Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Most ATMs in India Are Easy Targets for Hackers & Malware Attacks

    Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.

    Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.

    While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.

  • 20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud

    A template for working collaboratively with the business in today's rapidly changing technology environment.

    Everywhere I go lately, the cloud seems to be on the agenda as a topic of conversation. Not surprisingly, along with all the focus, attention, and money the cloud is receiving, comes the hype and noise we’ve come to expect in just about every security market these days. Given this, along with how new the cloud is to most of us in the security world, how can security professionals make sense of the situation? I would argue that that depends largely on what type of situation we’re referring to, exactly. And therein lies the twist.

    Rather than approach this piece as “20 questions security professionals should ask cloud providers,” I’d like to take a slightly different angle. It’s a perspective I think will be more useful to security professionals grappling with issues and challenges introduced by the cloud on a daily basis. For a variety of reasons, organizations are moving both infrastructure and applications to the cloud at a rapid rate - far more rapidly than anyone would have forecast even two or three years ago.

  • Report: $3-5M in Ad Fraud Daily from ‘Methbot’

    New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

    Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

  • Linux Backdoor Gives Hackers Full Control Over Vulnerable Devices [Ed: Microsoft booster Bogdan Popa says "Linux Backdoor"; that's a lie. It’s Microsoft that has them.]

IPFire 2.19 - Core Update 108 released

Filed under
GNU
Linux
Security

Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 – Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy.

Read more

Security Leftovers

Filed under
Security

5 Open Source Network Security Tools SMBs Should Consider

Filed under
OSS
Security

You might think that because your business is small you aren't an attractive target for hackers.

But you would be wrong.

According to the National Cyber Security Alliance (NCSA), 82 percent of small business owners believe that they are not a target for cyberattacks, but 43 percent of last year's cyberattacks targeted SMBs. And a single attack can cost SMBs up to $99,000.

Cyberattacks of all kinds are on the rise with data breaches increasing 15 percent over the past year, NCSA says. And ransomware, attacks that freeze up organizations' systems until they pay a ransom, has become particularly prevalent; in just the first three months of 2016, U.S. ransomware victims paid out $209 million to attackers, compared to $25 million for all of 2015.

Read more

IRC News, Freenode Update

Filed under
OSS
Security
Web

Security News

Filed under
Security
  • OpenSSL After Heartbleed by Rich Salz & Tim Hudson, OpenSSL

    In this video from LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team take a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

  • OpenSSL after Heartbleed
  • Container Security: Your Questions Answered

    To help you better understand containers, container security, and the role they can play in your enterprise, The Linux Foundation recently produced a free webinar hosted by John Kinsella, Founder and CTO of Layered Insight. Kinsella covered several topics, including container orchestration, the security advantages and disadvantages of containers and microservices, and some common security concerns, such as image and host security, vulnerability management, and container isolation.

  • Google scales tiny mountain to hunt down crypto bugs

    Google's Project Wycheproof is a new effort by Google to improve the security of widely used cryptography code.

    Many of the algorithms used in cryptography for encryption, decryption, and authentication are complicated, especially when asymmetric, public key cryptography is being used. Over the years, these complexities have resulted in a wide range of bugs in real crypto libraries and the software that uses them.

  • Mysterious Rakos Botnet Rises in the Shadows by Targeting Linux Servers, IoT Devices

    Somebody is building a botnet by infecting Linux servers and Linux-based IoT devices with a new malware strain named Rakos.

Where Does Ubuntu Fit Into the Internet of Things?

Filed under
Security
Ubuntu

Ubuntu Linux started off as a desktop focused Linux distribution, but has expanded to multiple areas of the years. Ubuntu Linux is today a leading Linux server and cloud vendor and has aspirations to move into the embedded world, known today as the Internet of Things (IoT).

In a video interview, Mark Shuttleworth, founder of Ubuntu and Canonical Inc., details some of the progress his firm has made in 2016 in the IoT world.

Ubuntu has made past announcements about phone and TV efforts. While multiple Ubuntu phones exist, the standalone Ubuntu TV effort has evolved somewhat. Shuttleworth explained that Ubuntu Core, which is an optimized distribution of Ubuntu for embedded systems, is making some headway with TVs.

Read more

Security News

Filed under
Security
  • Security advisories for Tuesday
  • New Linux/Rakos threat: devices and servers under SSH scan (again) [Ed: No, it’s not a “Linux” problem that some people or developers use a crappy and predictable password]

    Apparently, frustrated users complain more often recently on various forums about their embedded devices being overloaded with computing and network tasks. What these particular posts have in common is the name of the process causing the problem. It is executed from a temporary directory and disguised as a part of the Java framework, namely “.javaxxx”. Additional names like “.swap” or “kworker” are also used. A few weeks ago, we discussed the recent Mirai incidents and Mirai-connected IoT security problems in The Hive Mind: When IoT devices go rogue and all that was written then still holds true.

  • Oi! Linux users! Want some really insecure closed-source software?

    Back in August Adobe reversed its decision to stop offering an NPAPI Flash plugin for Linux and promised that version 23 would come Penguinistas' way real soon now.

    At the time the decision was greeted with surprise, because Adobe had not thought to update Flash for Linux since 2012's version 11.2. But the company decided that Linux users deserved a security upgrade to the infamously hole-ridden product.

And More Security Leftovers

Filed under
Security

Google Releases Test Set to Check Cryptographic Library Security

Filed under
Google
Security

Google has released a set of tests that developers can use to check some open source cryptographic libraries for known security vulnerabilities.

The company has named the set of tests Project Wycheproof, after a mountain in Australia, which has the distinction of being the world's smallest registered mountain.

Read more

Also: Project Wycheproof

Syndicate content

More in Tux Machines

Latest Linux For All Release Is Based on Ubuntu 16.04.1 LTS and Linux 4.9.5

GNU/Linux developer Arne Exton is informing us about the availability of a new stable build of his Linux For All (LFA) open-source computer operating system, versioned 170121. Based on the Ubuntu 16.04.1 LTS (Xenial Xerus) and Debian GNU/Linux 8 "Jessie" operating systems, Linux For All (LFA) Build 170121 appears to be a total rebuilt of the GNU/Linux distribution, having nothing in common with any of the previous releases. It now uses the newest Linux 4.9.5 kernel and latest package versions. Read more

Arch Anywhere ISO Lets You Install a Fully Custom Arch Linux System in Minutes

Meet Arch Anywhere, a new open-source project created by developer Dylan Schacht to help Arch Linux newcomers install the powerful and modern Linux-based operating system on their personal computers, or a virtual machine. Read more

Ubuntu Developers Now Tracking Linux Kernel 4.10 for Ubuntu 17.04 (Zesty Zapus)

The Ubuntu devs are preparing to move to a new kernel version for the upcoming release of the popular Linux-based operating system, and they are announcing the initial availability of a kernel based on the last RC of Linux 4.10. Read more

Applications 16.12.1 and Frameworks 5.30.0 by KDE available in Chakra

The latest updates for KDE's Applications and Frameworks series are now available to all Chakra users, together with some other package upgrades. Applications 16.12.1 include more than 40 recorded bugfixes and improvements, including a data loss bug in iCal resource for kdepim-runtime. kdelibs got updated to 4.14.28. Frameworks 5.30.0 ship with the usual bugfixes and improvements, mostly found in breeze icons, kio and plasma-framework. Read more