Language Selection

English French German Italian Portuguese Spanish

Security

Zerodium offers $45000 for Linux zero-day vulnerabilities

Filed under
Linux
Security

Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system.

On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer increased payouts of up to $45,000 for local privilege escalation (LPE) exploits.

The zero-day, unreported vulnerabilities, should work with default installations of Linux such as the popular Ubuntu, Debian, CentOS, Red Hat Enterprise Linux (RHEL), and Fedora builds.

Read more

Security: Data Breaches, Apple, and DRM Threats

Filed under
Security
  • Data breach law: primary concern is information security, says expert

    The primary concern for businesses after the Australian data breach law takes effect on 22 February will be information security, as without that in place, it will not be possible to protect personal information, an expert in cyber security and law says.

  • Apple confirms source code for iBoot leaked to GitHub

    Apple has confirmed that the source code for iBoot from a version of iOS was posted on GitHub on Thursday, with the company forced to make the admission as it filed a DMCA takedown request to the hosting site.

  • Warning hackers quick to bypass anti-virus walls in latest attacks

    Anti-virus software doesn’t stop new threats or advanced malicious-email attacks.as hackers use scam emails to deliver new ‘fast-break’ or ‘zero-day’ attacks, according to security firm MailGuard.

  • Thousands of students affected in online data leak

    According to Helsingin Sanomat the leak was due to an online security breach on the servers of the matriculation examination board's website. Approximately 7,695 students have fallen victim to the leak.

  • EFF vs IoT DRM, OMG!

    What with the $400 juicers and the NSFW smart fridges, the Internet of Things has arrived at that point in the hype cycle midway between "bottom line" and "punchline." Hype and jokes aside, the reality is that fully featured computers capable of running any program are getting cheaper and more powerful and smaller with no end in sight, and the gadgets in our lives are transforming from dumb hunks of electronics to computers in fancy cases that are variously labeled "car" or "pacemaker" or "Alexa."

    We don't know which designs and products will be successful in the market, but we're dead certain that banning people from talking about flaws in existing designs and trying to fix those flaws will make all the Internet of Things' problems worse.

What Is Kali Linux, and Do You Need It?

Filed under
GNU
Linux
Security

If you’ve heard a 13-year-old would-be hacker talking about how 1337 they are, chances are, Kali Linux came up. Despite it’s script kiddie reputation, Kali is actually a real tool (or set of tools) for security professionals.

Kali is a Linux distribution based on Debian. Its goal is simple; include as many penetration and security audit tools as possible in one convenient package. Kali delivers, too. Many of the best open-source tools for conducting security tests are collected and ready to use.

Read more

Security: Meltdown and Spectre, Apple Code Leak, ​WordPress's Broken Automatic Update

Filed under
Security

Security: BT, Uber, Android

Filed under
Security

Security: Updates, Cryptocurrencies and More

Filed under
Security
  • Security updates for Wednesday
  • 6 Easy Ways To Block Cryptocurrency Mining In Your Web Browser

    Cryptocurrencies are digital or virtual currencies that make use of encryption for security. As they are anonymous and decentralized in nature, one can use them for making payments that can’t be tracked by governments.

  • The effect of Meltdown and Spectre in our communities

    A late-breaking development in the computing world led to a somewhat hastily arranged panel discussion at this year's linux.conf.au in Sydney. The embargo for the Meltdown and Spectre vulnerabilities broke on January 4; three weeks later, Jonathan Corbet convened representatives from five separate parts of our community, from cloud to kernel to the BSDs and beyond. As Corbet noted in the opening, the panel itself was organized much like the response to the vulnerabilities themselves, which is why it didn't even make it onto the conference schedule until a few hours earlier.
    Introductions

Security Catastrophe at Octoly

Filed under
Security
  • Bad Influence: How A Marketing Startup Exposed Thousands of Social Media Stars
  • More Than 12,000 Influencers, Brands Targeted in Latest Data Breach

    It happened to Target, Forever 21, Neiman Marcus, TJX Companies, and Yahoo. Their systems were infiltrated by hackers and the data that they had stored, including consumers’ names, addresses, payment information, and in some cases, social security numbers, were stolen. Now, influencers and high-end beauty and fashion brands, are the target, as Octoly, a Paris-based influencer agency, has confirmed that it has experienced a data breach, putting more than 12,000 prominent social media influencers from YouTube, Instagram, and Twitter at risk.

  • 12,000 Influencers Had Their Data Leaked by Marketing Firm Octoly

    Unfortunately, that is just what happened last month to around 12,000 social media stars who work with Paris-based influencer marketplace Octoly. According to cyber risk company UpGuard, carelessness on the part of Octoly led to influencers' personal information — like street addresses, phone numbers, birth dates, email addresses and more — becoming accessible in a public database.

Security: Windows, WiFi Routers, Privacy and More

Filed under
Security
  • The worst types of ransomware attacks [Ed: Windows]
  • All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

    A security researcher has revealed how sophisticated NSA exploits, which were stolen and published online by hacker group Shadow Brokers, can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10.

    Back in 2016, the hacker group named Shadow Brokers stole weaponised cyber-tools from the US National Security Agency and published them online, thereby enabling other cyber- criminals to use the tools to attack targeted organisations and to gain access to systems.

  • Leaked NSA Exploits Modified To Attack Every Windows Version Since 2000

    Probably, the most famous of the NSA tools leaked by the hacker group Shadow Brokers was EnternalBlue which gave birth to dangerous malware like WannaCry, Petya, and more recently, the cryptojacking malware WannaMine.

    Now, Sean Dillion, a security researcher at RiskSense, has modified the source code of three other leaked NSA tools called EnternalRomance, EternalChampion, and EnternalSynergy. In the past, he also ported the EternalBlue exploit to work on Windows 10.

