Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • More good news: Medical equipment is still prone to [cracker] attacks [iophk: Windows TCO]

    A new report from Unit 42 says 72% of health care networks mix [Internet] of things (IoT) and information technology assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. The report also offers a lot of data on non-medical IoT attacks.

    There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. And Unit 42 has seen a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware.

  • Conficker a Twelve Years Old Malware Attack Connected Objects [iophk: Windows TCO]

    Twelve years after its creation Conficker malware is now attacking connected objects. The American firm Palo Alto Networks announces that it has detected Conficker on the connected devices of a hospital, activating a resurgence of the twelve-year-old computer worm. It calls on all owners of connected objects to adopt the security measures recommended by specialists.

    According to a report released Tuesday, March 10, 2020, by IT expert Palo Alto Networks, a twelve years old computer worm called Conficker has recently made a comeback. The latter, which emerged in 2008 by taking advantage of security vulnerabilities in Microsoft’s Windows XP operating system, has generated a whole network of zombie machines.

    In 2009, Conficker reportedly infected up to 15 million machines. Still active, although it is considered a minor phenomenon and without real risk, it still infected some 400,000 computers in 2015. The proliferation of connected objects would have increased this number to 500,000 devices today.

  • [Older] Maastricht Univ. paid €250K to ransomware [attackers]: report [iophk: Windows TCO]

    Maastricht University paid between 200 thousand and 300 thousand euros to [attackers] who had blocked access to the university's digital systems with ransomware, various people involved told the Volkskrant. The university board was forced to pay because the university's backups were also hijacked. The backups [sic] - stored on the university servers - contain research data and data from students and staff from the past decades.

  • [Older] University of Maastricht says it paid [attackers] 200,000-euro ransom [iophk: Windows TCO]

    The University of Maastricht on Wednesday disclosed that it had paid [attackers] a ransom of 30 bitcoin — at the time worth 200,000 euros ($220,000) — to unblock its computer systems, including email and computers, after an attack that unfolded on Dec. 24.

  • [Older] Maastricht University Pays 30 Bitcoins as Ransom to TA505 Group[iophk: Windows TCO]

    A management summary of the Fox-IT report and Maastricht University’s response found that during the time frame of October 15 to 23 December 2019 (inclusive of both dates), the TA505 gained control over multiple servers. Following is the timeline of the events in the leadup to the final ransomware attack: [...]

  • FBI warns Zoom, teleconference meetings vulnerable to hijacking

    “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the FBI cautioned. “As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts.”

    It’s not just private businesses and children whose meetings could be Zoombombed. Privacy and security issues in conferencing software may also pose risks to national security, as world leaders convene Zoom meetings. In some cases, world leaders such as U.K. Prime Minister Boris Johnson have shared screenshots of their teleconferencing publicly only to reveal Zoom meeting IDs, raising concerns that sensitive information could be compromised.

  • Qakbot malspam sent from an infected Windows host [iophk: Windows TCO]

    Every once in a while, I'll see spambot-style traffic from the Windows hosts I infect in my lab environment. On Tuesday 2020-03-31, this happened during a Qakbot infection. I've covered examining Qakbot traffic before, but that didn't include examples of spambot emails sent from an infected Windows computer. Today's diary provides a quick review of some email examples from spambot traffic by my Qakbot-infected lab host.

  • Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims [iophk: Windows TCO]

    During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack. Based on direct observation of the C2 server, thousands of victims around the globe are compromised and under active control by the attackers. Additional information uncovered from the C&C server exposed traces of the threat actors behind this campaign.

    [...]

    Qbot (or Qakbot) was first identified in 2009 and has evolved significantly. It is primarily designed for collecting browsing activity and data related to financial websites. Its worm-like capabilities allow it to spread across an organization’s network and infect other systems.

