Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (firefox-esr, gnutls28, and libmtp), Fedora (cyrus-sasl, firefox, glibc, squid, and telnet), Gentoo (firefox), Mageia (dcraw, firefox, kernel, kernel-linus, librsvg, and python-nltk), openSUSE (firefox, haproxy, icu, and spamassassin), Red Hat (nodejs:10, openstack-manila, python-django, python-XStatic-jQuery, and telnet), Slackware (firefox), SUSE (bluez, exiv2, and libxslt), and Ubuntu (firefox).

  • Open Source Security Podcast: Episode 191 - Security scanners are all terrible

    Josh and Kurt talk about security scanners. They're all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you're running the scanner and what the reports mean?

  • Misconfigured Docker API Ports Targeted by Kinsing Malware

    Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware.

    According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container.

    The command used for creating the Ubuntu container included a shell script “d.sh.” By means of its 600+ lines of code, the shell script began by disabling security measures, clearing logs and disabling other malware and cryptominer samples. It’s then that the command killed rival malicious Docker containers before loading its Kinsing payload.

  • L1d Cache Flush On Context Switch Moves Forward For Linux In Light Of Vulnerabilities

    A new patch series sent out just under one month ago was providing opt-in L1 data cache flushing on context switching. That work has now been revived again and now with documentation added it's clear that this work is being done in response to a recent CVE being made public.

    The patches originally sent out by an Amazon engineer characterized the work as for the "paranoid due to the recent snoop assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

More on Docker

  • Docker Users Targeted with Crypto Malware Via Exposed APIs [Ed: People who use things they do not understand can leave holes, but this is not the fault of the software]

    Hackers are attempting to compromise Docker servers en masse via exposed APIs in order to spread cryptocurrency mining malware, according to researchers.

    Aqua Security claimed to have tracked the organized campaign for several months, revealing that thousands of attempts to hijack misconfigured Docker Daemon API ports are taking place almost every single day.

    “In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts,” it explained.

    The Ubuntu container itself is designed to disable security measures and clear logs, and kills applications on the system including any other malware, as well as downloading the kinsing malware designed to mine for digital currency on the compromised Docker host.

Misconfigured Containers Again Targeted by Cryptominer Malware

  • Misconfigured Containers Again Targeted by Cryptominer Malware

    An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.
    Attackers are searching for containers that expose a misconfigured port for the Docker API to add another container to do their bidding and run malicious code to mine cryptocurrency, container security firm Aqua Security stated in an April 3 advisory.

    The campaign appears to target containers that allow Docker commands to be executed without authentication, with — in some cases — more than a hundred scans targeting each IP address on the Internet every day. A search using the port-scanning service Shodan revealed that some 6,000 IP addresses may have vulnerable installations of Docker, says Idan Revivo, head of cybersecurity research for Aqua Security.

Kinsing Malware Hits Container API Ports With Thousands...

More on 'Kinsing'

  • If you don't cover your Docker daemon API port you'll have a hell of a time... because cryptocreeps are hunting for it

    Some Docker installations are getting hammered by malware skiddies hoping to mine digital cash using other people's CPU time.

    Infosec outfit Aqua – no, not the Barbie Girl band – said miscreants have spotted that a decent number of Docker deployments are lazily or inadvertently exposing the daemon API port to the public internet with no protection. It's a fairly common error that hackers have exploited in the past to mine digital coins, although lately we're told there have been thousands of infection attempts daily via this interface, all involving a piece of Linux malware dubbed Kinsing.

    "These are the highest numbers we’ve seen in some time, far exceeding what we have witnessed to date," noted researcher Gal Singer this week.

    "We therefore believe that these attacks are directed by actors with sufficient resources and the infrastructure needed to carry out and sustain such attacks, and that this is not an improvised endeavor."

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Python Programming

  • The PEPs of Python 3.9

    With the release of Python 3.9.0b1, the first of four planned betas for the development cycle, Python 3.9 is now feature-complete. There is still plenty to do in terms of testing and stabilization before the October final release. The release announcement lists a half-dozen Python Enhancement Proposals (PEPs) that were accepted for 3.9. We have looked at some of those PEPs along the way; there are some updates on those. It seems like a good time to fill in some of the gaps on what will be coming in Python 3.9

  • How to Write an Installable Django App

    In the Django framework, a project refers to the collection of configuration files and code for a particular website. Django groups business logic into what it calls apps, which are the modules of the Django framework. There’s plenty of documentation on how to structure your projects and the apps within them, but when it comes time to package an installable Django app, information is harder to find. In this tutorial, you’ll learn how to take an app out of a Django project and package it so that it’s installable. Once you’ve packaged your app, you can share it on PyPI so that others can fetch it through pip install.

