Language Selection

English French German Italian Portuguese Spanish

Security

Security: Google+, Tails, Thunderbolt and More

Filed under
Security
  • Google to Shut Down Google+ 4 Months Earlier After Second Data Hack

    Google+ still hadn’t recovered from the data leak it suffered in October. And now it has to go through the same fortune yet again. The company today announced that a new security loophole found last month can impact 52.5 million users. The data of these users can be taken from the apps that use the API of Google+.

    The data of the 52.5 million users consists of their personal information like name, age, occupation, and email address. Even if the accounts are set on private, developers will be able to access the profile information due to the security bug. Even if the information was set to private, developers had easy access to the data of the users.

  • An evil Penguin grabs the persistence partition’s key of a friend’s Tails operating system
  • Pop the Box

    Let[s] talk a little about this box. In this HTB machine we will see only one port is open and that will be the http one , we will fireup the dirbuster to find the different files and directories inside that website. We will came to know about the phpbash file from where we will be getting code execution. After getting the ever shell we will enumerate more and will be able to find the way to escalate the privileges and became root. This time I have made two video[s] the first one will be on getting our first reverse shell on the box and the second one will be on how we will be able to escalate the privileges. Hope you guys will enjoy it. In last but not the least I have uploaded some file[s] from which you will be able to learn about bash scripting, python and you will learn about the cronjob working.

  • Linux 4.21 Will Better Protect Against Malicious Thunderbolt Devices

    Linux 4.21 is set to further improve the system security around potentially malicious Thunderbolt devices.

    The new protection with Linux 4.21 is the enabling of IOMMU-based direct memory access (DMA) protection from devices connected via Thunderbolt. PCI Express Address Translation Services (PCIe ATS) is also disabled to prevent possibly bypassing that IOMMU protection, per this pull.

Security: Updates, Best VPNs for GNU/Linux, and Google+ Chaos Again

Filed under
Security
  • Security updates for Monday
  • Best VPNs for Linux
  • After a Second Data Leak, Google+ Will Shut Down in April Instead of August

    Back in October, a security hole in Google+’s APIs lead Google to announce it was shutting down the service. Now, a second data leak has surfaced, causing the company to move the shutdown up by four months.

    This new data leak is quite similar to the first one: profile information such as name, email address, age, and occupation was exposed to developers, even for private profiles. It’s estimated that upwards of 52 million users were affected by this leak. The good news is that while the first hole was open for three years, this one was only an issue for six days, from November 7th to the 13th, 2018.

Security: Polkit, CSP, Ansible and Router Hardening Checklist

Filed under
Security
  • Polkit CVE-2018-19788 vs. SELinux
  • Why is your site not using Content Security Policy / CSP?

    Yesterday, I had the pleasure of watching on Frikanalen the OWASP talk by Scott Helme titled "What We’ve Learned From Billions of Security Reports". I had not heard of the Content Security Policy standard nor its ability to "call home" when a browser detect a policy breach (I do not follow web page design development much these days), and found the talk very illuminating.

    The mechanism allow a web site owner to use HTTP headers to tell visitors web browser which sources (internal and external) are allowed to be used on the web site. Thus it become possible to enforce a "only local content" policy despite web designers urge to fetch programs from random sites on the Internet, like the one enabling the attack reported by Scott Helme earlier this year.

  • Red Hat Ansible Playbooks Password Exposure Vulnerability [CVE-2018-16859]

    CVE-2018-16859. A vulnerability in Red Hat Ansible could allow a local attacker to discover plaintext passwords on a targeted system.

  • Router Hardening Checklist

Security: FUD, SystemD, and Windows

Filed under
Security
  • 'Open-Source' DarthMiner Malware Targets Adobe Pirates with Cryptominer [Ed: Sergiu Gatlan found a way to call malicious proprietary software with holes in it... something about "Open Source"]

    A slightly weird malware strain has been observed using the open source XMRig cryptominer and EmPyre backdoor utilities to target software pirates as reported by Malwarebytes Labs.

  • Bethesda blunders, IRS sounds the alarm, China ransomware, and more

    Linux boot management tool SystemD is once again getting the wrong kind of attention as researchers have spotted another security vulnerability.

    This time, it is an elevation of privilege vulnerability that would potentially let users execute system commands they would otherwise not be authorized to perform.

  • GSX, TZERO, +10 Others Form Open-Source Consortium Focused On Security Token Interoperability And Compliance
  • Iranians indicted in Atlanta city government ransomware attack

    Details leaked by City of Atlanta employees during the ransomware attack, including screenshots of the demand message posted on city computers, indicated that Samsam-based malware was used. A Samsam variant was used in a number of ransomware attacks on hospitals in 2016, with attackers using vulnerable Java Web services to gain entry in several cases. In more recent attacks, including one on the health industry companies Hancock Health and Allscripts, other methods were used to gain access, including Remote Desktop Protocol [attacks] that gave the attackers direct access to Windows systems on the victims' networks.

Security: Updates, ESET Post Turned to FUD, New Microsoft-Connected FUD, and SUSE CaaS Platform Patched

Filed under
Security
  • Security updates for Friday
  • Old and new OpenSSH backdoors threaten Linux servers [Ed: ESET is spreading/reusing/repurposing FUD against OpenSSH of the OpenBSD project. SSH itself is secure, but because some malicious actors make poisoned binaries with back doors we're supposed to fear; supply chains matter.]

    Nearly five years ago, ESET researchers helped to disrupt a 25 thousand-strong botnet of Linux machines that were saddled with an OpenSSH-based backdoor and credential stealer named Ebury. The attackers wielding it first performed a check if other SSH backdoors are present at the targeted system before deploying the malware.

    This spurred the researchers to search for and analyze these type of (server-side OpenSSH) backdoors.

    “Malicious OpenSSH binaries are quite common and have features that help us detect them among legitimate OpenSSH binaries. While, as soon as we got them, we used the samples collected to improve our detection, we only began sorting and analyzing them in 2018. Surprisingly, we discovered many new backdoor families that had never been documented before,” they noted in a recently released report detailing nine previously documented and 12 new OpenSSH malware families.

  • Feral Interactive Bringing DiRT 4 to Linux in 2019, Chrome 71 Blocks Ads on Abusive Sites, New Linux Malware Families Discovered, The Linux Foundation Launches the Automated Compliance Tooling Project, and GNU Guix and GuixSD 0.16.0 Released

    Cyber-security company ESET has discovered 21 "new" Linux malware families, and all of them "operate in the same manner, as trojanized versions of the OpenSSH client". ZDNet reports that "They are developed as second-stage tools to be deployed in more complex 'botnet' schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions. ESET said that '18 out of the 21 families featured a credential-stealing feature, making it possible to steal passwords and/or keys' and '17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine.'"

  • Visibility is the key to prioritizing open source vulnerability remediations [Ed: TechRadar entertains anti-FOSS firm whose sole contribution is FUD because it tries to sell some 'solution'. The author writes about his own firm that also collaborates with Microsoft on this FUD.]
  • SUSE CaaS Platform Updated to Address Kubernetes Vulnerability

    For an open source project of its size (both in terms of code and of prevalence of adoption), Kubernetes has been surprisingly free of security vulnerabilities. Its perfect record has come to an end, though, with the project’s disclosure on December 3, 2018 of a security vulnerability in all previous versions of Kubernetes, and therefore, of SUSE CaaS Platform.

Tor Browser: An Ultimate Web Browser for Anonymous Web Browsing in Linux

Filed under
Moz/FF
OSS
Security
Web

Most of us give a considerable time of ours to Internet. The primary Application we require to perform our internet activity is a browser, a web browser to be more perfect. Over Internet most of our’s activity is logged to Server/Client machine which includes IP address, Geographical Location, search/activity trends and a whole lots of Information which can potentially be very harmful, if used intentionally the other way.

Read more

Security: Site Security and New FUD

Filed under
Security
  • Why do small sites get hacked?

    High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money.

    Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of as little as 30 visitors a day, can still be threatened by hacking and infection. 

  • (Website) size is not important

    A common fallacy says that big, popular web sites are more likely to be the targets of hacking. After all, they have the biggest customer databases and the most amount of traffic. To a hacker, more traffic means more money. Right? 

    Not quite. In Greg Zemskov’s latest blog post, he explains why small sites are just as attractive to hackers as big ones, what the hackers do with such sites, and what small site owners and administrators can do to avoid becoming victims.

  • ESET discovers 21 new Linux malware families [Ed:  Catalin Cimpanu misrepresents what ESET actually wrote. Go to the source, not those flame-baiters of CBS.]
  • Top 5 New Open Source Vulnerabilities in November 2018 [Ed: Microsoft friends are so eager to make FOSS look dangerous, like quite major a risk]

Security: Windows Back Doors Cost Dearly, Adobe Flash is a Mess, and Microsoft Deals With Defects

Filed under
Security

Security: NPM, IT Security Lessons from the Marriott Data Breach, and Secure SHell

Filed under
Security
  • event-stream, npm, and trust

    Malware inserted into a popular npm package has put some users at risk of losing Bitcoin, which is certainly worrisome. More concerning, though, is the implications of how the malware got into the package—and how the package got distributed. This is not the first time we have seen package-distribution channels exploited, nor will it be the last, but the underlying problem requires more than a technical solution. It is, fundamentally, a social problem: trust.

