Language Selection

English French German Italian Portuguese Spanish

Security and Scare for Sale

Filed under
Security
  • Malware Attack Takes ISS World's Systems Offline

    Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

    At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

  • The rise and rise of ransomware [iophk: Windows TCO]
  • Security flaws belatedly fixed in open source SuiteCRM software

    According to Romano, a second-order PHP object injection vulnerability (CVE-2020-8800) in SuiteCRM could be “exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks, such as executing arbitrary PHP code”.

    SuiteCRM versions 7.11.11 and below are said to be vulnerable.

    [...]

    “We have put a notice on our open source community channels and advice via social media. We have a dedicated community that works around the clock to spot vulnerabilities and produce suitable fixes, which is one of the key benefits for a business when choosing to use open source software.”

  • With the rise of third-party code, zero-trust is key

    The surface area of website and web application attacks keeps growing. One reason for this is the prevalence of third-party code. When businesses build web apps, they use code from many sources, including both commercial and open-source projects, often created and maintained by both professional and amateur developers.

    Web application creators take advantage of third-party code because it allows them to build their websites and apps quickly. For example, companies are likely to add a third-party chat widget to their site, instead of building one from scratch.

    But third-party code can leave websites vulnerable. Consider the July 2018 Magecart attack on Ticketmaster. In this data breach, hackers were able to gain access to sensitive customer information on Ticketmaster's website by compromising a third-party script used to provide chatbot functionality.

    The challenge is that this third-party functionality runs directly on the customer's browser, and the browser is built to simply render the code sent down from a web server. It assumes that all code, whether first-party or third-party, is good.

  • New company BluBracket takes on software supply chain code security
  • BluBracket scores $6.5M seed to help secure code in distributed environments

    BluBracket, a new security startup from the folks who brought you Vera, came out of stealth today and announced a $6.5 million seed investment. Unusual Ventures led the round with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

More in Tux Machines

KDE Plasma 5.18.4 LTS Desktop Environment Brings More Than 40 Fixes

Coming three weeks after the Plasma 5.18.3 point release, which introduced a bunch of Flatpak improvements and more than 60 fixes, the KDE Plasma 5.18.4 LTS release is here to add more than 40 bug fixes to various of the desktop environments core components. Among the changes, there’s improved support for the upcoming Qt 5.15 application framework for Breeze and libksysguard components and better support for the fwupd open-source daemon for installing firmware updates on devices in the Discover package manager. Flatpak support in Discover was also improved by fixing two issues. Moreover, XSettingsd was added as a runtime dependency to KDE GTK Config, kwallet-pam now works with pam_fscrypt, and KWin now allow the creation of more than one row on the “Virtual Desktops” settings page. Read more

Obarun – An Arch Based Linux Distro Without Systemd

Today’s Linux distribution review is not just for distro hoppers who love to try something new but it’s for people who have a specific purpose such as a Linux system without systemd. Systemd, as we all know, has always been criticized by a lot of developers and Linux users. Obarun is packed with enough utilities to install & start a vanilla Arch Linux without any trouble. I have written an article on how to install Arch step by step and it is a long article. But Obarun does the Arch installation in a very simple way. It comes with obarun-installer, a script that helps install Arch as easily as possible. Read more

40 Practical and Useful awk Command in Linux and BSD

AWK is a powerful data-driven programming language that dates its origin back to the early days of Unix. It was initially developed for writing ‘one-liner’ programs but has since evolved into a full-fledged programming language. AWK gets its name from the initials of its authors – Aho, Weinberger, and Kernighan. The awk command in Linux and other Unix systems invokes the interpreter that runs AWK scripts. Several implementations of awk exist in recent systems such as gawk (GNU awk), mawk (Minimal awk), and nawk (New awk), among others. Check out the below examples if you want to master awk. Read more

Android Leftovers