Language Selection

English French German Italian Portuguese Spanish


Security: Cryptomining, Catalin Cimpanu's Latest Scaremongering, and Tegra Flaw Helps Linux

Filed under

Security: Fake Authentication 'Solution', Cryptojacking, and Meltdown's Linux Patches

Filed under

Apple Code Accidentally 'Liberated'

Filed under

Security: Apple Hardware, NSA Cracks/Leaks, and Hardware Patches for Linux

Filed under
  • Apple’s AirPods Catch Fire in Owner’s Ears, Eventually Explode

    If there’s something we learned in the last couple of years about smartphones, it’s that we should always keep an eye on them, especially when charging, as the current battery technologies that are being used could catch fire at any moment, eventually posing as a threat to our lives.

    And now it turns out we should do the same thing with headphones given this new wireless trend that Apple is aggressively pushing for, as the company’s new AirPods have recently been involved in a terrifying incident.

  • NSA code backported, crims cuffed, leaky AWS S3 buckets, and more

    Chris Vickery and the Upguard team have had a busy week, exposing not one but two cases where companies are storing material online in Amazon S3 buckets without proper safeguards.

    On Monday, he outed Octoly, a Paris-based brand marketing company that chucks freebie goodies at social media influencers in exchange for getting positive press coverage. Unfortunately, the agency left the contact details for 12,000 of these hipsters-for-hire online for all to see.

    (For the record, it should be pointed out that we at El Reg never provide positive coverage in exchange for freebies. We'll happy let a PR buy us a drink or six, or a slap-up steak meal, or a trip to Hawaii, but that's not reflected in our copy.)

  • ARM's Spectre & Meltdown Mitigation Being Backported To Linux 4.15

Security: SCADA, Police, Cisco and LibreOffice

Filed under
  • Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack

    At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows [...]

  • In a first, cryptocurrency miner found on SCADA network

    Windows malware that mines for cryptocurrencies has, for the first time, been found in the network of an industrial control system at an operational treatment plant for a water utility, Radiflow, a security provider for critical infrastructure, says.

  • Tech site seeks probe into London cops' malware purchase

    The tech website Motherboard has asked London's Metropolitan Police Service and an independent government organisation to institute a probe into why an MPS officer bought malware that can intercept messages on Facebook, steal passwords and operate a smartphone camera remotely.

  • Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase

    London police have refused to explain why an officer bought powerful spyware that was marketed for spying on a user's spouse.

  • That mega-vulnerability Cisco dropped is now under exploit

    When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

  • libreoffice-remote-arbitrary-file-disclosure

    LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Security: Linux on z, Updates, and Bounty

Filed under

Security: $45000 bounty, KDE Plasma, Spectre/Meltdown, and Apple

Filed under

Hands-On: Kali Linux 2018.1 on the Raspberry Pi Zero W

Filed under

The installation image is actually on the Offensive Security Kali Linux ARM Images page, so don't get confused if you go to the normal Kali Linux Downloads page and don't see it. There is a link to the ARM images near the bottom of that page.

As with most Raspberry Pi installation images, the download is a compressed (xz) snapshot, not an ISO image.

Read more

Zerodium offers $45000 for Linux zero-day vulnerabilities

Filed under

Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system.

On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer increased payouts of up to $45,000 for local privilege escalation (LPE) exploits.

The zero-day, unreported vulnerabilities, should work with default installations of Linux such as the popular Ubuntu, Debian, CentOS, Red Hat Enterprise Linux (RHEL), and Fedora builds.

Read more

Security: Data Breaches, Apple, and DRM Threats

Filed under
  • Data breach law: primary concern is information security, says expert

    The primary concern for businesses after the Australian data breach law takes effect on 22 February will be information security, as without that in place, it will not be possible to protect personal information, an expert in cyber security and law says.

  • Apple confirms source code for iBoot leaked to GitHub

    Apple has confirmed that the source code for iBoot from a version of iOS was posted on GitHub on Thursday, with the company forced to make the admission as it filed a DMCA takedown request to the hosting site.

  • Warning hackers quick to bypass anti-virus walls in latest attacks

    Anti-virus software doesn’t stop new threats or advanced malicious-email hackers use scam emails to deliver new ‘fast-break’ or ‘zero-day’ attacks, according to security firm MailGuard.

  • Thousands of students affected in online data leak

    According to Helsingin Sanomat the leak was due to an online security breach on the servers of the matriculation examination board's website. Approximately 7,695 students have fallen victim to the leak.

  • EFF vs IoT DRM, OMG!

    What with the $400 juicers and the NSFW smart fridges, the Internet of Things has arrived at that point in the hype cycle midway between "bottom line" and "punchline." Hype and jokes aside, the reality is that fully featured computers capable of running any program are getting cheaper and more powerful and smaller with no end in sight, and the gadgets in our lives are transforming from dumb hunks of electronics to computers in fancy cases that are variously labeled "car" or "pacemaker" or "Alexa."

    We don't know which designs and products will be successful in the market, but we're dead certain that banning people from talking about flaws in existing designs and trying to fix those flaws will make all the Internet of Things' problems worse.

Syndicate content

More in Tux Machines

Software: Corebird, RawTherapee, LVFS and More

Red Hat and Fedora: Red Hat Enterprise Linux 8 Alpha, Results Imminent, Fedora Atomic Workstation and More

Ubuntu and Mint Leftovers

  • Ubuntu 18.04's Automatic Suspend Shows Linux Suspend Can Still Be An Issue In 2018
    One of the subtle changes that seemed to have been made during the Ubuntu 18.04 development cycle is automatic suspend now being enabled by default on desktop systems. Automatic suspend is flipped on with Ubuntu 18.04 desktop after a twenty minute delay of being idle, at least on several systems I've been running the daily Bionic Beaver with this month.
  • Bid “bonjour” to our Bionic Beaver!
    Along with a sneak preview of our official Bionic mascot, it’s a short update this week as we’re all heads-down in bug fixing mode. There are a couple of links to check out if you’re interested in what sort of data we want to collect about hardware and setup, with links to the source.
  • MintBox Mini 2
    Based on the Compulab Fitlet2, the new Mini is just as small as the original MintBox Mini and the MintBox Mini Pro but with much better specifications, better performance and a few more features.

Android Leftovers

  • Android tips and tricks: 10 great ways to boost your phone experience
  • About the privacy of the unlocking procedure for Xiaomi’s Mi 5s plus
    First, you got to register on Xiaomi’s website, and request for the permission to unlock the device. That’s already bad enough: why should I ask for the permission to use the device I own as I am pleased to? Anyway, I did that. The procedure includes receiving an SMS. Again, more bad: why should I give-up such a privacy thing as my phone number? Anyway, I did it, and received the code to activate my website account. Then I started the unlock program in a virtualbox Windows XP VM (yeah right… I wasn’t expecting something better anyway…), and then, the program tells me that I need to add my Xiaomi’s account in the phone. Of course, it then sends a web request to Xiaomi’s server. I’m already not happy with all of this, but that’s not it. After all of these privacy breaches, the unlock APP tells me that I need to wait 72 hours to get my phone to account association to be activated. Since I wont be available in the middle of the week, for me, that means waiting until next week-end to do that. Silly…
  • You Can Now Try Android Games Without Downloading Them
    Tired of downloading games only to realize they suck? Google Play Instant might mean never doing that again.
  • Plex for Android Will Soon Let You Cast Your Own Videos to Chromecast