Language Selection

English French German Italian Portuguese Spanish

Security and Scare for Sale

Filed under
Security
  • Malware Attack Takes ISS World's Systems Offline

    Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

    At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

  • The rise and rise of ransomware [iophk: Windows TCO]
  • Security flaws belatedly fixed in open source SuiteCRM software

    According to Romano, a second-order PHP object injection vulnerability (CVE-2020-8800) in SuiteCRM could be “exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks, such as executing arbitrary PHP code”.

    SuiteCRM versions 7.11.11 and below are said to be vulnerable.

    [...]

    “We have put a notice on our open source community channels and advice via social media. We have a dedicated community that works around the clock to spot vulnerabilities and produce suitable fixes, which is one of the key benefits for a business when choosing to use open source software.”

  • With the rise of third-party code, zero-trust is key

    The surface area of website and web application attacks keeps growing. One reason for this is the prevalence of third-party code. When businesses build web apps, they use code from many sources, including both commercial and open-source projects, often created and maintained by both professional and amateur developers.

    Web application creators take advantage of third-party code because it allows them to build their websites and apps quickly. For example, companies are likely to add a third-party chat widget to their site, instead of building one from scratch.

    But third-party code can leave websites vulnerable. Consider the July 2018 Magecart attack on Ticketmaster. In this data breach, hackers were able to gain access to sensitive customer information on Ticketmaster's website by compromising a third-party script used to provide chatbot functionality.

    The challenge is that this third-party functionality runs directly on the customer's browser, and the browser is built to simply render the code sent down from a web server. It assumes that all code, whether first-party or third-party, is good.

  • New company BluBracket takes on software supply chain code security
  • BluBracket scores $6.5M seed to help secure code in distributed environments

    BluBracket, a new security startup from the folks who brought you Vera, came out of stealth today and announced a $6.5 million seed investment. Unusual Ventures led the round with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

More in Tux Machines

GNOME Foundation Elections and Report

  • Looking for candidates for the 2020 GNOME Foundation elections

    I forgot to write this a few days ago; I hope it is not too late. The GNOME Foundation's elections for the Board are coming up, and we are looking for candidates. Of the 7 directors, we are replacing 4, and the 3 remaining positions remain for another year. You could be one of those four. I would like it very much if there were candidates and directors that fall outside the box of "white male programmer"; it is unfortunate that for the current Board we ended up with all dudes. GNOME has a Code of Conduct to make it a good place to be.

  • Se buscan candidat@s para las elecciones 2020 de la Fundación de GNOME
  • GNOME Foundation Board of Directors: a Year in Review

    The 2020 elections for the GNOME Foundation Board of Directors are underway, so it’s a good time to look back over the past 12 months and see what the current board has been up to. This is intended as a general update for members of the GNOME project, as well as a potential motivator for those who might be interested in running in the election!

today's howtos

Android Leftovers

TUXEDO Computers’ Latest Linux Laptop Is a Power House for Gamers

The TUXEDO Book XA15 laptop is a power house, coming equipped with a powerful AMD Ryzen 3000 desktop processor and Nvidia’s GeForce RTX 2000 Refresh series graphics cards. Designed by TUXEDO Computers as a high-end gaming machine, the TUXEDO Book XA15 Linux-powered laptop offers customers a high-end mobile workstation for gaming and graphic renderings with desktop-class performance. Customers can choose between a wide-range of AMD Ryzen 3000 series CPUs, including the Ryzen 5 3600, Ryzen 5 3600X, Ryzen 7 3700X, Ryzen 7 3800X, or Ryzen 9 3900X and Ryzen 9 3950X. And the best thing about having a laptop equipped with a desktop processor is that you can easily upgrade or repair it. Read more