Language Selection

English French German Italian Portuguese Spanish

Security

Security: Spectre & Meltdown, Cryptocurrency Mining Malware, Android, and Linux

Filed under
Security
  • Linux Monitoring Tool Detects Meltdown Attacks
  • The Spectre & Meltdown Vulnerability Checker for Linux Is Now in Debian's Repos

    If you want to check to see if your Debian GNU/Linux computer is patched against the Meltdown and Spectre security vulnerabilities, it's now easier than ever to install the original spectre-meltdown-checker script.

    Yes, you're reading it right, you can now install the very useful Spectre and Meltdown vulnerability/mitigation checker for Linux-based operating systems created by developer Stéphane Lesimple from the stable software repositories of the Debian GNU/Linux 9 "Stretch" operating system.

  • Cryptocurrency Mining Malware That Uses an NSA Exploit Is On the Rise

    A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.

    Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack. Now, security researchers are seeing the EternalBlue exploit being used to hijack people’s computers to mine cryptocurrency.

  • How Google fights Android malware

    If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

  • Linux Kernel 4.15: 'An Unusual Release Cycle'

    Linus Torvalds released version 4.15 of the Linux Kernel on Sunday, again, and for a second version in a row, a week later than scheduled. The culprits for the late release were the Meltdown and Spectre bugs, as these two vulnerabilities forced developers to submit major patches well into what should have been the last cycle. Torvalds was not comfortable rushing the release, so he gave it another week.

    Unsurprisingly, the first big bunch of patches worth mentioning were those designed to sidestep Meltdown and Spectre. To avoid Meltdown, a problem that affects Intel chips, developers have implemented Page Table Isolation (PTI) for the x86 architecture. If for any reason you want to turn this off, you can use the pti=off kernel boot option.

  • 64-bit ARM Gets Mitigations For Spectre & Meltdown With Linux 4.16

    The 64-bit ARM (ARM64 / AArch64) architecture code changes were mailed in a short time ago for the Linux 4.16 kernel and it includes mitigation work for Spectre and Meltdown CPU vulnerabilities.

    The main additions to the ARM64 Linux code for the 4.16 kernel is security changes concerning Variant Two of Spectre and Variant Three (Meltdown). This is the initial work ready for Linux 4.16 at this time while ARM developer Catalin Marinas notes that an improved firmware interface for Variant Two and a method to disable KPTI on ARM64 is coming next week. It's noted that Cavium ThunderX doesn't work with Kernel Page Table Isolation due to hardware erratum.

Security: Updates, Intel, Taxes, Voting and WordPress

Filed under
Security
  • Security updates for Tuesday
  • House chair hits reports of Intel notifying Chinese firms about chip vulnerabilities before US

    Walden's remarks come after the Journal reported that Intel had notified a small group of companies — including Chinese firms — about Spectre and Meltdown vulnerabilities which, if exploited, allow hackers to access sensitive information stored on computers, phones and servers using Intel, AMD and ARM chips.

  • File Your Taxes Before Scammers Do It For You

    Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

  • Voting-machine makers are already worried about Defcon

    What's worse, he added that "nearly every state is using some machines that are no longer manufactured, and many election officials struggle to find replacement parts." Before millions of electronic votes were cast for the next US president, Norden told press that "everything from software support, replacement parts and screen calibration were at risk."

    So it's no wonder voting machine makers are keen to get their gear off eBay and keep it out of the hands of white-hat hackers equally keen to expose their collective security failings.

  • More than 2,000 WordPress websites are infected with a keylogger

    The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that's surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Security: Intel, Lenovo, and Windows

Filed under
Security

OPNsense 18.1

Filed under
Security
BSD
  • OPNsense 18.1 released

    For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

    We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed "Groovy Gecko". Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

  • OPNsense 18.1 BSD Firewall/Network OS Released

    After hitting the RC phase a few weeks ago, OPNsense 18.1 has been officially released as the latest version of this pfSense-forked network/router-oriented BSD operating system.

