Language Selection

English French German Italian Portuguese Spanish

Security

Security and DRM Leftovers

Filed under
Security

Proprietary Software Leftovers

Filed under
Security

Security and FUD Leftovers

Filed under
Security

Security:

FUD:

Proprietary Software and Security

Filed under
Security
  • Cybersecurity Threat Vectors For AI Autonomous Cars

    It might seem puzzling that there is any connection between those pesky possums and the topic of cybersecurity and self-driving cars. As will soon be apparent, the parade of possums that you could suggest “attacked” my house is somewhat analogous to those dastardly human hackers that try to break into computer systems. And when you give this matter some careful thought, it is apparent that a self-driving car is really a computer on wheels.

    Self-driving cars are chock-full of computers.

    Computers underpin the AI driving system. These are typically specialized processors especially souped-up to perform lots of computations, something sorely needed to autonomously drive a car. By and large, the computer processing onboard a self-driving car is awe-inspiring and rivals the kind of supercomputers that we used to call supercomputers back in the olden days (to clarify, today’s supercomputers are still many times faster than the computers put into a self-driving car, so my comparison is to the prior eras of supercomputers).

    But the computers for self-driving purposes are just one instance of computing that is found inside a modern car.

  • The real stakes of Apple’s battle over remote work

    And those are just the potential consequences in the short term. This fight will have bigger ramifications later on. That this battle is happening at Apple signals a major shift for the company. For the most part, until now, it’s managed to avoid the internal conflicts that have seized other tech companies like Google. Now Apple will need to reckon with internal employee activists who are learning to pressure their employer about issues beyond remote work, like pay parity and gender discrimination. Even when the question of remote work is eventually settled, its employees are now emboldened to push for other demands — and so Apple will likely continue to grapple with this challenge.

  • VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

    On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

    On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability.

  • Poorly patched flaw in Apple macOS Finder still exploitable • The Register

Security Leftovers

Filed under
Security
  • This Week in Security: Somebody’s Watching, Microsoft + Linux, DDoS

    Last week we talked about the simple-to-exploit vulnerability in the Open Management Infrastructure, commonly installed on Linux VMs hosted in the Azure cloud. Botnets are already scanning the internet for vulnerable machines, and installing malware. The primary payload seems to be a Mirai variant, which among other things closes the vulnerable ports upon infection. Even though your VM doesn’t currently expose OMI to the internet, it may already be compromised. According to Caddo Security, there still haven’t been any automatic updates pushed to fix vulnerable servers, so unless a VM was manually updated last week, it should probably be assumed to be compromised at this point if it has OMI installed. This has the potential to be quite a big problem.

  • Security updates for Friday

    Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen).

  • The Proliferation of Zero-days

5 current topics for research paper about Linux cybersecurity

Filed under
GNU
Linux
Security

Are you a student who is studying data security in college? Are you looking for ideas for your research paper about Linux cybersecurity? You’ve come to the right place. In this article, we will talk about five current topics for a research paper on Linux cybersecurity, as well as how to approach each of them. Being a student who wants to pursue academic success is not something unnatural.

However, along this journey, there could be many setbacks and obstacles to overcome. But these challenges will help you become better at this topic, especially because it is of high importance. As technology evolves even more, new software products, apps, websites appear.

And so, it is increasing the possibility of a hacker attack, identity theft, and many other cyberattacks that can happen online. So, discussing Linux security in your research paper is essential, and here are five current topics.

Read more

Proprietary Software amd Security Lefovers

Filed under
Security
  • Indictment, Lawsuits Revive Trump-Alfa Bank Story

    In October 2016, media outlets reported that data collected by some of the world’s most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia’s largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.

  • Apple Will Not Reinstate Epic’s Fortnite Developer Account, but Epic’s Other Developer Accounts Remain Active

    Sweeney posted a letter from Apple’s attorneys to Epic’s. It reads: [...]

  • FBI Sat On Ransomware Decryption Key For Weeks As Victims Lost Millions Of Dollars

    The vulnerability equities process meets the FBI's natural tendency to find and hoard illegal things until it's done using them. And no one walks away from it unscathed. Welcome to the cyberwar, collateral damage!

  • 65% of users still re-use passwords across accounts: Report

    New Delhi, While 92 per cent of people know that using the same password or a variation is a risk, 65 per cent still re-use passwords across accounts, drastically increasing the risks to their sensitive information, a report said.

