Language Selection

English French German Italian Portuguese Spanish

Security

Security: Fake Authentication 'Solution', Cryptojacking, and Meltdown's Linux Patches

Filed under
Security

Apple Code Accidentally 'Liberated'

Filed under
Mac
Security

Security: Apple Hardware, NSA Cracks/Leaks, and Hardware Patches for Linux

Filed under
Security
  • Apple’s AirPods Catch Fire in Owner’s Ears, Eventually Explode

    If there’s something we learned in the last couple of years about smartphones, it’s that we should always keep an eye on them, especially when charging, as the current battery technologies that are being used could catch fire at any moment, eventually posing as a threat to our lives.

    And now it turns out we should do the same thing with headphones given this new wireless trend that Apple is aggressively pushing for, as the company’s new AirPods have recently been involved in a terrifying incident.

  • NSA code backported, crims cuffed, leaky AWS S3 buckets, and more

    Chris Vickery and the Upguard team have had a busy week, exposing not one but two cases where companies are storing material online in Amazon S3 buckets without proper safeguards.

    On Monday, he outed Octoly, a Paris-based brand marketing company that chucks freebie goodies at social media influencers in exchange for getting positive press coverage. Unfortunately, the agency left the contact details for 12,000 of these hipsters-for-hire online for all to see.

    (For the record, it should be pointed out that we at El Reg never provide positive coverage in exchange for freebies. We'll happy let a PR buy us a drink or six, or a slap-up steak meal, or a trip to Hawaii, but that's not reflected in our copy.)

  • ARM's Spectre & Meltdown Mitigation Being Backported To Linux 4.15

Security: SCADA, Police, Cisco and LibreOffice

Filed under
Security
  • Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack

    At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows [...]

  • In a first, cryptocurrency miner found on SCADA network

    Windows malware that mines for cryptocurrencies has, for the first time, been found in the network of an industrial control system at an operational treatment plant for a water utility, Radiflow, a security provider for critical infrastructure, says.

  • Tech site seeks probe into London cops' malware purchase

    The tech website Motherboard has asked London's Metropolitan Police Service and an independent government organisation to institute a probe into why an MPS officer bought malware that can intercept messages on Facebook, steal passwords and operate a smartphone camera remotely.

  • Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase

    London police have refused to explain why an officer bought powerful spyware that was marketed for spying on a user's spouse.

  • That mega-vulnerability Cisco dropped is now under exploit

    When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

  • libreoffice-remote-arbitrary-file-disclosure

    LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Security: Linux on z, Updates, and Bounty

Filed under
Security

Security: $45000 bounty, KDE Plasma, Spectre/Meltdown, and Apple

Filed under
Security

Hands-On: Kali Linux 2018.1 on the Raspberry Pi Zero W

Filed under
Linux
Reviews
Security

The installation image is actually on the Offensive Security Kali Linux ARM Images page, so don't get confused if you go to the normal Kali Linux Downloads page and don't see it. There is a link to the ARM images near the bottom of that page.

As with most Raspberry Pi installation images, the download is a compressed (xz) snapshot, not an ISO image.

Read more

Zerodium offers $45000 for Linux zero-day vulnerabilities

Filed under
Linux
Security

Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system.

On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer increased payouts of up to $45,000 for local privilege escalation (LPE) exploits.

The zero-day, unreported vulnerabilities, should work with default installations of Linux such as the popular Ubuntu, Debian, CentOS, Red Hat Enterprise Linux (RHEL), and Fedora builds.

Read more

Security: Data Breaches, Apple, and DRM Threats

Filed under
Security
  • Data breach law: primary concern is information security, says expert

    The primary concern for businesses after the Australian data breach law takes effect on 22 February will be information security, as without that in place, it will not be possible to protect personal information, an expert in cyber security and law says.

  • Apple confirms source code for iBoot leaked to GitHub

    Apple has confirmed that the source code for iBoot from a version of iOS was posted on GitHub on Thursday, with the company forced to make the admission as it filed a DMCA takedown request to the hosting site.

  • Warning hackers quick to bypass anti-virus walls in latest attacks

    Anti-virus software doesn’t stop new threats or advanced malicious-email attacks.as hackers use scam emails to deliver new ‘fast-break’ or ‘zero-day’ attacks, according to security firm MailGuard.

