Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • Mozilla Patches Zero-Day Flaw in Firefox

    Mozilla moves quickly to fix vulnerability that was being actively exploited in attacks against Tor Browser, which is based on Firefox.

    Late afternoon on November 30, Mozilla rushed out an emergency update for its open-source Firefox web browser, fixing a zero-day vulnerability that was being actively exploited by attackers. The vulnerability was used in attacks against the Tor web browser which is based on Firefox.

  • Thursday's security advisories
  • 'Fatal' flaws found in medical implant software

    Security flaws found in 10 different types of medical implants could have "fatal" consequences, warn researchers.

    The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them.

    By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets.

    The attacks were also able to steal confidential data about patients and their health history.

    A software patch has been created to help thwart any real-world attacks.

    The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.

  • Lenovo: If you value your server, block Microsoft's November security update

    Lenovo server admins should disable Windows Update and apply a UEFI fix to avoid Microsoft’s November security patches freezing their systems.

    The world’s third-largest server-maker advised the step after revealing that 19 configurations of its x M5 and M6 rack, as well as its x6 systems are susceptible.

  • Symantec and VMware patches, Linux encryption bug: Security news IT leaders need to know
  • UK homes lose internet access after cyber-attack

    More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million.

    TalkTalk, one of Britain’s biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers.

    The Post Office said 100,000 customers had experienced problems since the attack began on Sunday and KCom put its figure at about 10,000 customers since Saturday. TalkTalk confirmed that it had also been affected but declined to give a precise number of customers involved.

  • New Mirai Worm Knocks 900K Germans Offline

    More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • What Malware Is on Your Router?

    Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

    Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

    After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

    It’s not just routers. I’m also seriously considering installing the low-tech sliding door devices that were handed out as swag at this year’s All Things Open to block the all-seeing-eye of the web cams on my laptops. And I’m becoming worried about the $10 Vonage VoIP modem that keeps my office phone up and running. Thank goodness I don’t have a need for a baby monitor and I don’t own a digital camera, other than what’s on my burner phone.

  • National Lottery 'hack' is the poster-girl of consumer security fails

    IN THE NEW age of hacking, you don't even need to be a hacker. National Lottery management company Camelot has confirmed that up to 26,500 online accounts for their systems may have been compromised in an attempted hack, that required no hacking.

    It appears the players affected have been targetted from hacks to other sites, and the resulting availability of their credentials on the dark web. With so many people using the same password across multiple sites, it takes very little brute force to attack another site, which is what appears to have happened here.

  • Mozilla and Tor release urgent update for Firefox 0-day under active attack

    "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

    The Tor browser is based on the open-source Firefox browser developed by the Mozilla Foundation. Shortly after this post went live, Mozilla security official Daniel Veditz published a blog post that said the vulnerability has also been fixed in a just-released version of Firefox for mainstream users. On early Wednesday, Veditz said, his team received a copy of the attack code that exploited a previously unknown vulnerability in Firefox.

  • Tor Browser 6.0.7 is released

    Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

    This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

    The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

    Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

  • Firefox 0-day in the wild is being used to attack Tor users

    Firefox developer Mozilla and Tor have patched the underlying vulnerability, which is found not only in the Windows version of the browser, but also the versions of Mac OS X and Linux.

    There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.

    Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.

  • Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

    If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Reproducible Builds: week 83 in Stretch cycle
  • Neutralizing Intel’s Management Engine

    Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

  • Muni system hacker hit others by scanning for year-old Java vulnerability

    The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

    In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."

  • Researchers’ Attack Code Circumvents Defense Mechanisms on Linux, Leaving Machines Susceptible

    Researchers develop such attack codes for aiding Linux security's onward movement. A demonstration of the way an attack code is possible to write towards effectively exploiting just any flaw, the above kinds emphasize that Linux vendors require vigorously enhancing the safety mechanism on Linux instead of just reacting when attacks occur.

Security News

Filed under
Security
  • ‘You Hacked,’ Cyber Attackers Crash Muni Computer System Across SF [Ed: Microsoft Windows]

    That was the message on San Francisco Muni station computer screens across the city, giving passengers free rides all day on Saturday.

  • SF’s Transit Hack Could’ve Been Way Worse—And Cities Must Prepare

    This weekend, San Francisco’s public transit riders got what seemed like a Black Friday surprise: The system wouldn’t take their money. Not that Muni’s bosses didn’t want to, or suddenly forgot about their agency’s budget shortfalls.

    Nope—someone had attacked and locked the computer system through which riders pay their fares. Payment machines told riders, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded a 100 Bitcoin ransom (about $73,000).

