Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Google, Hacking Team, Microsoft-NSA, Django

Filed under
Security
  • Security updates for Wednesday
  • How Did Google Wipe Out 700,000 Malicious Android Apps From Play Store? Using Artificial Intelligence
  • Hacking Team Is Still Alive Thanks to a Mysterious Investor From Saudi Arabia

    The 2015 breach of spyware vendor Hacking Team seemed like it should have ended the company. Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see. But nearly three years later, the company trudges on, in large part thanks to a cash influx in 2016 from a mysterious investor who had been publicly unknown until now.

    The hack hurt the company’s reputation and bottom line: Hacking Team lost customers, was struggling to make new ones, and several key employees left. Three years later—after the appearance of this new investor—the company appears to have stopped the bleeding. The company registered around $1 million in losses in 2015, but bounced back with around $600,000 in profits in 2016.

    Motherboard has learned that this apparent recovery is in part thanks to the new investor, who appears to be from Saudi Arabia—and whose lawyer’s name matches that of a prominent Saudi attorney who regularly works for the Saudi Arabian government and facilitates deals between the government and international companies.

  • NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware

    SAY HELLO to WannaMine, the cryptojacking malware that's using leaked NSA hacking tools to infiltrate computers and syphon processor power to crunch calculations needed to 'mine; cryptocurrencies.

    But first a history lesson. You may remember the EternalBlue, a Windows exploit developed by the NSA that was leaked by hacking group Shadow Brokers.

    Pretty soon after the exploit was used to launch the massive WannaCry ransomware attack that locked down NHS systems and affected some 230,000 computers across 150 countries. EternalBlue was then used to spearhead the arguably more dangerous NotPetya attacks.

  • Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

    EternalBlue, EternalSynergy, EternalRomance and EternalChampion formed part of the arsenal of NSA-developed hacking tools that were leaked by the Shadow Brokers group before they were used (in part) to mount the devastating NotPetya cyber attack.

    [...]

    "After that, the exploit module will drop to disk (or use a PowerShell command), explains zerosum0x0, and then copy directly to the hard drive."

  • 10 tips for making the Django Admin more secure

    Offloading the responsibility for making your app secure onto QA testers or an information security office is tempting, but security is everyone's responsibility. The Django Admin is one of our favorite features of Django, but unless it's locked down correctly, it presents opportunities for exploitation. To save your users from compromised data, here are 10 tips to make the Django Admin more secure.

Security: Reproducible Builds, IoT, Code Review, Microsoft Windows Back Doors Cause More Trouble

Filed under
Security
  • Reproducible Builds: Weekly report #144
  • Top 10 IoT Security Threats
  • Code Review Isn't Evil. Security Through Obscurity Is.

    On January 25th, Reuters reported that software companies like McAfee, SAP, and Symantec allow Russian authorities to review their source code, and that "this practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies." The article goes on to explain what source code review looks like and which companies allow source code reviews, and reiterates that "allowing Russia to review the source code may expose unknown vulnerabilities that could be used to undermine U.S. network defenses."

    The spin of this article implies that requesting code reviews is malicious behavior. This is simply not the case. Reviewing source code is an extremely common practice conducted by regular companies as well as software and security professionals to ensure certain safety guarantees of the software being installed. The article also notes that “Reuters has not found any instances where a source code review played a role in a cyberattack.” At EFF, we routinely conduct code reviews of any software that we elect to use.

  • A fast-evolving new botnet could take gadgets in your home to the dark side
  • WannaMine: Another Cryptojacking Malware Fueled By Leaked NSA Exploit Is Rising [Ed: Microsoft Windows + NSA back doors = chaos]

    You might be able to recall the NSA exploit called EternalBlue which was leaked by the hacker group in April last year. The Windows exploit was later used to launch worldwide cyber disaster in the name of WannaCry. Another ransomware, also based on EternalBlue, followed a month later.

  • What is WannaMine? New fileless malware uses NSA's leaked EternalBlue exploit to mine cryptocurrency

    Security researchers have discovered a new strain of malware that uses the National Security Agency's EternalBlue exploit to hijack computers and secretly mine cryptocurrency. In April last year, the exploit was leaked as part of a cache of alleged NSA hacking tools released by the hacker group Shadow Brokers.

    Cybersecurity experts had warned that the exploit would soon be leveraged by other threat actors to power their own sophisticated and likely frequent cyberattacks. Shortly after, the Windows exploit was used to launch the massive global WannaCry and NotPetya ransomware attacks in May and June.

