Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

More in Tux Machines

Development News

  • KDevelop 5.0.3 Open-Source IDE Improves GitHub Handling Authentication, More
    The development behind the open-source and cross-platform KDevelop IDE (Integrated Development Environment) was proud to announce on the first day of December the availability of the third point release for KDevelop 5.0 stable series. KDevelop 5.0.3 arrives one and a half months after the second maintenance update, but it's a small bugfix release that attempts to patch a total of nine issues reported by users since then. However, it's a recommended update for all users. "We are happy to announce the release of KDevelop 5.0.3, the third bugfix and stabilization release for KDevelop 5.0. An upgrade to 5.0.3 is strongly recommended to all users of 5.0.0, 5.0.1 or 5.0.2," reads the release announcement.
  • PHP 7.1.0
    The PHP development team announces the immediate availability of PHP 7.1.0.
  • PHP 7.1 Makes Its Debut
    This first major update to last year's huge PHP 7.0 release builds several new features on top. Introduced by PHP 7.1 is nullable types, a void return type, a iterable pseudo-type, class constant visibility modifiers, support for catching multiple exception types, and many other language enhancements plus more performance optimizations and other work.

Games for GNU/Linux

OSS Leftovers

SUSE Leftovers

  • openSUSE Tumbleweed – Review of the Week 2016/48
    After releasing daily snapshots without interruption for 17 days, Tumbleweed did slow down a bit during the last week. As already mentioned in my last review, 1124 had been canceled due to an issue with sddm installing strange branding configurations. And later on, we ‘broke’ our own staging setup and needed to bootstrap a few of them, making the throughput much lower than you were used to. So, we ended up with 3 snapshots since my last review: 1125, 1128 and 1129.
  • Highlights of YaST development sprint 28
    November is over, Santa Claus elves start to stress and the YaST team brings you one of the last reports of 2016. Let’s see what’s new in YaSTland.