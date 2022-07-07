Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Thursday 11th of August 2022 09:08:36 AM Filed under
Security
  • Windows zero day [sic] under attack was first reported in 2019 [iophk: Windows TCO]

    Among those that stands out is CVE-2022-34713.

    That’s both for the fact that Microsoft says exploitation has been detected, meaning a prompt patch or mitigation should be a priority, but because Imre Rad, the Hungarian security researcher who reported the vulnerability (or at least a close variation of it), had reported it to Redmond back in December 2019.

  • Microsoft urges Windows users to run patch for DogWalk zero-day [sic] exploit

    The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn’t consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June’s Patch Tuesday update.

  • The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part Sleepy

    This is part one of a two-part guest blog post, where first we'll look at the root cause of the CVE-2021-0920 vulnerability. In the second post, we'll dive into the in-the-wild 0-day exploitation of the vulnerability and post-compromise modules.

  • A Linux Zero-Day Was Finally Patched After Half a Decade of Inaction With Help From Google

    Google’s Threat Analysis Group revealed new details today about its efforts to identify and help patch a zero-day exploit impacting Android devices built by a commercial surveillance vendor and dating back to at least 2016. The research, presented at the Black Hat cybersecurity conference in Las Vegas, represents the latest attempt by Google to step up its efforts against a growing private surveillance industry that’s thriving, according to the researchers.

  • Stratus Red Team: Open-source tool for adversary emulation in the cloud - Help Net Security

    In this Help Net Security video, Christophe Tafani-Dereeper, Cloud Security Researcher and Advocate at DataDog, talks about Stratus Red Team, an open-source project for adversary emulation and validation of threat detection in the cloud. The tool supports common AWS and Kubernetes attack techniques.

    If you’re at Black Hat USA 2022, you can learn more about Stratus Red Team. Christophe will be at the Arsenal, doing demos and answering questions on Wednesday, August 10, starting at 11:30AM.

  • Slack admits to leaking hashed passwords for five years [Ed: Does not surprise me us all. They only admit this because they got caught, hence they need to spin this somehow, belittling the severity, just as LastPass did after several blunders (it had suffered a breach). The way forward is self-hosting and encrypting things (on server one controls, not leasing).]
  • iTWire - Cisco reveals attack on company's network by ransomware group

    Global networking giant Cisco has revealed that its systems have been breached, with the break-in becoming apparent on 24 May and effected through stolen employee credentials obtained from a personal Google account.

    The company's Talos Intelligence security unit issued a long blog post on Wednesday, providing details of the incident, but not specifying when the actual break-in occurred.

    The website Bleeping Computer, which reports on numerous ransomware incidents, said it had been emailed a list of files last week, which were claimed to have been stolen during the attack.

  • A marquee week for cybersecurity in Vegas- POLITICO
2 Tools for Linux Terminal Sharing

At times, you wish you could explain what you are seeing on the screen of your Linux system to someone else. Although you could exchange screenshots, being able to interact would be so much better; thus, the basis for Linux terminal sharing. Several tools let you share a screen, including tmate, tmux, screen, teleconsole, tty-share, ttyd, named pipe/FIFO, WebTTY, and byobu, to name a few. In this article, I cover what are generally considered the most common tools: screen and tmux. Read on Also: Our favorite Linux replacements for antiquated open source tools

Microsoft Layoffs

  • Microsoft asks staff to think twice before submitting expenses [Ed: Lots of Microsoft layoffs lately; this article belittles the real severity]

    Microsoft is telling staff across the entire business to cast a more watchful eye over expenses in the face of economic uncertainty. Some business travel, external training sessions, and company get-togethers are all falling under the gaze of Redmond's accountants. In one recent instance recounted by a loquacious yet unidentified source, as reported by the Wall Street Journal, Microsoft managers personally paid the bill to feed and water staff at a company picnic, something the multibillion-dollar-profit business would have covered itself before. Last month during an earnings call to discuss Microsoft's financials for its Q4 ended 30 June, chief financial officer Amy Hood said: "We will continue to invest in future growth while maintaining intense focus on operational excellence and execution discipline."

today's leftovers

  • Migrating from VMware to an open-source private cloud in financial services | Ubuntu

    This is part one of a two part blog series on open source based private cloud for financial services. This blog describes the need for a cost-effective private cloud to execute a successful hybrid cloud strategy. It also shares a comparison between proprietary and open source based private cloud platforms. In the second part, we will elaborate on the key considerations that financial institutions need to think about when planning to migrate to open source based private cloud platforms, along with the operational benefits of Charmed OpenStack for financial institutions. To drive business agility, financial institutions are on a journey to fundamentally reshape their IT infrastructure. As their IT estates grow and become more complex, financial institutions are increasingly facing the challenge to optimise their infrastructure spend. Many financial institutions are adopting scalable and agile cloud infrastructure guided by a hybrid multi-cloud strategy.

  • Ubuntu 22.04 vs 20.04 – What’s new?

