Language Selection

English French German Italian Portuguese Spanish

Security

What Is Kali Linux, and Do You Need It?

Filed under
GNU
Linux
Security

If you’ve heard a 13-year-old would-be hacker talking about how 1337 they are, chances are, Kali Linux came up. Despite it’s script kiddie reputation, Kali is actually a real tool (or set of tools) for security professionals.

Kali is a Linux distribution based on Debian. Its goal is simple; include as many penetration and security audit tools as possible in one convenient package. Kali delivers, too. Many of the best open-source tools for conducting security tests are collected and ready to use.

Read more

Security: Meltdown and Spectre, Apple Code Leak, ​WordPress's Broken Automatic Update

Filed under
Security

Security: BT, Uber, Android

Filed under
Security

Security: Updates, Cryptocurrencies and More

Filed under
Security
  • Security updates for Wednesday
  • 6 Easy Ways To Block Cryptocurrency Mining In Your Web Browser

    Cryptocurrencies are digital or virtual currencies that make use of encryption for security. As they are anonymous and decentralized in nature, one can use them for making payments that can’t be tracked by governments.

  • The effect of Meltdown and Spectre in our communities

    A late-breaking development in the computing world led to a somewhat hastily arranged panel discussion at this year's linux.conf.au in Sydney. The embargo for the Meltdown and Spectre vulnerabilities broke on January 4; three weeks later, Jonathan Corbet convened representatives from five separate parts of our community, from cloud to kernel to the BSDs and beyond. As Corbet noted in the opening, the panel itself was organized much like the response to the vulnerabilities themselves, which is why it didn't even make it onto the conference schedule until a few hours earlier.
    Introductions

Security Catastrophe at Octoly

Filed under
Security
  • Bad Influence: How A Marketing Startup Exposed Thousands of Social Media Stars
  • More Than 12,000 Influencers, Brands Targeted in Latest Data Breach

    It happened to Target, Forever 21, Neiman Marcus, TJX Companies, and Yahoo. Their systems were infiltrated by hackers and the data that they had stored, including consumers’ names, addresses, payment information, and in some cases, social security numbers, were stolen. Now, influencers and high-end beauty and fashion brands, are the target, as Octoly, a Paris-based influencer agency, has confirmed that it has experienced a data breach, putting more than 12,000 prominent social media influencers from YouTube, Instagram, and Twitter at risk.

  • 12,000 Influencers Had Their Data Leaked by Marketing Firm Octoly

    Unfortunately, that is just what happened last month to around 12,000 social media stars who work with Paris-based influencer marketplace Octoly. According to cyber risk company UpGuard, carelessness on the part of Octoly led to influencers' personal information — like street addresses, phone numbers, birth dates, email addresses and more — becoming accessible in a public database.

Security: Windows, WiFi Routers, Privacy and More

Filed under
Security
  • The worst types of ransomware attacks [Ed: Windows]
  • All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

    A security researcher has revealed how sophisticated NSA exploits, which were stolen and published online by hacker group Shadow Brokers, can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10.

    Back in 2016, the hacker group named Shadow Brokers stole weaponised cyber-tools from the US National Security Agency and published them online, thereby enabling other cyber- criminals to use the tools to attack targeted organisations and to gain access to systems.

  • Leaked NSA Exploits Modified To Attack Every Windows Version Since 2000

    Probably, the most famous of the NSA tools leaked by the hacker group Shadow Brokers was EnternalBlue which gave birth to dangerous malware like WannaCry, Petya, and more recently, the cryptojacking malware WannaMine.

    Now, Sean Dillion, a security researcher at RiskSense, has modified the source code of three other leaked NSA tools called EnternalRomance, EternalChampion, and EnternalSynergy. In the past, he also ported the EternalBlue exploit to work on Windows 10.

  • WiFi Routers Riddled With Holes: Report [Ed: default passwords]

    Insignary, a startup security firm based in South Korea, conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers. The company conducted scans across a spectrum of the firmware used by the most popular home, small and mid-sized business and enterprise-class WiFi routers.

  • As data protection laws strengthen open-source software governance becomes critical [Ed: Nothing to do with FOSS. Proprietary software has more holes and some cannot/will not be patched.]

    The cadence of delivery isn’t hampered by new layers of governance (as using automated security audits allows for real-time testing as new code is developed). And with accurate audit trails, organisations can prove the extent to which they have gone, to ensure secure code that culminates in safe and compliant applications.

