Language Selection

English French German Italian Portuguese Spanish


Security News

Filed under
  • OpenSSL 1.1.0 Series Release Notes
  • Linux.PNScan Malware Brute-Forces Linux-Based Routers
  • St. Jude stock shorted on heart device hacking fears; shares drop

    The stock of pacemaker manufacturer St. Jude Medical Inc (STJ.N) fell sharply on Thursday after short-selling firm Muddy Waters said it had placed a bet that the shares would fall, claiming its implanted heart devices were vulnerable to cyber attacks.

    St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories (ABT.N), said the allegations were false. St Jude shares closed down 4.96 percent, the biggest one-day fall in 7 months and at a 7.4 percent discount to Abbott's takeover offer.

    Muddy Waters head Carson Block said the firm's position was motivated by research from a cyber security firm, MedSec Holdings Inc, which has a financial arrangement with Muddy Waters. MedSec asserted that St. Jude's heart devices were vulnerable to cyber attack and were a risk to patients.

  • BlackArch Linux ISO now comes with over 1,500 hacking tools

    On a move to counter distros like Kali Linux and BackBox, BlackArch has got a new ISO image that includes more than 1,500 hacking tools. The update also brings several security and software tweaks to deliver an enhanced platform for various penetration testing and security assessment activities.

    The new BlackArch Linux ISO includes an all new Linux installer and more than 100 new penetration testing and hacking tools. There is also Linux 4.7.1 to fix the bugs and compatibility issues of the previous kernel. Additionally, the BlackArch team has updated all its in-house tools and system packages as well as updated menu entries for the Openbox, Fluxbox and Awesome windows managers.

Security News

Filed under
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Security News

Filed under
  • Thursday's security updates
  • Priorities in security
  • How Core Infrastructure Initiative Aims to Secure the Internet

    In the aftermath of the Heartbleed vulnerability's emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that type of issue from recurring. Two years later, the Linux Foundation has tasked its newly minted CTO, Nicko van Someren, to help lead the effort and push it forward.

    CII has multiple efforts under way already to help improve open-source security. Those efforts include directly funding developers to work on security, a badging program that promotes security practices and an audit of code to help identify vulnerable code bases that might need help. In a video interview with eWEEKat the LinuxCon conference here, Van Someren detailed why he joined the Linux Foundation and what he hopes to achieve.

  • Certificate Authority Gave Out Certs For GitHub To Someone Who Just Had A GitHub Account

    For many years now, we've talked about the many different problems today's web security system has based on the model of security certificates issued by Certificate Authorities. All you need is a bad Certificate Authority be trusted and a lot of bad stuff can happen. And it appears we've got yet another example.

    A message on Mozilla's security policy mailing list notes that a free certificate authority named WoSign appeared to be doing some pretty bad stuff, including handing out certificates for a base domain if someone merely had control over a subdomain. This was discovered by accident, but then tested on GitHub... and it worked.

Red Hat Enterprise Linux 7.3 Beta Adds NVDIMM Support, Improves Security

Filed under
Red Hat

Today, August 25, 2016, Red Hat announced that version 7.3 of its powerful Red Hat Enterprise Linux operating system is now in development, and a Beta build is available for download and testing.

Red Hat Enterprise Linux 7.3 Beta brings lots of improvements and innovations, support for new hardware devices, and improves the overall security of the Linux kernel-based operating system used by some of the biggest enterprises and organizations around the globe. Among some of the major new features implemented in the Red Hat Enterprise Linux 7.3 release, we can mention important networking improvements, and support for Non-Volatile Dual In-line Memory Modules (NVDIMMs).

Read more

Also: CentOS 6 Linux OS Receives Important Kernel Security Update from Red Hat

Release of Red Hat Virtualization 4 Offers New Functionality for Workloads

Security News

Filed under
  • Jay Beale: Linux Security and Remembering Bastille Linux

    Security expert and co-creator of the Linux-hardening (and now Unix-hardening) project Bastille Linux. That’s Jay Beale. He’s been working with Linux, and specifically on security, since the late 1980s. The greatest threat to Linux these days? According to Beale, the thing you really need to watch out for is your Android phone, which your handset manufacturer and wireless carrier may or may not be good about updating with the latest security patches. Even worse? Applications you get outside of the controlled Google Play and Amazon environments, where who-knows-what malware may lurk.

    On your regular desktop or laptop Linux installation, Beale says the best security precaution you can take is encrypting your hard drive — which isn’t at all hard to do. He and I also talked a bit, toward the end, about how “the Linux community” was so tiny, once upon a time, that it wasn’t hard to know most of its major players. He also has some words of encouragement for those of you who are new to Linux and possibly a bit confused now and then. We were all new and confused once upon a time, and got less confused as we learned. Guess what? You can learn, too, and you never know where that knowledge can take you.

  • Automotive security: How safe is a next-generation car?

