Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • 'BillGates': Linux botnet is launching DDoS attacks on online gaming services

    IRONY ALERT: Bill Gates-themed software wants to get on as many computers as possible and not budge.

    Not Windows, of course, but a botnet called BillGates. The malware has been around since 2014 but now seems to be leaping forwards (not over a chair) and making a nuisance of itself, according to Akamai.

  • Mumblehard spam-spewing botnet floored

    Security researchers have teamed up with authorities in Ukraine to take down a spam-spewing Linux-infesting botnet.

    Security firm ESET teamed up with CyS-CERT and the Cyber Police of Ukraine to take down the Mumblehard botnet.

  • Authorities Shut Down Botnet of 4,000 Linux Servers Used to Send Spam

    The six-year-old Mumblehard botnet is no more, ESET reports, explaining that a joint effort with CyS Centrum LLC and the Cyber Police of Ukraine has finally allowed them to sinkhole the botnet's main C&C (command and control server).

  • Mumblehard Linux Spamming Botnet Finally Taken Offline

    Thousands of servers running Linux and BSD had been affected by one of world’s most damaging botnets

  • Academics claim Google Android two-factor authentication is breakable

    Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication (2FA).

  • Google adds Cloud Test Lab integration to new Android Studio 2.0

    Google has updated its key Android development tool, Android Studio, to version 2.0 and added cloud test integration, a GPU debugger, and faster emulation and resource allocation.

    Mountain view touts the instant run feature as just about the most important new feature in the upgrade, as it analyses Android app code as it runs and determines ways it can be deployed faster, without requiring app re-installation.

  • Heartbleed Remains a Risk 2 Years After It Was Reported

    A vulnerability publicly disclosed in the open-source OpenSSL project two years ago continues to have an impact today.
    On April 7, 2014, CVE-2014-0160, better known as Heartbleed, was publicly disclosed by the OpenSSL project, affecting millions of users and devices around the world. Today, two years to the day it was first reported, the vulnerability remains a risk, and the trend of branded vulnerabilities it created continues to have an impact.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Linux botnet attacks increase in scale

    Hackers are using malware which targets Linux to build botnets to launch distributed denial of service (DDoS attacks) security researchers have warned.

    The so-called BillGates Trojan botnet family of malware - apparently so named by the virus writers because it targets machines running Linux, not Windows - has been labelled with a "high" risk factor in a threat advisory issued by Akamai's Security Intelligence Research Team.

  • Mumblehard takedown ends army of Linux servers from spamming

    One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016.

    ESET is operating a sinkhole server for all known Mumblehard components. We are sharing the sinkhole data with CERT-Bund, which is taking care of notifying the affected parties around the world through their national CERTs.

  • Ubuntu patches Linux kernel security bugs
  • Linux Kernel Security Bugs Patched

    Ubuntu users can install the update via the Unity Dash. To update, search the Unity Dash for the Software Updater utility and allow the program to reload the software repositories and search for new drivers. Once the Software Updater has found the updates, simply click on the "Install All" button to install them on your machine. Since this is a kernel update, you will need to reboot your device after the update. Canonical notes that the kernel updates have been given a new version number, which may require some users to recompile and reinstall all third party kernel modules.

  • Google reveals its shift to an open security architecture

    Google has revealed how it completely changed its security architecture, shifting from a traditional infrastructure to a more open model in which all network traffic is treated with suspicion.

    The project, called BeyondCorp, shifted the company from a perimeter security model to one where access to services and tools are not gated according to a user's physical location or their originating network, but instead deploys access policies based on information about a device, its state and associated user.

Security Leftovers

Filed under
Security

IoT and Linux

Filed under
Linux
Security
  • Linux’s Torvalds surprised by IoT uptake

    Linux founder Linus Torvalds is starting to appreciate the use of his operating system as a backbone for embedded systems, especially in the world of Internet of Things (IoT), speaking at the Embedded Linux Conference & OpenIoT Summit for the first time this week.

