenShift application platform, adding new components to help with the development of hybrid applications such as a Service Registry, plus middleware to make it easier to link to cloud database services.
IBM shareholders at the IT giant's annual meeting last month endorsed a proposal to have the company produce a public report on the potential risks arising from its use of concealment clauses that constrain disclosure of workplace misconduct.
Security Leftovers
Case in point: the SolarWinds attack in 2020, when Kremlin-backed miscreants slipped malware into SolarWinds' Orion software, which was then pushed to some 18,000 SolarWinds' customers. This allowed the criminals to infiltrate nearly 100 US government and private-sector networks.
"When you get a White House podium statement that X did Y, like we did with with everything from Sony Pictures to NotPetya, that's 100 percent" confidence in the attribution, Joyce said.
In 2014, the FBI attributed the Sony Pictures cyberattack to North Korea, and US law enforcement blamed the 2017 NotPetya attacks on the Russian military.
Colonial Pipeline is facing an almost $1 million fine for control room management failures after the US Department of Transportation alleged they contributed to the nation's fuel disruption in the wake of the 2021 ransomware attack.
A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers.
Kaspersky claims that in 88 percent of organizations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.
Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. These flaws can be exploited to escalate privileges, leak information, or stop things from working.
Pangolin8RAT is modular malware that emerged in 2019 and is regularly updated. It is believed to be the successor of the PlugX and ShadowPad malware families, and has been used to target industries beyond gambling – transportation, telecom and governments have all been attacked.
[...]
TeamT5 also found threat actors collect and store victim credentials, software source code and business info for future use.
In the financially-motivated "cluster" of attacks, the group is using BitLocker and DiskCryptor to hold victims' documents to ransom.
Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs – 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000.
Efforts by Salesforce-owned cloud platform Heroku to manage a recent security incident are turning into a bit of a disaster, according to some users.
Heroku has run security incident notifications for 18 days and appears to have upset several of its customers due to a perceived lack of openness and communication.
Just received this email from Heroku. Given the timeline it seems like the breach is pretty serious.
The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, crystalcoder, and Кодер (Coder) developed the RAT, we're told, and works to improve it on a daily basis.
Opposition is building to India's recently introduced rules on reporting computer security breaches, which have come under fire for being impractical, ineffective, and impinging on privacy.
The rules were introduced without fanfare in late April by CERT-In, the nation's government-run computer emergency response team that has responsibility for incident management and wider infosec guidance.
[...]
India's Internet Freedom Foundation has offered an extensive criticism of the regulations, arguing that they were formulated and announced without consultation, lack a data breach reporting mechanism that would benefit end-users, and include data localization requirements that could prevent some cross-border data flows.
The foundation also points out that the privacy implications of the rules – especially five-year retention of personal information – is a very significant requirement at a time when India's Draft Data Protection Bill has proven so controversial it has failed to reach a vote in Parliament, and debate about digital privacy in India is ongoing and fierce.
Biden signs cybercrime tracking bill into law

US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime.
US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime.
F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products.
F5 officials said Thursday its most serious issue, a critical flaw in its iControl REST framework with a severity score of 9.8 out of 10, could be exploited to bypass the authentication software, used by its BIG-IP portfolio, and hijack equipment. Specifically, the vulnerability, tracked as CVE-2022-1388, can be abused by miscreants to, among other things, run malicious commands on BIG-IP devices via their management ports unimpeded.
Linux 5.17.8, 5.15.40, 5.10.116, 5.4.194, 4.19.243, 4.14.279, and 4.9.314
Open Hardware/Modding: Raspberry Pi, Arduino, and More
To connect Raspberry Pi remotely means that we can access the Raspberry Pi using some other computer and can perform different tasks on the Raspberry Pi.
The Raspberry Pi can be connected to the display screen by using the mini HDMI port but it can also connect to the desktop remotely by using different approaches which are being discussed in this article.
Spotify is an application that is used to stream millions of music tracks from all around the world on mobile phones, tablets, and desktops. The users of Spotify not only listen to their favorite music but also can make the albums of favorites to store their favorite collection. These albums can be shared with their friends as well as they can also access the albums or songs collections of their favorite people.
Raspberry Pi is a highly effective device that can be used for various purposes. The major advantage of this device is that it can be an ideal option to play large varieties of games, including Final Fantasy, Dragon Ball Z, Minecraft and so on. However, playing these games on Raspberry Pi will require an emulator and device performance that can handle these emulators providing you with a smooth and fast gaming environment.
The RetroPie is an operating system that enables your Raspberry Pi to be a retro-gaming machine so you can play retro games on the Raspberry Pi including the arcade and classic PC games.
For beginner and advanced level projects the Arduino provides a platform for the user that gives the assistance regarding programing the microcontroller as well as also helps in creating the hardware for the projects
This platform provides a variety of the microcontroller boards also known as Arduino boards having different specifications. So before using any Arduino board one must know the specification of the boards and most importantly the pins of the boards and their usability. So, we have explained the pinouts of the Arduino Uno board l and the use of each pin in detail.
Motorized wheelchairs can be very expensive, and for those who are unable to afford them, getting around the house can become a challenge. This is what inspired Wesley Gardner from element14 Presents to design a series of wheelchair modifications that can improve a person’s mobility.
Gardner began by coming up with a few parts in CAD for the battery mount, an electronics enclosure, and a whole host of clamps for attaching steel tubing to the chair. Next, he added a pair of crossmembers below the wheelchair to secure the 12V lead-acid battery in place. Three more tubes were attached vertically to the back as a way to hold the stepper motors against the wheels which rotate them via friction.
I had seen the Edge Impulse development platform for machine learning on edge devices being used by several boards, but I hadn’t had an opportunity to try it out so far. So when Seeed Studio asked me whether I’d be interested to test the nRF52840-powered XIAO BLE Sense board, I thought it might be a good idea to review it with Edge Impulse as I had seen a motion/gesture recognition demo on the board.
It was quite a challenge as it took me four months to complete the review from the time Seeed Studio first contacted me, mostly due to poor communications from DHL causing the first boards to go to customs’ heaven, then wasting time with some of the worse instructions I had seen in a long time (now fixed), and other reviews getting in the way. But I finally managed to get it working (sort of), so let’s have a look.
