Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Guest Blog Post: Leaking silhouettes of cross-origin images – Attack & Defense

    This is a writeup of a vulnerability I found in Chromium and Firefox that could allow a malicious page to read some parts of an image located on an origin it is not supposed to be able to access. Although technically interesting, it is quite limited in scope—I am not aware of any major websites it could’ve been used against. As of November 17th, 2020, the vulnerability has been fixed in the most recent versions of both browsers.

    [....]

    I reported this bug to Mozilla on May 29th, 2020 through the Mozilla Security Bug Bounty program and to Google through the Chrome Vulnerability Reward the next day. It took some time to figure out which graphics backend is used in Firefox by default these days. With the help of a Google engineer and some profiling tools, we identified that the same piece of Skia code was responsible for this behavior in both browsers.

    Google updated Skia to remove branching on alpha value in blit_row_s32a_opaque completely on August 29th, 2020 and merged that change into Chromium on the same day. Mozilla merged the change on October 6th, 2020.

    Google has issued CVE-2020-16012 to notify users about this bug.

    Both vendors offered very generous bounties for my reports. It’s been a pleasure working with Mozilla and Google to get this fixed, and I would like to take this opportunity to thank Mike Klein from Google and Lee Salzman from Mozilla for their work on diagnosing and fixing the bug. I would also like to thank Tom Ritter and Lee Salzman from Mozilla for their helpful feedback on drafts of this blog post.

  • Kaspersky: old malware and SolarWinds attack code similar, but don't leap to conclusions

    Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

  • Why The Latest Cyberattack Was Different

    What sets the SolarWinds attack apart from previous incidents is its sheer scale. The company has over 300,000 customers worldwide, according to filings made to the U.S. Securities and Exchange Commission. Throughout 2020, SolarWinds sent out software updates to roughly 18,000 of them. To date, at least 250 networks have reportedly been affected by the booby-trapped file. Shortly after being downloaded, the virus executes commands that create a backdoor in the network to transfer files, disable services, and reboot machines. Targeted institutions include the U.S. departments of Defense, Homeland Security, State, Energy, and the Treasury; all five branches of the U.S. military; the National Nuclear Security Administration, and 425 of the Fortune 500 companies, including Cisco, Equifax, MasterCard, and Microsoft. There have been other major cyberattacks in the past, but none has achieved this kind of penetration. By compromising powerful governments and businesses, including some of the most successful technology companies, the SolarWinds exploit shatters the illusion of information security. The [attack] has also spooked the financial services sector.

  • Russia, Reuters and postcards make for a very silly red scare

    The kind of silly claims made by Western news media when it comes to cyber security attacks can be gauged from the latest "exclusive" put out by the British news agency Reuters: a claim that the FBI is investigating a postcard sent to security firm FireEye after it began looking closely at an attack on its own infrastructure.

  • Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks [iophk: Windows kills]

    he security vendor’s latest data covers the period from the beginning of November to the end of 2020, and compares it with the previous two months (September-October), a spokesperson confirmed to Infosecurity.

    It revealed a 45% increase in attacks on the healthcare sector, versus less than half this figure (22%) for all other verticals. November was particularly bad, with HCOs suffering 626 weekly attacks on average per organization, compared with 430 in the previous two months.

    Although the attacks span a variety of categories — including ransomware, botnets, remote code execution and DDoS — perhaps unsurprisingly, it is ransomware that displayed the largest increase overall and poses the biggest threat to HCOs, according to Check Point.

    Ryuk and Sodinokibi (REvil) were highlighted as the main culprits.

  • New Year, New Ransomware: Babuk Locker Targets Large Corporations [iophk: Windows TCO]

    The ransomware, which comes in the form of a 32-bit .EXE file, notably lacks obfuscation. It’s also not yet clear how the ransomware is initially spread to victims.

    “So far, we don’t know how the ransomware got into the company, but it’s most likely phishing similar to other ransomware groups’ approaches,” Dong told Threatpost.

  • Ransomware attack forces three-week shutdown of NT Government IT system [iophk: Windows TCO]

    The NT Department of Corporate and Digital Development has told the ABC that an undisclosed perpetrator targeted the unnamed supplier of its web-based corporate software system last year.

