Language Selection

English French German Italian Portuguese Spanish

Security

Linux module aims at security, but will it make the cut?

Filed under
Linux
Security

The Linux Kernel Runtime Guard has been devised by the Openwall project.

LKRG checks at runtime to find out if any exploits for security flaws are in a system; if so, it attempts to block such attacks.

It can also detect any privilege escalation in processes that are running and kill the guilty process before it can execute any code.

Read more

Security: Security Is Not an Absolute, Layered Insight, Windows Back Doors, and AutoSploit

Filed under
Security
  • Security Is Not an Absolute

    If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

  • Layered Insight Takes Aim at Container Security

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5.

    Layered Insight got started in January 2015 and has been quietly building its technology and a business ever since. The company has not announced any funding yet, though Layered Insight does already have product in-market as it aims to help organizations gain better visibility and control of container environments.

  • Leaked NSA hacking tools can target all Windows versions from the past two decades

    REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

    Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

    Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

  • AutoSploit: Mass Exploitation Just Got a Lot Easier

    In the meantime, others in the open source community have stepped up to prevent some of the worst potential damage from AutoSploit. Security expert Jerry Gamblin posted to GitHub his own bit of code that he says will block Shodan from being able to scan your systems. However, it is questionable as to whether this response will be widely used, considering the generally poor performance of the software industry for implementing critical patches when they are announced from the project managers themselves.

Security: Updates and Flash/Windows Problems

Filed under
Security
  • Security updates for Tuesday
  • Attackers Exploiting Unpatched Flaw in Flash

    Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

    Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.

  • Scarabey: This ransomware threatens to slowly delete your files every 24 hours until you pay up [iophk: "Microsoft Windows TCO"]

    A new variant of the malicious Scarab ransomware has been uncovered in the wild that uses a different distribution method and threat to scare victims into paying up. While the original Scarab ransomware was distributed by a massive spam campaign hosted by the Necurs botnet, the new variant dubbed "Scarabey" targets Remote Desktop Protocol connections and is manually dropped on servers and systems.

  • [Old] Forgotten Conficker worm resurfaces to infect systems with WannaCry

    Simon Edwards, European cyber security architect at Trend Micro, told SC that one of the Shadow Broker releases included a ‘new' version of Conficker (Eclipsed Wing) which would connect it to the exploit used for WannaCry.

    [...]

    “However, Trend has seen samples of this onsite in the NHS; the samples use Domain Generation Algorithms to communicate to C&C servers so generate quite a lot of network traffic. Once again patching is critical, but once again (in the case of the NHS specifically) this might not be possible for systems running critical medical equipment.”

Security: Updates, Meltdown/Spectre and Microsoft/NSA Back Doors

Filed under
Security
  • Security updates for Monday
  • Meltdown/Spectre Status for Red Hat and Oracle
  • NetBSD Has SVS To Mitigate Meltdown, Still Working On Spectre

    The NetBSD project has issued an update concerning recent security efforts for this popular BSD operating system.

    NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.

  • Talking to normal people about security
  • 3 leaked NSA exploits work on all Windows versions since Windows 2000

    Oh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts.

    Before this, EternalSynergy, EternalRomance, and EternalChampion had partially been used in the NotPetya cyber attack. However, they had not been used by malicious actors nearly as much as EternalBlue because they didn’t work on recent Windows versions. That has now changed thanks to RiskSense security researcher Sean Dillon, aka @zerosum0x0, who ported the Microsoft Server Message Block (SMB) exploits to work on Windows versions released over the past 18 years.

  • NSA exploits leaked by hackers tweaked to work on all versions of Windows since 2000

    A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

    The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

  • Every NHS trust tested for cybersecurity has failed, officials admit

Latest on Meltdown/Spectre in Linux

Filed under
Linux
Hardware
Security

Security: Windows/NSA Back Doors and 'Joys' of Cryptocurrency Malware

Filed under
Microsoft
Security

Security: Linux Kernel Runtime Guard (LKRG), Windows Malware, and Black Duck's Latest FUD

Filed under
Security
  • OpenWall unveils kernel protection project

    The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

    In the company's explanation, the Linux Kernel Runtime Guard (LKRG) is described as a module that “attempts to post-detect and hopefully promptly respond to unauthorised modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection).”

