Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • The Missouri Governor Doesn’t Understand Responsible Disclosure

    The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state.

  • Missouri governor vows criminal prosecution of reporter who found flaw in state website • Missouri Independent

    The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state.

  • CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Blackmatter Ransomware

    CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware.

    Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA provides cyber actor tactics, techniques, and procedures and outlines mitigations to improve ransomware protection, detection, and response.

  • Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse [Ed: Microsoft Tim knows that nobody at Microsoft will ever be arrested for deliberate negligence and for serving malware]

    Microsoft has been branded as "the world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers.

    Infosec expert Kevin Beaumont, who worked at Microsoft as a senior threat intelligence analyst between June 2020 and April 2021, made the comments in response to a report by "cybersec professional" TheAnalyst.

    TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service. "Does Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days?" they asked.

  • Protecting and storing data for a mobile bank app

    In the Secure a cloud-native application on IBM Cloud for Financial Services code pattern, I showcase how to integrate IBM Cloud Hyper Protect Services in the Example Bank application to encrypt and secure data. To understand the process of integration, you must understand different terminologies such as bring your own key (BYOK), keep your own key (KYOK), key ceremony, database as a service (DBaaS) and envelope encryption. Although you can find information about these key concepts about the Hyper Protect Services scattered across the web, this blog post is my attempt to bring them together into one single point of reference.

    Sensitive data should be stored encrypted in the cloud. However, the key that is used to encrypt and decrypt the data should also be protected. Setting up on-premises hardware security modules (HSMs) can sometimes be hard to manage if you’re not already familiar with it. An inexpensive solution is to use cloud-based storage, but that has its own challenges. In this approach, you can’t be sure that the data is secured as the key that is used to encrypt the data, also known as the data encryption key (DEK), is spread in multiple computers.

    The solution that combines ease of use and cost effectiveness is to use a key management service (KMS) such as IBM Cloud Hyper Protect Crypto Services (HPCS). HPCS provides access to a FIPS 140-2 Level 4 HSM that protects the customer master key and all other keys that are used to encrypt data at rest in IBM Cloud Object Storage, IBM Cloud Hyper Protect DBaaS, IBM Cloud Block Storage, and similar.

Tianfu Cup

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • So this is why Deepin requires so much disk space for installation – LinuxBSDos.com

    Deepin is a desktop Linux distribution with roots in China. It is based on Debian, but ships with its own graphical interface called Deepin Desktop Environment and a set of Deepin-developed tools to go with it. The last version I installed was from 2015, so since I’m gradually coming back to writing for this blog, I decided to test drive the latest edition – Deepin 20.3, which was released on Nov. 25. For me that means installing it in a virtual environment using VirtualBox. For such installations I typically assign the virtual disk 20GB of disk space. And so it was with Deepin 20.3. But that didn’t end well because at some point the installation failed, with the message shown in Figure 2: “You need at least 64 GB of disk space to install Deepin. To get better performance, 128 GB.”

  • 13 exercises to boost your Linux skills | Enable Sysadmin

    Work through this Linux fundamentals checklist to make sure you're ready for whatever comes your way at home, at work, or on certification exams.

  • BASH 01 - Script Basics | Linux.org

    This article is the first in a series of articles to cover Bash Scripting. More articles will follow which will build on each other, so make sure you look over each article. It is preferable to read the articles in order (which is why I will number them). Scripting is a very useful ability for someone using Linux. Making scripts is especially useful for Administrators. Everyone should benefit from Bash Scripting. Bash is the most common shell interpreter on Linux systems. When you open a Terminal, you are in an interactive shell environment. To verify that your system is using the Bash shell using the command: 'echo "$SHELL"'.

  • What’s the Difference Between Exposing and Publishing a Docker Port? – CloudSavvy IT

    Exposed and Published container ports are two different but related concepts in Docker. Exposed ports are defined in your Dockerfile as simple metadata. You must publish them when your container starts if you want to enable outside access.

