Language Selection

English French German Italian Portuguese Spanish

Security: Linux/UNIX Updates, Ztorg malware, Let's Encrypt, CIA Windows Exploits, Windows Compromised and Source Code Leaked

Filed under
Security
  • Security updates for Thursday
  • Security updates for Friday
  • Stack Clash Bug Could Compromise Linux and Unix Defenses
  • Ztorg malware hid in Google Play to send premium-rate SMS texts, delete incoming SMS messages
  • The Stack Clash Vulnerabilities Mitigated in Container Linux

    Security researchers at Qualys recently disclosed new techniques to exploit stack allocations on several operating systems, even in the face of a number of security measures. Qualys was able to find numerous local-root exploits — exploits which allow local users of a system to gain root privileges — by applying stack allocation techniques against various pieces of userspace software.

  • Let's Encrypt ACME Certificate Protocol Set for Standardization

    The open-source Let's Encrypt project has been an innovating force on the security landscape over the last several years, providing millions of free SSL/TLS certificates to help secure web traffic. Aside from the disruptive model of providing certificates for free, Let's Encrypt has also helped to pioneer new technology to help manage and deliver certificates as well, including the Automated Certificate Management Environment (ACME).

  • How the CIA infects air-gapped networks

    Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected.

    More than 150 pages of materials published by WikiLeaks describe a platform code-named Brutal Kangaroo that includes a sprawling collection of components to target computers and networks that aren't connected to the Internet. Drifting Deadline was a tool that was installed on computers of interest. It, in turn, would infect any USB drive that was connected. When the drive was later plugged into air-gapped machines, the drive would infect them with one or more pieces of malware suited to the mission at hand. A Microsoft representative said none of the exploits described work on supported versions of Windows.

  • WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

    On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by using weaponized USB drives as an exfiltration channel. Per the documentation, deployment of the tool takes place by unwitting targets; however, the use of such tools could also easily be deployed purposefully by complicit insider actors.

    [...]

    This exploit works against Windows 7, 8, and 8.1; the current CVEs surrounding this technique are currently unknown.

  • Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
  • 32TB of Windows 10 internal builds, core source code leak online

    A massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online.

    The data – some 32TB of installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March.

    The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.

    Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels.

  • If these universities had run an ad blocker they might have been saved from ransomware attack

    Earlier this month a number of British universities, including University College London and Ulster University reported that their systems had been hit hard by a ransomware attack.

    Although initially it was thought likely that the attacks had entered the universities' servers via poisoned emails (it's very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.

    More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.