Language Selection

English French German Italian Portuguese Spanish

Security

Canonical and IBM Leftovers

Filed under
Red Hat
Server
Security
Ubuntu
  • What’s new in Security for Ubuntu 22.04 LTS?

    Canonical Ubuntu 22.04 LTS is the latest long term support release of Ubuntu, one of the world’s most popular Linux distributions. As a Long Term Support release, Ubuntu 22.04 LTS will be supported for 10 years, receiving both extended security updates and kernel livepatching via an Ubuntu Advantage subscription (which is free for personal use). This continues the benchmark of Ubuntu LTS releases serving as the most secure foundation on which to both develop and deploy Linux applications and services. In this blog post, we take a look at the various security features and enhancements that have gone into this new release since the Ubuntu 20.04 LTS release. For a more detailed examination of some of these features, be sure to check out the previous articles in this series which cover the improvements delivered across each interim release of Ubuntu in the past 2 years between 20.04 LTS and 22.04 LTS.

  • We Still Want IBM i On The Impending Power E1050

    In March last year, as Big Blue was finishing up the development of the Power10 family of Power Systems machines, we wrote an essay explaining that we wanted IBM i to be a first-class operating system citizen on the four-socket Power E1050 machine, which we finally expect to see launch on July 12 if the rumors are correct.

  • Big Blue Tweaks IBM i Pricing Ahead Of Subscription Model

    Back in May, Big Blue said that it was going to be simplifying the IBM i stack ahead of a move to subscription pricing for systems software as well as hardware that runs it. To do that means zeroing out prices for a slew of things that had price tags on them formerly.

  • Guru: The Finer Points of Exit Points

    Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.

  • IBM i Licensing, Part 3: Can The Hardware Bundle Be Cheaper Than A Smartphone?

    How many monthly iPhone bills is a Power10-based entry server worth?

  • Guild Mortgage Takes The 20-Year Option For Modernization

    When Kurt Reheiser returned to the IBM i server after a 15-year hiatus away the platform, things weren’t a lot different than how he left them.

Security Leftovers

Filed under
Security
  • odcast: Why there were 56 OT vulnerabilities this week

    This week we cover the Ericsson mobility report that offers some stats on cellular IoT connections, including the surprising nugget that we won’t see 4G/5G connections surpass 2G/3G connections until some time next year. Then we hit another report. This one is from NPR and covers the state of audio and smart speakers. It proves that growth is slowing for smart speakers and that we may not do as many things with voice as we think. In dystopian news we cover China using COVID tracking apps to lock down protesters, and Microsoft stopping sales of some facial recognition tools. In new product news we talk about the latest Philips Hue gear, a new material that could generate electricity for wearables, and new MCUs from NXP. We also address the closure of SmartDry and explain how Google’s update on the Nest Max Hub may break your Nest x Yale lock. We end by answering a listener question about more accurate motion sensors.

  • Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations

    In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, it is possible to create predefined relationships between indicators to describe how they relate to each other. This enables the SOC analyst to do a more efficient incident analysis based on the indicators associated to the incident.

  • Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack Verticals

    It was a Friday afternoon when Bill was on his way back home from work when he received a call that made him take the next U-turn back to his office. It was one of these calls that he was dedicating all of his working hours to avoid. He was not given much detail through the phone, but it seems that Andre, someone working in the account payments department, had just fallen victim to a scam and had proceeded to a hefty payment. A scam? Bill recalled all the training videos he had put this department through. What went wrong?

  • Daycare apps are insecure surveillance dumpster-fires

    Apps are like software, only worse.

  • 12 best patch management software and tools for 2022

    These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right product for your needs.

Arti 0.5.0 is released: Robustness and API improvements

Filed under
Software
Security

Arti is our ongoing project to create a working embeddable Tor client in Rust. It’s not ready to replace the main Tor implementation in C, but we believe that it’s the future.

Right now, our focus is on making Arti production-quality, by stress-testing the code, hunting for likely bugs, and adding missing features that we know from experience that users will need. We're going to try not to break backward compatibility too much, but we'll do so when we think it's a good idea.

Read more

Security Leftovers

Filed under
Security
  • Reproducible Builds: Supporter spotlight: Hans-Christoph Steiner of the F-Droid project

    The Reproducible Builds project relies on several projects, supporters and sponsors for financial support, but they are also valued as ambassadors who spread the word about our project and the work that we do.

