Language Selection

English French German Italian Portuguese Spanish

Security

Security: Security Updates, Qualys, NIST, Internet of Things, Microsoft's Broken Updates and Honeypots

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (kernel, linux-zen, and tcpreplay), Debian (drupal7, exim4, expat, imagemagick, and smb4k), Fedora (chromium, firefox, glibc, kernel, openvpn, and wireshark), Mageia (mercurial and roundcubemail), openSUSE (kernel, libmicrohttpd, libqt5-qtbase, libqt5-qtdeclarative, openvpn, and python-tablib), Scientific Linux (sudo), and SUSE (firefox).

  • Qualys discovers new vulnerability 'Stack Clash' in Linux
  • Dealing with NIST's about-face on password complexity

    In the last few years, we've been seeing some significant changes in the suggestions that security experts are making for password security. While previous guidance increasingly pushed complexity in terms of password length, the mix of characters used, controls over password reuse, and forced periodic changes, specialists have been questioning whether making passwords complex wasn't actually working against security concerns rather than promoting them.

  • Some beers, anger at former employer, and root access add up to a year in prison

    The Internet of Things' "security through obscurity" has been proven once again to not be terribly secure thanks to an angry and possibly inebriated ex-employee. Adam Flanagan, a former radio frequency engineer for a company that manufactures remote meter reading equipment for utilities, was convicted on June 15 in Philadelphia after pleading guilty to two counts of "unauthorized access to a protected computer and thereby recklessly causing damage." Flanagan admitted that after being fired by his employer, he used information about systems he had worked on to disable meter reading equipment at several water utilities. In at least one case, Flanagan also changed the default password to an obscenity.

  • Microsoft recommends you ignore Microsoft-recommended update
  • Honeypots and the Internet of Things

    There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or ‘smart’ devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been launched with the help of a massive botnet made up of routers, IP cameras, printers and other devices.

Security: WannaCry Strikes (Windows in Cameras), Blame of FOSS, Elections With Windows

Filed under
Security

Security: OpenVPN, Intel Nightmare, Looking Back at WannaCry

Filed under
Security

Microsoft Breaches and Their Impact

Filed under
Microsoft
Security

Security: DNS Typosquatting, Encryption and Firewalls, Vista 10 Compromised, Stack Clash, CherryBlossom, Russia and Epyc

Filed under
Security
  • Practical waterholing through DNS typosquatting

    Typosquatting has been known and abused since the 90’s, mostly for phishing, but is it still profitable for water-hole kind of attacks?

  • Encryption and Firewalls – Unleaded Hangout
  • Windows 10 S security brought down by, of course, Word macros [Ed: By Microsoft Peter (damage control)]

    But if that protection is flawed—if the bad guys can somehow circumvent it—then the value of Windows 10 S is substantially undermined. The downside for typical users will remain, as there still won't be any easy and straightforward way to install and run arbitrary Windows software. But the upside, the protection against malware, will evaporate.

  • Microsoft claims on Windows 10 S security blown away

    Microsoft's claims that no known ransomware can run on Windows 10 S have been blown sky high by a researcher – in just three hours.

  • A Stack Clash disclosure post-mortem
  • Hardened/Gentoo Hardened and Stack Clash
  • [Older] If your home wifi router is on this list, it might be vulnerable to CIA hacking tools

    For the past four months, WikiLeaks has been slowly publishing a series of documents that describe a plethora of hacking tools, which the anti-secrecy organization says belong to the US Central Intelligence Agency. The latest release, published June 15, is a batch of documents describing tools that can be used to hack home wifi routers.

    The collection of tools, which the documents refer to as “CherryBlossom,” can be used to monitor internet activity on networks that use the routers it infects. CherryBlossom infects routers by identifying their make and model and injecting malicious firmware into them. This kind of hack, when successful, is nearly impossible to detect because it infects the hardware itself and is not something anti-virus software is capable of checking.

  • Under pressure, Western tech firms bow to Russian demands to share cyber secrets

    Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

    Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.

  • AMD’s Epyc is a major advance in security

    AMD’s Zen core has been revealed in detail but with Epyc the company added a few juicy details. SemiAccurate is particularly interested in the security aspects on the new CPU line which is what we will discuss here.

Security: Linux/UNIX Updates, Ztorg malware, Let's Encrypt, CIA Windows Exploits, Windows Compromised and Source Code Leaked

Filed under
Security
  • Security updates for Thursday
  • Security updates for Friday
  • Stack Clash Bug Could Compromise Linux and Unix Defenses
  • Ztorg malware hid in Google Play to send premium-rate SMS texts, delete incoming SMS messages
  • The Stack Clash Vulnerabilities Mitigated in Container Linux

    Security researchers at Qualys recently disclosed new techniques to exploit stack allocations on several operating systems, even in the face of a number of security measures. Qualys was able to find numerous local-root exploits — exploits which allow local users of a system to gain root privileges — by applying stack allocation techniques against various pieces of userspace software.

