Language Selection

English French German Italian Portuguese Spanish

Security

BlackArch Linux

Filed under
GNU
Linux
Security
  • BlackArch Linux now has over 1,600 hacking tools

    To extensively support ethical hackers and white-hat cybersecurity experts, BlackArch Linux has released a new update with over 1,600 hacking tools. The latest version also comes with newer Linux kernel and includes enormous improvements and performance fixes.

    Emerged as BlackArch 2016.12.20, the update brings more than 100 new tools to support security professionals. These new tools have expanded the previous list to a total of 1,605 tools. Additionally, the distribution comes with Linux kernel 4.8.13 to deliver an improved and more stable experience than its previous release.

  • BlackArch Linux 2016.12.20 Ethical Hacking Distro Released With 100+ New Tools

Security News

Filed under
Security
  • Thursday's security updates
  • Lithuania said found Russian spyware on its government computers

    The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years.

    The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.

    "The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA," Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said.

  • Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

    Swapnil Bhartiya gets it wrong.

    Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

    The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

Security Leftovers

Filed under
Security
  • Most ATMs in India Are Easy Targets for Hackers & Malware Attacks

    Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.

    Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.

    While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.

  • 20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud

    A template for working collaboratively with the business in today's rapidly changing technology environment.

    Everywhere I go lately, the cloud seems to be on the agenda as a topic of conversation. Not surprisingly, along with all the focus, attention, and money the cloud is receiving, comes the hype and noise we’ve come to expect in just about every security market these days. Given this, along with how new the cloud is to most of us in the security world, how can security professionals make sense of the situation? I would argue that that depends largely on what type of situation we’re referring to, exactly. And therein lies the twist.

    Rather than approach this piece as “20 questions security professionals should ask cloud providers,” I’d like to take a slightly different angle. It’s a perspective I think will be more useful to security professionals grappling with issues and challenges introduced by the cloud on a daily basis. For a variety of reasons, organizations are moving both infrastructure and applications to the cloud at a rapid rate - far more rapidly than anyone would have forecast even two or three years ago.

  • Report: $3-5M in Ad Fraud Daily from ‘Methbot’

    New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

    Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

  • Linux Backdoor Gives Hackers Full Control Over Vulnerable Devices [Ed: Microsoft booster Bogdan Popa says "Linux Backdoor"; that's a lie. It’s Microsoft that has them.]

IPFire 2.19 - Core Update 108 released

Filed under
GNU
Linux
Security

Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 – Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy.

Read more

Security Leftovers

Filed under
Security

5 Open Source Network Security Tools SMBs Should Consider

Filed under
OSS
Security

You might think that because your business is small you aren't an attractive target for hackers.

But you would be wrong.

According to the National Cyber Security Alliance (NCSA), 82 percent of small business owners believe that they are not a target for cyberattacks, but 43 percent of last year's cyberattacks targeted SMBs. And a single attack can cost SMBs up to $99,000.

Cyberattacks of all kinds are on the rise with data breaches increasing 15 percent over the past year, NCSA says. And ransomware, attacks that freeze up organizations' systems until they pay a ransom, has become particularly prevalent; in just the first three months of 2016, U.S. ransomware victims paid out $209 million to attackers, compared to $25 million for all of 2015.

Read more

IRC News, Freenode Update

Filed under
OSS
Security
Web

Security News

Filed under
Security
  • OpenSSL After Heartbleed by Rich Salz & Tim Hudson, OpenSSL

    In this video from LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team take a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

  • OpenSSL after Heartbleed
  • Container Security: Your Questions Answered

    To help you better understand containers, container security, and the role they can play in your enterprise, The Linux Foundation recently produced a free webinar hosted by John Kinsella, Founder and CTO of Layered Insight. Kinsella covered several topics, including container orchestration, the security advantages and disadvantages of containers and microservices, and some common security concerns, such as image and host security, vulnerability management, and container isolation.

  • Google scales tiny mountain to hunt down crypto bugs

    Google's Project Wycheproof is a new effort by Google to improve the security of widely used cryptography code.

    Many of the algorithms used in cryptography for encryption, decryption, and authentication are complicated, especially when asymmetric, public key cryptography is being used. Over the years, these complexities have resulted in a wide range of bugs in real crypto libraries and the software that uses them.

  • Mysterious Rakos Botnet Rises in the Shadows by Targeting Linux Servers, IoT Devices

    Somebody is building a botnet by infecting Linux servers and Linux-based IoT devices with a new malware strain named Rakos.

Where Does Ubuntu Fit Into the Internet of Things?

Filed under
Security
Ubuntu

Ubuntu Linux started off as a desktop focused Linux distribution, but has expanded to multiple areas of the years. Ubuntu Linux is today a leading Linux server and cloud vendor and has aspirations to move into the embedded world, known today as the Internet of Things (IoT).

In a video interview, Mark Shuttleworth, founder of Ubuntu and Canonical Inc., details some of the progress his firm has made in 2016 in the IoT world.

Ubuntu has made past announcements about phone and TV efforts. While multiple Ubuntu phones exist, the standalone Ubuntu TV effort has evolved somewhat. Shuttleworth explained that Ubuntu Core, which is an optimized distribution of Ubuntu for embedded systems, is making some headway with TVs.

Read more

Security News

Filed under
Security
  • Security advisories for Tuesday
  • New Linux/Rakos threat: devices and servers under SSH scan (again) [Ed: No, it’s not a “Linux” problem that some people or developers use a crappy and predictable password]

    Apparently, frustrated users complain more often recently on various forums about their embedded devices being overloaded with computing and network tasks. What these particular posts have in common is the name of the process causing the problem. It is executed from a temporary directory and disguised as a part of the Java framework, namely “.javaxxx”. Additional names like “.swap” or “kworker” are also used. A few weeks ago, we discussed the recent Mirai incidents and Mirai-connected IoT security problems in The Hive Mind: When IoT devices go rogue and all that was written then still holds true.

  • Oi! Linux users! Want some really insecure closed-source software?

    Back in August Adobe reversed its decision to stop offering an NPAPI Flash plugin for Linux and promised that version 23 would come Penguinistas' way real soon now.

    At the time the decision was greeted with surprise, because Adobe had not thought to update Flash for Linux since 2012's version 11.2. But the company decided that Linux users deserved a security upgrade to the infamously hole-ridden product.

Syndicate content

More in Tux Machines

Voyager 9 Linux Distro Enters Development, Now Based on Debian 9 "Stretch"

The developers of the Voyager Linux OS announced the availability of the first Beta build of the upcoming Voyager 9 release, which will be based on the soon-to-be-announced Debian GNU/Linux 9 "Stretch" operating system. Read more

Black Lab Linux Gets First Weekly ISOs, Adds Linux Kernel 4.8 from Ubuntu 16.10

Earlier this week, we told you that Black Lab Software, the developers of the Ubuntu-based Black Lab Linux distribution, published the roadmap of the next Black Lab Linux releases. Read more

Games for GNU/Linux

Linux 4.9.13

I'm announcing the release of the 4.9.13 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.52 Linux 4.10.1