Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Cryptojacking Code Found in 11 Open Libraries, Thousands Infected

    A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times.
    Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

  • Malicious cryptojacking code found in 11 Ruby libraries

    Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people.

    The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.

  • Cryptojacking Scripts Found in 11 Open-Source Code Libraries

    According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.

  • First‑of‑its‑kind spyware sneaks into Google Play
  • Open-source spyware bypasses Google Play defenses — twice

    Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017.

    Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores.

    While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

  • 61 impacted versions of Apache Struts left off security advisories

    Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework.

    The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.

  • Sectigo Sponsors Automated Certificate Issuance and Renewal in Electronic Frontier Foundation’s Certbot Open Source Software Tool

    Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.

More in Tux Machines

Linux commands to display your hardware information

There are many reasons you might need to find out details about your computer hardware. For example, if you need help fixing something and post a plea in an online forum, people will immediately ask you for specifics about your computer. Or, if you want to upgrade your computer, you'll need to know what you have and what you can have. You need to interrogate your computer to discover its specifications. Alternatively, you could open up the box and read the labels on the disks, memory, and other devices. Or you could enter the boot-time panels—the so-called UEFI or BIOS panels. Just hit the proper program function key during the boot process to access them. These two methods give you hardware details but omit software information. Or, you could issue a Linux line command. Wait a minute… that sounds difficult. Why would you do this? Read more

Android Leftovers

BlackWeb 1.2

BlackWeb is a penetration and security testing distribution based on Debian. The project's website presents the distribution's features as follows: BlackWeb is a Linux distribution aimed at advanced penetration testing and security auditing. BlackWeb contains several hundred tools which are geared towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering. Starting from an appropriately configured LXDE desktop manager it offers stability and speed. BlackWeb has been designed with the aim of achieving the maximum performance and minimum consumption of resources. There are 32-bit (x86) and 64-bit (x86_64) builds of BlackWeb available on the distribution's website. I downloaded the 64-bit build which is 2.6GB in size. Booting from the media brings up a menu asking if we would like to try BlackWeb's live desktop, run the installer or run the graphical installer. Taking the live desktop options presents us with a graphical login screen where we can sign in with the username "root" and the password "blackweb". Read more

Feh is a light-weight command-line image viewer for Linux

The default image viewer in most Linux distros is a fine option for many users, but if you want a distraction free alternative, Feh is a good option. Feh's interface is as barebones as it gets as it does not have any toolbars or buttons but is a command line interface application; because of that, it is very light on resources and still easy enough to use even for users who shy away from using the command line whenever possible. Read more