  • Let's Encrypt ACME Certificate Protocol Set for Standardization

    The open-source Let's Encrypt project has been an innovating force on the security landscape over the last several years, providing millions of free SSL/TLS certificates to help secure web traffic. Aside from the disruptive model of providing certificates for free, Let's Encrypt has also helped to pioneer new technology to help manage and deliver certificates as well, including the Automated Certificate Management Environment (ACME).

  • How the CIA infects air-gapped networks

    Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected.

    More than 150 pages of materials published by WikiLeaks describe a platform code-named Brutal Kangaroo that includes a sprawling collection of components to target computers and networks that aren't connected to the Internet. Drifting Deadline was a tool that was installed on computers of interest. It, in turn, would infect any USB drive that was connected. When the drive was later plugged into air-gapped machines, the drive would infect them with one or more pieces of malware suited to the mission at hand. A Microsoft representative said none of the exploits described work on supported versions of Windows.

  • WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

    On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by using weaponized USB drives as an exfiltration channel. Per the documentation, deployment of the tool takes place by unwitting targets; however, the use of such tools could also easily be deployed purposefully by complicit insider actors.

    [...]

    This exploit works against Windows 7, 8, and 8.1; the current CVEs surrounding this technique are currently unknown.

  • Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
  • 32TB of Windows 10 internal builds, core source code leak online

    A massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online.

    The data – some 32TB of installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March.

    The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.

    Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels.

  • If these universities had run an ad blocker they might have been saved from ransomware attack

    Earlier this month a number of British universities, including University College London and Ulster University reported that their systems had been hit hard by a ransomware attack.

    Although initially it was thought likely that the attacks had entered the universities' servers via poisoned emails (it's very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.

    More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.

Canonical Outs Kernel Live Patch for Ubuntu 16.04 and 14.04 to Fix Stack Clash

Filed under
Security

Canonical's Benjamin M. Romer announced that a new kernel livepatch is now available for users of the Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems using the service, addressing the recently disclosed "Stack Clash" vulnerability.

Read more

Security: Windows Causes Chaos, Routers With Back Doors, Patching of UNIX/Linux

Filed under
Security
  • Traffic lights in Australia hit by WannaCry ransomware [Ed: Well, who uses Microsoft Windows to manage traffic?!?!]

    Radio station 3aw reports that dozens of pole based traffic calming measures are infected and that this came as a surprise to the local minister and Road Safety Camera Commissioner when radio reporters told him about it.

  • Honda shuts down factory after finding NSA-derived Wcry in its networks

    The WCry ransomware worm has struck again, this time prompting Honda Company to halt production in one of its Japan-based factories after finding infections in a broad swath of its computer networks, according to media reports.

    The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. The mass outbreak was quickly contained through a major stroke of good luck. A security researcher largely acting out of curiosity registered a mysterious domain name contained in the WCry code that acted as a global kill switch that immediately halted the self-replicating attack.

  • GhostHook: CyberArk finds new way to attack Windows 10

    Researchers at CyberArk Labs have discovered a new way of gaining access to the innards of Windows 10 64-bit systems that can bypass existing safeguards, including the kernel patch protection known as PatchGuard that Microsoft developed to improve system security.

  • John McAfee claims 'every router in America has been compromised' by hackers and spies

    Technology pioneer John McAfee believes that every home internet router in America is wide open to cyberattacks by criminal hackers and intelligence agencies. He makes the claim speaking after revelations from WikiLeaks that the Central Intelligence Agency (CIA) targets the devices.

  • 'Stack Clash' Smashed Security Fix in Linux

    What's old is new again: an exploit protection mechanism for a known flaw in the Linux kernel has fallen to a new attack targeting an old problem.

  • Continuous defence against open source exploits

    Register for next month's expo for the public sector DevOps community to hear key speakers from the front line of public sector digital transformation and see the latest technologies at first hand.

    Andrew Martin, DevOps lead in a major government department, has been added to the line-up of speakers to talk about the importance of getting the approach to security right with open source software.

  • IoT goes nuclear: creating a ZigBee chain reaction [iophk: "use 6lowpan instead"]

    If plugging in an infected bulb is too much hassle, the authors also demonstrate how to take over bulbs by war-driving around in a car, or by war-flying a drone.

  • Passengers given a freight as IT glitch knocks out rail ticket machines

    The network of machines are operated by the individual franchises, but share a common infrastructure from German software company Scheidt and Bachmann.

Security: Brutal Kangaroo Targets Windows, Linux Updates Available, Reproducible Builds, and Patching Stack Clash

Filed under
Linux
Microsoft
Security
  • Brutal Kangaroo

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

  • Security updates for Wednesday
  • Reproducible Builds: week 112 in Stretch cycle
  • 5 things you need to know about Stack Clash to secure your shared Linux environment

    The vulnerability is present in Unix-based systems on i386 and amd64 architectures. Affected Linux distributions include Red Hat, Debian, Ubuntu, SUSE, CentOS and Gentoo. Solaris is owned by Oracle. FreeBSD, OpenBSD and NetBSD are also impacted. Qualys has been working with distributions and vendors since May to get the vulnerabilities fixed, and the updates are just beginning to be released. Administrators need to act promptly to update affected machines with the security updates.

