Security Leftovers
Thoroughly Modern: Good Security Is Just As Important As Good Code - IT Jungle
Can my IBM i really be hit with a virus? Can it be hit with ransomware?
These are the questions I regularly get from clients as a security expert with more than 20 years of experience. With the pervasiveness of these ransomware threats and sophisticated cyberattacks that we’re seeing in recent times, it only makes sense that we pay close attention to these threats.
Security on the IBM i is a complex topic, and it is not one that is easily tackled with a few bullet points and tweaks of systems settings. Just like programming on the platform, for that matter. And people have to take the same care with security that they do with programming. These days, applications are not much good if they are not secure, as more than a few companies have found out the hard way. This is a big mind shift, and one that a lot of IT organizations need to get in gear with.
Follina Exploited by State-Sponsored Hackers [Ed: Microsoft should be banned for IT recruitment/procurement for this deliberate neglect]
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.
Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. Attacks consist of campaigns targeting victims U.S. and E.U. government workers. Malicious emails contain fake recruitment pitches promising a 20 percent boost in salaries and entice recipients to download an accompanying attachment.
U.S. Water Utilities Prime Cyberattack Target, Experts [Ed: There have already been reported incidents where Microsoft Windows put people's drinking water at risk]
Linux malware ‘Symbiote’ used to attack Latin American financial sector [Ed: The issue here isn't Linux itself but malware that someone gets on the system, due to poor maintenance, bad password, sabotage etc.]
Researchers at BlackBerry and Intezer have discovered a new Linux malware named “Symbiote” that is being used to target financial institutions across Latin America.
Joakim Kennedy, security researcher at Intezer, and the BlackBerry Research & Intelligence Team released a report last week highlighting the financially motivated campaign, noting that what makes Symbiote different from other Linux malware is that “it needs to infect other running processes to inflict damage on infected machines.”
Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems [Ed: Windows has actual back doors, whereas in Linux what they refer to as "back doors" is some malware finding its way in, then altering the system]
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.
viu - Terminal Image Viewer with Kitty Graphics Protocol support
One of our favorite adages is “A picture is worth a thousand words”. It refers to the notion that a still image can convey a complex idea. Images can portray a lot of information quickly and more efficiently than text. They capture memories, and never let you forget something you want to remember, and refresh it in your memory. Images are part of every day internet usage, and are particularly important for social media engagement. A good image viewer is an essential part of any operating system. viu is different from the vast majority of image viewers. It’s a small command-line program to view images from the terminal. It also supports the Kitty Graphics Protocol. This allows you to view high resolution images direct in a terminal. viu is written in Rust and published under an open source license.
Review: Rolling Rhino Remix
The concept of Rolling Rhino Remix is one which I feel is worthwhile. A lot of people have been saying for years that Ubuntu could benefit from a proper rolling release branch, not just a development repository. However, few developers have taken on the task, trying to make it work. Rhino is a decent attempt at making this a working option. Some things are definitely working and working well. The initial configuration command (rhino-init) and the update command (rhino-upgrade) seem to work properly to set up the system and bring all packages up to date. These functioned as expected and I was pretty happy with them. The Pacstall framework seems to be getting larger and more polished since I first tried it last year. There are still some issues when searching for packages, but installing new items seems to work without any problems. The one sore spot in my experience was the rhino-config command line program. Running rhino-config rarely worked properly. Sometimes the tool falsely reported the status of features, sometimes it failed due to problems in calling sudo, and sometimes it incorrectly interpreted command line flags. It was an ongoing problem in what was otherwise a mostly smooth experience. I will say though that making the two of the rhino- commands aliases rather than scripts strikes me as a problem. As I mentioned above, using aliases will break the tools if the user switches shells and it seems to cause issues when some commands try to run sudo, especially if sudo doesn't already have our cached credentials. In short, I think Rhino is off to a promising start. It needs a few things worked out and maybe a few things automated before I'd say it's ready for general consumption, but it's off to a decent start. I especially think Ubuntu could benefit from a rolling release in the way Rhino is trying since it supports working with ZFS which allows the administrator to take filesystem snapshots before each upgrade. I'd love to see tools like boot environments or Timeshift added to Rhino in order to make its rolling upgrades bulletproof. One final point I'd like to mention is Rhino's documentation. Rhino is a fairly young project, but the remix-specific documentation which covers installing and using the rhino- utilities is clear and detailed. Not many young projects pay attention to documentation this early in their development and I tip my hat to the developers for making this a priority. It helped me a lot when I was trying to sort out some of the workings of rhino-update and rhino-config.
Security Leftovers
