Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • Friday's security advisories
  • The State of Linux Security

    In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet.

    The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what happened this year regarding Linux security.

BlackArch Linux

Filed under
GNU
Linux
Security
  • BlackArch Linux now has over 1,600 hacking tools

    To extensively support ethical hackers and white-hat cybersecurity experts, BlackArch Linux has released a new update with over 1,600 hacking tools. The latest version also comes with newer Linux kernel and includes enormous improvements and performance fixes.

    Emerged as BlackArch 2016.12.20, the update brings more than 100 new tools to support security professionals. These new tools have expanded the previous list to a total of 1,605 tools. Additionally, the distribution comes with Linux kernel 4.8.13 to deliver an improved and more stable experience than its previous release.

  • BlackArch Linux 2016.12.20 Ethical Hacking Distro Released With 100+ New Tools

Security News

Filed under
Security
  • Thursday's security updates
  • Lithuania said found Russian spyware on its government computers

    The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years.

    The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.

    "The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA," Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said.

  • Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

    Swapnil Bhartiya gets it wrong.

    Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

    The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

Security Leftovers

Filed under
Security
  • Most ATMs in India Are Easy Targets for Hackers & Malware Attacks

    Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.

    Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.

    While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.

  • 20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud

    A template for working collaboratively with the business in today's rapidly changing technology environment.

    Everywhere I go lately, the cloud seems to be on the agenda as a topic of conversation. Not surprisingly, along with all the focus, attention, and money the cloud is receiving, comes the hype and noise we’ve come to expect in just about every security market these days. Given this, along with how new the cloud is to most of us in the security world, how can security professionals make sense of the situation? I would argue that that depends largely on what type of situation we’re referring to, exactly. And therein lies the twist.

    Rather than approach this piece as “20 questions security professionals should ask cloud providers,” I’d like to take a slightly different angle. It’s a perspective I think will be more useful to security professionals grappling with issues and challenges introduced by the cloud on a daily basis. For a variety of reasons, organizations are moving both infrastructure and applications to the cloud at a rapid rate - far more rapidly than anyone would have forecast even two or three years ago.

  • Report: $3-5M in Ad Fraud Daily from ‘Methbot’

    New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

    Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

  • Linux Backdoor Gives Hackers Full Control Over Vulnerable Devices [Ed: Microsoft booster Bogdan Popa says "Linux Backdoor"; that's a lie. It’s Microsoft that has them.]

IPFire 2.19 - Core Update 108 released

Filed under
GNU
Linux
Security

Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 – Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy.

Read more

Security Leftovers

Filed under
Security

5 Open Source Network Security Tools SMBs Should Consider

Filed under
OSS
Security

You might think that because your business is small you aren't an attractive target for hackers.

But you would be wrong.

According to the National Cyber Security Alliance (NCSA), 82 percent of small business owners believe that they are not a target for cyberattacks, but 43 percent of last year's cyberattacks targeted SMBs. And a single attack can cost SMBs up to $99,000.

Cyberattacks of all kinds are on the rise with data breaches increasing 15 percent over the past year, NCSA says. And ransomware, attacks that freeze up organizations' systems until they pay a ransom, has become particularly prevalent; in just the first three months of 2016, U.S. ransomware victims paid out $209 million to attackers, compared to $25 million for all of 2015.

Read more

IRC News, Freenode Update

Filed under
OSS
Security
Web

Security News

Filed under
Security
  • OpenSSL After Heartbleed by Rich Salz & Tim Hudson, OpenSSL

    In this video from LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team take a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

  • OpenSSL after Heartbleed
  • Container Security: Your Questions Answered

    To help you better understand containers, container security, and the role they can play in your enterprise, The Linux Foundation recently produced a free webinar hosted by John Kinsella, Founder and CTO of Layered Insight. Kinsella covered several topics, including container orchestration, the security advantages and disadvantages of containers and microservices, and some common security concerns, such as image and host security, vulnerability management, and container isolation.

  • Google scales tiny mountain to hunt down crypto bugs

    Google's Project Wycheproof is a new effort by Google to improve the security of widely used cryptography code.

    Many of the algorithms used in cryptography for encryption, decryption, and authentication are complicated, especially when asymmetric, public key cryptography is being used. Over the years, these complexities have resulted in a wide range of bugs in real crypto libraries and the software that uses them.

  • Mysterious Rakos Botnet Rises in the Shadows by Targeting Linux Servers, IoT Devices

    Somebody is building a botnet by infecting Linux servers and Linux-based IoT devices with a new malware strain named Rakos.

Where Does Ubuntu Fit Into the Internet of Things?

Filed under
Security
Ubuntu

Ubuntu Linux started off as a desktop focused Linux distribution, but has expanded to multiple areas of the years. Ubuntu Linux is today a leading Linux server and cloud vendor and has aspirations to move into the embedded world, known today as the Internet of Things (IoT).

In a video interview, Mark Shuttleworth, founder of Ubuntu and Canonical Inc., details some of the progress his firm has made in 2016 in the IoT world.

Ubuntu has made past announcements about phone and TV efforts. While multiple Ubuntu phones exist, the standalone Ubuntu TV effort has evolved somewhat. Shuttleworth explained that Ubuntu Core, which is an optimized distribution of Ubuntu for embedded systems, is making some headway with TVs.

Read more

Syndicate content

More in Tux Machines

More Games

Red Hat News

Goodbye Solaris

  • Guilty SPARC: Oracle euthanizes Solaris 12, expunging it from roadmap
    Rumors have been circulating since late last year that Oracle was planning to kill development of the Solaris operating system, with major layoffs coming to the operating system's development team. Others speculated that future versions of the Unix platform Oracle acquired with Sun Microsystems would be designed for the cloud and built for the Intel platform only and that the SPARC processor line would meet its demise. The good news, based on a recently released Oracle roadmap for the SPARC platform, is that both Solaris and SPARC appear to have a future. The bad news is that the next major version of Solaris—Solaris 12— has apparently been canceled, as it has disappeared from the roadmap. Instead, it's been replaced with "Solaris 11.next"—and that version is apparently the only update planned for the operating system through 2021.
  • Oracle Finally Confirms It's Canning Solaris 12
    At the beginning of December there were rumors of Oracle canning Solaris and now that's finally been confirmed by Oracle more or less as they will not be delivering Solaris 12. According to Ars, they got confirmation from Oracle that they will not be going ahead with Solaris 12 as planned. Solaris 12 has been canceled and wiped off their roadmap. Oracle is said to be working on a "Solaris.next", but no details yet. This "Solaris.next" is also reportedly the only planned Solaris update through 2021.

Microsoft 'Loves' Linux Again