Language Selection

English French German Italian Portuguese Spanish

Security Patches and FUD/Drama

Filed under
Security

This is a Web site issue

New ACBackdoor Malware Targeting Both Linux and Windows Systems

By HackRead

  • Meet ACbackdoor malware targeting Linux and Windows devices [Ed: They call it "backdoor" but it targets machines that are already compromised some other way]

    Furthermore, the Linux variant comes across as more complex with extra capabilities such as process renaming. This is also evident through a search of the Linux binary on VirusTotal where it is detected by only one anti-malware scanning engine whereas the Windows version yielded a significantly higher detection rate of 37/70.

ZDNet: Linux is terrorism

ZDNet meme

ZDNet FUD

More scare-mongering

  • Servers Running Linux May Get Riskier for Enterprises Next Year [Ed: GNU/Linux FUD to increase next year. Or this year. Say people who sell security as a product]

    Enterprises using Linux for their cloud or data center servers may be faced with a larger threat from advanced security attackers in the near future. Based on the Linux Foundation’s estimates back in 2014, 75% of enterprises reported using Linux for the cloud and 79% for application deployments.

ACBbackdoor trojan designed to hit Linux...

  • ACBbackdoor trojan designed to hit Linux and Windows systems

    Intezer Security has found a new backdoor, ACBackdoor, that has no known connection to an operating threat group creating the possibility it could be a harbinger of a new gang’s formation.

    ACBackdoor is primarily a Linux malware, but Intezer has spotted a Windows variant and the company believes it was created by an experienced group of threat actors.

    One piece of evidence pointing toward the ACBackdoor developers being experienced with Linux is that version has a lower detection rate, is written better than the Windows implant, with a higher quality persistence mechanism, along with the different backdoor commands and additional features not seen in the Windows version such as independent process creation and process renaming.

More FUD and More anti-Linux

  • Chinese Hackers Break Into Chrome, Safari, Edge; Reveal Browsers' Vulnerabilities

    Popular vendors received terrible news over the weekend as reports claimed that Chinese hackers were able to exploit vulnerabilities in major browsers, apps, and common utilities. At the recent Tianfu cup held in Chengdu, China, Chinese China's top white-hat hackers have converged in to test zero-days against top software available in the market today. During the first day of the event, Chinese security researchers were able to break into major browsers such as Safari, Microsoft Edge, and Google Chrome.

    Since Mar. 2018, the Chinese government has officially discouraged security researchers from joining hacking competitions outside the county. The recent Tianfu Cup is the venue for hackers to showcase their skills and even earn six-figure bounties for successful exploits. Former Pwn2Own winner Team 360 Vulcan took home $382,500 for successfully hacking the old version of Office 365, Microsoft Edge, Adobe PDF Reader, VMWare Workstation, and gemu+ Ubuntu during the two days event, reports ZDNet.

  • New Roboto botnet emerges targeting Linux servers running Webmin [Ed: ZDNet again goes out of its way to ignore back doors in #proprietarysoftware such as Windows and instead promote the stigma of "Linux" having "back doors" and being super dangerous, courtesy of By Catalin Cimpanu as usual]

Webmin

Again trying to associate "Linux" with "ISIS"

Chrome, Edge, and Safari are not as safe as you might think

  • Your web browsers including Chrome, Edge, and Safari are not as safe as you might think

    Recently, Chrome, Edge, Safari were hacked at a Security event in China named Tianfu Cup. Our lives are being more dependable on digital devices than ever and there’s nothing scarier than the fear of losing your personal information to some third parties. To know about the loopholes of various web browsers a Security-focused event was held at China aimed to exploit various web browsers and to reward the researchers. Various researchers test some hidden loopholes presented within some known apps including Google Chrome, Microsoft Edge and even Apple’s Safari as well as Office 365 and Adobe PDF Reader. Security Researchers were even able to hack these apps and softwar during the contest and earned thousands of dollars in rewards.

More from the same 'script'

  • The awaiting Roboto Botnet

    On August 26, 2019, our 360Netlab Unknown Threat Detection System highlighted a suspicious ELF file (4cd7bcd0960a69500aa80f32762d72bc) and passed along to our researchers to take a closer look, upon further analysis, we determined it is a P2P bot program.

  • Linux Servers Running Webmin App Targeted By DDoS Attacks

    A new botnet named Roboto is targeting Linux servers running Webmin app, according to security researchers at 360 Netlab. Roboto is a peer-to-peer botnet that has been active since summer and is exploiting a vulnerability in the Webmin app. The app offers a web-based remote management system for Linux servers and is installed on as many as 215,000 servers.

    The vulnerability, identified as CVE-2019-15107, allows bad actors to compromise older Webmin servers by running malicious code and gaining root privileges. The vulnerability was identified and patched by the company behind Webmin. However, many users have not installed the latest version with the patch, and Roboto botnet is targeting such servers.

Slashdot joins the drama a week late

NextCloud Linux Servers Targetted by NextCry Ransomware

  • NextCloud Linux Servers Targetted by NextCry Ransomware

    Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary utilizing pyInstaller, oddly makes use of Base64 to encode file names in addition to the content material of information which have already been encrypted. Gillespie has additionally confirmed that NextCry encrypts information utilizing the AES algorithm with a 256-bit key.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Document Scanning and Developer-Focused TV Box

  • The 15 Best Document Scanner Apps for Android Devices in 2020

    It doesn’t matter whether you are an Office job holder, a businessman, or a student; you will face a situation where scanning some papers or documents seem to be essential. But finding a scanner is tough in many places nowadays. You can deal with such a problem if you have installed any document scanner apps on your Android device. In PlayStore, some scanner apps can turn your mobile phone into a tiny scanner. So, just by installing a useful document scanner App, you can scan notes and documents anytime, anywhere.