  • Episode 81 - Autosploit, bug bounties, and the future of security

Linux module aims at security, but will it make the cut?

Filed under
Linux
Security

The Linux Kernel Runtime Guard has been devised by the Openwall project.

LKRG checks at runtime to find out if any exploits for security flaws are in a system; if so, it attempts to block such attacks.

It can also detect any privilege escalation in processes that are running and kill the guilty process before it can execute any code.

Read more

Security: Security Is Not an Absolute, Layered Insight, Windows Back Doors, and AutoSploit

Filed under
Security
  • Security Is Not an Absolute

    If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

  • Layered Insight Takes Aim at Container Security

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5.

    Layered Insight got started in January 2015 and has been quietly building its technology and a business ever since. The company has not announced any funding yet, though Layered Insight does already have product in-market as it aims to help organizations gain better visibility and control of container environments.

  • Leaked NSA hacking tools can target all Windows versions from the past two decades

    REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

    Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

    Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

  • AutoSploit: Mass Exploitation Just Got a Lot Easier

    In the meantime, others in the open source community have stepped up to prevent some of the worst potential damage from AutoSploit. Security expert Jerry Gamblin posted to GitHub his own bit of code that he says will block Shodan from being able to scan your systems. However, it is questionable as to whether this response will be widely used, considering the generally poor performance of the software industry for implementing critical patches when they are announced from the project managers themselves.

Security: Updates and Flash/Windows Problems

Filed under
Security
  • Security updates for Tuesday
  • Attackers Exploiting Unpatched Flaw in Flash

    Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

    Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.

  • Scarabey: This ransomware threatens to slowly delete your files every 24 hours until you pay up [iophk: "Microsoft Windows TCO"]

    A new variant of the malicious Scarab ransomware has been uncovered in the wild that uses a different distribution method and threat to scare victims into paying up. While the original Scarab ransomware was distributed by a massive spam campaign hosted by the Necurs botnet, the new variant dubbed "Scarabey" targets Remote Desktop Protocol connections and is manually dropped on servers and systems.

  • [Old] Forgotten Conficker worm resurfaces to infect systems with WannaCry

    Simon Edwards, European cyber security architect at Trend Micro, told SC that one of the Shadow Broker releases included a ‘new' version of Conficker (Eclipsed Wing) which would connect it to the exploit used for WannaCry.

    [...]

    “However, Trend has seen samples of this onsite in the NHS; the samples use Domain Generation Algorithms to communicate to C&C servers so generate quite a lot of network traffic. Once again patching is critical, but once again (in the case of the NHS specifically) this might not be possible for systems running critical medical equipment.”

Security: Updates, Meltdown/Spectre and Microsoft/NSA Back Doors

Filed under
Security
  • Security updates for Monday
  • Meltdown/Spectre Status for Red Hat and Oracle
  • NetBSD Has SVS To Mitigate Meltdown, Still Working On Spectre

    The NetBSD project has issued an update concerning recent security efforts for this popular BSD operating system.

    NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.

  • Talking to normal people about security
  • 3 leaked NSA exploits work on all Windows versions since Windows 2000

    Oh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts.

    Before this, EternalSynergy, EternalRomance, and EternalChampion had partially been used in the NotPetya cyber attack. However, they had not been used by malicious actors nearly as much as EternalBlue because they didn’t work on recent Windows versions. That has now changed thanks to RiskSense security researcher Sean Dillon, aka @zerosum0x0, who ported the Microsoft Server Message Block (SMB) exploits to work on Windows versions released over the past 18 years.

  • NSA exploits leaked by hackers tweaked to work on all versions of Windows since 2000

    A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

    The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

  • Every NHS trust tested for cybersecurity has failed, officials admit
Syndicate content

More in Tux Machines

Android Leftovers

GNOME Shell vs. KDE Plasma Graphics Tests On Wayland vs. X.Org Server

A premium member this week had requested some benchmarks of openSUSE Tumbleweed when looking at the performance of KDE Plasma vs. GNOME Shell in some open-source graphics/gaming tests while also looking at the Wayland vs. X.Org Server performance. With KDE Plasma 5.12 that openSUSE Tumbleweed has picked up, there is much better Wayland session support compared to previous releases. While KDE developers aren't yet ready to declare their Wayland session the default, in my experience so far it's been working out very well but still routinely will find application crashes in Kate and the like when testing under the KWin's Wayland compositor. Read more

Stable kernels 4.15.6, 4.14.22, 4.9.84, 4.4.118 and 3.18.96

Android Leftovers