Language Selection

English French German Italian Portuguese Spanish

Security: OSX.Dummy, WellMess, LastPass, Rapid7

Filed under
Security
  • Fresh Macos Malware OSX.Dummy Targets Crypto-Currency Investors

    Hackers by employing a MacOS malicious program target people investing in crypto-currencies who utilize both chat platforms namely Discord and Slack. Dubbed OSX.Dummy, the malicious program utilizes a rather crude infection technique, however, PC operators that get successfully compromised get their systems to execute random code via remote operation.

     

    One blog post dated June 29 by Digital Security's chief research officer Patrick Wardle indicates that with a successful connection with command-and-control server of the attacker, the latter would manage running commands arbitrarily onto the contaminated PC. Security researchers from UNIX were first to find clues about the malicious program some days back. According to Remco Verhoef, top researcher who made a blog post dated June 29 on SANS' InfoSec reporting his discoveries, the past week witnessed several assaults sequentially against MacOS.

  • This new dual-platform malware targets both Windows and Linux systems

    One of the oft-repeated reasons for using alternative operating systems is the suggestion that alternatives to Windows are more secure because malware is not produced for these minority systems—in effect, an argument in favor of security by minority. For a variety of reasons, this is a misguided notion. The proliferation of web-based attacks—which are inherently cross-platform, as they depend on browsers more than the underlying OS the browser runs on—makes this argument rather toothless.

    [...]

     While WellMess is far from the first malware to run on Linux systems, the perceived security of Linux distributions as not being a significant enough target for malware developers should no longer be considered the prevailing wisdom, as cross-compilation on Golang will ease malware development to an extent for attackers looking to target Linux desktop users. As with Windows and macOS, users of Linux on the desktop should install some type of antivirus software in order to protect against malware such as WellMess.

  • Is your LastPass data really safe in the encrypted online vault?

    Disclaimer: I created PfP: Pain-free Passwords as a hobby, it could be considered a LastPass competitor in the widest sense. I am genuinely interested in the security of password managers which is the reason both for my own password manager and for this blog post on LastPass shortcomings.

    TL;DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

  • Australia 11th in country rankings for Internet security threat exposure

     

    According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than  61 million servers listening on at least one of the surveyed ports.

More in Tux Machines

Linux Kernel: EROFS, Heterogeneous Memory Management, Getting Involved, 4.20-rc3, and DRM ('Secure Output Protocol')

  • There Is Finally A User-Space Utility To Make EROFS Linux File-Systems
    Back when Huawei introduced the EROFS Linux file-system earlier this year, there wasn't any open-source user-space utility for actually making EROFS file-systems. Even when EROFS was merged into the mainline tree, the user-space utility was still non-existent but now that issue has been rectified.
  • The State Of Heterogeneous Memory Management At The End Of 2018
    Heterogeneous Memory Management is the effort going on for more than four years that was finally merged to the mainline Linux kernel last year but is still working on adding additional features and improvements. HMM is what allows for allowing the mirroring of process address spaces, system memory to be transparently used by any device process, and other functionality for GPU computing as well as other device/driver purposes. Jerome Glisse at Red Hat who has spearheaded Heterogeneous Memory Management from the start presented at last week's Linux Plumbers Conference on this unified memory solution.
  • An attempt to create a local Kernel community
    Now I am close to complete one year of Linux Kernel, and one question still bugs me: why does it have to be so hard for someone in a similar condition to become part of this world? I realized that I had great support from many people (especially from my sweet and calm wife) and I also pushed myself very hard. Now, I feel that it is time to start giving back something to society; as a result, I began to promote some small events about free software in the university and the city I live. However, my main project related to this started around two months ago with six undergraduate students at the University of Sao Paulo, IME [3]. My plan is simple: train all of these six students to contribute to the Linux Kernel with the intention to help them to create a local group of Kernel developers. I am excited about this project! I noticed that within a few weeks of mentoring the students they already learned lots of things, and in a few days, they will send out their contributions to the Kernel. I want to write a new post about that in December 2018, reporting the results of this new tiny project and the summary of this one year of Linux Kernel. See you soon :)
  • Feral Interactive Announces Total War: WARHAMMER II to Be Released for Linux Tomorrow, Uber Joined The Linux Foundation, Security Bug Discovered in Instagram, Fedora Taking Submissions for Supplemental Wallpapers and Kernel 4.20-rc3 Is Out
    Linux kernel 4.20-rc3 is out. Linus says the only unusual thing was his travel and that the changes "are pretty tiny".
  • Wayland Secure Output Protocol Proposed For Upstream - HDCP-Like Behavior
    Collabora developer Scott Anderson sent out a "request for comments" patch series that would add a Secure Output Protocol to the Wayland space. The Secure Output Protocol is for allowing a Wayland client to tell the compositor to only display if it's going to a "secure" output, such as for HDCP-like (High-bandwidth Digital Content Protection) configurations, but there is no mandate at the protocol level about what is the definition of secure -- if anything. This does not impose any DRM per se by Wayland but is mostly intended for set-top-boxes and other closed systems where a Wayland client can reasonably trust the compositor. The Wayland Secure Output Protocol is based upon the work done by Google on their Chromium Wayland code.

more of today's howtos

Best Linux Desktop Environments: Strong and Stable

A desktop environment is a collection of disparate components that integrate together. They bundle these components to provide a common graphical user interface with elements such as icons, toolbars, wallpapers, and desktop widgets. Additionally, most desktop environments include a set of integrated applications and utilities. Desktop environments (now abbreviated as DE) provide their own window manager, system software that controls the placement and appearance of windows within a windowing system. They also provide a file manager which organizes, lists, and locates files and directories. Other aspects include a background provider, a panel to provide a menu and display information, as well as a setting/configuration manager to customize the environment. Ultimately, a DE is a piece of software. While they are more complicated than most other types of software, they are installed in the same way. Read more

KDE neon upgrade - From 16.04 to 18.04

I am quite happy with the KDE neon upgrade, going from the 16.04 to the 18.04 base. I think it's good on several levels, including improved hardware support and even slightly better performance. Plus there were no crashes or regressions of any kind, always a bonus. This means that neon users now have a fresh span of time to enjoy their non-distro distro, even though it's not really committing to any hard dates, so the LTS is also only sort of LTS in that sense. It's quite metaphysical. On a slightly more serious note, this upgrade was a good, positive experience. I semi-accidentally tried to ruin it, but the system recovered remarkably, the post-upgrade results are all sweet, and you have a beautiful, fast Plasma desktop, replete with applications and dope looks and whatnot. I'm happy, and we shall bottle that emotion for when the need arises, and in the Linux world it does happen often, I shall have an elixir of rejuvenation to sip upon. KDE neon, a surprisingly refined non-distro distro. Read more