Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Raspberry Pi With Open Port 22

Filed under
Linux
Hardware
Security

Security Leftovers

Filed under
Security

Updated Fedora 25 Live ISOs Released with Linux Kernel 4.11.3, Security Updates

Filed under
Security

Ben Williams of the Fedora Respins-SIG project is back with his announcement about new sets of updated Fedora 25 Linux Live ISO respins, which bring all the latest security and software updates, as well as a new kernel.

Read more

Security Leftovers: Vault 7, uCareSystem, CryptoHarlem

Filed under
Security
  • Security updates for Wednesday
  • Vault 7: WikiLeaks exposes Pandemic, CIA infection tool for Windows machines

    After having disclosed information about CIA’s spyware tool Athena only last week, WikiLeaks has published new information from Pandemic, another alleged CIA project that “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

    Part of the Vault 7 series of documents that were either leaked following an inside job or stolen from the CIA by hackers, Pandemic basically turns Windows machines from a targeted network into Patient Zero. It then covertly infects other computers linked to the system by delivering infected versions of the requested files. Because it is very persistent, the original source of infection is difficult to detect.

  • Hand in your notice – by 2022 there'll be 350,000 cybersecurity vacancies

    General Data Protection Regulation (GDPR) will force European organisations to expand their cyber workforce, causing demand to outstrip the supply of expertise.

    Two in five governments and companies will expand their cybersecurity divisions by more than 15 per cent in the next 12 months, according to a survey by the International Information System Security Certification Consortium, or (ISC)2. This will lead to a shortfall of 350,000 cyber workers across the continent by 2022.

    Europe's cyber workforce will expand faster than any other region in the world. Demand is driving record salaries with 39 per cent of UK cyber workers commanding annual salaries of more than £87,000.

  • uCareSystem – All-In-One System Update And Maintenance Tool For Ubuntu/LinuxMint

    uCareSystem Core is a thin utility that automates the basic system maintenance activity, in other hand it will reduce system administrator task in many ways and save some good amount of time. It doesn’t have any GUI and offers purely command line interface to perform the activity.

  • Matt Mitchell of CryptoHarlem is building an open source tool to help organizations prepare for data breaches

    This morning on the stage of TC Sessions: Justice, Matt Mitchell of CryptoHarlem discussed his views on the link between surveillance and minority oppression and the importance of taking a preventative approach to security and privacy. Mitchell, a specialist in digital safety and encryption, is dedicating time to creating Protect Your Org, a free, open source, tool for all organizations to prepare for inevitable data breaches.

Canonical Outs Major Linux Kernel Security Update for Ubuntu 17.04 and 16.04 LTS

Filed under
Security
Ubuntu

Canonical released new kernel security updates for all of its supported Ubuntu Linux operating systems, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 16.10 (Yakkety Yak), and Ubuntu 14.04 LTS (Trusty Tahr).

Read more

Tor Browser 7.0 is released

Filed under
Moz/FF
OSS
Security

The Tor Browser Team is proud to announce the first stable release in the 7.0 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release brings us up to date with Firefox 52 ESR which contains progress in a number of areas:

Most notably we hope having Mozilla's multiprocess mode (e10s) and content sandbox enabled will be one of the major new features in the Tor Browser 7.0 series, both security- and performance-wise. While we are still working on the sandboxing part for Windows (the e10s part is ready), both Linux and macOS have e10s and content sandboxing enabled by default in Tor Browser 7.0. In addition to that, Linux and macOS users have the option to further harden their Tor Browser setup by using only Unix Domain sockets for communication with tor.

Read more

Also: Firefox-Based Tor Browser 7.0 Officially Released for Anonymous Web Surfing

Microsoft Antitrust and Security Failures

Filed under
Microsoft
Security
  • Kaspersky sues Microsoft over claims Windows 10 is 'incompatible' with third-party AV

    In a sensational claim, Kaspersky says that a customer in France was told by a Microsoft representative that "Windows 10 is incompatible with third-party antivirus. It's a shame that you've spent money on a Kaspersky Lab product, but you can't reinstall it without running the risk of the appearance of new bugs."

  • Microsoft Targeted by Kaspersky Antitrust Complaint to EU

    Kaspersky sent a formal complaint to European Union and German antitrust regulators, saying “hurdles” created by Microsoft limit consumer choice and drive up the cost of security software.

  • If hacking {sic} back becomes law, what could possibly go wrong? [iophk: "any Windows machines even sending stray packet will then receive the full force of vault7+"]

    Representative Tom Graves, R-Ga., thinks that when anyone gets hacked {sic} -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers {sic} outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking {sic} back" easy-breezy-legal believes it would've stopped the WannaCry ransomware.

  • Ransomware attack will count as data breach: security pro

    Ransomware attacks will be regarded as data breaches under Australia's new data breach legislation that comes into force on 22 February next year, according to the chief cyber security adviser at RSA.

Why you must patch the new Linux sudo security hole

Filed under
Linux
Security

If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don't bother because SELinux can be difficult to set up. But, if you really want to nail down your server, you use SELinux. This makes the newly discovered Linux security hole -- with the sudo command that only hits SELinux-protected systems -- all the more annoying.

Read more

Security News: Microsoft Back Doors, Microsoft Lies, Microsoft Breakage, and Let’s Encrypt

Filed under
Security
  • Vietnamese hackers appear to be researching an NSA backdoor tool
  • EternalBlue NSA Exploit Becomes Commodity Hacking Tool, Spreads to Other Malware
  • Windows XP computers were mostly immune to WannaCry

    Windows XP isn’t as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research. The company’s researchers found that XP computers hit with the most common WannaCry attack tended to simply crash without successfully installing or spreading the ransomware. If true, the result would undercut much of the early reporting on Windows XP’s role in spreading the globe-spanning ransomware.

  • Whoops! Microsoft accidentally lets out a mobile-'bricking' OS update

    “A small portion” of Windows mobile users hoping the unexpected cool new update would start the month off the right way got burned yesterday. Microsoft “accidentally” released a development build of Windows 10 that can transform your phone into jelly if you try to install it.

    “We apologize for this inconvenience,” said Microsoft Windows and Devices Group software engineer Dona Sarkar in a blog post last night.

  • This is why Windows users don't install updates

    Although I use Linux for all day-to-day computing, I have two old laptops with Windows XP licenses, and I have them configured to dual-boot Windows or Linux. Every now and then I need to run a Windows application that won't work under Linux; they're handy then. And even though Windows XP support ended long ago, Microsoft decided to make a patch for the WannaCrypt worm available for XP.

  • "Foreign" denial-of-service attacks shut down social insurance sites

    The Social Insurance Institution (Kela) has been hit by a series of distributed denial-of-service (DDoS) attacks that crashed some of its online services on Friday and Saturday. Kela says it will provide more information as it becomes available. The state social services agency suffered disruptions for two and a half hours on Friday evening and for about four hours on Saturday.

  • [Older] Ping is okay? – Right?

    Of course, preventing covert channels using ICMP/DNS etc. is a good idea in general. But often in modern networks today there are so many other ways of getting data in and out of a network, that using a ICMP tunnel is something the attackers often does not need to do.

  • Creating a TXT only nsupdate connection for Let’s Encrypt

    I’m in the process of designing my own centralized Let’s Encrypt solution.

Syndicate content

More in Tux Machines

Wine 2.15

Today in Techrights

today's leftovers

Audiocasts: This Week in Linux and Freedom Penguin