  • WiFi Routers Riddled With Holes: Report [Ed: default passwords]

    Insignary, a startup security firm based in South Korea, conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers. The company conducted scans across a spectrum of the firmware used by the most popular home, small and mid-sized business and enterprise-class WiFi routers.

  • As data protection laws strengthen open-source software governance becomes critical [Ed: Nothing to do with FOSS. Proprietary software has more holes and some cannot/will not be patched.]

    The cadence of delivery isn’t hampered by new layers of governance (as using automated security audits allows for real-time testing as new code is developed). And with accurate audit trails, organisations can prove the extent to which they have gone, to ensure secure code that culminates in safe and compliant applications.

  • Episode 81 - Autosploit, bug bounties, and the future of security

Linux module aims at security, but will it make the cut?

Filed under
Linux
Security

The Linux Kernel Runtime Guard has been devised by the Openwall project.

LKRG checks at runtime to find out if any exploits for security flaws are in a system; if so, it attempts to block such attacks.

It can also detect any privilege escalation in processes that are running and kill the guilty process before it can execute any code.

Read more

Security: Security Is Not an Absolute, Layered Insight, Windows Back Doors, and AutoSploit

Filed under
Security
  • Security Is Not an Absolute

    If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

  • Layered Insight Takes Aim at Container Security

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5.

    Layered Insight got started in January 2015 and has been quietly building its technology and a business ever since. The company has not announced any funding yet, though Layered Insight does already have product in-market as it aims to help organizations gain better visibility and control of container environments.

  • Leaked NSA hacking tools can target all Windows versions from the past two decades

    REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

    Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

    Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

  • AutoSploit: Mass Exploitation Just Got a Lot Easier

    In the meantime, others in the open source community have stepped up to prevent some of the worst potential damage from AutoSploit. Security expert Jerry Gamblin posted to GitHub his own bit of code that he says will block Shodan from being able to scan your systems. However, it is questionable as to whether this response will be widely used, considering the generally poor performance of the software industry for implementing critical patches when they are announced from the project managers themselves.

Syndicate content

More in Tux Machines

Review: Chakra GNU/Linux 2017.10

Chakra is an unusual distribution for a few reasons. It is a rare semi-rolling project, which tries to maintain a fairly stable base system while providing up to date applications. This is an interesting compromise between full rolling and static operating systems. The semi-rolling concept is an idea I like and I was curious to see how well the approach would work dealing with around six months of updates. I was pleased to find Chakra handled the massive upgrade well. Chakra was once also considered unusual for being very KDE-focused. There are more KDE distribution these days (KaOS, Kubuntu and KDE neon come readily to mind) and I think Chakra may have lost some of its appeal as more competition has established itself in the KDE-centric arena. I found the distribution to be easy to set up and pretty straight forward to use, but there were a few characteristics which bothered me during my trial with Chakra. One was that while updates installed cleanly, once Plasma 5.12 was installed, I experienced slow login times and reduced performance on the desktop. It could be argued that this is a Plasma problem, not a Chakra problem, but the distribution's rolling release nature means any regressions in new versions of software end up in the user's lap. Something that tends to bother me about distributions which focus on one desktop toolkit or another is that this approach to selecting software means we are sometimes using less capable tools in the name of toolkit purity. This is not a trade-off I like as I'd rather be using more polished applications over ones which a particular affiliation. Finally, Chakra includes a number of command line aliases which got in my way. This seems to be a problem I have been running into more often recently. Developers are trying to be helpful by aliasing common commands, but it means that for some tasks I need to change my habits or undefine the provided aliases and the feature ends up being a nuisance instead of a convenience. Chakra seems to be a capable and useful distribution and I am sure there are people who will appreciate the rolling release nature. Many people will likely also like having lots of KDE applications, and I can see the appeal of this combination. However, one thing which makes me hesitate to recommend Chakra is that the distribution does not appear to bring any special features to the ecosystem. It's a useful operating system and, to be completely fair, users can install non-KDE alternatives if they want to use LibreOffice instead of Calligra or GIMP instead of KolourPaint. But I'm not sure Chakra brings anything unique which makes it stand apart from openSUSE's Tumbleweed or KaOS's polished Plasma offering. Chakra used to be special in its semi-rolling, KDE-focused niche, but these days the distribution has a more competition and I'm not sure the project has any special sauce to set it apart from the crowd. Read more

Terminal app appears in Chome OS Dev, hints at future Linux application support

Back in February, some commits to the Chromium codebase revealed that Chrome OS would soon run Linux applications using a container. While it has been possible for years to run Linux applications on top of Chrome OS using crouton, it's a hacky solution that only works in Developer Mode. Google's solution would presumably work better, and perhaps not require Dev Mode to be enabled. Read more

​What's the most popular Linux of them all?

Let's cut to the chase. Android is the most popular of all Linux distributions. Period. End of statement. But that's not the entire story. Still it must be said, according to StatCounter, Android is the most popular of all operating systems. By a score of 39.49 percent to 36.63 percent, Android beats out Windows for global personal device supremacy. Sorry Windows, you had a nice run, but between your smartphone failures and the PC decline, your day is done. But, setting Android aside, what's the most popular Linux? It's impossible to work that out. The website-based analysis tools, such as those used by StatCounter, NetMarketShare, and the Federal government's Digital Analytics Program (DAP), can't tell the difference between Fedora, openSUSE, and Ubuntu. DAP does give one insightful measurement the others sites don't give us. While not nearly as popular as Android, Chrome OS is more popular than all the other Linux-based desktops combined by a score, in April 2018, of 1.3 percent to 0.6 percent of end users. Read more

Android/ChromeOS/Google Leftovers