Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

More in Tux Machines

today's howtos

  • How to Select All in Vim / Vi

    Knowing how to select all content in Vim or the Vi editor enables you to complete routines like copying and pasting in Linux quickly. The process can be tricky if you don’t understand how to use the editors properly or bind keys. For instance, you can select all in Vim/Vi by combining the gg, V, and G keys. ggVG Before that, you must be in the normal mode and know what the groups of keys mean or do. This article takes you through Vim/Vi modes, commands, and key bindings. You will find it simpler to select and use file contents with this knowledge.

  • How to Use Restic to Backup and Restore Data in Linux

    Restic is an open-source, secure, and cross-platform backup program. Using Restic we can store multiple versions of files and directories in an encrypted repository. Restic can be used to back up data to an external device or to cloud storage. Restic encrypts data with the AES-256 in counter mode and then authenticates it using the Poly1305-AES cryptographic message authentication code. This way Restic guarantees confidentiality and data integrity by utilizing cryptography. Restic does incremental backups which makes it easier and faster compared to some other backup programs. What this means is that it stores a base backup image and then for each subsequent backup, it stores the difference between that base image and the source machine. This leads to increased backup speed as only the modified data is backed up. It also consumes less backup space.

  • How to install PulseEffects on a Chromebook

    Today we are looking at how to install PulseEffects on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Rubenerd: Basic fix between pf tables and macros on FreeBSD

    I worked with a FreeBSD client this morning who’d messed up the pf rules on their VM firewall, and wanted to know how to fix them.

LINMOB.net - Weekly GNU-like Mobile Linux Update (26/2022): Plasma Mobile Gear 22.06, Ubuntu Touch OTA-23 and the MNT Pocket Reform

Extensions coming to GNOME Web, some new Sailfish OS Community News, NOKIA causes a naming dispute and more! Read more

The Best Desktop Environments of 2022

As Linux users, we’re often spoiled for choice when it comes to software. There are some basic programs that we keep coming back to that are so integrated into the stack that we forget they’re even there. However, when it comes to things like desktop environments, it can be hard to determine the best option for exactly what you’re going to use it for. We have reviewed different Linux Desktop Environments, and there’s a lot of overlap between use cases. Here we show you the best Linux Desktop Environments for your particular use case. Read more

Porteus 5.0 is released!

Team Porteus is finally able to announce the immediate availability of Porteus-v5.0 final in EIGHT desktop flavours. Read more