Security: Windows/NSA Back Doors and Exploits (EternalBlue), Rust Flaw, Roughtime, DDOS Hype and "The Lucy Gang"
-
Leaked NSA Exploits Shifting From Ransomware To Cryptocurrency Mining
This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone.
EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs.
[...]
There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.
-
The Rust Programming Language Blog: Security advisory for the standard library
The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected.
We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.
-
Cloudflare Secures Time With Roughtime Protocol Service
If time is money, then how important is it to secure the integrity of time itself? Time across many computing devices is often synchronized via the Network Time Protocol (NTP), which isn't a secure approach, but there is another option.
On Sept. 21, Cloudflare announced that it is deploying a new authenticated time service called Roughtime, in an effort to secure certain timekeeping efforts. The publicly available service is based on an open-source project of the same name that was started by Google.
"NTP is the dominant protocol used for time synchronisation and, although recent versions provide for the possibility of authentication, in practice that‘s not used," Google's project page for Roughtime states. " Most computers will trust an unauthenticated NTP reply to set the system clock meaning that a MITM [man-in-the-middle] attacker can control a victim’s clock and, probably, violate the security properties of some of the protocols listed above."
-
DDoS Vulnerability Can Disrupt The Whole Bitcoin Infrastructure [Ed: Latest FUD about Bitcoin. A DDOS attack can disrupt anything at sufficient capacity levels, including Wall Street and ANY financial market.]
-
Crippling DDoS vulnerability put the entire Bitcoin market at risk
-
This Russian botnet mimics your click to prevent Android device factory resets
According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as "The Lucy Gang," and demos have already been provided to potential subscribers to the system looking for Malware-as-a-Service (MaaS) solutions.
Botnets are a thorn in the side for cybersecurity firms, hosting providers, and everyday businesses alike. The systems are made up of enslaved devices including mobile devices, Internet of Things (IoT) gadgets, and PCs.
- Login or register to post comments
- Printer-friendly version
- 7378 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Internet security
DigiCert, Gemalto, ISARA Partner on Quantum-Safe Encryption
ICANN sets plan to reinforce internet DNS security
Microsoft's Jet crash: Zero-day flaw drops after deadline passes
Microsoft's Jet crash: Zero-day flaw drops after deadline passes