Language Selection

English French German Italian Portuguese Spanish

Security

Security: Meltdown and Spectre, Apple Code Leak, ​WordPress's Broken Automatic Update

Filed under
Security

Security: BT, Uber, Android

Filed under
Security

Security: Updates, Cryptocurrencies and More

Filed under
Security
  • Security updates for Wednesday
  • 6 Easy Ways To Block Cryptocurrency Mining In Your Web Browser

    Cryptocurrencies are digital or virtual currencies that make use of encryption for security. As they are anonymous and decentralized in nature, one can use them for making payments that can’t be tracked by governments.

  • The effect of Meltdown and Spectre in our communities

    A late-breaking development in the computing world led to a somewhat hastily arranged panel discussion at this year's linux.conf.au in Sydney. The embargo for the Meltdown and Spectre vulnerabilities broke on January 4; three weeks later, Jonathan Corbet convened representatives from five separate parts of our community, from cloud to kernel to the BSDs and beyond. As Corbet noted in the opening, the panel itself was organized much like the response to the vulnerabilities themselves, which is why it didn't even make it onto the conference schedule until a few hours earlier.
    Introductions

Security Catastrophe at Octoly

Filed under
Security
  • Bad Influence: How A Marketing Startup Exposed Thousands of Social Media Stars
  • More Than 12,000 Influencers, Brands Targeted in Latest Data Breach

    It happened to Target, Forever 21, Neiman Marcus, TJX Companies, and Yahoo. Their systems were infiltrated by hackers and the data that they had stored, including consumers’ names, addresses, payment information, and in some cases, social security numbers, were stolen. Now, influencers and high-end beauty and fashion brands, are the target, as Octoly, a Paris-based influencer agency, has confirmed that it has experienced a data breach, putting more than 12,000 prominent social media influencers from YouTube, Instagram, and Twitter at risk.

  • 12,000 Influencers Had Their Data Leaked by Marketing Firm Octoly

    Unfortunately, that is just what happened last month to around 12,000 social media stars who work with Paris-based influencer marketplace Octoly. According to cyber risk company UpGuard, carelessness on the part of Octoly led to influencers' personal information — like street addresses, phone numbers, birth dates, email addresses and more — becoming accessible in a public database.

Security: Windows, WiFi Routers, Privacy and More

Filed under
Security
  • The worst types of ransomware attacks [Ed: Windows]
  • All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

    A security researcher has revealed how sophisticated NSA exploits, which were stolen and published online by hacker group Shadow Brokers, can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10.

    Back in 2016, the hacker group named Shadow Brokers stole weaponised cyber-tools from the US National Security Agency and published them online, thereby enabling other cyber- criminals to use the tools to attack targeted organisations and to gain access to systems.

  • Leaked NSA Exploits Modified To Attack Every Windows Version Since 2000

    Probably, the most famous of the NSA tools leaked by the hacker group Shadow Brokers was EnternalBlue which gave birth to dangerous malware like WannaCry, Petya, and more recently, the cryptojacking malware WannaMine.

    Now, Sean Dillion, a security researcher at RiskSense, has modified the source code of three other leaked NSA tools called EnternalRomance, EternalChampion, and EnternalSynergy. In the past, he also ported the EternalBlue exploit to work on Windows 10.

  • WiFi Routers Riddled With Holes: Report [Ed: default passwords]

    Insignary, a startup security firm based in South Korea, conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers. The company conducted scans across a spectrum of the firmware used by the most popular home, small and mid-sized business and enterprise-class WiFi routers.

  • As data protection laws strengthen open-source software governance becomes critical [Ed: Nothing to do with FOSS. Proprietary software has more holes and some cannot/will not be patched.]

    The cadence of delivery isn’t hampered by new layers of governance (as using automated security audits allows for real-time testing as new code is developed). And with accurate audit trails, organisations can prove the extent to which they have gone, to ensure secure code that culminates in safe and compliant applications.

  • Episode 81 - Autosploit, bug bounties, and the future of security

Linux module aims at security, but will it make the cut?

Filed under
Linux
Security

The Linux Kernel Runtime Guard has been devised by the Openwall project.

LKRG checks at runtime to find out if any exploits for security flaws are in a system; if so, it attempts to block such attacks.

It can also detect any privilege escalation in processes that are running and kill the guilty process before it can execute any code.

Read more

Security: Security Is Not an Absolute, Layered Insight, Windows Back Doors, and AutoSploit

Filed under
Security
  • Security Is Not an Absolute

    If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

  • Layered Insight Takes Aim at Container Security

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5.

    Layered Insight got started in January 2015 and has been quietly building its technology and a business ever since. The company has not announced any funding yet, though Layered Insight does already have product in-market as it aims to help organizations gain better visibility and control of container environments.

  • Leaked NSA hacking tools can target all Windows versions from the past two decades

    REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

    Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

    Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

  • AutoSploit: Mass Exploitation Just Got a Lot Easier

    In the meantime, others in the open source community have stepped up to prevent some of the worst potential damage from AutoSploit. Security expert Jerry Gamblin posted to GitHub his own bit of code that he says will block Shodan from being able to scan your systems. However, it is questionable as to whether this response will be widely used, considering the generally poor performance of the software industry for implementing critical patches when they are announced from the project managers themselves.

Security: Updates and Flash/Windows Problems

Filed under
Security
  • Security updates for Tuesday
  • Attackers Exploiting Unpatched Flaw in Flash

    Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

    Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.

  • Scarabey: This ransomware threatens to slowly delete your files every 24 hours until you pay up [iophk: "Microsoft Windows TCO"]

    A new variant of the malicious Scarab ransomware has been uncovered in the wild that uses a different distribution method and threat to scare victims into paying up. While the original Scarab ransomware was distributed by a massive spam campaign hosted by the Necurs botnet, the new variant dubbed "Scarabey" targets Remote Desktop Protocol connections and is manually dropped on servers and systems.

