Language Selection

English French German Italian Portuguese Spanish

Security

More Oxide Security Issues Have Been Fixed in Ubuntu 15.04 and Ubuntu 14.04 LTS

Filed under
Security
Ubuntu

Canonical has released details about quite a few Oxide vulnerabilities that have been found and fixed in Ubuntu 15.04 and Ubuntu 14.04 LTS in a security notification.

Read more

Security Leftovers

Filed under
Security

Linux Foundation's CII Donates $50k+ To OpenBSD

Filed under
Linux
Security
BSD

The Linux Foundation's Core Infrastructure Initiative (CII) has made a donation in the range of $50~100k USD to the OpenBSD project.

Read more

Also: Lumina Desktop 0.8.6 Released for PC-BSD 10.2 and FreeBSD 10.2, Here's What's New

Security Leftovers

Filed under
Security
  • Hacktivists congratulate Daily Show's Jon Stewart via Donald Trump's website

    Canadian hacktivists Telecomix Canada have defaced Donald Trump's website. The message, entitled "Your Moment of Zen, Mr Stewart" is a shoutout to Jon Stewart of the Daily Show for his steady criticism of Donald Trump.

    The announcement was made by Telecomix Canada on pastebin and says that the reveal of the server penetration is in honour of the last week of Stewart's tenure helming the Daily Show on Comedy Central.

  • Macs can be remotely infected with firmware malware that remains after reformatting

    When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.

  • More malware turns up on Macs

    As we head into the middle of the week more news will be coming out surrounding the Black Hat hacker conference which takes places on the 5th and 6th this week. A talk that will be given by Trammell Hudson, Xeno Kovah and Cory Kallenberg is set to show a flaw in the firmware of Mac computers which can be remotely targeted.

  • The World's First Firmware Worm for Mac Is Here, and It Sounds Scary
  • 0-day bug in fully patched OS X comes under active exploit to hijack Macs

    Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple's OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said.

  • Hackers are exploiting an OS X flaw to install unwanted adware
  • Apple stock implosion shreds $113.4B

    Apple (AAPL) shares are down significantly for the second day Tuesday — bringing investors' paper losses to staggering levels and putting the stock further into correction territory.

  • From Car-Jacking To Car-Hacking: How Vehicles Became Targets For Cybercriminals

    The morning after Laura Capehorn parked her Saab 9-3 estate, all she could find of it was a car-shaped hole in the snow.

    The interior designer had left the vehicle outside her mother-in-law's house in Shepherd's Bush, London, one evening in January 2014. By the morning it was gone, presumed stolen.

    Police immediately asked to see the car's key, and weren't surprised to find out it was an electronic fob. They had seen an increase in tech-savvy criminals using a key-cloning system to gain entry to high-value vehicles. Once in, the thieves drive away within seconds.

  • WordPress 4.2.4 Security and Maintenance Release

    WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

  • Six Vulnerabilities Patched With Release of WordPress 4.2.4

    The developers of the WordPress content management system (CMS) today announced the release of version 4.2.4. This security release addresses six vulnerabilities and four bugs.

    According to the release notes, WordPress 4.2.4 patches three cross-site scripting (XSS) flaws and a SQL injection vulnerability that can be exploited to compromise websites. The latest version also protects users against a potential timing side-channel attack, and prevents attackers from locking posts from being edited.

    Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer, and Mohamed A. Baset have been credited for reporting these vulnerabilities.

    WordPress has noted that these fixes are also included in WordPress 4.3 RC2.

    Check Point has published a brief advisory for the SQL injection vulnerability (CVE-2015-2213) patched in the latest version of WordPress. According to the security firm, this is a critical flaw affecting WordPress 4.2.3 and prior.

Security Leftovers

Filed under
Security
  • DNS server attacks begin using BIND software flaw

    Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses.

    Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.

  • Researchers Create First Firmware Worm That Attacks Macs

    The common wisdom when it comes to PCs and Apple computers is that the latter are much more secure. Particularly when it comes to firmware, people have assumed that Apple systems are locked down in ways that PCs aren’t.

