Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hackers use Microsoft security tool to pwn Microsoft security tool

    FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defence gun 180 degrees and fired.

    The result of their research is p0wnage of the enhanced mitigation toolkit so that instead of defending Windows it attacks it.

    The attacks the pair found affect older versions of Windows which rely on EMET for modern defences like address space layout randomisation and data execution prevention.

  • Is Linux Really as Secure as You Think It Is?

    Security is an important topic on everyone’s minds in today’s highly-technological world. With all of the security news that pops up on almost a daily basis, trying to be aware of the choices you make can make a big difference. Linux is often touted as the most secure operating system you can get your hands onto, but is this reputation deserved?

  • A Fedora Distribution download primer

    With the fresh news of a compromise in the Linux Mint distribution images, I thought I would take a few minutes to explain how Fedora handles image downloads and what you can do as an end user to make sure you have the correct and official Fedora images.

  • Mousejack: Hacking Computers Via Your Mouse With 15 Lines Of Code And Radio Dongle
  • How Criminals Could Hijack Wireless Mice to Hack Computers from Afar

    Wireless computer mice give users the convenience of not having to deal with cumbersome wires and cables. But they might also open up the door for malicious hackers to get a way into their computers, researchers warn.

    A flaw in the way several popular models of wireless mice and their corresponding receivers, the sticks or “dongles” that plug into a USB port and transmit data between the mouse and the computer, handle encryption could leave “billions” of computers vulnerable to hackers, security firm Bastille warned on Tuesday.

  • Child tracking firm calls out security researcher on 'hack'

    A CHILD MONITORING COMPANY is mad as heck at a security researcher for highlighting a security problem without asking its consent first. Or something.

    The company in question is uKnowkids and its target is a chap called Chris Vickery, a security researcher. His crime? Security research.

    uKnowKids.com is a kind of virtual Mary Poppins. It does not put children in danger, like Mary Poppins, but it does look out for them and keep an eye on what they do by monitoring their communications and stuff.

    We imagine that in some circumstance it has got some children in trouble. This week it is getting an older person in trouble, and accusing a security researcher of hacking as opposed to security researching.

  • URL shortening – are these services now too big a security risk to use?

    Spammers and malware pushers are still heavily abusing URL shortening services, messaging security firm Cloudmark has reported in its 2015 annual security report (reg required). The popular Bit.ly service has recently become a particular favourite with criminals with 25,000 individual malicious links run though that service every single day in recent times. This sounds alarming but it gets worse. According to the firm, this meant that an extraordinary 97 percent of Bit.ly links now led to malicious websites.

More in Tux Machines

elementary Blog: Updates for July, 2022

Firstly, thank you so much for your patience this month! I’ve been out sick with COVID for about 3 weeks, so I haven’t been able to contribute much or organize releases this month. I want to give a special thanks to our volunteer community who has continued to make improvements and move forward on projects in my absence. I’m excited to catch up and get back to work to make the most of the rest of this month. Having said that, this is going to be a very brief updates post. [...] A ton of energy in the community has gone into Gtk 4 porting for OS 7 and beyond. The team is making steady progress on porting System Settings and we landed the Gtk 4 port for Sideload. We’ve also uncovered some style issues and gaps in style constants, so if you’re working on porting your app to our Flatpak Platform 7, know that we’ll be releasing some fixes soon. I want to give some special acknowledgment to Owen Malicsi who has taken a lot of ownership over Gtk4 porting. Owen started contributing to elementary to improve his development skillset in preparation for college, and he’s done an amazing job both in successfully porting components to Gtk 4 as well as identifying blockers and creating discussions around refactoring for Gtk 4 paradigms. I’m super proud of his growth and contribution and we wish him well in his studies! Thanks Owen! Read on

Russian-Made Baikal M1-Based Laptop Shows Up in Pre-Production

Bitblaze, a Russian brand specializing in servers, storage systems, and workstations, has demonstrated its pre-production Bitblaze Titan BM15 laptop based around the Baikal-M1 processor designed in Russia. The notebook, designed primarily for government agencies and enthusiasts, is said to enter mass production in November. The only question is whether the company can indeed mass produce the machine now that TSMC does not produce advanced chips for any company in Russia. "I have a legend in my hands: a pre-production Bitblaze Titan (opens in new tab) laptop based on the Baikal-M processor is ready," said Yana Brush, commercial director of Prombit, the company behind Bitblaze, in a blog post (opens in new tab). "A very decent built quality, thin aluminum case, light weight. I have tested some mainstream software applications: office programs and YouTube. Works great, lasts five hours on the battery. We continue testing in various workloads, getting ready for the official release." [...] Keeping in mind that the company does not disclose which Linux distributions the machine will run, it should be testing various software. Read on

The sad fate of the JingPad A1 Linux tablet

Apple has long dominated the tablet space, but that hasn’t stopped companies from releasing hundreds of Android, Windows, or Chrome OS tablets in recent years. The JingPad A1 was supposed to be something different: it shipped with JingOS, a Linux-based operating system optimized for touchscreen input but capable of running full-fledged desktop apps. At least that was the idea. But when Jingling, the company behind the tablet, began shipping units to customers last year, many found the software to too buggy for the general public and not as open as Linux enthusiasts would like. Eventually the company ran out of money, laid off staff, and did provide a way to replace the operating system with Android or something else (like Ubuntu Touch). While Liliputing has covered the rise and fall of Jingling, but we never actually got to spend any time with the JingPad A1 tablet itself. Now TechHut has put together a video documenting the highs and lows… with some hands-on demonstrations of wha the tablet could and could not do. Read on Also: Essential Sensors

Security Leftovers

  • CERT-In identifies multiple vulnerabilities in Microsoft products and Red Hat Linux Kernel

    CERT-In on Wednesday issued alerts for multiple vulnerabilities in Microsoft products including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel. The vulnerabilities are said to be used by remote attackers to access sensitive information and execute arbitrary code on Microsoft products while in Red Hat Linux Kernel they can be exploited to gain elevated privileges and access sensitive information

  • Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users [Ed: The issue is MiMi, not the OS]

    We noticed a server hosting both a HyperBro sample and a malicious Mach-O executable named “rshell.” HyperBro is a malware family used by Iron Tiger (also known as Emissary Panda, APT27, Bronze Union, and Luckymouse), an advanced persistent threat (APT) group that has been performing cyberespionage for almost a decade, and there have been no reports of this group associated with a tool for Mac operating systems (OS). We analyzed the Mach-O sample and found it to be a new malware family targeting the Mac OS platform. We also eventually found samples compiled for the Linux platform that belongs to the same malware family.

  • This Week in Malware - Fileless Linux Cryptominer, 100 Packages [Ed: The issue is not "Linux" but malware that one can unwittingly install in Linux]