  • [Old] Forgotten Conficker worm resurfaces to infect systems with WannaCry

    Simon Edwards, European cyber security architect at Trend Micro, told SC that one of the Shadow Broker releases included a ‘new' version of Conficker (Eclipsed Wing) which would connect it to the exploit used for WannaCry.

    [...]

    “However, Trend has seen samples of this onsite in the NHS; the samples use Domain Generation Algorithms to communicate to C&C servers so generate quite a lot of network traffic. Once again patching is critical, but once again (in the case of the NHS specifically) this might not be possible for systems running critical medical equipment.”

Security: Updates, Meltdown/Spectre and Microsoft/NSA Back Doors

Filed under
Security
  • Security updates for Monday
  • Meltdown/Spectre Status for Red Hat and Oracle
  • NetBSD Has SVS To Mitigate Meltdown, Still Working On Spectre

    The NetBSD project has issued an update concerning recent security efforts for this popular BSD operating system.

    NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.

  • Talking to normal people about security
  • 3 leaked NSA exploits work on all Windows versions since Windows 2000

    Oh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts.

    Before this, EternalSynergy, EternalRomance, and EternalChampion had partially been used in the NotPetya cyber attack. However, they had not been used by malicious actors nearly as much as EternalBlue because they didn’t work on recent Windows versions. That has now changed thanks to RiskSense security researcher Sean Dillon, aka @zerosum0x0, who ported the Microsoft Server Message Block (SMB) exploits to work on Windows versions released over the past 18 years.

  • NSA exploits leaked by hackers tweaked to work on all versions of Windows since 2000

    A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

    The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

  • Every NHS trust tested for cybersecurity has failed, officials admit

Latest on Meltdown/Spectre in Linux

Filed under
Linux
Hardware
Security
Syndicate content

More in Tux Machines

Security: Updates, GrayKey, Google and Cilium

  • Security updates for Wednesday
  • Hackers Leaked The Code Of iPhone Cracking Device “GrayKey”, Attempted Extortion
    The mysterious piece of hardware GrayKey might give a sense of happiness to cops because they can get inside most of the iPhone models currently active, including the iPhone X. The $30,000 device is known to crack a 4-digit iPhone passcode in a matter of a few hours, and a six-digit passcode in 3 days, or possibly 11 hours in ideal scenarios. That’s why security experts suggest that iOS users should keep an alphanumeric passcode instead of an all-number passcode.
  • Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code
    Law enforcement agencies across the country are buying or have expressed interest in buying GrayKey, a device that can unlock up-to-date iPhones. But Grayshift, the company that makes the device, has attracted some other attention as well. Last week, an unknown party quietly leaked portions of GrayKey code onto the internet, and demanded over $15,000 from Grayshift—ironically, the price of an entry-level GrayKey—in order to stop publishing the material. The code itself does not appear to be particularly sensitive, but Grayshift confirmed to Motherboard the brief data leak that led to the extortion attempt.
  • It's not you, it's Big G: Sneaky spammers slip strangers spoofed spam, swamp Gmail sent files
    Google has confirmed spammers can not only send out spoofed emails that appear to have been sent by Gmail users, but said messages also appear in those users' sent mail folders. The Chocolate Factory on Monday told The Register that someone has indeed created and sent spam with forged email headers. These not only override the send address, so that it appears a legit Gmail user sent the message, but it also mysteriously shows up in that person's sent box as if they had typed it and emitted themselves. In turn, the messages would also appear in their inboxes as sent mail.
  • Cilium 1.0 Advances Container Networking With Improved Security
    For last two decades, the IPtables technology has been the cornerstone of Linux networking implementations, including new container models. On April 24, the open-source Cilium 1.0 release was launched, providing a new alternative to IPtables by using BPF (Berkeley Packet Filter), which improves both networking and security. The Cilium project's GitHub code repository defines the effort as Linux Native, HTTP Aware Network Security for Containers. Cilium development has been driven to date by stealth startup Covalent, which is led by CEO Dan Wendlandt, who well-known in the networking community for his work at VMware on software-defined networking, and CTO Thomas Graf, who is a core Linux kernel networking developer.

Applications: KStars, Kurly, Pamac, QEMU

  • KStars 2.9.5 is out!
    Autofocus module users would be happy to learn that the HFR value is now responsive to changing seeing conditions. Previously, the first successful autofocus operation would set the HFR Threshold value of which subsequent measurements are compared against during the in-sequence-focusing step.
  • Kurly – An Alternative to Most Widely Used Curl Program
    Kurly is a free open source, simple but effective, cross-platform alternative to the popular curl command-line tool. It is written in Go programming language and works in the same way as curl but only aims to offer common usage options and procedures, with emphasis on the HTTP(S) operations. In this tutorial we will learn how to install and use kurly program – an alternative to most widely used curl command in Linux.
  • Pamac – Easily Install and Manage Software on Arch Linux
    Arch Linux is one of the most popular Linux distribution available despite its apparent technicality. Its default package manager pacman is powerful but as time always tells, it is a lot easier to get certain things done using a mouse because GUI apps barely require any typing nor do they require you to remember any commands; and this is where Pamac comes in. Pamac is a Gtk3 frontend for libalpm and it is the GUI tool that Arch Linux users turn to the most when they aren’t in the mood to manage their software packages via the terminal; and who can blame them? It was specifically created to be used with Pacman.
  • QEMU 2.12 Released With RISC-V, Spectre/Meltdown & Intel vGPU Action
    QEMU 2.12 is now officially available as the latest stable feature update to this important component to the open-source Linux virtualization stack.

Ubuntu Leftovers

today's howtos