    It turns out this isn’t true. Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. What’s more, the researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

Open Source Players Show Dedication To Heightening Security Measures

Filed under
OSS
Security

The Wall Street Journal recently reported that the Core Infrastructure Initiative, a group formed last year after the Heartbleed bug targeted vulnerabilities in OpenSSL encryption software, has invested $500,000 in three new projects aimed at improving the security of open source code. Participants in the Core Infrastructure Initiative include large corporations such as Microsoft, Facebook, and Cisco Systems; it is managed by the nonprofit Linux Foundation. This collaboration demonstrates a desire from both the open source community and technology leaders to preserve free and open standards while continuing to make security a top priority.

Read more

Antivirus Live CD 13.1-0.98.7 Uses ClamAV 0.98.7 to Protect Your PC Against Viruses

Filed under
Linux
Security

Zbigniew Konojacki, the creator of the independent 4MLinux GNU/Linux distribution, announced recently that version 13.1-0.98.7 of his Antivirus Live CD project is now available for download, based on the 4MLinux 13.1 series.

Read more

Canonical Closes SQLite Vulnerabilities in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has published details in a security notice about a number of SQLite vulnerabilities that have been found and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS OSes.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • These Researchers Just Hacked an Air-Gapped Computer Using a Simple Cellphone

    The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute strict rules against bringing smartphones into the workspace, as these could easily be turned into unwitting listening devices.

  • Fake Address Round Trip Time: 13 days

    Regular readers will have noticed that I've been running a small scale experiment over the last few months, feeding one spammer byproduct back to them via a reasonably accessible web page. The hope was that I would learn a few things about spammer behavior in the process.

Security Leftovers

Filed under
Security
  • The cyber-mechanics who protect your car from hackers

    “Most manufacturers know there is a problem and they’re working on solutions, but no-one will go public with it,” explains Martin Hunt, who works in automotive penetration testing for UK telecommunications firm BT.

  • US to rethink hacker tool export rules after mass freakout in security land

    Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said.

    "A second iteration of this regulation will be promulgated," a spokesman for the US Department of Commerce told Reuters, "and you can infer from that that the first one will be withdrawn."

    The proposed restrictions are required by the Wassenaar Arrangement, a 41-nation pact that first came into effect in 1996 and which calls for limits on trade of "dual-use goods," meaning items that have both civilian and military applications.

    In 2013, the list of goods governed under the Arrangement was amended to include technologies used for testing, penetrating, and exploiting vulnerabilities in computer systems and networks.

  • Remote denial of service vulnerability exposes BIND servers

    BIND operators released new versions of the DNS protocol software overnight to patch a critical vulnerability which can be exploited for use in denial-of-service cyberattacks.

    Lead investigator Michael McNally from the Internet Systems Consortium (ISC) said in a security advisory the bug, CVE-2015-5477, is a critical issue which can allow hijackers to send malicious packets to knock out email systems, websites and other online services.

  • Botnet takedowns: are they worth it?

    The number of botnets has grown rapidly over the last decade. From Gameover Zeus leveraging encrypted peer-to-peer command and control servers, to Conflicker, infecting millions of computers across the world – botnets are continuing to infiltrate many internet-based services and causing mass disruption, and it's getting worse.

Syndicate content

More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

Leftovers: KDE

  • LUKS support in KDE Partition Manager
  • Kate 16.04 on Windows (64bit)
  • The future of KApiDox
    I’ve been working hard to enhance KApiDox. I’d like to come back on what it is for, what I did and what I see for its future.
  • Danbooru Client 0.6.0 released
    It offers a convenient, KF5 and Qt5-based GUI coupled with a QML image view to browse, view, and download images hosted in two of the most famous Danbooru boards (konachan.com and yande.re).
  • A KMail Breakthrough.
    This tells the story of how I finally managed a successful transfer of email data from KMail version 1.13.6 to version 4.11.5. It is a non-technical essay exploring the obstacles I encountered, my options, and the methods I used to achieve my aim. It was written partly to give the information, but also with the hope that readers will both enjoy and be amused by the story of the "battle of KMail" that was ultimately won against "incredible odds". Links to the earlier articles discussing problems with KMail 4x are given at the end.
  • [GSoC] Kdev-Embedded, Debugging and programming embedded systems
    The actual embedded system word depends on closed-source IDEs and libraries, with high monetary value and deprecated functionalities. Programmers that would like to use ARM based boards without paying for an IDE will have problems setting up such development ambient and synchronized toolkits. The main idea of this project is to provide a plugin integrated with KDevelop to help the debugging and programming process of embedded systems like AVR, ARM and x86 based boards.