    The agency acknowledged the attack, which also disrupted its email system, and a representative said the agency refused to pay off the attacker. Unable to collect fares, Muni opened the gates and kept trains running, so people could at least get where they were going. By Monday morning, everything was back to normal.

  • Newly discovered router flaw being hammered by in-the-wild attacks

    Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.

  • Locking Down Your Linux Server

    No matter what your Linux, you need to protect it with an iptable-based firewall.

    Yes! You’ve just set up your first Linux server and you’re ready to rock and roll! Right? Uh, no.

    By default, your Linux box is not secure against attackers. Oh sure, it’s more secure than Windows XP, but that’s not saying much.

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • FutureVault Inc.'s FutureVault

    Though short of Mr Torvalds' aim of world domination, FutureVault, Inc., has set the ambitious goal to "change the way business is done" with its FutureVault digital collaborative vault application. Described by its developer as "at the epicenter of a brand new disruptive category in the financial services world", FutureVault allows users to deposit, store and manage important financial, legal and personal documents digitally by means of a white-label, cloud-based, SaaS platform.

  • Azure glitch allowed attackers to gain admin rights over hosted Red Hat Linux instances

    A VULNERABILITY in Microsoft's Azure cloud platform could have been exploited by an attacker to gain admin rights to instances of Red Hat Enterprise Linux (RHEL) and storage accounts hosted on Azure.

  • Microsoft update servers leave Azure RHEL instances hackable
  • Microsoft update left Azure Linux virtual machines open to hacking
  • Microsoft Azure bug put Red Hat instances at risk
  • Microsoft update servers left all Azure RHEL instances hackable

    Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.

    Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.

    From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.

    Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.

  • Deutsche Telekom Says Cyber Attack Hits 900,000 Customers

    Deutsche Telekom (DTEGY) , Europe's largest, said it could have been a victim of a cyber attack as 900,000 fixed-line customers face a second consecutive day of outages.

    The Bonn, Germany-based company, which has 20 million fixed network customers, said 900,000 customers with specific routers have faced temporary problems and marked fluctuations in quality, with some also receiving no service at all. It added that the problems have occurred in a wide region, not in a specific area.

  • San Francisco’s Muni Hacked

    It seems that on Friday, right in the midst of busy Thanksgiving weekend holiday traffic, the San Francisco Municipal Transportation Agency or Muni, was hit by hackers, forcing the system to offer Saturday free rides on the system’s light rail trains. The breach was apparently a ransomware attack, with the hackers demanding 100 Bitcoin, or approximately $73,000, to unencrypt the system.

    It all began when the words “You Hacked, ALL Data Encrypted” appeared on Muni agents’ screens. It’s not known whether Muni paid the ransom, although that’s considered unlikely. Operations of the system’s vehicles were not affected.

Security News

Filed under
Security
  • European Commission knocked offline by 'large scale' DDoS attack

    THE EUROPEAN COMMISSION (EC) was struck by a large-scale distributed denial of service (DDoS) attack on Thursday, bringing down its internet access for hours.

    The EC confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.

    "No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."

  • Overclocked Wearables Can Pick Up Bio-Acoustic Signals

    The sensors incorporated into wearables can sometimes be repurposed to perform tasks beyond their intended applications. For example, it's been shown that it's possible to discover a victim user’s passwords and PINs by applying a sophisticated algorithm to the data gathered by wearable embedded sensors.

    Recently, researchers at the Future Interfaces Group at Carnegie Mellon University have overclocked the accelerometer of an LG smartwatch to extend its capabilities to more than just tracking fitness. By overclocking the off-the-shelf smartwatch via some software updates, they can now detect and process very small vibrations and audio signals.

    The new technology, dubbed ViBand, can allow different apps to understand the context of your activities by capturing bio-acoustic signals.

  • The Economics of stealing a Tesla with a phone

    A few days ago there was a story about how to steal a Tesla by installing malware on the owner's phone. If you look at the big picture view of this problem it's not all that bad, but our security brains want to make a huge deal out of this. Now I'm not saying that Tesla shouldn't fix this problem, especially since it's going to be a trivial fix. What we want to think about is how all these working parts have to fit together. This is something we're not very good at in the security universe; there can be one single horrible problem, but when we paint the full picture, it's not what it seems.

  • Config fumble left Azure Red Hat Enterprise Linux wide open

    A software engineer setting up a secure Red Hat Enterprise Linux virtual machine in the cloud discovered a serious configuration flaw that could be exploited to upload arbitrary software packages to Microsoft Azure update infrastructure.

