Navigation

Language Selection

Search

Security Leftovers

Submitted by Roy Schestowitz on Thursday 3rd of March 2016 01:43:47 AM Filed under

Security

Open-source code from Mars rover used in espionage campaign targeting Indian government

Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.
Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.
Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.
OpenSSL update fixes Drown vulnerability
HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

Login or register to post comments
Printer-friendly version
858 reads
PDF version

More in Tux Machines

Games: Turmoil, INSOMNIA: The Ark, Survivors of Borridor, Crashlands

Turmoil - The Heat Is On DLC now available on GOG

Just a quick one: For those of you after a casual management game, Turmoil could be a safe bet. GOG just added The Heat Is On DLC too. GOG have had the game on their store for a while, but they were sadly missing the DLC until this week.
Story-driven RPG INSOMNIA: The Ark has a new trailer showing some darker elements

Pretty darn excited by INSOMNIA: The Ark [Steam], more good-looking story-driven RPGs are a must on Linux. This new trailer is making it sound quite interesting.
Survivors of Borridor is a fast-paced co-op survival game where even a smartphone can be used

Really like seeing more games do this! Survivors of Borridor [Steam, Official Site], a fast-paced couch co-op survival game where even a smartphone can be used to control a character.
Story-driven crafting RPG Crashlands has a huge combat overhaul

Did you find combat in Crashlands a little tedious? Well you weren't alone and now a huge patch is out to revamp it.

Linux 4.17 RC6

Linux 4.17-rc6

Things continue to be fairly calm. There's a couple of commits in here that aren't "trivial few-liners", but most of it really is pretty small. And in fact, a quarter of the full patch for the week is tooling - and the bulk of that is the testing subdirectory. In fact, drivers are in the minority here, because another 30% is arch updates (arm, s390, x86), and we even have more lines of filesystem fixes than we have driver fixes (admittedly mostly due to a few of the more-than-a-few-liner patches being to filesystems: afs and btrfs). We do have a few driver fixes (all over - hwmon, usb, sound, acpi, gpu), but it's all really small. So nothing special to report. Go read the shortlog, pull the changes, build, and test. It should all be good and pretty stable by this point. Linus
Linux 4.17-rc6 Kernel Released As Another "Fairly Calm" Release

Linux 4.17 is up to its sixth weekly release candidate ahead of the official release expected by mid-June.

KDE Plasma 5.13 Looks Like an Awesome Update

The KDE Plasma 5.13 release is shaping up to be something rather special indeed. Currently in development, KDE Plasma 5.13 serves as the next major release of the leading Qt/Qml desktop environment. The update features a stack of improvements, refinements and some innovative new functionality. In this post we roundup the best KDE Plasma 5.13 features and changes, plus give you all the details on how to upgrade to Plasma 5.13 in Kubuntu and KDE Neon once it is released on June 12, 2018. Also: First week of coding phase, GSoC'18

Today in Techrights

Latest News

A look at Spice-Up presentation software for GNU/Linux

As a student, presentations are second nature to me. I can’t even count the amount of times I have had to make visual presentations and slides of information over the course of the past couple years. I’ve always been one to like to change things up, and get bored if I don’t, so rather than always using Google Slides or Microsoft PowerPoint, or even LibreOffice Impress, I’ve opted to use a handy little piece of software called “Spice-Up” on a few occasions.

DragonFly BSD 5.2.0

My experience with DragonFly this week was a lot like my experiences with other members of the BSD family. The system is lightweight, provides lots of useful documentation and gives us a minimal platform from which to build our operating system. The system was stable, fast and provided me with most of the software I wanted. Apart from DragonFly not working with my desktop computer's hardware, I had an overall good experience with the operating system. I had mixed feelings about H2. At this point the file system seems stable and can be used for most common tasks. However, the advanced features that make the future of H2 look so appealing, are not all in place yet. So it might be best to wait another year before switching over to H2 if you want to make the most of snapshots and other advanced file system options. DragonFly is typically regarded as a server operating system, and that is where its strengths lie. However, this week I feel it performed well as a desktop platform too. It takes a little while to set up DragonFly as a desktop, but the documentation walks us through most of the process and I was able to do everything I would typically do on Linux desktop distribution. Also: Server maker IXsystems sets sail with new TrueNAS flagship

Software: WiFi, GIMP, WordPress

WiFi hacker- 10 best Android & Desktop WiFi hacking apps free download

Hacking is no more the specialty of experts and professionals only. With the emergence of user-friendly hacking tools, the art can be easily aced by average users too. A majority of people want to know the best, free WiFi hacker tools to learn to hack on smartphones and desktops. Despite the availability of so many hacking tutorials online, let us tell you that hacking is not as easy to learn. It cannot be learned overnight and requires in-depth research and dedication to become a pro at hacking.
GIMP 2.10.2 Released

It’s barely been a month since we released GIMP 2.10.0, and the first bugfix version 2.10.2 is already there! Its main purpose is fixing the various bugs and issues which were to be expected after the 2.10.0 release.
GIMP 2.10.2 Released With HEIF Image Format Support

Just shy of one month since the long-awaited debut of GIMP 2.10, the first stable point release is now available. Besides fixing bugs, there is new features too including support for HEIF images for importing and exporting, spherize and recursive transform filters added, improved histogram computation, and more.
GIMP 2.10.0 released. How to install it on Fedora or Ubuntu
WordPress 4.9.6 Update Helps Websites Prepare for GDPR

The open-source WordPress content management system project announced its 4.9.6 update on May 17, providing users with privacy enhancements designed to help sites be compliant with the European Union’s General Data Protection Regulation. GDPR is set to go into effect on May 25, requiring organizations to take steps to protect the privacy of end- user information. To be compliant with GDPR, organizations need to properly disclose how user data is stored and used. "It's important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located," WordPress developer Allen Snook wrote in a blog post.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Tux Machines is proud to be hosted by

Support Tux Machines

Help Support TM
Wall of Appreciation

Linux Gizmos

Linux Today

LinuxSecurity.com Advisories

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

Linux.com

DW Latest Releases

Phoronix

Content available under CC-BY-SA