    The vehicles we drive are becoming increasingly connected through a variety of technologies. Features such as keyless entry and self-diagnostics are becoming commonplace. Unfortunately, they can also introduce IT security issues.

  • Let's Encrypt: Every Server on the Internet Should Have a Certificate

    The web is not secure. As of August 2016, only 45.5 percent of Firefox page loads are HTTPS, according to Josh Aas, co-founder and executive director of Internet Security Research Group. This number should be 100 percent, he said in his talk called “Let’s Encrypt: A Free, Automated, and Open Certificate Authority” at LinuxCon North America.

    Why is HTTPS so important? Because without security, users are not in control of their data and unencrypted traffic can be modified. The web is wonderfully complex and, Aas said, it’s a fool’s errand to try to protect this certain thing or that. Instead, we need to protect everything. That’s why, in the summer of 2012, Aas and his friend and co-worker Eric Rescorla decided to address the problem and began working on what would become the Let’s Encrypt project.

  • OpenSSL 1.1 Released With Many Changes

    OpenSSL 1.1.0 was released today as a major update to this free software cryptography and SSL/TLS toolkit.

    In addition to OpenSSL 1.1 rolling out a new build system and new security levels and support for pipelining and a new threading API, security additions to OpenSSL 1.1 include adding the AFALG engine, support for ChaChao20 in libcrypto/libssl, scrypto algorithm support, and support for X25519, among many other additions.

  • Is Windows ​10’s ‘Hidden Administrator Account’ a security risk? [Ed: Damage control from Microsoft Jack (Jack Schofield) because Microsoft Windows is vulnerable by design]

Security News

Filed under
  • Wednesday's security updates
  • This Android botnet relies on Twitter for its commands
  • Android Security Flaw Exposes 1.4B Devices [Ed: Alternative headline is, "Android is very popular, it has billions of users. And yes, security ain’t perfect." When did the press ever publish a headline like, "Windows flaw leaves 2 billion PCs susceptible for remote takeover?" (happens a lot)]
  • Wildfire ransomware code cracked: Victims can now unlock encrypted files for free

    Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

    No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

    Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.

    Wildfire victims are served with a ransom note demanding payment of 1.5 Bitcoins -- the cryptocurrency favored by cybercriminals -- in exchange for unlocking the encrypted files. However, cybersecurity researchers from McAfee Labs, part of Intel Security, point out that the hackers behind Wildfire are open to negotiation, often accepting 0.5 Bitcoins as a payment.

    Most victims of the ransomware are located in the Netherlands and Belgium, with the malicious software spread through phishing emails aimed at Dutch speakers. The email claims to be from a transport company and suggests that the target has missed a parcel delivery -- encouraging them to fill in a form to rearrange delivery for another date. It's this form which drops Wildfire ransomware onto the victim's system and locks it down.

Security Leftovers

Filed under

Security News

Filed under

Canonical Releases Massive Mir 0.24.0 Display Server Update for Ubuntu Linux OS

Filed under

Canonical has pushed a new massive update (version 0.24.0) of the Mir display server used to power the Unity 8 user interface of the next-generation Ubuntu Linux operating system.

Read more

Security Leftovers

Filed under
Syndicate content

More in Tux Machines

Linux Devices

Linux Graphics

Fedora News

  • The Bugs So Far Potentially Blocking The Fedora 25 Release
    Adam Williamson of the Fedora QA team has sent out a list of the bugs currently outstanding that could block the Fedora 25 release from happening on its current schedule should they not be fixed in time.
  • Updated Fedora 24 ISO Respins Now Available with Dirty COW-Patched Linux Kernel
    It looks like a new set of updated Live ISO images for the Fedora 24 GNU/Linux operating system were published by Ben Williams, founder of the Fedora Unity Project and a Fedora Ambassador. Dubbed F24-20161023, the updated Live ISOs a few days ago and include up-to-date components from the official Fedora 24 Linux software repositories, with which was fully syncronized as of October 23, 2016. Of course, this means that they also include the latest Linux kernel update fully patched against the "Dirty COW" bug.
  • PHP version 5.6.28RC1 and 7.0.13RC1
  • Flock Stories 2016, Episode 1: Redon Skikuli
    Flock Stories by Chris WardIf you were wondering where Flock 2018 might be, today’s guest Redon Skikuli might just have your answer! Redon is not just a Fedora community contributor, he’s a Fedora community creator. I ask Redon what he’s up to these days and why he thinks we should also consider joining future Flocks.

New KNOPPIX Release, LibreOffice 5.1.6, Rosa Down

In Linux news today KNOPPIX 7.7.1 was released to the public based on Debian with GNOME 3.22, KDE 5.7.2, and "Everything 3D." The Rosa project is experiencing network issues and folks may experience problems trying to connect to their services the next few days. LibreOffice 5.1.6 was announced today by The Document Foundation, the sixth update to the Still branch for stable users, and a new vulnerability was disclosed in GNU Tar. Read more