    Npm is a registry of JavaScript packages, most of which target the Node.js event-driven JavaScript framework. As with many package repositories, npm helps manage dependencies so that picking up a new version of a package will also pick up new versions of its dependencies. Unlike, say, distribution package repositories, however, npm is not curated—anyone can put a module into npm. Normally, a module that wasn't useful would not become popular and would not get included as a dependency of other npm modules. But once a module is popular, it provides a ready path to deliver malware if the maintainer, or someone they delegate to, wants to go that route.

  • IT Security Lessons from the Marriott Data Breach

    A number of data breaches have been disclosed over the course of 2018, but none have been as big or had as much impact as the one disclosed on Nov. 30 by hotel chain Marriott International.

    A staggering 500 million people are at risk as a result of the breach, placing it among the largest breaches of all time, behind Yahoo at 1 billion. While the investigation and full public disclosure into how the breach occurred is still ongoing, there are lots of facts already available, and some lessons for other organizations hoping to avoid the same outcome.

  • The Dark Side of the ForSSHe: Shedding light on OpenSSH backdoors

    SSH, short for Secure SHell, is a network protocol to connect computers and devices remotely over an encrypted network link. It is generally used to manage Linux servers using a text-mode console. SSH is the most common way for system administrators to manage virtual, cloud, or dedicated, rented Linux servers.

    The de facto implementation, bundled in almost all Linux distributions, is the portable version of OpenSSH. A popular method used by attackers to maintain persistence on compromised Linux servers is to backdoor the OpenSSH server and client already installed.

Security: Reproducible Builds, Updates and Windows Back Doors

Filed under
Security
  • Reproducible Builds: Weekly report #188
  • Security updates for Wednesday
  • EternalSuffering: NSA Exploits Still Being Successfully Used To Hijack Computers More Than A Year After Patching [Ed: TechDirt calls Micrososft Windows-running machines with NSA back doors just “computers” (ha! How convenient an excuse; blame the user for back doors!)]

    More of the same, then. Perhaps not at the scale seen in the past, but more attacks using the NSA's hoarded exploits. Hoarding exploits is a pretty solid plan, so long as they don't fall into the hands of… well, anyone else really. Failing to plan for this inevitability is just one of the many problems with the NSA's half-assed participation in the Vulnerability Equities Process.

    Since the tools began taking their toll on the world's computer systems last year, there's been no sign the NSA is reconsidering its stance on hunting and hoarding exploits. The intelligence gains are potentially too large to be sacrificed for the security of millions of non-target computer users. It may claim these tools are essential to national security, but for which nation? The exploits wreaked havoc all over the world, but it would appear the stash of exploits primarily benefited one nation before they were inadvertently dumped into the public domain. Do the net gains in national security outweigh the losses sustained worldwide? I'd like to see the NSA run the numbers on that.

Syndicate content

More in Tux Machines

Winterize your Bash prompt in Linux

Hello once again for another installment of the Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is? Really, we're keeping it pretty open-ended: It's anything that's a fun diversion at the terminal, and we're giving bonus points for anything holiday-themed. Maybe you've seen some of these before, maybe you haven't. Either way, we hope you have fun. Read more

GNOME Devs Experiment with a Refreshed GTK & Icon Theme

Now, if you’re a regular reader of this site then may recall our post on a new GNOME icon theme back in July. At the time only a handful of core GNOME apps had been given newly redesigned icons. Fast forward a season or so and not only is the give-core-apps-new-icons initiative well underway, but the redesign effort has extended to other parts of the desktop experience, including the default theme. Modernising the look and feel of GNOME apps and the shell is a) a bit overdue and b) happening as part of a wider update to GNOME design guidelines. The idea is to give the desktop a distinct yet consistent appearance. Read more

Programming: Python, Mozilla and HowTos

Open source autonomous driving project to build on 96Boards SBCs

Linaro, Tier IV, and Apex.AI have co-founded an Autoware Foundation to establish an open source platform for autonomous vehicles built around Tier IV’s Linux/ROS based Autoware stack and some future 96Boards SBCs. Japan-based intelligent vehicle technology company Tier IV has joined with Arm-backed Linaro and autonomous driving software firm Apex-AI to launch the Autoware Foundation. The not-for-profit organization will develop open source hardware and software built around the Linux and ROS based Autoware software developed by Tier IV, which sells small electrical vehicles (EVs) that run Autoware. Read more