Language Selection

English French German Italian Portuguese Spanish

Security: OSX.Dummy, WellMess, LastPass, Rapid7

Filed under
Security
  • Fresh Macos Malware OSX.Dummy Targets Crypto-Currency Investors

    Hackers by employing a MacOS malicious program target people investing in crypto-currencies who utilize both chat platforms namely Discord and Slack. Dubbed OSX.Dummy, the malicious program utilizes a rather crude infection technique, however, PC operators that get successfully compromised get their systems to execute random code via remote operation.

     

    One blog post dated June 29 by Digital Security's chief research officer Patrick Wardle indicates that with a successful connection with command-and-control server of the attacker, the latter would manage running commands arbitrarily onto the contaminated PC. Security researchers from UNIX were first to find clues about the malicious program some days back. According to Remco Verhoef, top researcher who made a blog post dated June 29 on SANS' InfoSec reporting his discoveries, the past week witnessed several assaults sequentially against MacOS.

  • This new dual-platform malware targets both Windows and Linux systems

    One of the oft-repeated reasons for using alternative operating systems is the suggestion that alternatives to Windows are more secure because malware is not produced for these minority systems—in effect, an argument in favor of security by minority. For a variety of reasons, this is a misguided notion. The proliferation of web-based attacks—which are inherently cross-platform, as they depend on browsers more than the underlying OS the browser runs on—makes this argument rather toothless.

    [...]

     While WellMess is far from the first malware to run on Linux systems, the perceived security of Linux distributions as not being a significant enough target for malware developers should no longer be considered the prevailing wisdom, as cross-compilation on Golang will ease malware development to an extent for attackers looking to target Linux desktop users. As with Windows and macOS, users of Linux on the desktop should install some type of antivirus software in order to protect against malware such as WellMess.

  • Is your LastPass data really safe in the encrypted online vault?

    Disclaimer: I created PfP: Pain-free Passwords as a hobby, it could be considered a LastPass competitor in the widest sense. I am genuinely interested in the security of password managers which is the reason both for my own password manager and for this blog post on LastPass shortcomings.

    TL;DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

  • Australia 11th in country rankings for Internet security threat exposure

     

    According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than  61 million servers listening on at least one of the surveyed ports.

More in Tux Machines

Android Leftovers

Ubuntu-Centric Full Circle Magazine and Debian on the Raspberryscape

  • Full Circle Magazine: Full Circle Weekly News #121
  • Debian on the Raspberryscape: Great news!
    I already mentioned here having adopted and updated the Raspberry Pi 3 Debian Buster Unofficial Preview image generation project. As you might know, the hardware differences between the three families are quite deep ? The original Raspberry Pi (models A and B), as well as the Zero and Zero W, are ARMv6 (which, in Debian-speak, belong to the armel architecture, a.k.a. EABI / Embedded ABI). Raspberry Pi 2 is an ARMv7 (so, we call it armhf or ARM hard-float, as it does support floating point instructions). Finally, the Raspberry Pi 3 is an ARMv8-A (in Debian it corresponds to the ARM64 architecture). [...] As for the little guy, the Zero that sits atop them, I only have to upload a new version of raspberry3-firmware built also for armel. I will add to it the needed devicetree files. I have to check with the release-team members if it would be possible to rename the package to simply raspberry-firmware (as it's no longer v3-specific). Why is this relevant? Well, the Raspberry Pi is by far the most popular ARM machine ever. It is a board people love playing with. It is the base for many, many, many projects. And now, finally, it can run with straight Debian! And, of course, if you don't trust me providing clean images, you can prepare them by yourself, trusting the same distribution you have come to trust and love over the years.

OSS: SVT-AV1, LibreOffice, FSF and Software Freedom Conservancy

  • SVT-AV1 Already Seeing Nice Performance Improvements Since Open-Sourcing
    It was just a few weeks ago that Intel open-sourced the SVT-AV1 project as a CPU-based AV1 video encoder. In the short time since publishing it, there's already been some significant performance improvements.  Since the start of the month, SVT-AV1 has added multi-threaded CDEF search, more AVX optimizations, and other improvements to this fast evolving AV1 encoder. With having updated the test profile against the latest state as of today, here's a quick look at the performance of this Intel open-source AV1 video encoder.
  • Find a LibreOffice community member near you!
    Hundreds of people around the world contribute to each new version of LibreOffice, and we’ve interviewed many of them on this blog. Now we’ve collected them together on a map (thanks to OpenStreetMap), so you can see who’s near you, and find out more!
  • What I learned during my internship with the FSF tech team
    Hello everyone, I am Hrishikesh, and this is my follow-up blog post concluding my experiences and the work I did during my 3.5 month remote internship with the FSF. During my internship, I worked with the tech team to research and propose replacements for their network monitoring infrastructure. A few things did not go quite as planned, but a lot of good things that I did not plan happened along the way. For example, I planned to work on GNU LibreJS, but never could find enough time for it. On the other hand, I gained a lot of system administration experience by reading IRC conversations, and by working on my project. I even got to have a brief conversation with RMS! My mentors, Ian, Andrew, and Ruben, were extremely helpful and understanding throughout my internship. As someone who previously had not worked with a team, I learned a lot about teamwork. Aside from IRC, we interacted weekly in a conference call via phone, and used the FSF's Etherpad instance for live collaborative editing, to take notes. The first two months were mostly spent studying the FSF's existing Nagios- and Munin-based monitoring and alert system, to understand how it works. The tech team provided two VMs for experimenting with Prometheus and Nagios, which I used throughout the internship. During this time, I also spent a lot of time reading about licenses, and other posts about free software published by the FSF.
  • We're Hiring: Techie Bookkeeper
    Software Freedom Conservancy is looking for a new employee to help us with important work that supports our basic operations. Conservancy is a nonprofit charity that promotes and improves free and open source software projects. We are home to almost 50 projects, including Git, Inkscape, Etherpad, phpMyAdmin, and Selenium (to name a few). Conservancy is the home of Outreachy, an award winning diversity intiative, and we also work hard to improve software freedom generally. We are a small but dedicated staff, handling a very large number of financial transactions per year for us and our member projects.

Security: Back Doors Running Amok, Container Runtime Flaw Patched, Cisco Ships Exploit Inside Products

  • Here We Go Again: 127 Million Accounts Stolen From 8 More Websites
    Several days ago, a hacker put 617 million accounts from 16 different websites for sale on the dark web. Now, the same hacker is offering 127 million more records from another eight websites.
  • Hacker who stole 620 million records strikes again, stealing 127 million more
    A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto. But several other hacked sites on the marketplace listing didn’t know or hadn’t disclosed yet — such as 500px and Coffee Meets Bagel. The Register, which first reported the story, said the data included names, email addresses and scrambled passwords, and in some cases other login and account data — though no financial data was included.
  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks
  • How did the Dirty COW exploit get shipped in software?
    An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.