Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers: Let's Encrypt, GM, Silverlight 0-day

Filed under
Security
  • Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

    It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers.

    The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS using a Let's Encrypt-issued cert. The site used the Angler Exploit Kit to infect their machines with the software nasty, which is designed to raid their online bank accounts.

  • GM Asks Friendly Hackers to Report Its Cars’ Security Flaws

    As automotive cybersecurity has become an increasingly heated concern, security researchers and auto giants have been locked in an uneasy standoff. Now one Detroit mega-carmaker has taken a first baby step toward cooperating with friendly car hackers, asking for their help in identifying and fixing its vehicles’ security bugs.

  • The Mysterious Case of CVE-2016-0034: the hunt for a Microsoft Silverlight 0-day [Ed: back door?]

    Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company.

    For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the breach. Previously, “Phineas Fisher” did a similar attack against Gamma International, another company in the spyware/surveillance business.

Canonical Patches Critical OpenSSH Vulnerabilities in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

The Ubuntu developers working for Canonical to patch the latest security flaws in various core components and applications of all supported Ubuntu Linux operating systems published today, January 14, 2016, a new security notice informing users about the availability of an update for the OpenSSH software.

Read more

SSH Hole and Other Security News

Filed under
Security

Pretty Nasty DHCP Vulnerabilty Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has published details about a DHCP vulnerability that has been found and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04.

Read more

Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

Filed under
OSS
Security

A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently.

Read more

Tails Call for testing: 2.0~rc1

Filed under
GNU
Linux
Security
Debian

You can help Tails! The first release candidate for the upcoming version 2.0 is out. We are very excited and cannot wait to hear what you think about it Smile

Read more

Security Leftovers

Filed under
Security

Drupal Hardens Its Security in Response to Criticism

Filed under
OSS
Drupal
Security

The open-source Drupal content-management system (CMS) is talking steps to help protect against multiple potential risks that have been publicly revealed. On Jan. 6, security research vendor IOactive first disclosed the issues, which are focused on the Drupal update process. The Drupal project's security team is aware of the concerns and is fixing all the issues, though it is also downplaying the overall risk.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Gmail and a Can of Spam

    I am still trying to figure out the events that led to this intrusion. I’ve read almost everything there is to read on Google’s Gmail pages, without finding much. Google seems adamant about not giving-out one-on-one help, but maybe I just didn’t look long enough. On my own, I’ve evoked two step verification on my main email addresses, so that’s settled. But still…I’d like to figure out when and how this breach took place. What magic sequence of events happened to allow this?

    Did I mention I’m a security idiot? Yeah…I thought I did.

    It feels strange to again delve into antivirus and malware protection. I’ve been a smug, self-assured dummy when it comes to online threats and Linux in general. And while what happened can’t really be blamed on Linux per se, it happened in a Linux neighborhood, so I am going to arm myself against any and all malware comers

    Although I’m not above paying for good software, trying to discern what software is good and which is shiny junk can be a daunting challenge, especially in the Linuxsphere. In the tests I’ve studied over the past four days, ClamAV seems to be an online favorite, but they lack the one thing I am going to need on our Reglue kid’s computers: a friendly, useful graphical interface. I’m not going to tell an 11-year-old to drop to the command line to do anything, even if they do need to learn that the blinking prompt can make magic things happen. In time, I will teach them, but for now…. ClamAV failed the initial tests.

  • 602 Gbps! This May Have Been the Largest DDoS Attack in History

    Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

    Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC's websites and Republican presidential candidate Donald Trump's main campaign website over this past holiday weekend.

  • How to Set up a Successful Bug Bounty Program [VIDEO]

    A bug bounty program is among the most impactful additions to a software security process. With a bug bounty program, security researchers submit reports on potential vulnerabilities, typically with the promise of a reward or "bounty" for their efforts.

Syndicate content

More in Tux Machines

RPi 3 add-on loads up on sensors, wireless radios

Matrix Labs’s FPGA-driven “Matrix Creator” IoT daughter board for the Raspberry Pi 3 is loaded with sensors, 802.15.4 radios, and a mic array. The disc-shaped Matrix Creator add-on for the Raspberry Pi is based on AdMobilize’s successfully Kickstartered Matrix home automation and surveillance hub. AdMobilize spun off Matrix Labs, which has now built this cheaper, board-level version of the product. Read more

Canonical Releases Snapcraft 2.12 Snaps Creator with New Parts Ecosystem, More

Today, June 29, 2016, Canonical has had the great pleasure of announcing the release of the highly anticipated Snapcraft 2.12 Snappy creator tool for the Ubuntu Linux operating system. Read more

AMDGPU-PRO Driver 16.30 Officially Released with Support for Ubuntu 16.04 LTS

Today, June 29, 2016, AMD released the final version of the AMDGPU-Pro 16.30 graphics driver for GNU/Linux operating systems, bringing support for new technologies like the Vulkan API. Read more

Red Hat News