Language Selection

English French German Italian Portuguese Spanish

Security: OSX.Dummy, WellMess, LastPass, Rapid7

Filed under
Security
  • Fresh Macos Malware OSX.Dummy Targets Crypto-Currency Investors

    Hackers by employing a MacOS malicious program target people investing in crypto-currencies who utilize both chat platforms namely Discord and Slack. Dubbed OSX.Dummy, the malicious program utilizes a rather crude infection technique, however, PC operators that get successfully compromised get their systems to execute random code via remote operation.

     

    One blog post dated June 29 by Digital Security's chief research officer Patrick Wardle indicates that with a successful connection with command-and-control server of the attacker, the latter would manage running commands arbitrarily onto the contaminated PC. Security researchers from UNIX were first to find clues about the malicious program some days back. According to Remco Verhoef, top researcher who made a blog post dated June 29 on SANS' InfoSec reporting his discoveries, the past week witnessed several assaults sequentially against MacOS.

  • This new dual-platform malware targets both Windows and Linux systems

    One of the oft-repeated reasons for using alternative operating systems is the suggestion that alternatives to Windows are more secure because malware is not produced for these minority systems—in effect, an argument in favor of security by minority. For a variety of reasons, this is a misguided notion. The proliferation of web-based attacks—which are inherently cross-platform, as they depend on browsers more than the underlying OS the browser runs on—makes this argument rather toothless.

    [...]

     While WellMess is far from the first malware to run on Linux systems, the perceived security of Linux distributions as not being a significant enough target for malware developers should no longer be considered the prevailing wisdom, as cross-compilation on Golang will ease malware development to an extent for attackers looking to target Linux desktop users. As with Windows and macOS, users of Linux on the desktop should install some type of antivirus software in order to protect against malware such as WellMess.

  • Is your LastPass data really safe in the encrypted online vault?

    Disclaimer: I created PfP: Pain-free Passwords as a hobby, it could be considered a LastPass competitor in the widest sense. I am genuinely interested in the security of password managers which is the reason both for my own password manager and for this blog post on LastPass shortcomings.

    TL;DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

  • Australia 11th in country rankings for Internet security threat exposure

     

    According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than  61 million servers listening on at least one of the surveyed ports.

More in Tux Machines

Debian Patches for Intel's Defects, Canonical to Fix Ubuntu Security Flaws for a Fee

  • Debian Outs Updated Intel Microcode to Mitigate Spectre V4 and V3a on More CPUs
    The Debian Project released an updated Intel microcode firmware for users of the Debian GNU/Linux 9 "Stretch" operating system series to mitigate two of the latest Spectre vulnerabilities on more Intel CPUs. Last month, on August 16, Debian's Moritz Muehlenhoff announced the availability of an Intel microcode update that provided Speculative Store Bypass Disable (SSBD) support needed to address both the Spectre Variant 4 and Spectre Variant 3a security vulnerabilities. However, the Intel microcode update released last month was available only for some types of Intel CPUs, so now the Debian Project released an updated version that implements SSBD support for additional Intel CPU models to mitigate both Spectre V4 and V3a on Debian GNU/Linux 9 "Stretch" systems.
  • Announcing Extended Security Maintenance for Ubuntu 14.04 LTS – “Trusty Tahr” [Ed: Canonical looking to profit from security flaws in Ubuntu like Microsoft does in Windows.]
    Ubuntu is the basis for the majority of cloud-based workloads today. With over 450 million public cloud instances launched since the release of Ubuntu 16.04 LTS, a number that keeps accelerating on a day-per-day basis since, many of the largest web-scale deployments are using Ubuntu. This includes financial, big data, media, and many other workloads and use cases, which rely on the stability and continuity of the underlying operating system to provide the mission-critical service their customers rely on. Extended Security Maintenance (ESM) was introduced for Ubuntu 12.04 LTS as a way to extend the availability of critical and important security patches beyond the nominal End of Life date of Ubuntu 12.04. Organisations use ESM to address security compliance concerns while they manage the upgrade process to newer versions of Ubuntu under full support. The ability to plan application upgrades in a failsafe environment continues to be cited as the main value for adoption of ESM. With the End of Life of Ubuntu 14.04 LTS in April 2019, and to support the planning efforts of developers worldwide, Canonical is announcing the availability of ESM for Ubuntu 14.04.
  • Canonical Announces Ubuntu 14.04 LTS (Trusty Tahr) Extended Security Maintenance
    Canonical announced today that it would extend its commercial Extended Security Maintenance (ESM) offering to the Ubuntu 14.04 LTS (Trusty Tahr) operating system series starting May 2019. Last year on April 28, 2017, when the Ubuntu 12.04 LTS (Precise Pangolin) operating system series reached end of life, Canonical announced a new way for corporate users and enterprises to receive security updates if they wanted to keep their current Ubuntu 12.04 LTS installations and had no plans to upgrade to a newer LTS (Long Term Support) release. The offering was called Extended Security Maintenance (ESM) and had a great success among businesses.