    OPNsense 18.1 is based on FreeBSD 11.1 while pulling in the HardenedBSD security changes. OPNsense 18.1 reworks its firewall NAT rules, PHP 7.1 and jQuery 3 are powering the web interface, there is now OpenVPN multi-remote support for clients, IPv6 shared forwarding support, improvements for intrusion detection alerts, a rewritten firewall live log, reverse DNS support for insight reporting, and a variety of new plugins.

Security: Voting Safety, Intel, Windows and Linux

Filed under
Security

Security: Intel Scandals, Microsoft Patches Cause Data Loss/Corruption

Filed under
Security

Parrot 3.11 release notes

Filed under
GNU
Linux
Security

Parrot 3.11 is now available for download.

This new release introduces many improvements and security fixes compared to the previous versions. It includes by default all the spectre/meltdown security patches currently available and an updated version of the Linux 4.14 kernel.

A new car hacking menu now contains a collection of useful open source tools in the automotive industry to test real world cars or simulate CANBus networks.

Metasploit and postgresql are now patched to work flawlessly out of the box in live mode.

Other important updates include Firefox 58, increased installer stability, many updated security tools and some important graphic improvements.

Parrot Studio was reintroduced with many improvements, this special derivative of Parrot is designed for multimedia production as an improved version of Parrot Home for workstations, with many useful productivity tools pre-installed.

This release will probably be the last version of the 3.x series (except for eventual security updates), and we wanted to include some of the changes that we planned for parrot 4.x as a gift for our community.

Read more

Security: PLC, Blacksmith, Windows at NHS

Filed under
Security

  • Vulnerable industrial controls directly connected to Internet? Why not?

    As Beaumont said, "It's an open own goal." And this particular advisory doesn't stop with the PLCs. Some PLC manufacturers haven't even responded to inquiries from the DHS' National Cybersecurity and Communications Integration Center (NCCIC) about recently-discovered vulnerabilities, such as one in the Nari PCS-9611 Feeder Relay, a control system used to manage some electrical grids. The vulnerability, reported by two Kaspersky Labs researchers, "could allow a remote attacker arbitrary read/write abilities on the system."

  • Free Linux Tool Monitors Systems for Meltdown Attacks

    SentinelOne this week released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts, so system administrators can stop attacks before they take root.

    The company has been working on a similar tool to detect Spectre vulnerability attacks.

  • Welsh NHS systems back up after computer 'chaos'

    The National Cyber Security Centre said the problems were caused by technical issues and were not the result of a cyber attack.

Security: Updates, US Senate, Malware on Social Control Media, Ubuntu 16.04.4 LTS Delay

Filed under
Security
  • Security updates for Friday
  • Senate IT Tells Staffers They're On Their Own When It Comes To Personal Devices And State-Sponsored Hackers

    Notification of state-sponsored hacking attempts has revealed another weak spot in the US government's defenses. The security of the government's systems is an ongoing concern, but the Senate has revealed it's not doing much to ensure sensitive documents and communications don't end up in the hands of foreign hackers.

    The news of the hacking attempt was greeted with assurances that nothing of value was taken.

  • Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

    According to researchers, Dark Caracal hackers do not rely on any "zero-day exploits" to distribute its malware; instead, it uses basic social engineering via posts on Facebook groups and WhatsApp messages, encouraging users to visit hackers-controlled fake websites and download malicious applications.

  • Ubuntu 16.04.4 LTS Delayed Due To Spectre & Meltdown

    Ubuntu 16.04.4 LTS had been scheduled to ship mid-February as the latest point release for this Long Term Support release, but unfortunately that is not going to happen as planned due to the Canonical kernel developers being overloaded by Spectre and Meltdown mitigation work.

