Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • A masterclass in responding to vulnerability disclosure: The Buddi app and tracker | Pen Test Partners

    The Buddi tracker https://www.buddi.co.uk/ is used for tracking elderly and vulnerable people. It’s a GPS/GSM-based clip-on device that reports wearer position to an app via a platform. It means that the wearer can easily be found by their carer or the emergency services, should they become lost and unable to make their own way home. The device also features a panic button that automatically calls their carer and allows the wearer to speak to them.

    The device is popular in the care market, allowing the wearer a greater degree of independence and the ability to live independently for longer. The business behind Buddi has recently listed successfully on the UK AIM stock market (AIM:BIG), reflecting significant growth in the tracking markets in both UK and US.

  • Security updates for Monday

    Security updates have been issued by Debian (bluez, icu, libntlm, libvorbis, libvpx, opensc, roundcube, and tar), Fedora (kernel, kernel-headers, kernel-tools, puppet, slurm, stargz-snapshotter, and suricata), openSUSE (netcdf), Oracle (bluez, kernel, kernel-container, krb5, mailman:2.1, openssh, python3, and rpm), Red Hat (samba), and SUSE (xen).

  • Cyber Security Today, Nov. 29, 2021 – Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars [Ed: Linux is a kernel, it does not do "calendars"]

    Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars.

  • Awesome Linux Tools: Lynis from CISOfy - Invidious

    In this episode of Awesome Linux Tools, the spotlight is on Lynis - a really awesome utility you can use to get a better understanding of the overall security hygiene of your server. In this video, Jay will show you how to install it, and also how to run an audit.

  • CronRat Magecart malware uses 31st February date to remain undetected | IT PRO

    Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to remain out of sight from security products.

    The malware, dubbed CronRat, hides in the calendar subsystem of Linux servers (“cron”) on a non-existent day, 31 February, according to a blog post by security researchers at Sansec.

Samsung Bricks Smart TVs

  • Samsung Bricks Smart TVs

    Earlier this Fall, a Samsung warehouse in South Africa was robbed and the thieves got away with a quantity of smart televisions. Samsung proceeded to implement a little-known feature called “TV Block” which is installed on all of their TV products. The serial numbers of the stolen TV sets are flagged in their servers, and if one of these sets tries to connect the internet in the future, it will recognize that it is stolen and proceed to brick itself, disabling all television functionality.

    So while this real-life scenario makes sense, it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

How cybercriminals exploit WordPress to distribute malware

  • The other victims of FluBot: How cybercriminals exploit WordPress to distribute malware

    Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims. When visited by the intended victim, a “lure” is displayed that implores them to download and install the FluBot malware.

    The most common lure themes are parcel delivery and voicemail messages, where the user is told to install the malicious app to track a parcel or listen to a voicemail message. One particularly interesting lure took advantage of FluBot’s infamy, by offering a fake “Android security update” that claimed to protect against the malware family. Users installing this “security update” would instead be infected with FluBot.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Programming Leftovers

  • css vs webgl cubes

    I wanted to conduct a little experiment, and it turned into a few experiments in one. I was watching a youtube video about creating 3D scenes purely in CSS. At first, it seems pretty ridiculous. Surely this has to be too much effort, but then as it came together, it wasn’t that difficult. CSS has more potential as a lightweight 3D rendering language than I may have suspected.

    So I figured what we need is a side by side comparison. I could just watch more videos, or look at some demos, but it’s helpful to retype things and change them around a little bit for more understanding.

  • A Brutally Simple Site

    I teased last week that I’ve been working on a new brutalist design for this website. Well, this is the result.

  • Perl Weekly Challenge 165: Scalable Vector Graphics

    These are some answers to the Week 165 of the Perl Weekly Challenge organized by Mohammad S. Anwar. This week, Task 1 and part of Task 2 relate to Scalable Vector Graphics (SVG). I’d been using SVG a very long time ago and certainly didn’t remember any of the details. So, in my first blog relating to PWC 165, I stated that I didn’t have time for that and covered only the part of the challenge not related to SVG. I also said that, in the event that I find some time over the weekend, I might come back and fulfill the SVG part. I thought at the time that this was rather unlikely, but I was finally able to cover the SVG part, at least in Raku.

  • Getting a Bourne shell "here document" into a shell variable

    Suppose, for reasons to be discussed in a later entry, you would like to write a shell script that turns an embedded here document into a shell variable (ie, an unexported environment variable). As a preview, one reason to want to do this is that here documents allow almost arbitrary contents, while other forms of getting things into environment variables or command line arguments may block using certain characters or require awkward quoting.

  • LibreSSL updated to 3.5.3

    LibreSSL 3.5.3 was released on May 18th, 2022.

8 Best Free and Open Source Survey Tools

Surveys are one of the most effective tools for obtaining customer feedback. However, creating and distributing them can be very challenging. Without the right software, you can spend days, even weeks, trying to create a perfect survey. And even then the quality and formatting of the survey may fall short of industry standards. You may therefore need a survey creation tool that can help set up an effective feedback loop. The software featured here lets you build fully-customizable surveys, forms and quizzes. Here’s our verdict captured in a legendary LinuxLinks chart. Only free and open source software is included. Each application can be self-hosted on your own server. Read more

Open Source developments in Bratislava

The City of Bratislava is currently building a whole new ecosystem of open source digital services under the leadership of its CIO Petra Dzurovčinová. These services will be tested in Bratislava and then ate planned to be expanded to other cities in Slovakia with a goal of limiting the existing vendor lock-in and improving public services for the residents.

According to Petra, choosing open source solutions for the digital transformation of the city is based not only on the long-term economic incentive, but more importantly, on the quality of services to be provided for the citizens. The digitisation team in Bratislava took on the task by first identifying and understanding the needs of the citizens through iterative processes involving interviews, co-creation and cooperating with other cities. A large part of the work has been done internally in the conceptualisation phase to steer the next steps of developing technological solutions and ensure achieving the planned objectives.

Read more