Language Selection

English French German Italian Portuguese Spanish

Security and Scare for Sale

Filed under
Security
  • Malware Attack Takes ISS World's Systems Offline

    Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

    At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

  • The rise and rise of ransomware [iophk: Windows TCO]
  • Security flaws belatedly fixed in open source SuiteCRM software

    According to Romano, a second-order PHP object injection vulnerability (CVE-2020-8800) in SuiteCRM could be “exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks, such as executing arbitrary PHP code”.

    SuiteCRM versions 7.11.11 and below are said to be vulnerable.

    [...]

    “We have put a notice on our open source community channels and advice via social media. We have a dedicated community that works around the clock to spot vulnerabilities and produce suitable fixes, which is one of the key benefits for a business when choosing to use open source software.”

  • With the rise of third-party code, zero-trust is key

    The surface area of website and web application attacks keeps growing. One reason for this is the prevalence of third-party code. When businesses build web apps, they use code from many sources, including both commercial and open-source projects, often created and maintained by both professional and amateur developers.

    Web application creators take advantage of third-party code because it allows them to build their websites and apps quickly. For example, companies are likely to add a third-party chat widget to their site, instead of building one from scratch.

    But third-party code can leave websites vulnerable. Consider the July 2018 Magecart attack on Ticketmaster. In this data breach, hackers were able to gain access to sensitive customer information on Ticketmaster's website by compromising a third-party script used to provide chatbot functionality.

    The challenge is that this third-party functionality runs directly on the customer's browser, and the browser is built to simply render the code sent down from a web server. It assumes that all code, whether first-party or third-party, is good.

  • New company BluBracket takes on software supply chain code security
  • BluBracket scores $6.5M seed to help secure code in distributed environments

    BluBracket, a new security startup from the folks who brought you Vera, came out of stealth today and announced a $6.5 million seed investment. Unusual Ventures led the round with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

More in Tux Machines

FreeFileSync: Open Source File Synchronization Tool

FreeFileSync is an impressive open-source tool that can help you back up your data to a different location. This different location can be an external USB disk, Google Drive or to any of your cloud storage locations using SFTP or FTP connections. You might have read our tutorial on how to use Google Drive on Linux before. Unfortunately, there’s no proper FOSS solution to use Google Drive natively on Linux. There is Insync but it is a premium, non open source software. Read more

Android Leftovers

Unboxing the latest Linux laptop from System76

I've been on a journey from Mac to Linux since joining the staff at Opensource.com almost two years ago. In a huge step for me, I finally made the call to have my personal laptop also run Linux. Due to the coverage of System76 in our community, I thought I'd give it a shot. I'm coming from a MacBook Pro as my go-to device, so I went with a near-standard build of the Lemur Pro for a comparable system. A reasonably priced upgrade to more RAM and a speedy NVMe hard drive later, my order was on its way. Why this laptop? I want to continue my road to Linux as the main operating system of my life, and I like to support my company's participation in open source. Ports were important (USB-C is a must, USB-A is nice to have), but the decision came down to a balance of sleek design, battery life, and enough power. I found the Lemur Pro specifications did the trick. Read more

today's howtos