Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • A masterclass in responding to vulnerability disclosure: The Buddi app and tracker | Pen Test Partners

    The Buddi tracker https://www.buddi.co.uk/ is used for tracking elderly and vulnerable people. It’s a GPS/GSM-based clip-on device that reports wearer position to an app via a platform. It means that the wearer can easily be found by their carer or the emergency services, should they become lost and unable to make their own way home. The device also features a panic button that automatically calls their carer and allows the wearer to speak to them.

    The device is popular in the care market, allowing the wearer a greater degree of independence and the ability to live independently for longer. The business behind Buddi has recently listed successfully on the UK AIM stock market (AIM:BIG), reflecting significant growth in the tracking markets in both UK and US.

  • Security updates for Monday

    Security updates have been issued by Debian (bluez, icu, libntlm, libvorbis, libvpx, opensc, roundcube, and tar), Fedora (kernel, kernel-headers, kernel-tools, puppet, slurm, stargz-snapshotter, and suricata), openSUSE (netcdf), Oracle (bluez, kernel, kernel-container, krb5, mailman:2.1, openssh, python3, and rpm), Red Hat (samba), and SUSE (xen).

  • Cyber Security Today, Nov. 29, 2021 – Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars [Ed: Linux is a kernel, it does not do "calendars"]

    Ikea under phishing attack, evasive JavaScript loader discovered and malware found hiding in Linux calendars.

  • Awesome Linux Tools: Lynis from CISOfy - Invidious

    In this episode of Awesome Linux Tools, the spotlight is on Lynis - a really awesome utility you can use to get a better understanding of the overall security hygiene of your server. In this video, Jay will show you how to install it, and also how to run an audit.

  • CronRat Magecart malware uses 31st February date to remain undetected | IT PRO

    Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to remain out of sight from security products.

    The malware, dubbed CronRat, hides in the calendar subsystem of Linux servers (“cron”) on a non-existent day, 31 February, according to a blog post by security researchers at Sansec.

Samsung Bricks Smart TVs

  • Samsung Bricks Smart TVs

    Earlier this Fall, a Samsung warehouse in South Africa was robbed and the thieves got away with a quantity of smart televisions. Samsung proceeded to implement a little-known feature called “TV Block” which is installed on all of their TV products. The serial numbers of the stolen TV sets are flagged in their servers, and if one of these sets tries to connect the internet in the future, it will recognize that it is stolen and proceed to brick itself, disabling all television functionality.

    So while this real-life scenario makes sense, it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

How cybercriminals exploit WordPress to distribute malware

  • The other victims of FluBot: How cybercriminals exploit WordPress to distribute malware

    Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims. When visited by the intended victim, a “lure” is displayed that implores them to download and install the FluBot malware.

    The most common lure themes are parcel delivery and voicemail messages, where the user is told to install the malicious app to track a parcel or listen to a voicemail message. One particularly interesting lure took advantage of FluBot’s infamy, by offering a fake “Android security update” that claimed to protect against the malware family. Users installing this “security update” would instead be infected with FluBot.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's leftovers

  • Experts urge VMware users to patch critical flaws right away

    Security professionals have warned that an authentication bypass flaw in VMware products needs to be patched as soon as possible to prevent its being exploited. VMware issued an advisory on Wednesday warning of the flaw affecting VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager. Satnam Narang, staff research engineer at security outfit Tenable, said the vulnerabilities patched as part of VMware’s VMSA-2022-0014 advisory along with the Emergency Directive and associated alert published by the US’ Cybersecurity and Infrastructure Security Agency were an important reminder about the importance of patching vulnerabilities as early as possible.

  • EasyOS/Debian: Easy Bookworm version 0.3 released

    These are pre-alpha releases so far. When all the obvious bugs are found and it seems functionally equivalent to Easy Dunfell, then I will probably bump the version to match, say 3.5.

  • Time-out to explore ideas

    EasyOS is an experimental distribution, subject to change as I explore new ideas. I want to go into an exploratory binge now, toying with some fundamental structural changes, so might be a bit unresponsive to any questions posted on the forum.

  • Developer of popular noise suppression tool NoiseTorch has dev machine compromised

    Are you a user of NoiseTorch? It's a popular way of getting some pretty great noise suppression on your microphone, to keep out all that background noise or a hammer hitting your desk. Sadly, the developer had a machine compromised.

  • Kubernetes 1.24: Introducing Non-Graceful Node Shutdown Alpha

    Kubernetes v1.24 introduces alpha support for Non-Graceful Node Shutdown. This feature allows stateful workloads to failover to a different node after the original node is shutdown or in a non-recoverable state such as hardware failure or broken OS.

  • Intel Arc Graphics Cards Get 'VRAM Self-Refresh' Feature In Latest Linux Drivers

    Linux 5.19 kernel continues to see plenty of AMD, NVIDIA, and Intel updates. Intel is starting to slow down with its preparations for the company's Arc Alchemist and DG2 open-source drive support, moving towards a more standard starting requirement for their dGPU. Recently, additions to non-core features for the ARC graphics devices have appeared. One of these newest inclusions is vRAM Self-Refresh, or vRAM SR.

