Language Selection

English French German Italian Portuguese Spanish

Security and FUD (Fear, Uncertainty, Doubt)

                   

  • Ransomware took heavy toll on US in 2020: researchers [iophk: Windows TCO]

                     

                       

    The study released Monday by the security firm Emsisoft said ransomware attacks -- which encrypt and disable computer systems while demanding a ransom -- affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year.

                       

    "The attacks caused significant, and sometimes life-threatening, disruption: ambulances carrying emergency patients had to be redirected, cancer treatments were delayed, lab test results were inaccessible, hospital employees were furloughed and 911 (emergency) services were interrupted," the report said.

  • Security updates for Thursday

    Security updates have been issued by Debian (mutt), Fedora (libntlm, mingw-python-pillow, python-pillow, and sudo), Mageia (kernel), SUSE (gdk-pixbuf, perl-Convert-ASN1, samba, and yast2-multipath), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.4, linux-hwe-5.8, linux-oracle). 

  •  

  • Pwnable Document Format: Windows PDF viewers outperformed by browser, macOS, Linux counterparts

    PDF viewers built into leading web browsers and applications for macOS and Linux were only susceptible to comparatively trivial attacks such as denial of service (DoS).

    [...]

    Susceptible to eight of 10 attack techniques, the worst culprits overall were PDF-Xchange Viewer and PDF-Xchange Viewer for Windows.

    PDFelement and iSkysoft, prone only to DoS, were honorable exceptions to the otherwise unimpressive Windows scorecard.

  •  

  • 'FreakOut' Botnet Targets Unpatched Linux Systems [Ed: This is FUD and not about "Linux"; it's about unpatched programs that have nothing to do with Linux, but they ascribe guilt by association (human error/negligence)]

    Researchers are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. Botnet operators have been mass-scanning for vulnerable Linux devices, and the command-and-control server associated with FreakOut has now targeted several hundred vulnerable devices.

  • Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems [Ed: Same as above]
  • List of DNSpooq vulnerability advisories, patches, and updates [Ed: Microsoft-connected sites keep trying to blame this on "Linux"]

    Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices.

More in Tux Machines

How to Upgrade to Ubuntu 21.04 from Ubuntu 20.10 (Groovy to Hirsute)

Here are the steps on how to upgrade your Ubuntu 21.04 from Ubuntu 20.10 (Groovy Gorilla to Hirsute Hippo). Read more

VirtualBox 6.1.20 Released with Linux Kernel 5.11 Support, CentOS Stream Improvements

Three months in the works, VirtualBox 6.1.20 is here to introduce support for the latest and greatest Linux 5.11 kernel series for both hosts and guests. This means that you’ll now be able to install VirtualBox on GNU/Linux distributions powered by Linux kernel 5.11, as well as to run Linux 5.11-based distros in virtual machines. On top of that, this release improves support for the CentOS Stream operating system, as well as for the upcoming Red Hat Enterprise Linux 8.4 operating system release by making sure the kernel module is correctly built, and fixes the compilation of the vboxvideo module for the Linux 5.10 LTS kernel series. Read more

Firefox 89 Enters Beta Testing with Stunning New Look, Improved Privacy

You might have heard of Firefox’s forthcoming new design, and it’s finally happening with the Firefox 89 release, due out early this summer. Mozilla was working hard during the past few months on a fresh new look for its open source and free web browser, and let me tell you that it looks stunning. The biggest change in this release being a fresh new designed to make your browsing experience more enjoyable, faster, cleaner, and easier to use. Firefox 89’s stunning new look consists of a modern and great looking toolbar with floating tabs, a simplified and cleaner new tab design that easy to customize, streamlined menus, updated infobars and modals, more consistent styling, as well as a brand-new first-run welcome page. Read more

today's leftovers

  • ARM in the Datacenter

    ARM processors have seen unprecedented growth in the last three years and are now being used in everything from smart watches to Apple's new M1 desktop and laptop systems, but there is one sector where they have yet to take hold: the enterprise market. For years, many of the largest cloud providers have designed computers around ARM chips, and in December 2020, Microsoft said it was joining the fray by designing its own ARM-based chips for Azure and Surface PCs. Now we are seeing technology based on ARM chips float down from the cloud providers and rise up from the consumer market and start to take hold in the datacenter. In this article, I will highlight some different ARM devices and discuss ways that they have made their way into the datacenter.

  • Hacked Codecov uploading script leaked creds for two months

    Scores of projects potentially affected by supply chain attack. A malicious alteration to a shell script lay undetected since January this year at software testing coverage report provider Codecov, sparking fears of another significant supply chain attack. Forensic analysis shows that an unknown threat actor exploited an error in Codecov's Docker container image creation process, and gained access to the credential that allowed the modification to the company's Bash Uploader script. Codecov said a Google Cloud Storage key was accessed starting January 31 this year, and not secured until April 1 US time. The script is normally used to upload coverage reports to Codecov, but it was altered to transmit the UNIX shell environment, which can be used to store variables. [...] The company said it has rotated all credentials, including the key that was captured by the attackers, and set up monitoring and auditing to ensure that the Bash Uploader cannot be compromised like this again.

  • Security updates for Tuesday

    Security updates have been issued by Debian (xorg-server), Fedora (CImg, gmic, leptonica, mingw-binutils, mingw-glib2, mingw-leptonica, mingw-python3, nodejs, and seamonkey), openSUSE (irssi, kernel, nextcloud-desktop, python-django-registration, and thunderbird), Red Hat (389-ds:1.4, kernel, kernel-rt, perl, and pki-core:10.6), SUSE (kernel, sudo, and xen), and Ubuntu (clamav and openslp-dfsg).

  • Google plans to tidy up search on Chromebooks

    While the exact categories are still up in the air, we could see the company going for something similar to the Linux distro Ubuntu, which organizes system search results into different categories for applications, files, folders, websites, and more.

  • Linux Desktops in the Cloud with Shells.com [Ed: A lot of YouTube has become paid-for spam and pseudo 'reviews']
  • These guys made me a CUSTOM gaming laptop, running LINUX!

    I received this laptop, which has been custom-made for me by a company called Eurorra. It's a bit of a weird story, and this won't be a traditional laptop review, because... well, you'll see.