  • os x ssh fails when using -p flag/a>

    /usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname. This was not present in macos 10.15.3

Weakness in Zoom for macOS allows local attackers to hijack cam

  • Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

    The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user's knowledge. The issues, which stem from insecure use of system APIs, were revealed Wednesday by security researcher Patrick Wardle on his blog. Wardle has a long history of macOS security research, which includes finding vulnerabilities, analyzing malware and writing security tools for Apple's platform.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

10 Best Linux Font Tools (Updated 2020)

In the days when Linux was a fledgling operating system, font handling was often identified as a major weakness. It was true that Linux then had problems with dealing with TrueType fonts, its font subsystem was prehistoric compared to its competitors, there was a dearth of decent fonts, difficulties in adding and configuring fonts made it almost impossible for beginners to improve matters for themselves, and jagged fonts with no anti-aliasing just added to a rather amateurish looking desktop. Fortunately, the situation is considerably better these days, with a better quality of user interface typography. With the continuing improving FreeType font engine producing high quality output, natively supporting scalable font formats like TrueType, Linux is making great strides although there’s still some way to go. Dealing with fonts under Linux can sometimes be tricky. Read more

Leftovers: Programming, Benchmarks, CMS and Mozilla 'Telemetry'

  • 3 Top Node.js Package Managers for Linux

    Node.js is one of the most popular programming languages rocking the software development industry in the world over. While developing and using Node.js applications, one common software that developers and general users will always find themselves relying on is a package manager. A Node.js package manager interacts with online package repositories (that contain Node.js libraries, applications, and related packages) and helps in many ways including package installation and dependency management. Some package managers also feature project management components.

  • Intel oneAPI DPC++ Compiler 2020-05 Released

    Intel has released oneAPI DPC++ Compiler 2020-05 as their latest snapshot for the current state of their LLVM-based Data Parallel C++ Compiler. Data Parallel C++ is Intel's cross-architecture language for direct programming that is derived from C++. DPC++ leverages Khronos' SYCL and the LLVM Clang compiler infrastructure so that the generated code in conjunction with the DPC++ run-time can run on hardware from CPUs to GPUs, FPGAs, and other specialized accelerators.

  • Testing in Go: philosophy and tools

    The Go programming language comes with tools for writing and running tests: the standard library's testing package, and the go test command to run test suites. Like the language itself, Go's philosophy for writing tests is minimalist: use the lightweight testing package along with helper functions written in plain Go. The idea is that tests are just code, and since a Go developer already knows how to write Go using its abstractions and types, there's no need to learn a quirky domain-specific language for writing tests.

  • Learn at home #3: building resilience and problem solving skills
  • Marco Zehe: My Journey To Ghost

    As I wrote in my last post, this blog has moved from WordPress to Ghost recently. Ghost is a modern publishing platform that focuses on the essentials. Unlike WordPress, it doesn‘t try to be the one-stop solution for every possible use case. Instead, it is a CMS geared towards bloggers, writers, and publishers of free and premium content. In other words, people like me. :-) After a lot of research, some pros and cons soul searching, and some experimentation, last week I decided to go through with the migration. This blog is hosted with the Ghost Foundation‘s Ghost(Pro) offering. So not only do I get excellent hosting, but my monthly fee will also be a donation to the foundation and help future development. They also take care of updates for me and that everything runs smoothly. And through a worldwide CDN, the site is now super fast no matter where my visitors come from.

  • Kiwi TCMS 8.4

    We're happy to announce Kiwi TCMS version 8.4!

  • he Glean SDK and iOS Application Extensions, or A Tale of Two Sandboxes

    Recently, I had the pleasure of working with our wonderful iOS developers here at Mozilla in instrumenting Lockwise, one of our iOS applications, with the Glean SDK. At this point, I’ve already helped integrate it with several other applications, all of which went pretty smoothly, and Lockwise for iOS held true to that. It wasn’t until later, when unexpected things started happening, that I realized something was amiss… [...] Well, that wasn’t ideal, to say the least, so we began an investigation to determine what course of action we should (or could) take. We went back and forth over the details but ultimately we determined that the Glean SDK shouldn’t know about processes and that there wasn’t much we could do aside from blocking it from running in the extensions and documenting the fact that it was up to the Glean SDK-using application to ensure that metrics were only collected by the main process application. I was a bit sad that there wasn’t much we could do to make the user-experience better for Glean SDK consumers, but sometimes you just can’t predict the challenges you will face when implementing a truly cross-platform thing. I still hold out hope that a way will open up to make this easier, but the lesson I learned from all of this is that sometimes you can’t win but it’s important to stick to the design and do the best you can.