    Ubuntu 16.04.4 is now being delayed by an unknown length of time, but they believe it shouldn't be more than "a few weeks" past the original 15 February ship date. They are waiting for the Spectre/Meltdown mitigation work to settle, for ensuring they are shipping qualified patches in this point release. Additionally, they have been busy with that mitigation work that they have neglected other kernel patches that may need to make it into this point release too.

Security: 'DevOps', Linux-based SkySecure, VirusTotal, DJI

Filed under
Security
  • DevOps and Security: How to Overcome Cultural Challenges and Transform to True DevSecOps

    Similar to the proliferation of mobile devices in the enterprise several years ago where organizations were feeling the pressure to have a mobile strategy but didn’t know where to start, we’re seeing the same situation with development methodologies. To accelerate development velocity, teams are feeling the pressure to “do DevOps,” and when integrating security, to “do DevSecOps.” But much like during the initial mobile wave, many companies say they’re implementing these methodologies, and might even think they are, but in reality, they’re not. Yet.

  • What does DevOps do in 2018?

    In 2018, we’re expecting DevOps to become the new norm for larger enterprise teams. This is because we’re likely to see developers on older, higher value systems implementing a more DevOps centric approach, having seen it work on projects that have traditionally been highly visible, but low value.

  • Cisco Acquires Skyport as Cyber-Security Investments Continue

    January 2018 has emerged to become a banner month for cyber-security acquisitions, with at least 10 acquisitions announced so far, four of which were announced between Jan. 22 and 25. Cisco continued the trend on Jan. 24 by announcing its intention to acquire privately-held server security startup Skyport.

    Financial terms of Cisco's Skyport acquisition are not being publicly disclosed. A Cisco spokesperson told eWEEK that the deal is expected to close in Cisco's 2018 fiscal third quarter. However,  a Cisco spokesperson said the company doesn't plan to continue marketing the existing Skyport System server security products.

    [...]

    It's the Linux-based SkySecure Server platform tied into the SkySecure Center service that further validates the integrity of firmware, BIOS, software and cryptography.

  • S for Security is Google owner Alphabet's new favorite letter

    The business will be the new home of VirusTotal, which Google acquired in 2012. Chronicle’s other story will be “a new cybersecurity intelligence and analytics platform that we hope can help enterprises better manage and understand their own security-related data.”

  • Github shrugs off drone maker DJI's crypto key DMCA takedown effort

    Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.

    This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.

    Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.

    DJI declined to comment for this article. Github ignored The Register's invitation to comment.

    [...]

    The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.

    "DJI mistakenly marked code repositories as public subsequently granting license for anyone to fork said repos. This accident can be evidenced by their press release," wrote Finisterre, linking to a DJI statement.

Syndicate content

More in Tux Machines

Ubuntu-Based ExTiX Distro, the Ultimate Linux System, Updates Its Deepin Edition

Based on the Ubuntu 18.04 LTS (Bionic Beaver) operating system, the ExTiX 18.4 Deepin Edition is now available and it ships updated components, including the latest Deepin 15.5 Desktop, the Calamares 3.1.12 universal installer framework, and a custom Linux 4.16.2 kernel with extra hardware support. "I’ve made a new extra version of ExTiX with Deepin 15.5 Desktop (made in China!)," said Arne Exton in the release announcement. "Only a minimum of packages is installed in ExTiX Deepin. You can, of course, install all the packages you want, even while running ExTiX Deepin live, i.e. from a DVD or USB stick." Read more

Stable kernels 4.16.4, 4.14.36, 4.9.96, 4.4.129 and 3.18.106

Things You Should Know About Ubuntu 18.04

This article answers frequently asked questions about Ubuntu 18.04 and thus informing you of the important things you should know about Ubuntu 18.04. Read more

