Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

today's howtos

Games Leftovers

Databases: Percona and InfluxDB

Finance/Funding and FOSS

  • Poloniex continues to support open-source development; donates to Grin General Fund

    Released in January 2019, privacy-focused cryptocurrency Grin was previously in the news for its hard fork in July 2019. The hard fork in question, focused on maximizing miner decentralization and usability. The cryptocurrency has been solely reliant on crowdfunding and previously in March 2019, the coin received an anonymous donation of 50 BTC. But, the aspect that makes this privacy-focused cryptocurrency stand out is its involvement with Mimblewimble. Grin is the first application on the Mimblewimble protocol, which was created to bolster the scalability and privacy of digital assets. Litecoin’s Charlie Lee has been steering the silver coin towards Mimblewimble, going on to hire a developer from Grin to explore Litecoin’s capabilities with the protocol.

  • Square Crypto Hires Lightning, Libra Developers for ‘Bitcoin Dream Team’

    Square Crypto, the division of the publicly traded payments company that focuses exclusively on bitcoin, just announced three new hires to work on open source projects.

  • Open Source Bitcoin Payment Processor Receives a Grant From Square Crypto

    Bringing cryptocurrency payments to a larger audience is no easy feat. Many companies are trying to do so, albeit to little or no avail. Square Crypto, the branch of Square, which focuses on the cryptocurrency industry, is trying to change that aspect. Their recent investment in BTCPay Server shows there may be a bright future ahead for crypto payments on a global scale.

  • MyHbarWallet launches the first browser-based, open source wallet for hbars

    Today, MyHbarWallet.com launched, and is excited to support the Hedera™ Hashgraph community. Out of the box, users can initiate the account creation process, load existing accounts, and create accounts on behalf of requestors. MyHbarWallet was influenced by MyEtherWallet (MEW), the top wallet for the Ethereum blockchain. We wanted to make the experience of using Hedera familiar for those who are already active in the cryptocurrency space. The team behind MyHbarWallet is the same core team actively contributing to the open source Hedera software development kits (SDK). MyHbarWallet was built using Vue.js.

  • Tidelift and the Python Software Foundation partner to support widely used Python web development libraries

    The Python Software Foundation and Tidelift today announced a partnership to support the community-driven Pallets Projects, a collection of Python web development libraries downloaded millions of times each month. Tidelift now provides recurring income to the team of developers behind these vitally important open source libraries to help ensure they are maintained to commercial standards. The collaboration also enables Pallets maintainers to deliver maintenance, security, and license assurances to Tidelift's managed open source subscription customers, ensuring the libraries work well with their applications.

  • Investors’ Interest in AI, Open Source Software Remains High

    DataRobot, which automates the process of creating machine learning models, announced a $206 million Series E round led by Sapphire Ventures that values the company at more than $1 billion. GitLab, which lets software developers collaborate on projects, announced a $268 million Series E round led by Goldman Sachs and Iconiq, at a $2.75 billion valuation. 

  • Lira, eToro’s New Open-source Programming Language

    eToro, the global multi-asset investment company, has today released the details of Lira, a new open-source programming language for financial contracts. Lira is the first step in bringing the $500 trillion OTC derivatives market onto the Blockchain by introducing a new formal contract language.(i) Lira is a domain-specific language that can be used to write OTC financial contracts for assets currently on the Ethereum blockchain. It is both secure and easy to programme whilst guaranteeing self-executing global settlement and automated trade reporting and monitoring. It’s easy tracking and compression will enable better collateral requirement efficiencies.

  • Automattic raises $300 million at $3 billion valuation from Salesforce Ventures

    Automattic, the company behind WordPress.com, WooCommerce and soon Tumblr, has closed a $300 million funding round at a $3 billion post-money valuation. The Series D round has a single investor, Salesforce Ventures. Funding rounds are something special for Automattic . While the company has been around for nearly 15 years, it hasn’t raised a ton of money. It closed a $160 million Series C round back in 2014 and raised little money before that.