Language Selection

English French German Italian Portuguese Spanish

Security: SCADA, Police, Cisco and LibreOffice

Filed under
Security
  • Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack

    At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows [...]

  • In a first, cryptocurrency miner found on SCADA network

    Windows malware that mines for cryptocurrencies has, for the first time, been found in the network of an industrial control system at an operational treatment plant for a water utility, Radiflow, a security provider for critical infrastructure, says.

  • Tech site seeks probe into London cops' malware purchase

    The tech website Motherboard has asked London's Metropolitan Police Service and an independent government organisation to institute a probe into why an MPS officer bought malware that can intercept messages on Facebook, steal passwords and operate a smartphone camera remotely.

  • Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase

    London police have refused to explain why an officer bought powerful spyware that was marketed for spying on a user's spouse.

  • That mega-vulnerability Cisco dropped is now under exploit

    When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

  • libreoffice-remote-arbitrary-file-disclosure

    LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

More in Tux Machines

Release of KDE Frameworks 5.51.0

KDE Frameworks are 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the Frameworks 5.0 release announcement. This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner. Read more Also: KDE Frameworks 5.51 Released

Linux 4.19-rc8

As mentioned last week, here's a -rc8 release as it seems needed. There were a lot of "little" pull requests this week, semi-normal for this late in the cycle, but a lot of them were "fix up the previous fix I just sent" which implies that people are having a few issues still. I also know of at least one "bad" bug that finally has a proposed fix, so that should hopefully get merged this week. And there are some outstanding USB fixes I know of that have not yet landed in the tree (I blame me for that...) Anyway, the full shortlog is below, lots of tiny things all over the tree. Please go and test and ensure that all works well for you. Hopefully this should be the last -rc release. Read more Also: Linux 4.19-rc8 Released With A Lot Of "Tiny Things"

Kali Linux for Vagrant: Hands-on

I recently saw the announcement for Kali Linux on Vagrant. I have been a huge fan of Kali Linux for a very long time, and I am interested in virtualization (and currently using VirtualBox in an educational environment), so this was a very interesting combination to me. I have now installed it on a few of my systems, and so far I am quite impressed with it. The logical place to start is with a brief overview of Vagrant itself. What is Vagrant? According to their web page: Vagrant is a tool for building and managing virtual machine environments in a single workflow What Vagrant actually does is provide a way of automating the building of virtualized development environments using a variety of the most popular providers, such as VirtualBox, VMware, AWS and others. It not only handles the initial setup of the virtual machine, it can also provision the virtual machine based on your specifications, so it provides a consistent environment which can be shared and distributed to others. Read more

today's leftovers

  • Vulkan Cracks 2,500 Projects On GitHub
    After cracking 2,000 projects referencing Vulkan on GitHub earlier this year, this week it passed the milestone of having more than 2,500 projects. Granted, some of these projects referencing Vulkan are still in their primitive stages, but of the 2,500+ projects are a lot of interesting Vulkan-using projects from RenderDoc to countless game engine initiatives, various code samples, the AMDVLK driver stack, and countless innovative efforts like GLOVE for OpenGL over Vulkan to Kazan for a Rust-written CPU-based Vulkan implementation and a heck of a lot more.
  • GNOME's Geoclue 2.5 Brings Vala Support, WiFi Geolocation For City-Level Accuracy
    GNOME's Geoclue library that provides a D-Bus service for location information based on GPS receivers, 3G modems, GeoIP, or even WiFi-based geolocation has been baking a lot of changes.
  • Geoclue 2.5.0
    Here is the first release in the 2.5 series.
  •  
  • Wine-Staging 3.18 Released With Some New Patches While Other Code Got Upstreamed
    It has been a very exciting weekend for Linux gamers relying upon Wine for running Windows titles under Linux... There was the routine bi-weekly Wine 3.18 development release on Friday but yesterday brought transform feedback to Vulkan and in turn Stream Output to DXVK to fix up a number of D3D11 games. Today is now the Wine-Staging 3.18 release. Wine-Staging 3.18 doesn't incorporate any changes around the Vulkan code (there is a Wine patch needed by DXVK for this new functionality), but does include a lot of other stuff. Wine-Staging 3.18 implements more functions in the user32 code, including cascade windows, GetPointerType, and others. On the Direct3D front are a few additions to WineD3D, including the ability for the Direct3D 10 support to work with the legacy NVIDIA Linux driver. There is also a kernel fix for allowing Steam log-ins to work again with Wine Staging.