  • Linus Torvalds isn't worried about IoT security

    Devices like smart heaters, smart bulbs and smart refrigerators have direct access to unlimited power supply; they have direct access to the internet. And things can go really bad.

    And with IDC predicting that the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020, security is becoming a very serious topic.

  • Samsung's SmartThings

    If you pick up a Samsung Smart TV this year, you'll be certain to find "Linux Inside" in many ways. Samsung continues to build on its Tizen-powered Smart TV UI, which this year it will enhance with integrated SmartThings IoT hub technology, enabling the TV as the control center for a smart home. Samsung's SUHD TVs for 2016 will enable users to connect with, control and monitor hundreds of other compatible devices including lights, locks, thermostats, cameras, speakers, appliances, sensors and the like.

Canonical Patches Six New Linux Kernel Vulnerabilities in Ubuntu 15.10 and 14.04

Filed under
Security
Ubuntu

Today, April 6, Canonical has announced the availability of new kernel versions for its Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.10 for Raspberry Pi 2, and Ubuntu 14.04 LTS (Trusty Tahr) operating systems.

Read more

Security Leftovers

Filed under
Security
  • Shodan2Sheets

    After spending last night working on a Reverse DNS Function for Google Sheets I couldnt leave well enough alone and wrote Shodan2Sheets tonight using the shodan.io api.

  • Security is a process, not a reaction

    If this sounds familiar, you are probably running a web application of some kind. Maybe your whole business depends on it. Maybe you didn't hear about the latest world-on-fire vulnerability. Panic.

    How do you keep up with security issues when everything is happening so fast? Which parts of your technical stack are the most at risk? Is the customer data safe? Do you really need to care?

  • Three-year-old IBM patch for critical Java flaw is broken

    Attackers can easily bypass the patch to exploit a vulnerability that allows them to escape from the Java security sandbox

  • FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

    The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

    The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.

  • Sources: Trump Hotels Breached Again

    Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.

Security Leftovers

Filed under
Security

Matriux Linux Operating System For Hackers — An Alternative To Kali Linux

Filed under
GNU
Linux
Security

Matriux is an open source Linux-based operating system that’s designed in accordance with the needs of security researchers and professionals. The OS comes with more than 300 hacking tools that include the likes of Wireshark, Aircrack-ng, Nmap, Vidalia, TrueCrypt and more. Matriux hacking OS features a traditional desktop environment that’s powered by GNOME Classic

Read more

Syndicate content

More in Tux Machines

FreeBSD 11.0 Final Release ISO Images Available For Download

The Final Release of FreeBSD 11.0 is scheduled for Wednesday, September 28, 2016. However, the release builds have started to appear on FreeBSD’s FTP mirrors and you can download the final ISO right now. Read more

Android Leftovers

A short critique of Stallmanism

I like Stallman and tend to agree with him often: regarding software, or other politics. This article tries to constructively criticize some parts of the free software movement's ideology, which I collectively refer to as "Stallmanism" (only as pun). It is not an attempt at a personal attack on Stallman, and by reading further you will probably see my politics are very far from that: I coined the term Stallmanism simply because he is at the center of the movement and himself a primary source of the ideas I am critiquing. Read more

Google may unveil merged Android and Chrome OS, dubbed Andromeda, at event

If you thought Google’s October 4 event — where the firm is rumored to launch two smartphones, Google Home, Daydream VR, Chromecast Ultra, and Wi-Fi Routers — wasn’t packed enough, think again. It has been a long time coming, but Google may finally offer a peak at Andromeda, an operating system that sees the merger of Android and Chrome OS. Andromeda is the code name for the long-rumored merger, and Android Police says it have been sitting on a rumor that Google may demo the OS in October. What made the company share it now? A tweet from Hiroshi Lockheimer, senior vice president of Android, Chrome OS, and Google Play at Google. Read more