  • Thousands of students affected in online data leak

    According to Helsingin Sanomat the leak was due to an online security breach on the servers of the matriculation examination board's website. Approximately 7,695 students have fallen victim to the leak.

  • EFF vs IoT DRM, OMG!

    What with the $400 juicers and the NSFW smart fridges, the Internet of Things has arrived at that point in the hype cycle midway between "bottom line" and "punchline." Hype and jokes aside, the reality is that fully featured computers capable of running any program are getting cheaper and more powerful and smaller with no end in sight, and the gadgets in our lives are transforming from dumb hunks of electronics to computers in fancy cases that are variously labeled "car" or "pacemaker" or "Alexa."

    We don't know which designs and products will be successful in the market, but we're dead certain that banning people from talking about flaws in existing designs and trying to fix those flaws will make all the Internet of Things' problems worse.

What Is Kali Linux, and Do You Need It?

Filed under
GNU
Linux
Security

If you’ve heard a 13-year-old would-be hacker talking about how 1337 they are, chances are, Kali Linux came up. Despite it’s script kiddie reputation, Kali is actually a real tool (or set of tools) for security professionals.

Kali is a Linux distribution based on Debian. Its goal is simple; include as many penetration and security audit tools as possible in one convenient package. Kali delivers, too. Many of the best open-source tools for conducting security tests are collected and ready to use.

Read more

Syndicate content

More in Tux Machines

FoundationDB Source Code Shared

​Learn to use GitHub, ​GitHub Releases Atom 1.26

  • ​Learn to use GitHub with GitHub Learning Lab
    The most popular open-source development site in the world is GitHub. It's used by tens of millions of developers to work on over 80 million projects. It's not just a site where people use Linus Torvalds' Git open-source distributed version control system. It's also an online home for collaboration, a sandbox for testing, a launchpad for deployment, and a platform for learning new skills. The GitHub Training Team has now released an app, GitHub Learning Lab, so you can join the programming party. GitHub Learning Lab is not a tutorial or webcast. It's an app that gives you a hands-on learning experience within GitHub. According to GitHub, "Our friendly bot will take you through a series of practical, fun labs that will give you the skills you need in no time--and share helpful feedback along the way."
  • Atom 1.26
    Atom 1.26 has been released on our stable channel and includes GitHub package improvements, fuzzy-finder support for Teletype and file system watcher improvements.
  • Atom Hackable Text Editor Gets GitHub Package, Filesystem Watcher Improvements
    GitHub announced the release of the Atom 1.26 open-source and cross-platform hackable text editor for Linux, macOS, and Windows platforms with more improvements and bug fixes. In Atom 1.26, the GitHub package received various improvements and new features, among which we can mention the ability of the ’s Git pane to display a read-only list of recent commits for quick reference, and support for storing your GitHub username and password credentials in the Git authentication dialog.

Games Leftovers

Linux and Linux Foundation

  • V3D DRM Driver Steps Towards Mainline Kernel, Renamed From VC5
    The Broadcom VC5 driver stack is being renamed to V3D and developer Eric Anholt is looking at merging it into the mainline Linux kernel. The VC5 DRM/KMS and Mesa code has been for supporting the next-generation Broadcom VideoCore 5 graphics hardware that's only now beginning to appear in some devices, well, it seems one device so far. Though as I pointed out a few months back, there's already "VC6" activity going on too as the apparent successor to VC5 already being in development.
  • Azure Sphere Makes Microsoft an Arm Linux Player for IoT [Ed: Microsoft marketing at LF (only runs on/with Windows and Visual Studio etc.)]
  • Keynotes Announced for Automotive Linux Summit & OS Summit Japan [Ed: "Senior Software Engineer, Microsoft" in there; LF has once again let Microsoft infiltrate Linux events; in the words of Microsoft’s chief evangelist, “I’ve killed at least two Mac conferences. […] by injecting Microsoft content into the conference, the conference got shut down. The guy who ran it said, why am I doing this?”]
    Automotive Linux Summit connects those driving innovation in automotive Linux from the developer community with the vendors and users providing and using the code, in order to propel the future of embedded devices in the automotive arena.