Security: Spectre & Meltdown, Cryptocurrency Mining Malware, Android, and Linux

Filed under
Security
  • Linux Monitoring Tool Detects Meltdown Attacks
  • The Spectre & Meltdown Vulnerability Checker for Linux Is Now in Debian's Repos

    If you want to check to see if your Debian GNU/Linux computer is patched against the Meltdown and Spectre security vulnerabilities, it's now easier than ever to install the original spectre-meltdown-checker script.

    Yes, you're reading it right, you can now install the very useful Spectre and Meltdown vulnerability/mitigation checker for Linux-based operating systems created by developer Stéphane Lesimple from the stable software repositories of the Debian GNU/Linux 9 "Stretch" operating system.

  • Cryptocurrency Mining Malware That Uses an NSA Exploit Is On the Rise

    A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.

    Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack. Now, security researchers are seeing the EternalBlue exploit being used to hijack people’s computers to mine cryptocurrency.

  • How Google fights Android malware

    If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

  • Linux Kernel 4.15: 'An Unusual Release Cycle'

    Linus Torvalds released version 4.15 of the Linux Kernel on Sunday, again, and for a second version in a row, a week later than scheduled. The culprits for the late release were the Meltdown and Spectre bugs, as these two vulnerabilities forced developers to submit major patches well into what should have been the last cycle. Torvalds was not comfortable rushing the release, so he gave it another week.

    Unsurprisingly, the first big bunch of patches worth mentioning were those designed to sidestep Meltdown and Spectre. To avoid Meltdown, a problem that affects Intel chips, developers have implemented Page Table Isolation (PTI) for the x86 architecture. If for any reason you want to turn this off, you can use the pti=off kernel boot option.

  • 64-bit ARM Gets Mitigations For Spectre & Meltdown With Linux 4.16

    The 64-bit ARM (ARM64 / AArch64) architecture code changes were mailed in a short time ago for the Linux 4.16 kernel and it includes mitigation work for Spectre and Meltdown CPU vulnerabilities.

    The main additions to the ARM64 Linux code for the 4.16 kernel is security changes concerning Variant Two of Spectre and Variant Three (Meltdown). This is the initial work ready for Linux 4.16 at this time while ARM developer Catalin Marinas notes that an improved firmware interface for Variant Two and a method to disable KPTI on ARM64 is coming next week. It's noted that Cavium ThunderX doesn't work with Kernel Page Table Isolation due to hardware erratum.

Security: Updates, Intel, Taxes, Voting and WordPress

Filed under
Security
  • Security updates for Tuesday
  • House chair hits reports of Intel notifying Chinese firms about chip vulnerabilities before US

    Walden's remarks come after the Journal reported that Intel had notified a small group of companies — including Chinese firms — about Spectre and Meltdown vulnerabilities which, if exploited, allow hackers to access sensitive information stored on computers, phones and servers using Intel, AMD and ARM chips.

  • File Your Taxes Before Scammers Do It For You

    Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

  • Voting-machine makers are already worried about Defcon

    What's worse, he added that "nearly every state is using some machines that are no longer manufactured, and many election officials struggle to find replacement parts." Before millions of electronic votes were cast for the next US president, Norden told press that "everything from software support, replacement parts and screen calibration were at risk."

    So it's no wonder voting machine makers are keen to get their gear off eBay and keep it out of the hands of white-hat hackers equally keen to expose their collective security failings.

  • More than 2,000 WordPress websites are infected with a keylogger

    The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that's surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Security: Intel, Lenovo, and Windows

Filed under
Security

OPNsense 18.1

Filed under
Security
BSD
  • OPNsense 18.1 released

    For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

    We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed "Groovy Gecko". Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

  • OPNsense 18.1 BSD Firewall/Network OS Released

    After hitting the RC phase a few weeks ago, OPNsense 18.1 has been officially released as the latest version of this pfSense-forked network/router-oriented BSD operating system.

    OPNsense 18.1 is based on FreeBSD 11.1 while pulling in the HardenedBSD security changes. OPNsense 18.1 reworks its firewall NAT rules, PHP 7.1 and jQuery 3 are powering the web interface, there is now OpenVPN multi-remote support for clients, IPv6 shared forwarding support, improvements for intrusion detection alerts, a rewritten firewall live log, reverse DNS support for insight reporting, and a variety of new plugins.

Security: Voting Safety, Intel, Windows and Linux

Filed under
Security

Security: Intel Scandals, Microsoft Patches Cause Data Loss/Corruption

Filed under
Security

Parrot 3.11 release notes

Filed under
GNU
Linux
Security

Parrot 3.11 is now available for download.