Graphics: NVIDIA and AMD

  • Initial NVIDIA GeForce RTX 2080 Ti Linux Benchmarks
    This article is going to be short and sweet as just receiving the GeForce RTX 2080 Ti yesterday and then not receiving the Linux driver build until earlier today... The GeForce RTX 2080 Ti has been busy now for a few hours with the Phoronix Test Suite on the Core i7 8086K system running Ubuntu 18.04 LTS with the latest drivers.
  • NVIDIA Introduces A Number Of New OpenGL Extensions For Turing
    As part of the GeForce RTX 2080 series launching with the new GPU architecture, NVIDIA has published a number of new OpenGL extensions for making use of some of Turing's new capabilities.
  • Vulkan 1.1.85 Released With Raytracing, Mesh Shaders & Other New NVIDIA Extensions
    Leading up to the Turing launch we weren't sure if NVIDIA was going to deliver same-day Vulkan support for RTX/ray-tracing with the GeForce RTX graphics cards or if it was going to be left up to Direct3D 12 on Windows for a while... Fortunately, as already reported, their new driver has Vulkan RTX support. Additionally, the NVX_raytracing extension and other NVIDIA updates made it into today's Vulkan 1.1.85 release.
  • Radeon/GPUOpen OCAT 1.2 Released But No Linux Support Yet
    A new feature release is out for the Radeon/GPUOpen "OCAT" open-source capture and analytics tool. OCAT 1.2 is their first release of the year and includes VR head-mounted display (HMD) support, new visualization tools, system information detection, new settings, and other enhancements.

Security: Updates, US Demand for Back Doors, and Microsoft's Collusion with the NSA Keeps Serving Crackers

  • Security updates for Wednesday
  • State Department Still Sucks At Basic Cybersecurity And Senators Want To Know Why
    The senators are hoping the State Department will have answers to a handful of cybersecurity-related questions by October 12th, but given the agency's progress to compliance with a law that's been on the book for two years at this point, I wouldn't expect responses to be delivered in a timelier fashion. The agency's track record on security isn't great and these recent developments only further cement its reputation as a government ripe for exploitation. The agency's asset-tracking program only tracks Windows devices, its employees are routinely careless with their handling of classified info, and, lest we forget, its former boss ran her own email server, rather than use the agency's. Of course, given this long list of security failures, there's a good possibility an off-site server had more baked-in security than the agency's homebrew.
  • EternalBlue Vulnerability Puts Pirated Windows Systems at Malware Risk [Ed: Microsoft's collusion with the NSA (for US-controlled back doors) continues to cost billions... paid by people who foolishly chose or accepted PCs with Windows.]
    A particular vulnerability that has been codenamed EternalBlue is to be blamed for this misfortune. The malware risk especially affects computers which use pirated Windows versions. This gap in security has its traces back in the legacies of US secret service NSA. Even after several years, many systems continue to be vulnerable. For more than three years, US intelligence was using it for performing hidden attacks on all kinds of targets. The agency finally had to leak the vulnerability to Microsoft due to the danger of hacking by a famous hacker group, Shadow Brokers. Microsoft then consequently had to abandon a patch day for the very first time in the company’s history for filling in the gap as quickly as possible.

today's howtos