  • Pros and Cons of Python: A Definitive Python Web Development Guide

    Python is a powerful programming language for mobile and web development projects. It is also the most popular programming language for AI in 2020. RedI Python development’s use cases in scientific computing, statistics, and education make it one of the highly preferred programming languages for Python programmers. The open-source programming language launched in 1992 is now on the verge of becoming the most popular and used programming language. Due to the rise in demand for AI and ML applications, Python web programming is now the first thing that comes to mind for coding such applications. But is Python for web development even worth it? It definitely is. Some of the top companies use Python web programming in their technology stack.

Fedora 32 Elections

mesa 20.1.0

Hi all,

I'd like to announce Mesa 20.1.0, the first release for the 20.1 branch.

Being the first release of this new branch, there can be issues that
will be discovered now that the new code will be widely used, so you may
want to stay on the 20.0.x releases until the 20.1.1 release, scheduled
for 14 days from now on 2020-06-10.

One already known issue that I want to point out is that Unreal Engine 4
has a bug in its usage of glDrawRangeElements() causing it to be
called with a number of vertices in place of the `end` parameter,
that was recently revealed. This is an annoying bug that we haven't
worked around yet. For more details:
https://gitlab.freedesktop.org/mesa/mesa/-/issues/2917

Eric

---

Andrii Simiklit (1):
      i965/vec4: Ignore swizzle of VGRF for use by var_range_end()

Bas Nieuwenhuizen (4):
      radv/winsys:  Remove extra sizeof multiply.
      radv: Handle failing to create .cache dir.
      radv: Do not close fd -1 when NULL-winsys creation fails.
      radv: Implement vkGetSwapchainGrallocUsage2ANDROID.

D Scott Phillips (1):
      anv/gen11+: Disable object level preemption

Danylo Piliaiev (3):
      meson: Disable GCC's dead store elimination for memory zeroing custom new
      mesa: Fix double-lock of Shared->FrameBuffers and usage of wrong mutex
      intel/fs: Work around dual-source blending hangs in combination with SIMD16

Dave Airlie (1):
      llvmpipe: compute shaders work better with all the threads.

Eric Engestrom (4):
      .pick_status.json: Update to a91306677c613ba7511b764b3decc9db42b24de1
      tree-wide: fix deprecated GitLab URLs
      docs: Add release notes for 20.1.0
      VERSION: bump to 20.1.0 release

Erik Faye-Lund (1):
      zink: use general-layout when blitting to/from same resource

Gert Wollny (1):
      r600: Fix duplicated subexpression in r600_asm.c

Hanno Böck (1):
      Properly check mmap return value

Icecream95 (1):
      panfrost: Fix background showing when using discard

Jason Ekstrand (3):
      nir/lower_double_ops: Rework the if (progress) tree
      nir/opt_deref: Report progress if we remove a deref
      nir/copy_prop_vars: Record progress in more places

Kristian Høgsberg (1):
      freedreno: Use the right amount of &'s

Nataraj Deshpande (1):
      dri_util: Update internal_format to GL_RGB8 for MESA_FORMAT_R8G8B8X8_UNORM

Pierre-Eric Pelloux-Prayer (1):
      amd/addrlib: fix forgotten char -> enum conversions

Rhys Perry (1):
      nir: fix lowering to scratch with boolean access

Rob Clark (1):
      freedreno: clear last_fence after resource tracking

Samuel Pitoiset (2):
      radv: handle different Vulkan API versions correctly
      radv: update the list of allowed Android extensions

Timothy Arceri (2):
      glsl: stop cascading errors if process_parameters() fails
      glsl: fix slow linking of uniforms in the nir linker

Vinson Lee (3):
      r600/sfn: Initialize VertexStageExportForGS m_num_clip_dist member variable.
      r600/sfn: Use correct setter method.
      freedreno: Add missing va_end.

git tag: mesa-20.1.0
Read more Also: Mesa 20.1 Released With Numerous Linux Graphics Driver Improvements

Android Mirroring App ‘Scrcpy’ Just Added a Bunch of New Features

If you read this blog regularly enough you’ll be familiar with scrcpy, an ace root-free way to mirror your Android smartphone on your Ubuntu desktop and interact with it. Scrcpy is free, it’s open source, it’s awesome. Oh yeah, and it’s updated regularly! Which is what this post is about: telling you what’s new and notable in the latest release, scrcpy 1.14 — so let’s get to it! Read more