    Developed by Adam Zabrocki (@adam_pi3) and now championed by OpenWall, the first cut of the code landed last week.

  • Complex PZChao Windows malware has more than one string to its bow

    Security firm Bitdefender says it has been monitoring a complex custom-built piece of Windows malware, that it has named PZChao because of the name of the domain at which its command and control server resides.

  • Monero Cryptocurrency Miner Leverages NSA Exploit

    In a growing development, attackers have leveraged an exploit found in almost all generations of Microsoft Windows. EternalBlue is a security vulnerability that allowed WannaCry to run rampant in over 150 different countries and took down parts of the National Health Service (NHS), as well as Petya/NonPetya (a strain of ransomware that inspired NATO to assemble an entire cyber operation to combat it).

  • Monero mining botnet uses NSA exploit to infect Windows servers

    Microsoft Windows servers around the globe are playing host to a mining botnet known as Smominru Monero, which may have made as much as US$3.6 million for its operators based on the current value of the Monero cryptocurrency.

  • Health tech and open source– what should manufacturers do to keep medical devices safe? [Ed: Black Duck spreads FUD, as usual. Pretends to be doing journalism, but here it just promotes its proprietary things.]

SUSE releases live patching for big iron, real-time OS update

Filed under
Security
SUSE

Germany-based Linux vendor SUSE Linux has launched live patching for its enterprise Linux distribution that runs on IBM Power Systems and also a service pack for its real-tine enterprise distribution that will enable systems running it to handle both real-time and non-real-time workloads on a single virtual machine.

Read more

Security: The Internet of Connected Sex Toys, Gas Stations, Hospitals With Windows and More

Filed under
Security
  • The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

    The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk.

    The sex tech industry has been a top-to-bottom series of farces and catastrophes. [...]

  • These app-controlled sex toys can be 'remotely taken over by hackers'

    In an advisory published Thursday (1 January), researchers said bugs in a customer database meant that attackers could have easily accessed user details, including "names, cleartext passwords and explicit image galleries" being stored by the company.

  • Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

    Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

    But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

    The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store's network. An attacker could also simply alter fuel prices and steal petrol.

  • Healthcare IT Systems: Tempting Targets for Ransomware

    Well, there’s no use in waiting, I suppose. Two Thursdays ago, Chicago-based electronic health records provider Allscripts Healthcare Solutions suffered a ransomware attack that paralyzed some of its services. This past Friday, the company announced it had completely recovered from the cyberattack. But not before a class action lawsuit [pdf] was filed against it by an orthopedic non-surgery practice for failing to secure its systems and data from a well-known cybersecurity threat, i.e., a strain of SamSam.

    The ransomware attack impaired Allscripts’ data centers in Raleigh and Charlotte, North Carolina, affecting a number of applications, such as its Professional EHR and Electronic Prescriptions for Controlled Substances (EPCS) hosted services, which were mostly restored within five days, according to the company. Other services, like clinical decision support, analytics, data extraction, and regulatory reporting, took the longest to make operational again.

  • Pwn2Own 2018 Expands Targets and Raises Prize Pool to $2M

    The annual Pwn2own hacking competition run by Trend Micro's Zero Day Initiative (ZDI) is set to return for 2018, along with a longer list of targets and more money for security researchers, than ever before.

    Pwn2own is a security researcher contest that typically has two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies. The first event of 2018 is set for March 14-16 and will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category.

  • Disable Flash Player!! Critical Vulnerability Gives Away Your System Controls

Proprietary Security: Abobe, Windows, and Patching Buggy Chips

Filed under
Security
  • An Adobe Flash 0day is being actively exploited in the wild

    The critical, use-after-free vulnerability, which is indexed as CVE-2018-4877, resides in the latest version of the widely installed Flash, researchers from Cisco Systems' Talos group said in a blog post. Adobe said separately that versions earlier than current Flash 28.0.0.137 are also susceptible. The vulnerability came to light on Wednesday when South Korea's CERT issued an advisory warning that attack code was circulating in the wild that exploited the zeroday flaw.

