Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Check Point Discovers Media Subtitle Vulnerability Impacting Millions
  • How does Rakos malware attack embedded Linux systems?

    Rakos attacks embedded Linux systems using methods similar to those used by the Moose worm, where it tries to brute force the login credentials via SSH on vulnerable devices. When a vulnerable device is found, the malware transfers the malicious binary to the target system and downloads the configuration file that lists the command-and-control (C&C) servers. The malicious binary starts a web server to accept commands from remote systems. The C&C connection can be used to update the malicious binary and the configuration file.

  • Congressional Rep Pushes His 'Hack Back' Bill By Claiming It Would Have Prevented The WannaCry Ransomware Attack
  • Best password management tool.
  • Top hacker conference to target voting machines

    When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated.

  • A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

    The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (Cool configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges, depending on the vulnerable platform.

  • Dated Linux bug might be key to lesser Wanna Cry

    Linux, the widely used free operating system, uses a module called Samba to share files in the same way Windows does. Older versions of Samba — 3.5 through 4.4 — are vulnerable to an attack that is similar to, but smaller than, the one behind Wanna Cry, the ransomware that caused a worldwide panic earlier this month.

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)

    On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

  • What's got a vast attack surface and runs on Linux? Windows Defender, of course

    Google Project Zero's Windows bug-hunter and fuzz-boffin Tavis Ormandy has given the world an insight into how he works so fast: he works on Linux, and with the release of a personal project on GitHub, others can too.

    Ormandy's project is to port Windows DLLs to Linux for his vuln tests (“So that's how he works so fast!” Penguinistas around the world are saying).

    Typically self-effacing, Ormandy made this simple announcement on Twitter (to a reception mixing admiration, humour, and horror):

  • Hacked in Translation – from Subtitles to Complete Takeover

    Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.

  • A Samba remote code execution vulnerability

    Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.

Security Leftovers: HackerOne, Let's Encrypt, and Shadow Brokers

Filed under
Security
  • Security updates for Tuesday
  • HackerOne experience with Weblate

    Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project.

    I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.

  • Who Are the Shadow Brokers?

    In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets. Since last summer, they’ve been dumping these secrets on the internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble. And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month.

    After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools.

  • Why Akamai Supports Let's Encrypt

    The Let's Encrypt project has re-shaped the market for SSL/TLS certificates, providing millions of free security certificate to organization around the world.

    Among the many backers of Let's Encrypt is content delivery network platform provider Akamai. In a video interview with eSecurityPlanet, Andy Ellis, Chief Security Officer at Akamai, explains why Let's Encrypt matters and his view on the effort's real value.

  • Security in Serverless: What Gets Better, What Gets Worse?
  • Open Source Security Podcast: Episode 48 - Machine Learning: Not actually magic

    Josh and Kurt have a guest! Mike Paquette from Elastic discusses the fundamentals and basics of Machine Learning. We also discuss how ML could have helped with WannaCry.

4 Great Linux Distros Designed for Privacy and Security

Filed under
GNU
Linux
Security

Conventional security measures like antivirus programs are behind the curve when it comes to modern hackers and malware. Unfortunately, antivirus software and firewalls give users a false sense of security. In reality, new threats are being developed and unleashed into the wild every single day, and even the best antivirus programs have to play catchup.

Recent ransomware attacks (aka. WannaCry) have targeted Windows-based PCs in over 150 countries – cyber security and privacy is incredibly important. Windows and macOS are easy to use and popular; however, they are much more susceptible to malicious code.

Linux is free and open source, which means there are hundreds of “flavors.” These individual distributions are tweaked to different specifications. Security-focused users will be pleased to know that there are a number of Linux distros designed with security and privacy in mind.

Read more

Security Leftovers: WannaCry, Windows in Linux, Windows 7, Windows 10 is Spyware

Filed under
Security

Security Leftovers: WCry/Ransomwar, WannaCry, Athena

Filed under
Security

Security Leftovers: All Versions of Windows Compromised, WannaCry Keeps Going

Filed under
Security
  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows [iophk: "thus the active smear campaign againse Assange within tech circles"]

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

  • How To Avoid Future WannaCry Style Ransomware Attacks

    Critical tasks are often trusted to Linux or similar operating systems (Unix, BSD, etc.) because of reliability and security. When efficiency is required, Linux is often tapped because it can be deployed in a very efficient manner. Linux acts internally like the prison, not the food court. The system itself is constantly monitored open source code, and most of what runs on it is openly monitored as well. Software is usually distributed via secure repositories. The system is free and easily updated, there is no such thing as a pirated copy of Linux. There is a regular schedule of updates, they come out every Sunday.

  • WannaCry is a Cry for VEP Reform

    This weekend, a vulnerability in some versions of the Windows operating system resulted in the biggest cybersecurity attack in years. The so-called “WannaCry” malware relied on at least one exploit included in the latest Shadow Brokers release. As we have repeated, attacks like this are a clarion call for reform to the government’s Vulnerabilities Equities Process (VEP).

  • Will Linux protect you from ransomware attacks?

    Ransomware attacks are all the rage these days among hackers, and many people are worried about becoming victims. Are Linux users secure against such attacks?

    This topic came up recently in a thread on the Linux subreddit, and the folks there had some interesting thoughts to share about Linux and ransomware attacks.

  • Linux Ransomware

    A few people have asked me over the past week whether or not Linux is susceptible to ransomware attacks. While the answer is fairly straight forward, let's go over a couple things here first.

