Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Friday [LWN.net]

    Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).

  • Microsoft Azure FabricScape Bug Let Hackers Hijack Linux Clusters [Ed: Microsoft media operatives and Microsoft-connected sites are quick to blame "Linux" for a Microsoft proprietary software issue; Microsoft hates Linux and constantly defames Linux. Jim Zemlin is in bed with the enemy.]
  • Analyzing the Swiss E-Voting System [Ed: Voting machines will never work properly or reliably, more so if they run proprietary software in the stack and aren't audited at a binary level by multiple independent auditors. Use traditional paper ballots instead.]

    Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.

  • How to Assess an E-voting System

    If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several countries and several U.S. states have offered e-voting to some of their citizens. In many cases they plunge forward without much consideration of whether their e-voting system is really secure, or whether it could be hacked to subvert democracy. It’s not enough just to take the software vendor’s word for it.

    Switzerland is a country that wanted to do it right, fumbled, and in the process learned that an important part of getting it right is a careful (and expensive) study, that’s independent of the vendor selling the system, and independent of the governmental body that’s purchasing the system. The study wasn’t particularly expensive—about half a million Swiss francs, which is about half a million US dollars—but that’s half a million that most U.S. states or other countries have not spent before rushing to deploy a system. After the study, the Swiss government’s conclusion was, “The e-voting system currently being developed by Swiss Post has been significantly improved. However, further developments, some of them substantial, are still required.”

  • CISA Adds One Known Exploited Vulnerability to Catalog [Ed: This is all about Microsoft, but the page totally fails to name it even once until the third paragraph! The title too could be improved. I saw almost 10 headlines saying CISA warns about "Linux" in the past few days, but: 1) it was patched months ago; 2) it's privilege escalation; 3) they miss the bigger issues listed by CISA; 4) they are Microsoft boosters doing this; 5) it is systemd, not Linux.]

    Original release date: July 1, 2022
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

SOHO

  • Highly Sophisticated Malware Attacks Home and Small Office Routers | eSecurityPlanet

    Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work.

    Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks. According to Lumen’s Black Lotus Labs, this sophisticated campaign “has been active in North America and Europe for nearly two years beginning in October 2020.”

Microsoft Windows TCO

  • Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware

    The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.

    "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a report.

    Evidence indicates the ransomware strain was still in development as recently as February 2022, and only started to be used in attacks starting April after it was advertised on underground forums with an intent to buy and monetize corporate network access for a share of the profits.

    Similar to other ransomware operations, Black Basta is known to employ the tried-and-tested tactic of double extortion to plunder sensitive information from the targets and threaten to publish the stolen data unless a digital payment is made.

    A new entrant in the already crowded ransomware landscape, intrusions involving the threat have leveraged QBot (aka Qakbot) as a conduit to maintain persistence on the compromised hosts and harvest credentials, before moving laterally across the network and deploying the file-encrypting malware.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

This week in KDE: Major accessibility improvements

Though KDE’s goal-setting process is still ongoing, contributors have started working on Plasma accessibility in a major way! As of Plasma 5.26, all Plasma widgets will be fully compatible and usable with a screen reader, thanks to Fushan Wen with assistance from Harald Sitter! Read on

Today in Techrights

Security Leftovers

  • Chinese hackers backdoor chat app with new Linux, macOS malware [Ed: Nowadays the Microsofters in the media are calling "backdoors" things that are simply malware and one has to actually install; of course they like to blame "Linux" (because the user can add malware on top of it). Saying Linux isn't secure because it doesn't prevent you installing malware is like saying bridges are dangerous because you may commit suicide by jumping off them.]

    Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.

  • Linux Threats: A Black Hat 2022 Hot Topic? (Video) [Ed: Aside from patent trolling, Blackberry reinvented itself as anti-Linux FUD source in recent years. They intentionally overlook back doors (e.g. Windows) and blame everything on "Linux".]

    There are usually a few cyberthreat trends that seem to emerge as important themes at each year’s Black Hat conference. And this year, the increase in Linux threats may be one of them.

  • #StopRansomware: Zeppelin Ransomware [Ed: Ransomware is predominantly a Microsoft Windows problem]

    CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

  • CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. 

  • Cisco Releases Security Update for Multiple Products

    This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

today's leftovers

  • Portable Computer Pre-History: Portable Before Laptops

    Portability is relative. When former Texas Instruments employees Rod Canion, Jim Harris and Bill Murto created a portable version of the IBM PC in 1982, it was a hulking device that weight 28 pounds and was roughly the size of a sewing machine. If you sold a desktop computer that weighed 28 pounds in 2018, you’d be laughed off the block. But the device, called the Compaq Portable, was revolutionary for its time and thrust the company that made it into the mainstream. It wasn’t too long before then that a portable computer was so embarrassingly large that you would probably break your legs if you used it as a laptop. Tonight’s Tedium ponders a time when portable computing meant something just a little bit bigger.

  • Fedora Sway OSTree Spin name

    The Fedora Sway SIG is working to create an immutable version of the Sway Spin (also work in progress) using OSTree. Those immutable spins of Fedora are becoming more common following Silverblue and Kinoite’s success. As it often happens, one of the most challenging things to do in creating something is to come up with clever names. This task is made even more complex by the relatively small amount of people active in this conversation. For this reason, during the last SIG meeting, it was decided to socialize this decision so that more people could suggest their ideas.

  • Output requirements.txt packages pinned to latest version
  • How to install OpenSCAD on a Chromebook

    Today we are looking at how to install OpenSCAD on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Stupid SMP Tricks: A Review of Locking Engineering Principles and Hierarchy: paulmck — LiveJournal

    Daniel Vetter put together a pair of intriguing blog posts entitled Locking Engineering Principles and Locking Engineering Hierarchy. These appear to be an attempt to establish a set of GPU-wide or perhaps even driver-tree-wide concurrency coding conventions. Which would normally be none of my business. After all, to establish such conventions, Daniel needs to negotiate with the driver subsystem's developers and maintainers, and I am neither. Except that he did call me out on Twitter on this topic. So here I am, as promised, offering color commentary and the occasional suggestion for improvement, both of Daniel's proposal and of the kernel itself. The following sections review his two posts, and then summarize and amplify suggestions for improvement.

  • Ubuntu Unity 22.04 Quick overview #linux #UbuntuUnity - Invidious
  • FOSS Force Open Source News Quiz (8/12/22) - FOSS Force

    How closely did you follow the news about Linux and free and open source software this week? You can get an idea about how well informed you are (and have some fun in the process) by taking our Open Source News Quiz. Once you’re done, scroll down to the comments section and let us know how you did!