    According to a report by LogMeIn, consumers have a solid understanding of proper password security and the actions necessary to minimise risk, but they still pick and choose re-used information.

Security Lertovers

Filed under
Security

Security Leftovers

Filed under
Security

Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials

Filed under
Microsoft
Security

A flaw in Microsoft's Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances.

The upshot is that your Exchange-connected email client may give away your username and password to a stranger, if the flaw is successfully exploited. In a report scheduled to be published on Wednesday, security firm Guardicore said it has identified a design blunder that leaks web requests to Autodiscover domains that are outside the user's domain but within the same top-level domain (TLD).

Exchange's Autodiscover protocol, specifically the version based on POX XML, provides a way for client applications to obtain the configuration data necessary to communicate with the Exchange server. It gets invoked, for example, when adding a new Exchange account to Outlook. After a user supplies a name, email address, and password, Outlook tries to use Autodiscover to set up the client.

Read more

Syndicate content

More in Tux Machines

today's howtos

  • How to use wall command in linux - Unixcop

    wall is (an abbreviation of write to all) is a Unix command-line utility that displays the contents of a computer file or standard input to all logged-in users. It is used by root to send out shutting down message to all users just before poweroff. It displays a message on the terminals of all logged-in users. The messages can_be either typed on the terminal or the contents of a file. Also usually, system administrators send messages to announce maintenance and ask users to log out and close all open programs.The messages ‘re shown to all logged in users with a terminal open.

  • Any Port in a Storm: Ports and Security, Part 1

    When IT and Security professionals talk about port numbers, we’re referring to the TCP and UDP port numbers a service is running on that are waiting to accept connections. But what exactly is a port?

  • Book Review: Data Science at the Command Line By Jeroen Janssens

    Data Science at the Command Line: Obtain, Scrub, Explore, and Model Data with Unix Power Tools written by Jeroen Janssens is the second edition of the series “Data Science at the Command Line”. This book demonstrates how the flexibility of the command line can help you become a more efficient and productive data scientist. You will learn how to combine small yet powerful command-line tools to quickly obtain, scrub, explore, and model your data. To get you started, author Jeroen Janssens provides a Docker image packed with over 80 tools–useful whether you work with Windows, macOS, or Linux.

  • How to Take a Typing Test on Linux With tt

    In the modern era of technology, typing has become one of the most common activities for a lot of professions. Learning to type faster with accuracy can help you get more things done in the same amount of time. However, touch typing is not a skill that you can master overnight. It takes regular practice and testing to improve your speed and accuracy gradually. While there are a lot of websites that help you achieve this, all you essentially need on Linux is a terminal. Let's see how.

  • FIX: Google Chrome doesn’t work on Kali linux
  • How to install OpenToonz on a Chromebook

    Today we are looking at how to install OpenToonz on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below. If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

Security and DRM Leftovers

Linux 5.15-rc3

So after a somewhat rocky merge window and second rc, things are now
actually looking pretty normal for rc3. Knock wood.

There are fixes all over, and the statistics look fairly regular, with
drivers dominating as they should (since they are most of the tree).
And outside of drivers, we have a fairly usual mix of changes -
architecture fixes, networking, filesystems, and tooling (the latter
being mostly kvm selftests).

Shortlog appended, it's not too long and easy to scan through to get a
flavor for the details if you happen to care.

Please do give it a whirl,

             Linus

Read more Also: Linux 5.15-rc3 Released - Looking "Pretty Normal" Plus Performance Fix - Phoronix

Huawei launches OS openEuler, aims to construct 'ecological base of national digital infrastructure'

Chinese tech giant Huawei launched openEuler operating system (OS) on Saturday, another self-developed OS after the HarmonyOS, as it tries to "solve the domestic stranglehold problem of lacking its homegrown OS in basic technology," and build a full-scenario covered ecosystem to prepare for more US bans. The openEuler OS can be widely deployed in various forms of equipment such as servers, cloud computing and edge computing. Its application scenarios cover Information Technology, Communication Technology and Operational Technology to achieve unifying an operating system with multi-device support, according to the company's introduction. In the ICT field, Huawei provides products and solutions such as servers, storage, cloud services, edge computing, base stations, routers, industrial control among others, all of which need to be equipped with an OS. Huawei has therefore been building capabilities to achieve a unified OS architecture, and meet the demands of different application scenarios, the firm said on Saturday. The openEuler program was initially announced back in 2019 as an open source operating system. Today's launch is an updated one. Read more