  • Improving Internet Security through Vulnerability Disclosure

    We support the PATCH Act because it aims to codify and make the existing Vulnerabilities Equities Process more transparent. The Vulnerabilities Equities Process (VEP) is the U.S. government’s process for reviewing and coordinating the disclosure of new vulnerabilities learns about.

  • ​Gmail Docs phishing attack: Google targets devs with tighter web app ID checks

    Google is slowing down the process for publishing web applications to prevent a repeat of the phishing attack that abused users' trust in its sign-in system with a fake Google Docs app.

    Google has warned web app developers that new rules and an additional risk assessment may add "some friction" to the process of publishing apps.

Windows Security Cannot be Blamed on "XP"

Filed under
Microsoft
Security

GNU/Linux for Security

Filed under
GNU
Linux
Security
  • WannaCrypt makes an easy case for Linux

    Ransomware is on the rise. On a single day, WannaCrypt held hostage over 57,000 users worldwide, demanding anywhere between $300-$600 in Bitcoin. Don't pay up and you'll not be seeing your data again. Before I get into the thrust of this piece, if anything, let WannaCrypt be a siren call to everyone to backup your data. Period. End of story. With a solid data backup, should you fall prey to ransomware, you are just an OS reinstall and a data restore away from getting back to work.

  • Best way to avoid ransomware? Stop using Windows

    There are many Microsoft apologists, astro-turfers, and so-called journalists on the make who, at times like this, keep a low profile and furiously try to spread the message in Web forums that "computers users" are at risk.

    Alas, the harsh truth must at last be faced: if you do not use Windows, then the chances of a ransomware attack are close to zero.

  • No threat of WannaCry attack as GSTN operates on Linux: CEO

    GSTN, set up to provide IT infrastructure for GST rollout, will not be impacted by the WannaCry ransomware attack, as its systems do not run on Microsoft software, the network’s CEO Prakash Kumar said today.

    The Goods and Services Tax Network (GSTN) is gearing up to handle about 3 billion invoices every month under the new indirect tax regime and will complete the beta testing of its software tomorrow.

    “Our software is not based on Microsoft windows operating system and hence we are immune. We operate on Linux software which is not affected by the ransomware attack,” Kumar told PTI.

    More than 60 lakh excise, service tax and VAT assessees have enrolled on the GSTN portal between November 8, 2016 and April 30, 2017. Currently, there are 80 lakh such assessees.

  • Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry

    On Monday, researchers said the same weapons-grade attack kit was used in a much-earlier and possibly larger-scale hack that made infected computers part of a botnet that mined cryptocurrency.

Windows Intruded by CIA

Filed under
Microsoft
Security
  • Athena

    Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

    According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

  • Microsoft held back free patch that could have slowed WannaCry
Syndicate content

More in Tux Machines

Linux 4.14 File-System Benchmarks: Btrfs, EXT4, F2FS, XFS

Our latest Linux file-system benchmarking is looking at the performance of the mainline Btrfs, EXT4, F2FS, and XFS file-systems on the Linux 4.14 kernel compared to 4.13 and 4.12. In looking to see how the file-system/disk performance has changed if at all under the newly released Linux 4.14 kernel, I carried out some 4.12/4.13/4.14 benchmarks using Btrfs/EXT4/F2FS/XFS while freshly formatting the drive each time and using the default mount options. Read more

BlackArch Linux Ethical Hacking and Penetration Testing OS Drops 32-Bit Support

The announcement was published this morning on their website and Twitter account, as it looks like the BlackArch developers plan to remove the 32-bit ISO images and respective repositories soon, urging all those running BlackArch on 32-bit PCs to upgrade to the 64-bit version of the operating system as soon as possible. "Following 9 months of deprecation period, support for the i686 architecture effectively ends today. By the end of November, i686 packages will be removed from our mirrors and later from the packages archive," said the devs. "We wish to thank all of BlackArch's users, mirrors, and supporters. Thanks for your help." Read more Also: BlackArch Linux Distro For Ethical Hacking Drops 32-bit Support

Raspberry Pi Digital Signage OS Updated to Debian Stretch, Chromium 62 Browser

Raspberry Digital Signage 10.0 is the latest release of the operating system designed for deployment on digital signage infrastructures, backed by the tiny Raspberry Pi computer. It comes six months after the release of version 9.0 with a complete rebase on the latest Debian GNU/Linux 9 "Stretch" operating system series. Marco Buratto announces the release of Raspberry Digital Signage 10.0 today, saying that it's utilizing the latest and greatest Chromium 62 open-source web browser, which features improved HTML5 video playback capabilities, better Adobe Flash support, as well as overall H264/AVC video playback performance improvements. Read more

Open Linux – Beyond distributions, regressions and rivalry

I love Linux. Which is why, whenever there’s a new distro release and it’s less than optimal (read, horrible), a unicorn dies somewhere. And since unicorns are pretty much mythical, it tells you how bad the situation is. On a more serious note, I’ve started my autumn crop of distro testing, and the results are rather discouraging. Worse than just bad results, we get inconsistent results. This is possibly even worse than having a product that works badly. The wild emotional seesaw of love-hate, hope-despair plays havoc with users and their loyalty. Looking back to similar tests in previous years, it’s as if nothing has changed. We’re spinning. Literally. Distro releases happen in a sort of intellectual vacuum, isolated from one another, with little to no cross-cooperation or cohesion. This got me thinking. Are there any mechanisms that could help strengthen partnership among different distro teams, so that our desktops looks and behave with more quality and consistency? Read more