    This is the fifth instalment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. We started this series by featuring the Civil Infrastructure Platform project and followed this up with a post about the Ford Foundation as well as a recent ones about ARDC, the Google Open Source Security Team (GOSST) and Jan Nieuwenhuizen on Bootstrappable Builds, GNU Mes and GNU Guix.

  • Citrix Releases Security Updates for Hypervisor | CISA

    Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future

    Ransomware groups are targeting a zero-day affecting a Linux-based Mitel VoIP appliance, according to researchers from CrowdStrike.

    The zero-day – tagged as CVE-2022-29499 – was patched in April by Mitel after CrowdStrike researcher Patrick Bennett discovered the issue during a ransomware investigation.

    In a blog post on Thursday, Bennett explained that after taking the Mitel VoIP appliance offline, he discovered a “novel remote code execution exploit used by the threat actor to gain initial access to the environment.”

Security features in Red Hat Enterprise Linux 9

Filed under
Red Hat
Security

Red Hat Enterprise Linux 9 (RHEL 9) is the latest version of Red Hat’s flagship operating system, released at the Red Hat Summit in May 2022. New capabilities added to RHEL 9 help simplify how organizations manage security and compliance when deploying new systems or managing existing infrastructure. This article takes a brief look at three of the new security features available in this release.

The default superuser account in Unix- and Linux-based systems is "root". Because the username is always "root" and access rights are unlimited, this account is the most valuable target for hackers. Attackers use bots to scan for systems with exposed SSH ports, and when found, they attempt to use common usernames and brute-force passwords to gain entry. Of course, the impact of a successful exploit would be a lot lower if the compromised user has unprivileged access. The breach would then be contained and limited to one user only.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).

  • On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

    Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written—not really a rebuttal—but a “a general response to some of the more common spurious objections…people make to public blockchain systems.”

  • 4 CNCF Projects For Key Management - Container Journal

    The nuances of cloud-native architecture necessitate some new approaches to security. Not only are container-based microservices inherently distributed, but there is a rising number of dependencies within the software supply chain. As a result, developers are faced with storing and accessing many types of secrets, including API keys, encryption keys, JSON Web Tokens (JWTs) and others when building cloud-native applications based on containers and running on platforms like Kubernetes. But, leaving such secrets exposed within your codebase goes against security best practices, as an attacker could easily access them.

    Software components must verify every request is coming from a legitimate source, known as authentication, and they must confirm the requesting party has the required permissions to access a resource, known as authorization. As part of this mission, we’ve seen a lot of development activity around automating secret issuance and distribution to securely store and distribute passwords among services.

  • Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers [Ed: How Microsoft-friendly sites distract from the biggest culprit and badmouth Linux and Golang at the same time (simply because you can install malware)]

Security Leftovers

Filed under
Security
  • Closing the Cybersecurity Talent Gap With New Candidate Pools [Ed: Decades of back doors have meant security failures and a lack of people traintd to understand real security]

    HR and security leaders must deploy new strategies to attract, hire, and retain cyber professionals while looking for ways to leverage the transferable skills and potential of untapped talent.

    Demand for cybersecurity talent has reached an historic high: 63% of businesses say they have unfilled security positions, and 60% experienced difficulties retaining qualified cybersecurity professionals in 2021, according to the ISACA State of Cybersecurity 2022 report. And information security analyst jobs are expected to grow faster than the average for all other occupations.

  • Reproducible Builds (diffoscope): diffoscope 217 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 217. This version includes the following changes:

    * Update test fixtures for GNU readelf 2.38 (now in Debian unstable).
    * Be more specific about the minimum required version of readelf (ie.
      binutils) as it appears that this "patch" level version change resulted in
      a change of output, not the "minor" version. (Closes: #1013348)
    * Don't leak the (likely-temporary) pathname when comparing PDF documents.
    
    
  • On the Subversion of NIST by the NSA
  • Security updates for Thursday

    Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, May 2022

    Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

    Debian project funding

    Two [1, 2] projects are in the pipeline now. Tryton project is in a final phase. Gradle projects is fighting with technical difficulties.

    In May, we put aside 2233 EUR to fund Debian projects.

    We’re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.

  • Enterprise Linux Security Episode 33 - Patch your Confluence Server! - Invidious

    Atlassian software is constantly under attack, and often the source of many lost weekends for IT admins. Recently, a brand-new vulnerability has been discovered - CVE-2022-26134. This particular vulnerability is remotely exploitable, and has been listed as critical. In this episode, Jay and Joao discuss this vulnerability, as well as some of the struggles around Atlassian software in general.

Security Leftovers

Filed under
Security
  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).

  • CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

    CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

  • Useful web hosting tips that can help secure your site

    Website security is about preparing for the worst if applied security mechanisms fail. After all, protecting your site from every threat on the book can be laborious. However, it does not mean website owners should not try. It simply refers to the two sides of the coin: preventing attacks or other interruptions and mitigating successful ones.

    Thus, it might be an excellent idea to review the security of your business website to ensure you don’t end up a victim of vicious attacks. Considering that, here are the top 7 definitive web hosting tips to help secure your site for the foreseeable future.

  • Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore [Ed: OpenSSF (former Microsoft) telling you to deny people who want to run applications of their choice; they call that "security"]
  • Learn the Principles of DevSecOps in New, Free Training Course [Ed: This is what Zemlin et al are 'teaching']

    At the most basic level, there is nothing separating DevSecOps from the DevOps model. However, security, and a culture designed to put security at the forefront has often been an afterthought for many organizations. But in a modern world, as costs and concerns mount from increased security attacks, it must become more prominent. It is possible to provide continuous delivery, in a secure fashion. In fact, CD enhances the security profile. Getting there takes a dedication to people, culture, process, and lastly technology, breaking down silos and unifying multi-disciplinary skill sets. Organizations can optimize and align their value streams towards continuous improvement across the entire organization.

  • Keeping PowerShell: Measures to Use and Embrace [Ed: Has CISA become a "damage control" or PR department of Microsoft?]

    Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.

  • For a few days earlier this year, rogue GitHub apps could have hijacked countless repos

    A GitHub bug could have been exploited earlier this year by connected third-party apps to hijack victims' source-code repositories.

    For almost a week in late February and early March, rogue applications could have generated scoped installation tokens with elevated permissions, allowing them to gain otherwise unauthorized write or administrative access to developers' repos. For example, if an app was granted read-only access to an organization or individual's code repo, the app could effortlessly escalate that to read-write access.

    This security blunder has since been addressed and before any miscreants abused the flaw to, for instance, alter code and steal secrets and credentials, according to Microsoft's GitHub, which assured The Register it's "committed to investigating reported security issues."

    This is good news, because according to Aqua Security researchers, exploitation would have had a massive impact on "basically everyone." In effect, this is a near hit for the industry as miscreants could have exploited the hole to exfiltrate cloud credentials from private repos or potentially tamper with software projects.

  • Google Releases Security Updates for Chrome | CISA

    Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

TrueNAS SCALE adds SMB Clustering and HA in 2nd Major Update

Filed under
Security
BSD

TrueNAS SCALE 22.02.2 (“Angelfish”) was released today after the previous versions were deployed on over 20,000 active systems. TrueNAS SCALE 22.02.2 includes the completion of SMB clustering and the delivery of High Availability (HA) on TrueNAS M-Series systems. This release is complemented by the new functionality in TrueCommand that provides wizards for creating SMB clusters.

TrueNAS SCALE continues with system count growth at over 100% per quarter since the start of the BETA process in mid 2021. There is widespread adoption by Linux admins and great feedback as TrueNAS SCALE matures.

Read more

Proprietary Failures

Filed under
Security
Misc
  • Cloudflare outage brings hundreds of sites, services temporarily offline

    The company faced similar issues last week when an outage in the India region caused several services including Discord, Shopify, Canva and GitLab to suffer from network performance issues across India, Indonesia and Eastern Europe.

  • Microsoft’s Outlook email taken down by global internet outage

    According to website monitoring service Down Detector, affected users are seeing messages telling them they have been unable to connect to a server, and are struggling to connect to the service from across a range of devices.

    The monitoring service showed it began receiving reports of problems at around 9am on Tuesday.

  • Microsoft Outlook outage: Email service down with company working on fix after service inaccessible

    However, the outage appears to be unrelated to an issue at web infrastructure firm Cloudflare which took a large number of popular websites offline earlier on Tuesday morning.

  • Former NSA chief warns of Russian cyberattacks against US financial sector

    Alexander made his remarks during a cyber webinar hosted by IronNet, a cybersecurity firm founded and led by the retired general. Alexander was joined by other panelists who discussed several key issues, including how nation-state threat actors such as Russia will use cyber as a weapon to target banks and other financial institutions.

    Following the invasion of Ukraine, the U.S. and Western Europe imposed crippling economic sanctions against Russia, including cutting the country off from roughly $600 billion in reserves held by the Central Bank of Russia, suspending its access to the U.S. dollar and banning the state banks from using SWIFT, a messaging system used by banks to conduct international transactions.

Syndicate content

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.