Security Leftovers
Chinese hackers backdoor chat app with new Linux, macOS malware [Ed: Nowadays the Microsofters in the media are calling "backdoors" things that are simply malware and one has to actually install; of course they like to blame "Linux" (because the user can add malware on top of it). Saying Linux isn't secure because it doesn't prevent you installing malware is like saying bridges are dangerous because you may commit suicide by jumping off them.]
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.
Linux Threats: A Black Hat 2022 Hot Topic? (Video) [Ed: Aside from patent trolling, Blackberry reinvented itself as anti-Linux FUD source in recent years. They intentionally overlook back doors (e.g. Windows) and blame everything on "Linux".]
There are usually a few cyberthreat trends that seem to emerge as important themes at each year’s Black Hat conference. And this year, the increase in Linux threats may be one of them.
#StopRansomware: Zeppelin Ransomware [Ed: Ransomware is predominantly a Microsoft Windows problem]
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Cisco Releases Security Update for Multiple Products
This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
elementary Blog: Updates for July, 2022
Firstly, thank you so much for your patience this month! I’ve been out sick with COVID for about 3 weeks, so I haven’t been able to contribute much or organize releases this month. I want to give a special thanks to our volunteer community who has continued to make improvements and move forward on projects in my absence. I’m excited to catch up and get back to work to make the most of the rest of this month. Having said that, this is going to be a very brief updates post. [...] A ton of energy in the community has gone into Gtk 4 porting for OS 7 and beyond. The team is making steady progress on porting System Settings and we landed the Gtk 4 port for Sideload. We’ve also uncovered some style issues and gaps in style constants, so if you’re working on porting your app to our Flatpak Platform 7, know that we’ll be releasing some fixes soon. I want to give some special acknowledgment to Owen Malicsi who has taken a lot of ownership over Gtk4 porting. Owen started contributing to elementary to improve his development skillset in preparation for college, and he’s done an amazing job both in successfully porting components to Gtk 4 as well as identifying blockers and creating discussions around refactoring for Gtk 4 paradigms. I’m super proud of his growth and contribution and we wish him well in his studies! Thanks Owen! Read on
Russian-Made Baikal M1-Based Laptop Shows Up in Pre-Production
Bitblaze, a Russian brand specializing in servers, storage systems, and workstations, has demonstrated its pre-production Bitblaze Titan BM15 laptop based around the Baikal-M1 processor designed in Russia. The notebook, designed primarily for government agencies and enthusiasts, is said to enter mass production in November. The only question is whether the company can indeed mass produce the machine now that TSMC does not produce advanced chips for any company in Russia. "I have a legend in my hands: a pre-production Bitblaze Titan (opens in new tab) laptop based on the Baikal-M processor is ready," said Yana Brush, commercial director of Prombit, the company behind Bitblaze, in a blog post (opens in new tab). "A very decent built quality, thin aluminum case, light weight. I have tested some mainstream software applications: office programs and YouTube. Works great, lasts five hours on the battery. We continue testing in various workloads, getting ready for the official release." [...] Keeping in mind that the company does not disclose which Linux distributions the machine will run, it should be testing various software. Read on
The sad fate of the JingPad A1 Linux tablet
Apple has long dominated the tablet space, but that hasn’t stopped companies from releasing hundreds of Android, Windows, or Chrome OS tablets in recent years. The JingPad A1 was supposed to be something different: it shipped with JingOS, a Linux-based operating system optimized for touchscreen input but capable of running full-fledged desktop apps. At least that was the idea. But when Jingling, the company behind the tablet, began shipping units to customers last year, many found the software to too buggy for the general public and not as open as Linux enthusiasts would like. Eventually the company ran out of money, laid off staff, and did provide a way to replace the operating system with Android or something else (like Ubuntu Touch). While Liliputing has covered the rise and fall of Jingling, but we never actually got to spend any time with the JingPad A1 tablet itself. Now TechHut has put together a video documenting the highs and lows… with some hands-on demonstrations of wha the tablet could and could not do. Read on Also: Essential Sensors
Security Leftovers
