Security: Class Action Against Apple, Massive Data Dumps, More on CVE-2019-5736
-
Apple sued because two-factor authentication is inconvenient
Class-action lawsuit, filed by one Jay Brodsky in California takes issue with the fact that two-factor authentication (2FA) can't be disabled after two weeks of use, which "imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number." Yep, that's 2FA alright.
-
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
The suit, filed by Jay Brodsky in California alleges that Apple doesn't get user consent to enable two-factor authentication. Furthermore, once enabled, two-factor authentication "imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number" when a device is enabled.
-
617M Hacked Accounts Up For Sale To Make “Life Easier” For Hackers
A hacker is selling 617 million stolen accounts online collected from 16 popular websites on Dream Market Cybersouk which can be accessed on the Tor network.
As reported by The Register, the data can be purchased for less than $20,000 Bitcoin and comprises of account holder names, passwords, and email IDs. Buyers need to crack the hashed, one-way encrypted passwords before using them.
-
620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove's seller.
For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network:
Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).
Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.
-
Researchers Warn of Malicious Container Escape Vulnerability
A new serious vulnerability in container technology was publicly reported on Feb. 11, one that could potentially enable an attacker to gain unauthorized access to the host operating system.
Container technology led by the Docker engine has become increasingly popular in recent years as a way to build and deploy applications into isolated segments, on top of a server operating system. At the core of the modern container technology stack is a low-level component known as runc, which spawns and runs containers. The new CVE-2019-5736 vulnerability is a flaw in runc that could enable a malicious container to escape the confines of its isolated process segment.
-
PyPy v7.0.0, Vulernability Affecting runc and Container Technologies, Ubuntu for ARM-based Windows Laptops, antiX MX v18.1
A vulnerability was just discovered (CVE-2019-5736) affecting runc and the management of container technologies which include Docker, cri-o, containerd, Kubernetes, etc. Learn more about this security hole and the ways it is being patched here.
-
Container Bug Allows Attackers to Gain Root Access on Host Machine
- Login or register to post comments
- Printer-friendly version
- 1500 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago