Language Selection

English French German Italian Portuguese Spanish

Security: Microsoft Windows Strikes Again

Filed under
Microsoft
Security
  • U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack

    The U.S. Coast Guard has issued an official warning to owners of ships that cybersecurity at sea needs updating, and updating urgently. In the Marine Safety Alert published June 8, the Coast Guard "strongly encourages" that cybersecurity assessments are conducted to "better understand the extent of their cyber vulnerabilities." This follows an interagency investigation, led by the Coast Guard, into a "significant cyber incident" that had exposed critical control systems of a deep draft vessel bound for the Port of New York in February 2019 to what it called "significant vulnerabilities."

  • Malware on the High Seas: US Coast Guard Issues Alert [iophk: Windows TCO is not a laughing matter. Get rid of it.]

    The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.

  • Eurofins Scientific: Forensic services firm paid ransom after cyber-attack [iophk: Windows TCO]

    BBC News has not been told how much money was involved in the ransom payment or when it was paid.

    The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

  • Eurofins Scientific Paid Up in Response to Ransomware Attack: Report [iophk: Windows TCO]

    Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.

  • Eurofins Scientific forensics firm pays after hit with ransomware [iophk: Windows TCO]

    Eurofins didn’t disclose how much it paid to retrieve its information but the money was likely paid between June 10, when Eurofins issued a statement about the attack, and June 24 when it published an update saying it had “identified the variant of the malware used” in the attack and had strengthened its cybersecurity.

  • [Old] Combating WannaCry and Other Ransomware with OpenZFS Snapshots [iophk: use FreeBSD, OpenBSD, or GNU/Linux on the desktop to avoid ransomware and servers to avoid ransomware damage]

    OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.

FOSS Security Patches

  • Security updates for Friday

    Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux commands to display your hardware information

There are many reasons you might need to find out details about your computer hardware. For example, if you need help fixing something and post a plea in an online forum, people will immediately ask you for specifics about your computer. Or, if you want to upgrade your computer, you'll need to know what you have and what you can have. You need to interrogate your computer to discover its specifications. Alternatively, you could open up the box and read the labels on the disks, memory, and other devices. Or you could enter the boot-time panels—the so-called UEFI or BIOS panels. Just hit the proper program function key during the boot process to access them. These two methods give you hardware details but omit software information. Or, you could issue a Linux line command. Wait a minute… that sounds difficult. Why would you do this? Read more

Android Leftovers

BlackWeb 1.2

BlackWeb is a penetration and security testing distribution based on Debian. The project's website presents the distribution's features as follows: BlackWeb is a Linux distribution aimed at advanced penetration testing and security auditing. BlackWeb contains several hundred tools which are geared towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering. Starting from an appropriately configured LXDE desktop manager it offers stability and speed. BlackWeb has been designed with the aim of achieving the maximum performance and minimum consumption of resources. There are 32-bit (x86) and 64-bit (x86_64) builds of BlackWeb available on the distribution's website. I downloaded the 64-bit build which is 2.6GB in size. Booting from the media brings up a menu asking if we would like to try BlackWeb's live desktop, run the installer or run the graphical installer. Taking the live desktop options presents us with a graphical login screen where we can sign in with the username "root" and the password "blackweb". Read more

Feh is a light-weight command-line image viewer for Linux

The default image viewer in most Linux distros is a fine option for many users, but if you want a distraction free alternative, Feh is a good option. Feh's interface is as barebones as it gets as it does not have any toolbars or buttons but is a command line interface application; because of that, it is very light on resources and still easy enough to use even for users who shy away from using the command line whenever possible. Read more