Flatpak Linux App Sandboxing Receives New Feature That Hardens Its Security

Filed under
Red Hat
Security

The Flatpak open-source GNU/Linux application sandboxing and distribution framework has been updated with a new feature that should harden its security.

Alex Larsson has recently released Flatpak versions 0.9.6 and 0.8.7, which comes about two weeks after their previous point releases to implement a new feature that will avoid creating world-writable directories or setuid files, including in the Flatpak export functionality.

Read more

Syndicate content

More in Tux Machines

KaOS 2018.01 KDE-focused Linux distro now available with Spectre and Meltdown fixes

It can be difficult to find a quality Linux distribution that meets your needs. This is partly because there are just too many operating systems from which to choose. My suggestion is to first find a desktop environment that you prefer, and then narrow down your distro search to one that focuses on that DE. For instance, if you like KDE, both Kubuntu and Netrunner are solid choices. With all of that said, there is another KDE-focused Linux distro that I highly recommend. Called "KaOS," it is rolling release, meaning you can alway be confident that your computer is running modern packages. Today, KaOS gets its first updated ISO for 2018, and you should definitely use it to upgrade your install media. Why? Because version 2018.01 has fixes for Spectre and Meltdown thanks to Linux kernel 4.14.14 with both AMD and Intel ucode. Read more

Today in Techrights

KDE: Linux and Qt in Automotive, KDE Discover, Plasma5 18.01 in Slackware

  • Linux and Qt in Automotive? Let’s meet up!
    For anyone around the Gothenburg area on Feb 1st, you are most welcome to the Automotive MeetUp held at the Pelagicore and Luxoft offices. There will be talks about Qt/QML, our embedded Linux platform PELUX and some ramblings about open source in automotive by yours truly ;-)
  • What about AppImage?
    I see a lot of people asking about state of AppImage support in Discover. It’s non-existent, because AppImage does not require centralized software management interfaces like Discover and GNOME Software (or a command-line package manager). AppImage bundles are totally self-contained, and come straight from the developer with zero middlemen, and can be managed on the filesystem using your file manager This should sound awfully familiar to former Mac users (like myself), because Mac App bundles are totally self-contained, come straight from the developer with zero middlemen, and are managed using the Finder file manager.
  • What’s new for January? Plasma5 18.01, and more
    When I sat down to write a new post I noticed that I had not written a single post since the previous Plasma 5 announcement. Well, I guess the past month was a busy one. Also I bought a new e-reader (the Kobo Aura H2O 2nd edition) to replace my ageing Sony PRS-T1. That made me spend a lot of time just reading books and enjoying a proper back-lit E-ink screen. What I read? The War of the Flowers by Tad Williams, A Shadow all of Light by Fred Chappell, Persepolis Rising and several of the short stories (Drive, The Butcher of Anderson Station, The Churn and Strange Dogs) by James SA Corey and finally Red Sister by Mark Lawrence. All very much worth your time.

GNU/Linux: Live Patching, Gravity of Kubernetes, Welcome to 2018

  • How Live Patching Has Improved Xen Virtualization
    The open-source Xen virtualization hypervisor is widely deployed by enterprises and cloud providers alike, which benefit from the continuous innovation that the project delivers. In a video interview with ServerWatch, Lars Kurth, Chairman of the Xen Project Advisory Board and Director, Open Source Solutions at Citrix, details some of the recent additions to Xen and how they are helping move the project forward.
  • The Gravity of Kubernetes
    Most new internet businesses started in the foreseeable future will leverage Kubernetes (whether they realize it or not). Many old applications are migrating to Kubernetes too. Before Kubernetes, there was no standardization around a specific distributed systems platform. Just like Linux became the standard server-side operating system for a single node, Kubernetes has become the standard way to orchestrate all of the nodes in your application. With Kubernetes, distributed systems tools can have network effects. Every time someone builds a new tool for Kubernetes, it makes all the other tools better. And it further cements Kubernetes as the standard.
  • Welcome to 2018
    The image of the technology industry as a whole suffered in 2017, and that process is likely to continue this year as well. That should lead to an increased level of introspection that will certainly affect the free-software community. Many of us got into free software to, among other things, make the world a better place. It is not at all clear that all of our activities are doing that, or what we should do to change that situation. Expect a lively conversation on how our projects should be run and what they should be trying to achieve. Some of that introspection will certainly carry into projects related to machine learning and similar topics. There will be more interesting AI-related free software in 2018, but it may not all be beneficial. How well will the world be served, for example, by a highly capable, free facial-recognition system and associated global database? Our community will be no more effective than anybody else at limiting progress of potentially freedom-reducing technologies, but we should try harder to ensure that our technologies promote and support freedom to the greatest extent possible. Our 2017 predictions missed the fact that an increasing number of security problems are being found at the hardware level. We'll not make the same mistake in 2018. Much of what we think of as "hardware" has a great deal of software built into it — highly proprietary software that runs at the highest privilege levels and which is not subject to third-party review. Of course that software has bugs and security issues of its own; it couldn't really be any other way. We will see more of those issues in 2018, and many of them are likely to prove difficult to fix.