    Ian Duffy found Microsoft had configured the Red Hat Update Appliance used for Azure in such a way that an attacker could easily get access to the content delivery servers and upload packages that client virtual machines would acquire when updating.

    Duffy was able to bypass the username and password authentication on the content delivery server by running a log file collector application. Once completed, the log file collector provided a link to a downloadable compressed archive.

  • Azure bug bounty Root to storage account administrator

    In my previous blog post Azure bug bounty Pwning Red Hat Enterprise Linux I detailed how it was possible to get administrative access to the Red Hat Update Infrastructure consumed by Red Hat Enterprise Linux virtual machines booted from the Microsoft Azure Marketplace image. In theory, if exploited one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute yum update.

Security News

Filed under
Security
  • Azure bug bounty Pwning Red Hat Enterprise Linux

    Acquired administrator level access to all of the Microsoft Azure managed Red Hat Update Infrastructure that supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.

  • pledge(2) … or, how I learned to love web application sandboxing

    I use application-level sandboxing a lot because I make mistakes a lot; and when writing web applications, the price of making mistakes is very dear. In the early 2000s, that meant using systrace(4) on OpenBSD and NetBSD. Then it was seccomp(2) (followed by libseccomp(3)) on Linux. Then there was capsicum(4) on FreeBSD and sandbox_init(3) on Mac OS X.

  • [Older] Why is Apache Vulnerable by Default?

    Apache is the most popular web server on Earth, with a market share of 46.4% — well above Nginx (21.8%) and Microsoft IIS (9.8%). Thanks to Linux package managers like Yum and APT you can install and get it up and running in minutes. The core installation even features powerful modules for URL rewriting, user authentication, and more.

Security News

Filed under
Security
  • Friday's security updates
  • Linux hardening: a 15-step checklist for a secure Linux server [Ed: paywall]

    Most people assume Linux is secure, and that’s a false assumption. Imagine your laptop is stolen without first being hardened. A thief would probably assume your username is “root” and your password is “toor” since that’s the default password on Kali and most people continue to use it. Do you? I hope not.

  • Homeland Security Issues 'Strategic Principles' For Securing The Internet Of Broken Things

    For much of the last year, we've noted how the rush to connect everything from toasters to refrigerators to the internet -- without adequate (ok, any) security safeguards -- has resulted in a security, privacy and public safety crisis. At first, the fact that everything from Barbies to tea kettles were now hackable was kind of funny. But in the wake of the realization that these hacked devices are contributing to massive new DDoS botnet attacks (on top of just leaking your data or exposing you to hacks) the conversation has quickly turned serious.

    Security researchers have been noting for a while that it's only a matter of time before the internet-of-not-so-smart-things contributes to human fatalities, potentially on a significant scale if necessary infrastructure is attacked. As such, the Department of Homeland Security recently released what they called "strategic principles" for securing the Internet of Things; an apparent attempt to get the conversation started with industry on how best to avoid a dumb device cyber apocalypse.

  • Microsoft gives third-parties access to Windows 10 Telemetry data

    Microsoft struck a deal with security company FireEye recently according to a report on Australian news magazin Arn which gives FireEye access to all Windows 10 Telemetry data.

Security News

Filed under
Security
  • Microsoft is reportedly sharing Windows 10 telemetry data with third-parties

    MICROSOFT HAS REPORTEDLY signed a deal with FireEye that will see it share telemetry data from Windows 10 with the third-party security outfit.

    So says Australian website ARN, which reports that Microsoft and FireEye's partnership, which will see the security firm's iSIGHT Intelligence tools baked into Windows Defender, will also see FireEye "gain access to telemetry from every device running Windows 10."

    Microsoft uses telemetry data from Windows 10 to help identify security issues, to fix problems and to help improve the quality of its operating system, which sounds like a good thing. However, with the company previously admitting that it's latest OS is harvesting more data than any version before it, Microsoft's mega data-slurp also raised some privacy concerns.

  • Hackers attack European Commission

    The European Commission was the victim of a “large scale” cyberattack Thursday, a spokesperson said.

    “The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time. No data breach has occurred,” the spokesperson said.

  • 8 Books Security Pros Should Read

    Calling all infosec pros: What are the best books in your security library?

    On a second thought, let's take a step back. A better question may be: Do you have a security library at all? If not, why?

    Security professionals have countless blogs, videos, and podcasts to stay updated on rapidly changing news and trends. Books, on the other hand, are valuable resources for diving into a specific area of security to build knowledge and broaden your expertise.