  • Google ADT-3 is a Developer-Focused TV Box for Android TV on Android 10

    Back in 2014, Google killed Google TV and announced Android TV, and as a result, introduced ADT-1, the first developer kit specifically designed for Android TV.

Improving the security model of the LVFS

There are lots of layers of security in the LVFS and fwupd design, including restricted account modes, 2FA, and server side AppStream namespaces. The most powerful one is the so-called vendor-id that the vendors cannot assign themselves, and is assigned by me when creating the vendor account on the LVFS. The way this works is that all firmware from the vendor is tagged with a vendor-id string like USB:0x056A which in this case matches the USB consortium vendor assigned ID. Client side, the vendor-id from the signed metadata is checked against the physical device and the firmware is updated only if the ID matches. This ensures that malicious or careless users on the LVFS can never ship firmware updates for other vendors hardware. About 90% of the vendors on the LVFS are locked down with this mechanism. Some vendors have to have IDs that they don’t actually own, a good example here is for a DFU device like the 8bitdo controllers. In runtime mode they use the USB-assigned 8bitdo VID, but in bootloader mode they use a generic VID which is assigned to the chip supplier as they are using the reference bootloader. This is obviously fine, and both vendor IDs are assigned to 8bitdo on the LVFS for this reason. Another example is where Lenovo is responsible for updating Lenovo-specific NVMe firmware, but where the NVMe vendor isn’t always Lenovo’s PCI ID. Read more

Programming: Vim, Qt Shader and Python

  • Vim Text Editor for Beginners Part 1 - Introduction

    In my newly refreshed Vim series, you'll learn all the things you'll need to know in order to use this text editor in your daily workflow. In this first video, we'll get Vim installed take an initial look.

  • Vim Text Editor for Beginners Part 2 - Combining Files

    In my newly refreshed Vim series, you'll learn all the things you'll need to know in order to use this text editor in your daily workflow.

  • Qt Shader Tools Looks To Become Official Qt6 Module

    The currently-experimental Qt Shader Tools allows for graphics/compute shader conditioning and used by the in-development Qt graphics abstraction layer for supporting Vulkan / Metal / Direct3D / OpenGL APIs. Qt Shader Tools offers various shader features in preparing them for consumption by different graphics APIs. Qt Shader Tools is currently used ahead of time for QtGUI with Qt 5.14+. But for Qt 6.0, Qt Shader Tools is going through the appropriate steps for becoming a formal Qt 6 module for compiling and translating shaders between interfaces.

  • Python Positional-only parameters

    I have downloaded Python 3.8 and start to play around with those latest python functions. In this article, we will look at the Positional-only parameter syntax which is a function parameter syntax / to indicate that some function parameters must be specified positionally and cannot be used as keyword arguments which means after the / syntax we may specify a value for each parameter within that function.

  • For Loop in Python Explained With Practical Examples

    If you are just getting started to learn Python, you must be in search of something to explore for loop in Python. Of course, our list of free python resources should help you learn about it quickly. In either case, we shall help you learn more about the ‘for‘ loop in python using a couple of important examples.

Games: Pygame, The Long Dark, DXVK and Shovel Knight

  • Enable your Python game player to run forward and backward

    In previous entries in this series about creating video games in Python 3 using the Pygame module, you designed your level-design layout, but some portion of your level probably extended past your viewable screen. The ubiquitous solution to that problem in platformer games is, as the term "side-scroller" suggests, scrolling. The key to scrolling is to make the platforms around the player sprite move when the player sprite gets close to the edge of the screen. This provides the illusion that the screen is a "camera" panning across the game world. This scrolling trick requires two dead zones at either edge of the screen, at which point your avatar stands still while the world scrolls by.

  • Survival Mode in The Long Dark just got a lot bigger with the ERRANT PILGRIM update

    As promised, Hinterland Studio have released a huge update to the Survival Mode side of The Long Dark named ERRANT PILGRIM. It brings in a whole new region to explore, Bleak Inlet. Once a home to a thriving industrial Cannery, seismic activity cut-off Bleak Inlet from the rest of the Great Bear mainland. Exploring is not for the faint of heart, being Timberwolf territory but the treasures contained in the industrial complex may just be enough to warrant the journey.

  • DXVK Reportedly Going Into "Maintenance Mode" Due To State Of Code-Base

    While DXVK tends to be much-loved by Linux gamers for allowing more Direct3D 10/11 Windows games to run nicely on Linux with Wine or Proton (Steam Play) thanks to its fairly complete translation of D3D10/D3D11 API calls to Vulkan, it looks like Philip Rebohle is at least contemplating shifting it just into maintenance-mode. The DXVK lead developer recently commented that DXVK is "entering maintenance mode" and he doesn't want to make any significant changes or additions to the code.

  • Shovel Knight: King of Cards and Shovel Knight Showdown are out, completing the series

    Starting off with a successful Kickstarter crowdfunding campaign back in 2013 and growing into a massive multi-part 8-bit inspired world, Shovel Knight: Treasure Trove now finally finished. Note: Keys provided by GOG.com to us. Originally having a goal of $75,000 and a Linux/macOS stretch goal at $130,000 it proved to be popular ending on $311,491. It's taken six years for Yacht Club Games to get here starting with Shovel of Hope, followed by Plague of Shadows in 2015, Specter of Torment in 2017, and now King of Cards and Shovel Knight Showdown in 2019.