  • Phoronix Test Suite 9.8 Milestone 1 Readies Another Round Of Benchmarking Features

    This week marks 16 years since starting Phoronix.com and 12 years since the Phoronix Test Suite 1.0 release, so what better way to celebrate than a new development release of the Phoronix Test Suite.

Audiocasts/Shows: Ubuntu Podcast, Self-Hosted, TLLTS

  • Ubuntu Podcast from the UK LoCo: S13E11 – Inside out clothes

    This week we’ve been making podcasts and porting games to Scratch. We discuss Mint breaking Chromium, possible new features in Groovy Gorilla, GNOME defeating a patent troll, ZFS on Ubuntu, microk8s coming to Windows and macOS and Lenovo shipping Ubuntu or more laptops and workstations. We also round up some of our favourite stories from the tech world.

  • One is None | Self-Hosted 20

    You're not a true self-hoster until you've lost your entire configuration at least once. Alex does a deep dive into cloud backup, plus we need your help to find the right Wifi solution for a listener.

  • The Linux Link Tech Show Episode 860

    a walk down memory lane, games, toys, hardware

GNU Projects: GNU Radio, GIMP and Guile/Guix

  • Hack-a-Sat call for participation

    I'm chairing the GNU Radio Conference CTF this year (will be held in September, website is https://www.gnuradio.org/grcon/grcon20/), and amateur radio has traditionally been a very large part of this event in every way. Your ideas for amateur radio satellite themed challenges are welcome and I look forward to working with you.

  • How to edit multiple photos at once

    GNU Image Manipulation Program (GIMP) – The biggest threat to Adobe Photoshop is this free, open-source desktop program. It has mostly everything you need to manipulate images, like cropping, color adjustment, adding effects, layers, and more. We highly recommend this software if you want to avoid Photoshop’s monthly subscription.

  • Here's the best free software to keep everybody occupied

    There once was a time when you could spend a lot of money and buy Adobe PhotoShop outright, getting a perpetual licence with your box of discs. But in 2017, Adobe changed all that and moved to a monthly subscription through its Creative Cloud service. On one hand, you get the latest and greatest software; on the other, you never really own it as you did in the past. There are plenty of image-editing apps and software programs out there if you want to do some basic photo editing. However, what if you want the power of Adobe Photoshop but don’t want to pay out for the monthly subscription? GIMPShop is the answer. The GNU Image Manipulation Program is free and includes plenty of advanced editing features, from cloning and healing tools to filters and settings such as exposure and colour. You can alter colour and shadows, work with layers, turn your images into t cartoon or touch-up portraits. Because it’s open source, people can work with the code, so there are plenty of third-party plugins that act as extra features to the program. Or, if you are so inclined, you can come up with your own. If you are already experienced with photo editing software, GIMPShop won’t have too much of a learning curve even the interface looks familiar.

  • Andy Wingo: a baseline compiler for guile

    Greets, my peeps! Today's article is on a new compiler for Guile. I made things better by making things worse! The new compiler is a "baseline compiler", in the spirit of what modern web browsers use to get things running quickly. It is a very simple compiler whose goal is speed of compilation, not speed of generated code. Honestly I didn't think Guile needed such a thing. Guile's distribution model isn't like the web, where every page you visit requires the browser to compile fresh hot mess; in Guile I thought it would be reasonable for someone to compile once and run many times. I was never happy with compile latency but I thought it was inevitable and anyway amortized over time. Turns out I was wrong on both points! The straw that broke the camel's back was Guix, which defines the graph of all installable packages in an operating system using Scheme code. Lately it has been apparent that when you update the set of available packages via a "guix pull", Guix would spend too much time compiling the Scheme modules that contain the package graph.