    Talos said the exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. Once the SWF object is triggered, it installs ROKRAT, a remote administration tool Talos has been tracking since January 2017. Until now, the group behind ROKRAT—which Talos calls Group 123—has relied on social engineering or exploits of older, previously known vulnerabilities that targets hadn't yet patched. This is the first time the group has used a zeroday exploit.

  • Cryptocurrency botnets are rendering some companies unable to operate

    Like Zealot, Smominru uses other exploit techniques to infect targeted computers, but it can fall back on the NSA-developed EternalBlue in certain cases, presumably for spreading from machine to machine inside infected networks or when other infection techniques fail on a machine that hasn't been patched. Smominru also makes use of the Windows Management Interface. Proofpoint said that the botnet is also likely exacting a punishing performance impact on the business networks it infects by slowing down servers and driving up electricity costs.

  • 6 important security takeaways from applying Spectre and Meltdown patches

    A flurry of patching commenced across all industries once these vulnerabilities came to light due to the severity involved. Here are seven important lessons I took away from the process:]...

Syndicate content

More in Tux Machines

Amazon Linux 2 - Who nicked my cheese?

So far, it's a relatively benign, easy introduction to a new operating system that blends the familiar and new in a timid package. Perhaps that's the goal, because a radical offering would right away scare everyone. Amazon Linux 2 is an appealing concept, as it gives users what Red Hat never quite did (yet) - A Fedora-like bleeding-edge tech with the stability and long-term support of the mainstay enterprise offering. But then, it also pulls a Debian/Ubuntu stunt by breaking ABI, so it will be cubicle to those who enjoying living la vida loco (in their cubicle or open-space prison). Having lived and breathed the large-scale HPC world for many years, I am quite piqued to see how this will evolve. Performance, stability and ease of use will be my primary concerns. Then, is it possible to hook up a remote virtual machine into the EC2 hive? That's another experiment, and I'd like to see if scaling and deployment works well over distributed networks. Either way, even if nothing comes out of it, Amazon Linux 2 is a nice start to a possibly great adventure. Or yet another offspring in the fragmented family we call Linux. Time will tell. Off you go. Cloud away. Read more

Updates From OpenIndiana and LibreOffice (Projects That Oracle Discarded)

  • Migration to GCC 6.4 as userland compiler
    Modulo some minor details, the transition of our userland to GCC 6 is complete.
  • OpenIndiana Has Upgraded To The GCC 6 Compiler
    The OpenSolaris/Illumos-based OpenIndiana operating system has finally moved past GCC 4.9 as its base user-land compiler and is now using GCC 6.4. This comes while GCC 8.1 should be officially released in the next few weeks and they are already targeting GCC 7.3.0 as their next illumos-gate compiler.
  • LibreOffice 6.0 Open-Source Office Suite Passes 1 Million Downloads Mark
    The Document Foundation announced recently that its LibreOffice 6.0 open-source and cross-platform office suite reached almost 1 million downloads since its release last month on January 31, 2018. That's terrific news for the Open Source and Free Software community and a major milestone for the acclaimed LibreOffice office suite, which tries to be a free alternative to proprietary solutions like Microsoft Office. The 1 million downloads mark was reached just two weeks after the release of LibreOffice 6.0, which is the biggest update ever of the open-source office suite adding numerous new features and enhancements over previous versions.

FreeBSD Finally Gets Mitigated For Spectre & Meltdown (and Hugs)

  • FreeBSD Finally Gets Mitigated For Spectre & Meltdown
    Landing in FreeBSD today was the mitigation work for the Meltdown and Spectre CPU vulnerabilities. It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place. There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.
  • FreeBSD outlaws virtual hugs
  • AsiaBSDCon 2018 Conference Programme

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more