    Ready to see what’s new in Ubuntu 22.04? In this article, you will learn about all of the main differences between Ubuntu 22.04 Jammy Jellyfish and its predecessor, Ubuntu 20.04 Focal Fossa. We will also list some of the more subtle changes which may not be as noticeable at first, but serve to modify the new operating system under the hood.

  • What drives digital transformation in an enterprise? | SUSE Communities

    Digital transformation within organizations has been a strategic move to uplift businesses in many enterprises. In this era of constant change, transformation can come in all shapes and sizes. It could be a cultural/structural change that could have a larger impact or could be infrastructure expansion transforming business models.

  • How to Record Audio in Ubuntu and other Linux Distributions

    How to record audio in Ubuntu and other Linux distributions? If you want to record a voice over through the microphone of your computer, you can use GNOME Sound recorder or Audacity. Using GNOME Sound Recorder is easy but it lacks features. Audacity could be overwhelming initially but it has plenty of features for professional level recording. However, I am not going into that detail in this tutorial. GNOME Sound Recorder works with the microphone. There is another tool called Audio recorder and you can use it to record streaming music (from Sptify, YouTube, internet radio, Skype and most other sources) apart from microphone input.

  • How I wish I could organize my thoughts

    I keep a pen & notebook on my desk, which I make liberal use of to jot down my thoughts. It works pretty well: ad-hoc todo lists, notes on problems I’m working on, tables, flowcharts, etc. It has some limitations, though. Sharing anything out of my notebook online is an awful pain in the ass. I can’t draw a straight line to save my life, so tables and flowcharts are a challenge. No edits, either, so lots of crossed-out words and redrawn or rewritten pages. And of course, my handwriting sucks and I can type much more efficiently than I can write. I wish this was a digital medium, but there are not any applications available which can support the note-taking paradigm that I wish I could have. What would that look like? [...] Other objects would include flowcharts, tables, images, hand-written text and drawings, and so on. These objects can be placed free form on the grid, or embedded in a page, or moved between each mode. The user input paradigm should embrace as many modes of input as the user wants to provide. Mouse and keyboard: middle click to pan, scroll to zoom in or out, left click and drag to move objects around, shift+click to select objects, etc. A multi-point trackpad should support pinch to zoom, two finger pan, etc. Touch support is fairly obvious. Drawing tablet support is also important: the user should be able to use one to draw and write free-form. I’d love to be able to make flowcharts by drawing boxes and arrows and having the software recognize them and align them to the grid as first-class vector objects. Some drawing tablets support trackpad and touch-screen-like features as well — so all of those interaction options should just werk.

Programming Leftovers

  • Type support: getting started with syslog-ng 4.0 - Blog - syslog-ng Community - syslog-ng Community

    Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side. This makes your life easier, for example when you store numbers to Elasticsearch or to other type-aware storage. From this blog, you can learn how type support makes your life easier and helps you to give it a testdrive on your own hosts.

  • 11 Best AngularJS Frameworks for Your Next Web App Development

    What framework do you prefer to use when you need to prepare single-page applications? Angular JS is the ideal JavaScript framework offering quick page loading speed, quick navigation, smooth usability, and adds value to the websites. Do you know that there are 610,756 live websites using AngularJS? Let us know about AngularJS and its associated frameworks for seamless web application development.

  • Please welcome Dan to Library Contributors | Inside Rust Blog

    Please welcome Dan Gohman to the Library Contributors group! You might know Dan from his work on Wasmtime, WASI, the recent I/O Safety RFC, cap-std, rustix, or one of his many (often WASI or I/O related) contributions to the Rust standard library.

  • FSD meeting recap 2022-08-05 [Ed: Too hostile a forum for FSF. Some of the staff wanted to oust the FSF's founder from the FSF.]

    Check out the great work our volunteers accomplished at today's Free Software Directory (FSD) IRC meeting. Every week, free software activists from around the world come together in #fsf on Libera.Chat to help improve the (FSD). This recaps the work we accomplished at the Friday, August 05, 2022 meeting, where we saw a new program added, and we had several good discussions.

  • LibreOffice QA/Dev Report: July 2022

    LibreOffice 7.3.5 was announced on July 21 Adolfo Jayme Barrientos improved the layout of many dialogs Rafael Lima expanded the help for ScriptForge with many new features Olivier Hallot (TDF) updated the help for Fontwork and CSV import

  • PostgreSQL: Navicat 16.1 is released

    PremiumSoft CyberTech Ltd. today announced an upgraded version of Navicat 16.1. In this version,

  • Why I joined Mozilla’s Board of Directors

    I first started working with digitalization and the internet when I became CEO of Scandinavia Online in 1998. It was the leading online service in the Nordics and we were pioneers and idealists. I learnt a lot from that experience: the endless opportunities, the tricky business models and the extreme ups and downs in hypes and busts of evaluation. I also remember Mozilla during that time as a beacon of competence and idealism, as well as a champion for the open internet as a force for good.