    Because the security industry is so complex, it's impossible to cram everything there is to know in a single tome. Authors generally focus their works on single topics including cryptography, network security modeling, and security assessment.

    Consider one of the reads on this list of recommendations, Threat Modeling: Designing for Security. This book is based on the idea that while all security pros model threats, few have developed expertise in the area.

  • DoD Opens .Mil to Legal Hacking, Within Limits

    Security researchers are often reluctant to report programming flaws or security holes they’ve stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges.

    But on Nov. 21, the DoD sought to clear up any ambiguity on that front for the military’s substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules.

  • Data breach law 'will create corporate awareness'

    The introduction of a data breach law requiring disclosure of consumer data leaks is important because it will make big corporates aware they need to be transparent about their state of security, the head of a big cyber-security firm says.

    Guy Eilon, the country manager of Forcepoint, was commenting on the speech made by Dan Tehan, the minister assisting the prime minister on cyber security, on Wednesday.

  • US Navy breach: 130,000 soldiers at risk after HPE contractor hacked [iophk: "MS, possibly MS sharepoint?"]

    The Navy has acknowledged the breach and said it was made aware of the incident after being notified that a laptop belonging to an employee of Navy contractor Hewlett-Packard Enterprise (HPE) was compromised by hackers.

  • US Navy warns 134,000 sailors of data breach after HPE laptop is compromised

    Sailors whose details have been compromised are being notified by phone, letter, and e-mail, the Navy said. "For those affected by this incident, the Navy is working to provide further details on what happened, and is reviewing credit monitoring service options for affected sailors."

  • Personal data for more than 130,000 sailors stolen, admits US Navy

    A spokesman for Hewlett Packard Enterprise Services, said: “This event has been reported to the Navy and because this is an ongoing investigation, HPE will not be commenting further out of respect for the privacy of our Navy personnel.”

  • Riseup’s Canary Has Died

    Popular provider of web tools for activists and anarchists and backbone of much infrastructure for internet freedom, Riseup.net has almost certainly been issued a gag order by the US government.

Security News

Filed under
Security
  • The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant

    In January, Motherboard reported on the FBI's “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.

    In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case.

  • curl security audit

    I asked for, and we were granted a security audit of curl from the Mozilla Secure Open Source program a while ago. This was done by Mozilla getting a 3rd party company involved to do the job and footing the bill for it. The auditing company is called Cure53.

  • Personal data for more than 130,000 sailors was breached, Navy says

    The Navy was notified in October by Hewlett Packard Enterprise Services that a computer supporting a Navy contract was “compromised,” and that the names and social security numbers of 134,386 current and former sailors were accessed by unknown persons, the service said in a news release.

  • Your headphones could be spying on you

    JUST WHEN you thought you couldn’t possibly be carrying any more tracking devices, it looks like you can add another one to the mix.

    A team of researchers in Israel have discovered that with a little hardware hackery, your headphones can be used to listen in on you when plugged into your computer.

    It’s been known for a long time that if you plug a microphone into a speaker jack, it can sometimes make a tinny speaker (if you blast the volume). But what about the other way around?

    Ben Gurion University researchers have discovered that with a simple malware program which they've christened SPEAKE(a)R, Realtek codecs, which provide the built in sound on most motherboards, can be reassigned to turn the headphone jack into a microphone.

  • How to create heat maps to show who’s trying to connect your router
Syndicate content

More in Tux Machines

today's howtos

Development News

  • KDevelop 5.0.3 Open-Source IDE Improves GitHub Handling Authentication, More
    The development behind the open-source and cross-platform KDevelop IDE (Integrated Development Environment) was proud to announce on the first day of December the availability of the third point release for KDevelop 5.0 stable series. KDevelop 5.0.3 arrives one and a half months after the second maintenance update, but it's a small bugfix release that attempts to patch a total of nine issues reported by users since then. However, it's a recommended update for all users. "We are happy to announce the release of KDevelop 5.0.3, the third bugfix and stabilization release for KDevelop 5.0. An upgrade to 5.0.3 is strongly recommended to all users of 5.0.0, 5.0.1 or 5.0.2," reads the release announcement.
  • PHP 7.1.0
    The PHP development team announces the immediate availability of PHP 7.1.0.
  • PHP 7.1 Makes Its Debut
    This first major update to last year's huge PHP 7.0 release builds several new features on top. Introduced by PHP 7.1 is nullable types, a void return type, a iterable pseudo-type, class constant visibility modifiers, support for catching multiple exception types, and many other language enhancements plus more performance optimizations and other work.

Games for GNU/Linux

OSS Leftovers