  • How to set up high-refresh rate monitors on Linux

    Do you have a high refresh rate monitor? Are you running Linux? Can’t quite figure out how to change the refresh rate? We can help! Follow along with this guide as we go over how to change the refresh rate on popular Linux desktop environments!

  • How to Install pgAdmin 4 on CentOS 8 – NextGenTips

    In this tutorial guide, I will be taking through the installation of pgAdmin 4 version 6.2 on CentOS 8 pgAdmin 4 is a free and open-source management tool for Postgres. Its desktop runtime written in NWjs allows it to run standalone for individual users, or the web applications code may be directly deployed on a web server for use by the web browser. pgAdmin 4 is a complete rewrite of pgAdmin, built using Python and Java.

  • How to Update to MATE Desktop 1.26 on Ubuntu 21.04

    Ubuntu MATE is a more retrospective version of Ubuntu, one that largely lets you continue using Ubuntu in the way it functioned over a decade ago. But despite how things may look, updates do continue to roll out for the MATE desktop environment that is Ubuntu MATE's namesake. The latest iteration is MATE 1.26. Here's how you can update the MATE desktop in Ubuntu 21.04 to the latest version.

  • How to Change a Users Shell in Linux - Unixcop the Unix / Linux the admins deams

    In this tutorial, we will show you how to change the shell of a user in Linux. The shell is a program that accepts and interprets commands. there are several shells such as bash, sh, ksh, zsh, fish and many other lesser known shells available on Linux. Bash is a Unix shell and command language for the GNU Project as a free software replacement for the Bourne shell. First released in 1989,it has been used as the default login shell for most Linux distributions.

  • How to use shutdown command with examples - Unixcop the Unix / Linux the admins deams

    “Shutdown” refers to the process of stopping and shutting down a computer or server. This involves cutting the power to the main components of the system using a controlled process. Applications are closed, active processes and protocols are saved to the hard drive, device drivers are removed, and user settings are saved in the process. There are several options to do so, including scheduling a shutdown at a specific time, shutting down immediately, broadcasting a unique message, and so on.

  • How to Install MySQL Database on Ubuntu 20.04 | RoseHosting

    MySQL is an open-source relational database management system (RDBMS), it’s widely used and part of the popular LAMP/LEMP stacks. The data is organized in one or more tables in which the data types may be related to each other and MySQL uses SQL Structured Query Language to manage its data. Considering its part of the LAMP/LEMP stack it is used by many database-driven web applications such as WordPress, Magento, Drupal, and Joomla. Today we will install MySQL on our server and create a database and user with chosen permissions on this database, let’s get started!

  • How to install deepin 20.3 - Invidious

    In this video, I am going to show how to install deepin 20.3

Dockeye - New Graphical App to Manage Docker Containers / Images in Linux

Running applications via Docker in Ubuntu Linux? Dockeye is a free open-source tool to manage your containers and images via a graphical user interface. Dockeye is written in Rust programming language. It provides a dark UI (light mode is also available) that list Docker containers and images in tabs. For each container, it provides options to control start, stop, pause, and remove operations. User may also check the detailed information about a container, including ID, image, maintainer, labels, environment, network info, CPU, Memory and other system resource usage. And, app running log is available in tab for debugging purpose. Read more

Raspberry Pi CM4-based panel PC offers DAQ inputs and M.2 NVMe

Sensoper’s 7-inch “SC-PC” HMI panel PC runs Linux on a Raspberry Pi CM4 and supplies GbE, M.2 for NVMe, RS-485, 3x USB, 8x digital inputs, 7x transistor outputs, and 8x analog inputs with a choice of 0-10V or 4-20mA ranges. Michigan-based Sensoper Controls has launched a 7-inch, industrial panel-PC in two variants: an SC-PC-AV8-TO7 model with 8x 0-10V analog inputs and an SC-PC-AM8-TO7 with 4-20mA analog inputs. The otherwise identical panel PCs run Raspbian (Raspberry Pi OS) Linux with pre-installed Node-RED on the Raspberry Pi Compute Module 4. Read more

Android Leftovers