  • Staffing firm target of cyber attack [iophk: Windows TCO]

    The [attackers] did not demand a ransom, though Ehrnrooth speculated that such a request would likely have followed if the company had messaged the addresses specified by the [attackers].

    The attack may have put at risk the personal details of tens of thousands of people whose information was on file with the staffing company.

  • Ubiquiti: Change Your Password, Enable 2FA

    Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

  • State Department Website Briefly Altered to Say Trump’s Presidency Ends Jan. 11

    On Monday, an update to the U.S. State Department site said President Trump’s time in office was ending on Jan. 11, before the page was removed.

    [...]

    BuzzFeed News reported that a “disgruntled employee” had made the changes. Reps for the State Department did not immediately respond to a request for comment.

  • Microsoft fixes Windows 10 bug forcing restarts

    Microsoft has finally fixed a troublesome bug in Windows 10 that caused forced reboots on some systems running the October 2020 Update.

More in Tux Machines

KaOS Linux’s First ISO Release in 2021 Adds Linux Kernel 5.10 LTS and Qt 6

KaOS Linux 2021.01 is now available for download, the first ISO release of this KDE focused and desktop oriented rolling GNU/Linux distribution inspired by Arch Linux to ship with the latest and greatest Linux 5.10 LTS kernel series, which, as expected, provides state-of-the-art hardware support. In addition, KaOS Linux 2021.01 is the first ISO release to ship with the latest Qt 6 open-source and cross-platform application framework, which is already used by some apps, including Poppler, Qtkeychain, Qsynth, Strawberry, and others. Qt 6 is accompanied by the PyQt 6.0 stack, which includes PyQt6-sip, PyQt-Builder, and Sip 6. Read more

Android Leftovers

today's leftovers

  • Kafka destination improved with template support in syslog-ng - Blog - syslog-ng Community - syslog-ng Community

    The C implementation of the Kafka destination in syslog-ng has been improved in version 3.30. Support for templates in topic names was added as a result of a Google Summer of Code (GSoC) project. The advantage of the new template support feature is that you no longer have to use a static topic name. For example, you can include the name of your host or the application sending the log in the topic name. From this blog you can learn about a minimal Kafka setup, configuring syslog-ng and testing syslog-ng with Kafka.

  •  
  • Announcing Istio 1.8.2

    This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.8.1 and Istio 1.8.2

  • 2.5-inch "Industrial Pi" Pico-ITX SBC offers PoE , mini DP++ port

    The company also provides a 15mm thick heat spreader for fanless operation, and support for Windows 10 IoT Enterprise (64-bit) and Linux operating systems.

  •   
  • ZimaBoard Intel Apollo Lake SBC and micro server goes for $69.99 and up (Crowdfunding)

    The board is passively cooled by its enclosure acting as a heatsink, and ships with Linux by default, although we’re not being told which distribution, possibly Ubuntu 20.04.

  •       
  • Algolia Search in Jekyll

    I am relieved and delighted to have finally managed the Algolia search setup for Unix Tutorial. I’ve been looking to upgrade search for a long time but had not enough JavaScript and CSS knownledge to replace the default search with Algolia’s one. I’m going through a short technical course about Vue (JavaScript framework), so this must have put me into the right mindset.

  •  
  • Partners Feel ‘Betrayed,’ ‘Taken Aback’ By Microsoft’s Direct Calls To Customers

    A California MSP learned a lesson years ago when a software vendor tried to go direct with his end users. So when Microsoft demanded contact information for his customers, he gave them an email address that went directly to him instead. Earlier this week that email account, which was set up about 18 months ago in the hopes that it would not be used, received a message from a Microsoft business development specialist offering his customer “free training.” “That’s exactly what I would do if I was trying to steal someone else’s business,” said the MSP, who asked not to be named because he fears retribution from Microsoft for speaking out. “It’s just wrong. It’s just wrong. Plain and simple.”

  •  
  • Windows 10 bug corrupts your hard drive on seeing this file's icon

    In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records. The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version. What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.

