Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Marcus Hutchins, Phishing, OpenVPN, DARPA, DINSIC

Filed under
Security
  • The latest Windows patch is breaking even more PCs with antivirus installed

    Earlier this week we reported that Microsoft halted updates to Windows PCs running Sophos and Avast’s security solutions, following user complaints that their machines were locking up or failing to boot. Since then, the list of known issues for the rogue update was itself updated to acknowledge compatibility issues with Avira and ArcaBit antivirus installed, with Microsoft temporarily blocking updates to those affected systems, too. Today, Ars Technica noticed that Microsoft is investigating compatibility issues for systems with McAfee antivirus installed, though it hasn’t started blocking the April 9 update from those PCs just yet.

  • ‘WannaCry Hero’ Marcus Hutchins Pleads Guilty to Making Banking Malware [iophk: "It looks like they squeezed malware tech with a “plea bargain”. So I would take reports of a guilty plea with a large grain of salt. They probably threatened him with 1000s of years in prison as an alternative. The plea “deal” is not mentioned in the summary, thus misleading the public about the situation."]

    Marcus Hutchins, a security researcher known for helping stop the destructive WannaCry ransomware, plead guilty to hacking crimes on Friday.

    Hutchins was accused of writing a banking malware called Kronos in 2014, after he finished high school. The researcher was arrested in Las Vegas after attending the hacker conference Def Con in 2017. Days later, he plead not guilty in a Milwaukee courtroom. He was scheduled to be tried this summer.

  • Google will begin to block sign-ins from embedded browser frameworks in June

    Phishing — schemes to nab personal data with disguised malicious webpages and emails — constituted more than 70% of all cyber attacks in 2016, according to a Verizon report. In an effort to combat them, Google last year announced it would require users to enable JavaScript during Google Account sign-in so that it could run attack-detecting risk assessments, and today, the company said it’ll begin to block all sign-ins from embedded browser frameworks like Chromium Embedded Framework starting in June.

  • A deeper look into OpenVPN: Security vulnerabilities

    OpenVPN is the backbone of online security. It is supported in many popular virtual private network (VPN) providers such as NordVPN and ExpressVPN, and continues to receive frequent updates well into its 17th year in operation.

    It’s an unwritten rule of information technology, however, that popular security protocols will attract the largest contingent of hackers. As OpenVPN is open source, it is therefore much easier for hackers to locate and exploit security vulnerabilities within the software design.

    Nevertheless, the value of the open-source model is that it promotes open collaboration, thus encouraging other programmers to suggest changes to the design. This way, security vulnerabilities can be communicated directly to the developers, who then have the option to patch the software and eliminate the vulnerability.

  • DARPA’s New/Old Plan for a Hack-Proof Voting Machine

    The Pentagon’s top research arm is working to build a hack-proof voting machine by combining something brand new with something old – specifically, secure open-source hardware and software using advanced cryptography on one end, and good old paper on the other.

    The Defense Advanced Research Projects Agency (DARPA) recently awarded the tech company Galois a $10 million contract for the project, which grew out of a broader agency project to remedy hardware vulnerabilities, the snappily named SSITH, for System Security Integrated Through Hardware and Firmware.

    Galois, which focuses on ensuring the trustworthiness of hardware and software, will design the system, which will start with a different approach used by established voting machine makers, who have come under criticism over the vulnerabilities in their systems, Motherboard reported. For one, it will use open-source software, rather than the proprietary systems used by companies such as Election Systems & Software. It also will use open-source hardware, built from designs developed under the SSITH program.

  • New Attacks (and Old Attacks Made New)

    This is shown again in Fortinet's latest Global Threat Landscape Report for the fourth quarter of 2018, where we reported that exploits that targeted individual organizations — often variations of existing malware or the misuse of FOSS (free/open source software) security tools — continue to grow at a rapid pace: 10% over the quarter, while the number of unique exploits they experienced increased by 5%. This suggests that, despite some reports suggesting that malicious actors follow the same work routines as their victims, cybercriminals didn't take much of a break over the holidays. And as you would expect, all of this malware — especially botnets — is becoming more complex and harder to detect.

  • Security flaw in French government messaging app exposed confidential conversations

    Tchap wasn’t built from scratch. The DINSIC, France’s government agency in charge of all things digital, forked an open-source project called Riot, which is based on an open-source protocol called Matrix.

    In a few words, Matrix is a messaging protocol that features end-to-end encryption. It competes with other protocols, such as the Signal Protocol that is widely used by consumer apps, such as WhatsApp, Signal, Messenger’s secret conversations and Google Allo’s incognito conversions — Messenger and Allo conversations aren’t end-to-end encrypted by default.

  • French Government's 'Secure' WhatsApp Replacement Hacked In Just 90 Minutes

    In order to better protect official conversations, the French government developed its own secure instant messaging alternative to WhatsApp.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.