Language Selection

English French German Italian Portuguese Spanish

Security

Canonical Outs Important Kernel Update for All Supported Ubuntu Linux Releases

Filed under
Security
Ubuntu

After patching a recently discovered systemd vulnerability in Ubuntu 17.04 and Ubuntu 16.10, Canonical today released a new major kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 17.04, Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS (HWE), patching up to fifteen security flaws.

Read more

Security: OutlawCountry, WatchGuard FUD, SambaCry FUD, Overhyped Systemd Bug

Filed under
Security
  • OutlawCountry

    Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

    The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

  • WatchGuard survey indicates Linux, Web servers becoming hot targets for cyber attacks [Ed: Watchguard is a Microsoft buddy from Seattle. Its own site says it "recently became an official member of the Microsoft Partner Network”. Watch out for press releases and 'journalists' who copy-paste their PR (we saw several). Anti-Linux FUD.]
  • The SambaCry scare gives Linux users a taste of WannaCry-Petya problems [Ed: only for those who mimic/simulate Windows]
  • ​Linux's systemd vulnerable to DNS server attack
  • Systemd Bug Lets Attackers Hack Linux Boxes via Malicious DNS Packets

Security: GNU/Linux Updates, Reproducible Builds, Kaspersky, and "Choosing Windows for your organization should get you fired"

Filed under
Security
  • Security updates for Wednesday
  • Security updates for Tuesday
  • Reproducible Builds: week 113 in Stretch cycle
  • Multiple vulnerabilities found in Kaspersky Lab's Anti-Virus for Linux File Server [Newsflash: PROPRIETARY software for security is itself a security menace]

    People expect their anti-virus to protect them from malware and exploits but sometimes, even these products have their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, researchers at network security firm Core Security, have found a number of possible exploits in the Web Management Console for Kaspersky's Anti-virus for Linux File Servers.

  • Pentagon draft budget bans Kaspersky Lab products

    The draft budget said, in an amendment proposed by Senator Jeanne Shaheen, a Democrat from New Hampshire, that it "prohibits the DOD from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence."

  • Choosing Windows for your organization should get you fired

    I know. That’s harsh.

    But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job.

    For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows.

    Wannacry managed to infect hundreds of thousands of highly vulnerable Windows installations around the globe. It was a huge problem for many major institutions that fill their organizations with the operating system from Redmond, Washington.

    But did you learn your lesson? No.

    Then another bit of ransomware comes along, called NotPetya, and manages to take out critical systems at freaking Chernobyl. Also airports and banks. Oh, and hospitals. Can’t forget about the hospitals.

  • Met Police still running using Windows XP on 18,000 PCs

    Indeed, it would appear that the pace of change is slowing, with Metropolitan Police using Windows XP on 35,000 PCs in April 2015, 27,000 in August 2016, and 19,000 in December last year, according to Freedom of Information (FOI) Act requests.

  • Ransomware attack 'not designed to make money', researchers claim
  • Pnyetya: Yet Another Ransomware Outbreak

    The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.”

  • The Petya ransomware is starting to look like a cyberattack in disguise
  • ‘Petya’ Ransomware Outbreak Goes Global

    Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker {sic} group calling itself the Shadow Brokers.

  • Latest Ransomware Hackers Didn't Make WannaCry's Mistakes

    And while it owes its rapid spread in part to EternalBlue, the same stolen NSA exploit WannaCry leveraged, it lacks several of the traits that made WannaCry—which turned out to be an unfinished North Korean project gone awry—easier to stop.

  • A new ransomware outbreak similar to WCry is shutting down computers worldwide [Ed: Windows and NSA back doors]

    News organizations reported potentially serious disruptions around the world, with organizations throughout Ukraine being hit particularly hard. In that country, infections reportedly hit metro networks, power utility companies, government ministry sites, airports, banks, media outlets, and state-owned companies. Those affected included radiation monitors at the Chernobyl nuclear facility. A photograph published by Reuters showed an ATM at a branch of Ukraine's state-owned Oschadbank bank that was inoperable. A message displayed on the screen demanded a payment to unlock it. Meanwhile, Reuters also reported that Ukrainian state power distributor Ukrenergo said its IT systems were also hit by a cyber attack but that the disruption had no impact on power supplies or broader operations. Others hit, according to Bloomberg, included Ukrainian delivery network Nova Poshta, which halted service to clients after its network was infected. Bloomberg also said Ukraine's Central Bank warned on its website that several banks had been targeted by hackers.

  • AlertSec Aims to Make Encryption Security More Accessible

    Ebba Blitz isn't a typical technology industry CEO and the company she leads isn't a typical security vendor either. Blitz joined AlertSec after a career in journalism in Sweden where she honed her craft of making complex subjects more understandable which is what she's now doing in a different capability with security at AlertSec

    "We help small and medium sized companies get the same level of security that larger enterprises normally have, in terms of full-disk encryption and we manage it for them," Blitz said.

  • Don't panic, but Linux's Systemd can be pwned via an evil DNS query
  • Global ransomware attack causes turmoil

    The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

  • Episode 53 - A plane isn't like a car

    Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches.

  • WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick

    If you're using a Windows laptop or PC you could add another group to the list: the CIA.

  • WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices

    The whistleblowing platform released what appears to be the CIA's user manual for the ELSA project as evidence.
    WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.

  • Ohio Gov. Kasich’s website, dozens of others defaced using year-old exploit

    DNN Platform is a popular content management system (particularly with state and local governments) based on Windows Server and the ASP.NET framework for Microsoft Internet Information Server. DNN Platform is open source and available for free—making it attractive to government agencies looking for something low cost that fits into their existing Windows Server-heavy organizations. A review of the HTML source of each of the sites attacked by Team System DZ showed that they were running a vulnerable version of the content management system DNN Platform—version 7.0, which was released in 2015.

  • Linux malware gaining favor among cybercriminals [Ed: Doug Olenick, Online Editor, rewrote a press release of a company that needs to badmouth GNU/Linux (for SALES)]

Security: Windows Ransomware, Windows in Warships, Zero Trust Security Model, CVE-2017-9445 and More

Filed under
Security
  • Petya: The poison behind the latest ransomware attack

    First things first. If you're running Windows. Patch your systems! The latest variant of Petya, GoldenEye, can attack if, and only if, one of your Windows PCs still hasn't been patched with Microsoft's March MS17-010. Microsoft thought patching this bug was important enough that it even patched it on its unsupported Windows XP operating system.

  • HMS Windows XP: Britain's newest warship running Swiss Cheese OS

    The Royal Navy’s brand new £3.5bn aircraft carrier HMS Queen Elizabeth is currently* running Windows XP in her flying control room, according to reports.

    Defence correspondents from The Times and The Guardian, when being given a tour of the carrier’s aft island – the rear of the two towers protruding above the ship’s main deck – spotted Windows XP apparently in the process of booting up on one of the screens in the flying control room, or Flyco.

  • 4 easy ways to work toward a zero trust security model

    There has been a lot of talk about zero trust networks lately, but little consensus about what they actually are. Similar to DevOps or software defined networking, that zero trust means something a little different to everyone is becoming clear. That said, there is one thing we can all agree on: The network cannot be trusted.

    At its core, zero trust is a security model. Any system operating in a way that completely removes trust from the underlying network is said to be conformant to the model. As you might imagine, there are many ways to accomplish this goal, some more robust than others. All zero trust implementations, however, rely on extensive authentication and authorization processes that can be sprinkled liberally throughout the infrastructure.

    There are few commercial options available in the zero trust space, and even then the options are far from comprehensive. Most present vendor lock-in challenges, and none provide a full end-to-end implementation, which would require complexities such as secure introduction and workload authenticity. That said, building toward a zero trust network is a capability most organizations possess, and doing so will help ensure that they are well-positioned to weather the architectural shakeup that will no doubt occur in the coming years.

  • CVE-2017-9445: systemd Hit By New Security Vulnerability

    CVE-2017-9445 is regarding a vulnerability opened by systemd that could allow malicious actors to crash the program or run programs via a specially crafted DNS response.

  • AMD's SME/SEV Security Support For EPYC Not Yet Ready On Linux
  • Old role, new name: ansible-hardening
  • Big Data Security

Wikileaks CIA Leak on "geo-location malware for WiFi-enabled ... Microsoft Windows"

Filed under
Microsoft
Security
  • Elsa

    Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Microsoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.

    The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device.

Security: Microsoft Windows Armageddon and Other News

Filed under
Security

Security: Another Massive, Worldwide Ransom Attack on Microsoft Windows, Security News About GNU/Linux

Filed under
Security
  • NSA-linked tools help power second global ransomware outbreak [Ed: And neglecting to mention it targets Microsoft Windows. Why?]
  • Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid

    On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted.

  • Digital signatures in package management

    Serious distributions try to protect their repositories cryptographically against tampering and transmission errors. Arch Linux, Debian, Fedora, openSUSE, and Ubuntu all take different, complex, but conceptually similar approaches.

    Many distributions develop, test, build, and distribute their software via a heterogeneous zoo of servers, mirrors, and workstations that make central management and protection of the end product almost impossible. In terms of personnel, distributions also depend on the collaboration of a severely limited number of international helpers. This technical and human diversity creates a massive door for external and internal attackers who seek to infect popular distribution packages with malware. During updates, then, hundreds of thousands of Linux machines download and install poisoned software with root privileges. The damage could hardly be greater.

    The danger is less abstract than some might think. Repeatedly in the past, projects have had to take down one or more servers after hacker attacks. The motivation of (at least) all the major distributions to protect themselves from planted packages is correspondingly large and boils down to two actions: one simple and one cryptographic.

  • This Windows Defender bug was so gaping its PoC exploit had to be encrypted

    Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.