This new release introduces many improvements and security fixes compared to the previous versions. It includes by default all the spectre/meltdown security patches currently available and an updated version of the Linux 4.14 kernel.

A new car hacking menu now contains a collection of useful open source tools in the automotive industry to test real world cars or simulate CANBus networks.

Metasploit and postgresql are now patched to work flawlessly out of the box in live mode.

Other important updates include Firefox 58, increased installer stability, many updated security tools and some important graphic improvements.

Parrot Studio was reintroduced with many improvements, this special derivative of Parrot is designed for multimedia production as an improved version of Parrot Home for workstations, with many useful productivity tools pre-installed.

This release will probably be the last version of the 3.x series (except for eventual security updates), and we wanted to include some of the changes that we planned for parrot 4.x as a gift for our community.

Read more

Security: PLC, Blacksmith, Windows at NHS

Filed under
Security

  • Vulnerable industrial controls directly connected to Internet? Why not?

    As Beaumont said, "It's an open own goal." And this particular advisory doesn't stop with the PLCs. Some PLC manufacturers haven't even responded to inquiries from the DHS' National Cybersecurity and Communications Integration Center (NCCIC) about recently-discovered vulnerabilities, such as one in the Nari PCS-9611 Feeder Relay, a control system used to manage some electrical grids. The vulnerability, reported by two Kaspersky Labs researchers, "could allow a remote attacker arbitrary read/write abilities on the system."

  • Free Linux Tool Monitors Systems for Meltdown Attacks

    SentinelOne this week released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts, so system administrators can stop attacks before they take root.

    The company has been working on a similar tool to detect Spectre vulnerability attacks.

  • Welsh NHS systems back up after computer 'chaos'

    The National Cyber Security Centre said the problems were caused by technical issues and were not the result of a cyber attack.

Syndicate content

More in Tux Machines

Mozilla: Code of Conduct, Kelly Davis, Celebrate Firefox Internet Champions

  • ow We’re Making Code of Conduct Enforcement Real — and Scaling it
    This is the first line of our Community Participation Guidelines — and an nudge to keep empathy at center when designing response processes. Who are you designing for? Who is impacted? What are their needs, expectations, dependencies, potential bias and limitations?
  • Role Models in AI: Kelly Davis
    Meet Kelly Davis, the Manager/Technical Lead of the machine learning group at Mozilla. His work at Mozilla includes developing an open speech recognition system with projects like Common Voice and Deep Speech (which you can help contribute to). Beyond his passion for physics and machine learning, read on to learn about how he envisions the future of AI, and advice he offers to young people looking to enter the field.
  • Celebrate Firefox Internet Champions
    While the world celebrates athletic excellence, we’re taking a moment to share some of the amazing Internet champions that help build, support and share Firefox.

Canonical Ubuntu 2017 milestones, a year in the rulebook

So has Canonical been breaking rules with Ubuntu is 2017, or has it in been writing its own rulebook? Back in April we saw an AWS-tuned kernel of Ubuntu launched, the move to cloud is unstoppable, clearly. We also saw Ubuntu version 17.04 released, with Unity 7 as the default desktop environment. This release included optimisations for environments with low powered graphics hardware. Read more Also: Ubuntu will let upgraders ‘opt-in’ to data collection in 18.04

The npm Bug

  • ​Show-stopping bug appears in npm Node.js package manager
    Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported, "This destroyed 3 production servers after a single deploy!" So, what happened here? According to the npm GitHub bug report, "By running sudo npm under a non-root user (root users do not have the same effect), filesystem permissions are being heavily modified. For example, if I run sudo npm --help or sudo npm update -g, both commands cause my filesystem to change ownership of directories such as /etc, /usr, /boot, and other directories needed for running the system. It appears that the ownership is recursively changed to the user currently running npm."
  • Botched npm Update Crashes Linux Systems, Forces Users to Reinstall
    A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. Changing ownership of these files either crashes the system, various local apps, or prevents the system from booting, according to reports from users who installed npm v5.7.0. —the buggy npm update.

Windows 10 WSL vs. Linux Performance For Early 2018

Back in December was our most recent round of Windows Subsystem for Linux benchmarking with Windows 10 while since then both Linux and Windows have received new stable updates, most notably for mitigating the Spectre and Meltdown CPU vulnerabilities. For your viewing pleasure today are some fresh benchmarks looking at the Windows 10 WSL performance against Linux using the latest updates as of this week while also running some comparison tests too against Docker on Windows and Oracle VM VirtualBox. Read more