  • The Linux Foundation launches 7-part open source management training program
  • Open source software security in an ICT context – benefits, risks, and safeguards

    In a recent report, contributors to free and open source software (FOSS) claimed they spent only 2.27 percent of their contribution time on security. In our latest blog post, we delve into open source software security, and discuss why it’s key for building robust and open interoperable networks. [...] Is open source software better than proprietary software when it comes to security vulnerabilities? Elias Levy, the person behind the infamous (vulnerability) full disclosure mailing list, Bugtraq, said two decades ago: “No. Open Source Software certainly does have the potential to be more secure than its closed source counterpart. But make no mistake, simply being open source is no guarantee of security”. Building and delivering complex system software without security vulnerabilities requires investment and due diligence, regardless if the code is open sourced or proprietary (see figure 1, below). As the Mozilla Foundation states: “Security is a process. To have substantial and lasting benefit, we need to invest in education, best practices, and a host of other areas”. Tools and resources are available. With safeguards in place, OSS can be used effectively at low risk to realize its intended benefits. ICT products relying on OSS must be developed using methodologies and safeguards that ensure the expected level of security is met. OSS can accelerate innovation, reduce the development timeline, speed time to market, realize cost savings, and be secure. ICT vendors must take responsibility and practice a higher level of due diligence when using OSS components.

  • Email is the messenger you should migrate to

    But the most important thing: Delta Chat allows you to communicate even with people who don’t use Delta Chat at all, all you need is an email address! If you write to someone without Delta Chat, they will just get a normal email. I would argue that even beats Matrix or XMPP.

    Conclusion: If you are concerned about security when chatting and would rather use a decentralized messenger (no silo), you are in good hands with email and Delta Chat.

  • IMAPS specialisations – call for participation in the public review of LIMAPS, OIMAPS, SIMAPS and TIMAPS!

    The objective of this public consultation is to produce updated releases of the IMAPS specialisations, which will provide insights on specific interoperability viewpoints of the digital public service, i.e. the legal, organisational, technical and semantic interoperability viewpoints. Both IMAPS and its specialisations assess the various areas of a digital public service in terms of behavioural interoperability specifications, capabilities and manifestations. The update of the releases of the IMAPS specialisations will be based on change requests coming from stakeholders interested in the solutions.

today's howtos

  • How to Install IonCube Loader on Ubuntu - Cloudbooklet

    How to Install IonCube Loader on Ubuntu. IonCube Loader is a PHP extension used when you are using a PHP script that is encrypted using ionCube. IonCube needs to be installed in your webserver and made accessible to your PHP to use it. In this guide you are going to learn how to install ionCube loader on Ubuntu or Debian and configure your PHP or PHP-FPM and PHP-CLI to use it.

  • How to Setup CentOS Stream from AWS Marketplace

    In the current trend of IT Infrastructure, Cloud Computing occupies a tremendous role. Most of the top companies are looking for Cloud Providers to have their Infrastructure. As per our requirement, we can provision our servers at any time. According to the server configuration, we will be charged per usage. Amazon Marketplace is the place where you can find software from qualified third-party vendors. It is like an online software store where you can buy software and use it as per your need. In this article, we will see the detailed steps to launch CentOS-Stream from AWS Marketplace.

  • Create a MAN page for your own program or script with Pandoc - PragmaticLinux

    A MAN page is documentation for a software program or script, created in the groff typesetting system. Ever tried writing a MAN page? I bet you thought to yourself: “Yeez, there’s got to be an easier way to do this”. Luckily, there is. In this tutorial, I’ll show you how to write a MAN page comfortably in Markdown. Then we’ll use Pandoc to create the actual MAN page for your program or script, properly formatted in the groff typesetting system.

  • Looking into Linux user logins with lslogins

    One convenient way to list details about user logins on a Linux system is to use the lslogins command. You'll get a very useful and nicely formatted display that includes quite a few important details. On my system and likely most others, user accounts will start with UID 1000. To list just these accounts rather than include all of the service accounts like daemon, mail and syslog, add the -u option as shown in the example below.