  • [Older] Reproducible Builds: week 110 in Stretch cycle
  • [Older] Free Market Security

    I think there are many of us in security who keep waiting for demand to appear for more security. We keep watching and waiting, any day now everyone will see why this matters! It's not going to happen though. We do need security more and more each day. The way everything is heading, things aren't looking great. I'd like to think we won't have to wait for the security equivalent of a river catching on fire, but I'm pretty sure that's what it will take.

  • Linux Systems in the Hackers' Cross Hairs [Ed: This is a rewrite of a press release below. Phil Muncaster could certainly have done better than this.]
  • New Research Shows Cybersecurity Battleground Shifting to Linux and Web Servers

    "This new Firebox Feed data allows us to feel the pulse of the latest network attacks and malware trends in order to identify patterns that influence the constantly evolving threat landscape," said Corey Nachreiner, chief technology officer at WatchGuard Technologies. "The Q1 report findings continue to reinforce the importance and effectiveness of basic security policies, layered defenses and advanced malware prevention. We urge readers to examine the report's key takeways and best practices, and bring them to the forefront of information security efforts within their organizations."

Security: British Dependence on Microsoft and Ransom

Filed under
Security
  • Cyberattack on UK parliament exploited weak email passwords
  • UK energy industry cyber-attack fears are 'off the scale'

     

    One obvious target is the smart meters that are being installed in every home by the end of 2020, to automate meter readings. The Capita-run body set up to handle the data, the DCC, is being treated as critical national infrastructure and the company’s chief technology officer insists the data is safe.

  • HMS Queen Elizabeth is 'running outdated Windows XP', raising cyber attack fears [Ed:  All versions of Windows are not secure. By design! iophk: "nearly all of the Wannacry victims were Vista 7 users, this article is pure disinformation"]

    Fears have been raised that Britain’s largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP.

    As HMS Queen Elizabeth left its dockyard for the first time to begin sea trials, it was revealed the £3.5billion aircraft carrier is apparently using the same software that left the NHS exposed.

  • Paying only encourages criminals, ransomware victims told

     

    Security company Kaspersky Lab has urged victims of ransomware not to pay when they are caught with their files encrypted by an attack. In a report on the ransomware scourge, the company said paying up would make one a bigger target the next time around.  

Huawei Continues Working On Protectable Memory Support For The Linux Kernel

Filed under
Linux
Security

Igor Stoppa of Huawei continues working on a new kernel feature to provide read-only protection for dynamic data.

Read more

Security: Security Updates, Qualys, NIST, Internet of Things, Microsoft's Broken Updates and Honeypots

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (kernel, linux-zen, and tcpreplay), Debian (drupal7, exim4, expat, imagemagick, and smb4k), Fedora (chromium, firefox, glibc, kernel, openvpn, and wireshark), Mageia (mercurial and roundcubemail), openSUSE (kernel, libmicrohttpd, libqt5-qtbase, libqt5-qtdeclarative, openvpn, and python-tablib), Scientific Linux (sudo), and SUSE (firefox).

  • Qualys discovers new vulnerability 'Stack Clash' in Linux
  • Dealing with NIST's about-face on password complexity

    In the last few years, we've been seeing some significant changes in the suggestions that security experts are making for password security. While previous guidance increasingly pushed complexity in terms of password length, the mix of characters used, controls over password reuse, and forced periodic changes, specialists have been questioning whether making passwords complex wasn't actually working against security concerns rather than promoting them.

  • Some beers, anger at former employer, and root access add up to a year in prison

    The Internet of Things' "security through obscurity" has been proven once again to not be terribly secure thanks to an angry and possibly inebriated ex-employee. Adam Flanagan, a former radio frequency engineer for a company that manufactures remote meter reading equipment for utilities, was convicted on June 15 in Philadelphia after pleading guilty to two counts of "unauthorized access to a protected computer and thereby recklessly causing damage." Flanagan admitted that after being fired by his employer, he used information about systems he had worked on to disable meter reading equipment at several water utilities. In at least one case, Flanagan also changed the default password to an obscenity.

  • Microsoft recommends you ignore Microsoft-recommended update
  • Honeypots and the Internet of Things

    There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or ‘smart’ devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been launched with the help of a massive botnet made up of routers, IP cameras, printers and other devices.

Syndicate content

More in Tux Machines

Linux Gaming For Older/Lower-End Graphics Cards In 2018

A request came in this week to look at how low-end and older graphics cards are performing with current generation Linux games on OpenGL and Vulkan. With ten older/lower-end NVIDIA GeForce and AMD Radeon graphics cards, here is a look at their performance with a variety of native Linux games atop Ubuntu using the latest Radeon and NVIDIA drivers. Read more Also: Wine 3.0 open-source compatibility layer now available

Red Hat Patch Warning

  • We Didn't Pull CPU Microcode Update to Pass the Buck
  • Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Android Leftovers

Security: Updates, SOS Fund, IR, ME, and WPA

  • Security updates for Friday
  • Seeking SOS Fund Projects
    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.
  • Strong Incident Response Starts with Careful Preparation
    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.
  • The Intel Management Engine: an attack on computer users' freedom
    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.
  • What Is WPA3, and When Will I Get It On My Wi-Fi?
    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.