today's leftovers

  • Discovery of Terminal app for Chrome OS suggests future support for Linux software
    Chrome OS is a fairly flexible operating system, and its support for Android apps via the Google Play Store opens up a world of software. It has been thought -- and hoped -- for some time that Linux support might be on its way, and this is looking increasingly likely. A Terminal app has appeared in the Chrome OS dev channel, strongly suggesting that support for Linux applications could well be on the horizon -- something which will give Chromebooks a new appeal.
  • Put Wind into your Deployments with Kubernetes and Helm
    I’m a Software Engineer. Every day, I come into work and write code. That’s what I’m paid to do. As I write my code, I need to be confident that it’s of the highest quality. I can test it locally, but anyone who’s ever heard the words, “...but it works on my machine,” knows that’s not enough. There are huge differences between my local environment and my company’s production systems, both in terms of scale and integration with other components. Back in the day, production systems were complex, and setting them up required a deep knowledge of the underlying systems and infrastructure. To get a production-like environment to test my code, I would have to open a ticket with my IT department and wait for them to get to it and provision a new server (whether physical or virtual). This was a process that took a few days at best. That used to be OK when release cycles were several months apart. Today, it’s completely unacceptable.
  • KDE Plasma 5.13 Desktop Environment Promises Much Better Wayland Support
    The adoption of the next-generation Wayland display server amongst Linux-based operating systems is slowly, but surely, changing the Linux world for better. While most of the popular GNU/Linux distributions out there are shy on adopting Wayland by default, major Linux desktop environments like GNOME and KDE continue to offer improved Wayland support with each new major release. KDE Plasma 5.13 is being worked on these days, and KDE developer Roman Gilg reported over the weekend on the progress, so far, on the Plasma Wayland component for the next major release, which looks to be pretty promising. One of the most significant changes implemented in Plasma Wayland for KDE Plasma 5.13 is the ability to run more Linux apps on the Wayland display manager, either as native Wayland clients or as Xwayland clients.
  • [Mageia] Weekly Roundup 2018 – Week 16
    Work on the LXQt packages is still ongoing; watch this space for Great Plasma Update news.
  • Ubuntu Weekly Newsletter Issue 524
  • Is English Wikipedia’s ‘rise and decline’ typical?
    The figure comes from “The Rise and Decline of an Open Collaboration System,” a well-known 2013 paper that argued that Wikipedia’s transition from rapid growth to slow decline in 2007 was driven by an increase in quality control systems. Although many people have treated the paper’s finding as representative of broader patterns in online communities, Wikipedia is a very unusual community in many respects. Do other online communities follow Wikipedia’s pattern of rise and decline? Does increased use of quality control systems coincide with community decline elsewhere?
  • Two DMV Startups Are Updating an Open Source Security System to Prevent Data Hacks
  • Comprehensive Android Binary Scans Find Known Security Vulnerabilities in 1 Out of Every 5 of the 700 Most Popular Apps on Google Play Store [Ed: Insignary is again badmouthing FOSS platforms as a form of marketing that's basically disguised as 'research' or 'study']
  • Ryzen Stability Issues Are Still Affecting Some FreeBSD Users
    While in recent months there have been some improvements to FreeBSD that have helped yield greater reliability in running AMD Ryzen processors on this BSD operating system, some users are still reporting hard to diagnose stability problems on FreeBSD. For some, FreeBSD on Ryzen is still leading to lock-ups, even while the system may be idle. Also making it hard to debug, for some they can trigger a lock-up within an hour of booting their system while for others they may be able to make it a week or two before hitting any stability problem.
  • 6 DevOps trends to watch in 2018
    Here at Loggly, we live and breathe logs and uncovering underlying data. It probably comes as no surprise that we’re passionate about the future of log analysis and metric monitoring. Communicating with key subject matter experts in the DevOps space plays an important role in helping us understand where the industry is headed.
  • Trouble in techno hippie paradise
    Another interesting point: while the number of people addicted to nicotine has been going down globally lately, the number of network addicts has outnumbered those by far now. And yet the long term effects of being online almost 24/365 have not yet been researched at all. The cigarette companies claimed that most doctors smoke. The IT industry claims it's normal to be online. What's your wakeup2smartphone time? Do you check email every day?