Language Selection

English French German Italian Portuguese Spanish

Security: Telegram, Bounties and More

Filed under
Security
  • Telegram zero-day let hackers spread backdoor and cryptocurrency-mining malware

    A zero-day vulnerability in Telegram Messenger allowed attackers to spread a new form of malware with abilities ranging from creating a backdoor trojan to mining cryptocurrency.

    The attacks take advantage of a previously unknown vulnerability in the Telegram Desktop app for Windows and were spotted being used in the wild by Kaspersky Lab.

    Researchers believe the Russian cybercriminal group exploiting the zero-day were the only ones aware of the vulnerability and have been using it to distribute malware since March 2017 -- although it's unknown how long the vulnerability had existed before that date.

  • More Than 4,000 Government Websites Infected With Covert Cryptocurrency Miner

    The rise of cryptocurrency mining software like Coinhive has been a decidedly double-edged sword. While many websites have begun exploring cryptocurrency mining as a way to generate some additional revenue, several have run into problems if they fail to warn visitors that their CPU cycles are being co-opted in such a fashion. That has resulted in numerous websites like The Pirate Bay being forced to back away from the software after poor implementation (and zero transparency) resulted in frustrated users who say the software gobbled upwards of 85% of their available CPU processing power without their knowledge or consent.

    But websites that don't inform users this mining is happening are just one part of an emerging problem. Hackers have also taken to using malware to embed the mining software into websites whose owners aren't aware that their sites have been hijacked to make somebody else an extra buck. Politifact was one of several websites that recently had to admit its website was compromised with cryptocurrency-mining malware without their knowledge. Showtime was also forced to acknowledge (barely) that websites on two different Showtime domains had been compromised and infected with Coinhive-embedded malware.

  • Why Bug Bounties Matter

    Bugs exist in software. That's a fact, not a controversial statement. The challenge (and controversy) lies in how different organizations find the bugs in their software.

    One way for organizations to find bugs is with a bug bounty program. Bug bounties are not a panacea or cure-all for finding and eliminating software flaws, but they can play an important role.

  • Shell Scripting and Security

    The internet ain't what it used to be back in the old days. I remember being online back when it was known as ARPAnet actually—back when it was just universities and a handful of corporations interconnected. Bad guys sneaking onto your computer? We were living in blissful ignorance then.

    Today the online world is quite a bit different, and a quick glimpse at the news demonstrates that it's not just global, but that bad actors, as they say in security circles, are online and have access to your system too. The idea that any device that's online is vulnerable is more true now than at any previous time in computing history.

  • Security updates for Tuesday
  • Open Source Security Podcast: Episode 82 - RSA, TLS, Chrome HTTP, and PCI

More in Tux Machines

Kernel: Qualcomm/Atheros "Ath10k", FUSE and Code of Conduct

  • Linux's Qualcomm Ath10k Driver Getting WoWLAN, WCN3990 Support
    The Qualcomm/Atheros "Ath10k" Linux driver coming up in the Linux 4.20~5.0 kernel merge window is picking up two prominent features. First up, the Ath10k driver is finally having WoWLAN support -- Wake on Wireless LAN. WoWLAN has been supported by the kernel for years and more recently is getting picked up by Linux networking user-space configuration utilities. Ath10k is becoming the latest Linux wireless driver supporting WoWLAN (WIPHY_WOWLAN_NET_DETECT) for automatically waking up the system when within range of an a known SSID.
  • FUSE File-Systems Pick Up Another Performance Boost With Symlink Caching
    FUSE file-systems in user-space are set to be running faster with the upcoming Linux 4.20~5.0 kernel thanks to several performance optimizations. The FUSE kernel code for this next Linux kernel cycle already has a hash table optimization and separately is copy file range support for efficient file copy operations. Staged today into the FUSE tree for the next cycle was yet another performance-boosting patch.
  • Another Change Proposed For Linux's Code of Conduct
    With the Linux 4.19-rc8 kernel release overnight, one change not to be found in this latest Linux 4.19 release candidate are any alterations to the new Code of Conduct. The latest proposal forbids discussing off-topic matters while protecting any sentient being in the universe. While some immediate changes to the Linux kernel Code of Conduct have been talked about by upstream kernel developers, for 4.19-rc8 there are no changes yet. We'll presumably see some basic changes land this week ahead of Linux 4.19.0 expected next Sunday as not to have an unenforceable or flawed CoC found in a released kernel version.

Plasma 5.14 – Phasers on stun

Linux is much like the stock market. Moments of happiness broken by crises. Or is the other way around? Never mind. Today shall hopefully be a day of joy, for I am about to test Plasma 5.14, the latest version of this neat desktop environment. Recently, I’ve had a nice streak of good energy with Linux, mostly thanks to my experience with Slimbook Pro2, which I configured with Kubuntu Beaver. Let’s see if we can keep the momentum. Now, before we begin, there are more good news woven into this announcement. As you can imagine, you do need some kind of demonstrator to test the new desktop. Usually, it’s KDE neon, which offers a clean, lean, mean KDE-focused testing environment. You can boot into the live session, try the desktop, and if you like it, you can even install it. Indeed, neon is an integral part of my eight-boot setup on the Lenovo G50 machine. But what makes things really interesting is that neon has also switched to the latest Ubuntu LTS base. It now comes aligned to the 18.04 family, adorned with this brand new Plasma. Proceed. Read more

today's howtos

Security: 'Cyber' Wars, IPFS, Updates and PHP FUD