Devices/Embedded Leftovers

  • A teaspoon of computing in every subject: Broadening participation in computer science

    From May to November 2022, our seminars focus on the theme of cross-disciplinary computing. Through this seminar series, we want to explore the intersections and interactions of computing with all aspects of learning and life, and think about how they can help us teach young people. We were delighted to welcome Prof. Mark Guzdial (University of Michigan) as our first speaker.

  • Rockchip RK3588 Pico-ITX board launched with four-node cluster box (Crowdfunding) - CNX Software

    The Mixtile Blade 3 Pico-ITX single board computer (SBC) powered by Rockchip RK3588 processor has now launched on Crowd Supply with either 8GB or 16GB RAM, and an optional four-node cluster box with a built-in PCIe switch designed to accommodate four Mixtile Blade 3 boards. The board also comes with up to 128GB of storage, two 2.5GbE interfaces, HDMI 2.1 output, HDMI 2.0 input, USB 3.2 Gen 1 USB Type-C ports, as well as a mini PCIe Gen 2 for expansion and a 30-pin GPIO header for expansion, as well as U.2 edge connector with 12V, PCIe x4 Gen 3 and SATA signals to interface with other Mixtile boards and build clusters.

  • Put A New Spin On Your 3D Printed Parts

    Once you get tired of printing keychains and earbud holders with your 3D printer, you’ll want to design things a bit more sophisticated. How about things that rotate? [3DSage] has a good how-to about how to integrate a simple motor and controller into a few different size boxes. Combined with some 3D printed linkages, these boxes can turn your project — printed or otherwise — into something that spins.

Programming Leftovers

  • Things Are Getting Rusty In Kernel Land | Hackaday

    The other answer is that Rust is an easy fit with C code and kernel programming. Rust does it’s magic in the compiler. The code you write is what actually runs, without an interpreter or garbage collection trying to be helpful. Rust hasn’t overdosed on Object Oriented patterns, but meshes nicely with the C-style structs already used in the kernel. Even the stack model is very similar to C. There’s one problem with Rust’s memory-safe guarantee — it’s impossible to write a kernel that is formally memory-safe. A kernel has to write to unallocated memory, do weird pointer math, and other seemingly bizarre things to actually make our computers work. This doesn’t work well with a language that tries to guarantee that memory manipulations are safe. How do you write kernel code with Rust, then? Rust has added the unsafe keyword, allowing use of direct memory access and other such techniques that don’t work with Rusts’s memory guarantees. Keep the potential problems together, and it makes auditing easier. There’s at least one other language that may come to mind as an incremental update to C that tries to do some of these things: C++. Surely this would have been even a better fit, right? Kernel devs have some strong feelings about that idea. To put it gently, none of the improvements in C++ are useful in the context of the kernel, and some of the other changes just get in the way.

  • How to Get User Input in Java

    In programming languages, taking the user’s input is an essential task. In Java, multiple predefined classes are used to get the user’s input such as Scanner, BufferedReader, and Console class. All these classes utilizes various methods for handling input such as nextLine(), readLine(), etc.

  • How to convert string to int in Java

    Converting one data type to other data types is a common task in the prommer’s life. If we talk about the string to int conversion it can be achieved using two build-in methods i.e., Integer.ParseInt() and Integer.ValueOf(). Usually, we perform the string to int conversion when we have to execute mathematical operations over the strings containing numeric data.

  • Array of Pairs in C++

    The term pair refers to the combination of two values of different types. Pair allows you to keep two separate objects as a single unit. It is mostly utilized when storing tuples. The pair container is a basic container declared in the utility header that consists of two collected data or objects. The first element in the pair container is referred to as ‘first,’ while the second element is referred to as ‘second’, with the order fixed as (first, second). By default, the object of a specified array is allocated in a map or hash map of the type ‘pair,’ with all of the ‘first’ elements having unique keys paired with their ‘second’ value objects. To obtain the elements, we use the variable’s name followed by the dot operator and by the first or second keywords.

  • Dart Hello World

    Dart is a Google-developed static programming language. It allows for client-side and server-side application development. As per the GitHub adoption index, it has become the most widely used programming language because it incorporates the flutter toolkit. However, the Flutter Framework is commonly utilized in developing Android applications, iOS applications, IoT (Internet of Things), and online applications. Dart has a high syntactic and semantic similarity to JavaScript, Java, CPP, and python. It is a vibrant object-oriented language with lexical scope and closure. Dart was released in 2011, but it gained prominence after 2015 with the release of Dart 2.0. In this article, we will look at the basic representation of Dart syntax and how to print hello world in the dart programming language. The fundamental framework of Dart programming will be demonstrated here.

Games: Old World, Broken Sword 5, Psychonauts 2