Language Selection

English French German Italian Portuguese Spanish

Security

Fysbis: The Linux Backdoor Used by Russian Hackers

Filed under
Linux
Security

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Thursday
  • These Vigilante Hackers Aim To Hack 200,000 Routers To Make Them More Secure

    Remember the white hat hackers — The White Team — responsible for creating the Linux.Wifatch malware last October? The same hackers are now planning to take over Lizard Squad’s botnet of infected IoT devices in an attempt to shut down their operations.

  • Skimmers Hijack ATM Network Cables

    If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.

Three nginx Vulnerabilities Closed in Ubuntu OSes

Filed under
Security

Canonical published details in a security notice regarding a few nginx vulnerabilities that have been identified in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

The Linux Foundation’s Core Infrastructure Initiative Working with White House on Cybersecurity National Action Plan

Filed under
Linux
Security

The White House today announced its Cybersecurity National Action Plan (CNAP), which includes a series of steps and programs to enhance cybersecurity capabilities within the Federal Government and across the country. In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative(CII) to better secure Internet "utilities" such as open-source software, protocols and standards.

Read more

Security Leftovers

Filed under
Security
  • Docker Engine Hardened with Secure Computing Nodes and User Namespaces

    Enterprise systems need enterprise-grade security. With this in mind, Docker Inc. has updated its core container engine with some potentially powerful security measures.

    Docker Inc. has described this release as “huge leap forward for container security.” The company also added a plethora of networking enhancements to Docker 1.10, released Thursday.

  • USENIX Enigma 2016 - Defending, Detecting, and Responding to Hardware and Firmware Attacks
  • Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

    Security researchers have found vulnerabilities in Graphite, also known as Libgraphite font processing library, that affects a number of systems. The vulnerabilities, if exploited, allow an attacker to seed malicious fonts to a machine. The Libgraphite library is utilised by Linux, Thunderbird, WordPad, Firefox, OpenOffice, as well as several other major platforms and applications.

    Security researchers from Cisco have posted an advisory to outline four vulnerabilities in the Libgraphite font processing library. One of the vulnerabilities allows the attackers to execute arbitrary code on the machine, and among other things, crash the system.

Tails 2.0

Filed under
Reviews
Security
Debian

The newest 2.0 release of Tails brings many enhancements to the distribution. Tails is now based on Debian 8 (Jessie), so packages from the 1.x releases of Tails have been updated to much newer versions. The desktop environment is now GNOME 3.14 running in Classic mode, which is a major advancement over the GNOME 3.4. desktop used in Tails 1.x. However, there is one drawback to this update -- Tails' optional Windows 8 look-alike theme is no longer available. While I normally do not like look-alike themes, having the desktop look like Windows 8 was an understandable and helpful feature in Tails. GNOME 3's Classic mode is a nice, clean environment, but it does not look like Windows or Mac OS X, so using Tails in public is bound to attract some attention.

Read more

Security Leftovers

Filed under
Security
  • ‘White hat’ then, Red Hat now

    “From white hat to Red Hat,” was the joke a senior executive of Red Hat quipped to Alessandro Perilli, after hearing excerpts from The Manila Times interview with him, to which Perilli answered back with a wink, and a seemingly knowing smile. In the vast world of technology, a “white hat” is an internet slang, which refers to an ethical computer hacker or a computer security expert who hacks with the intention of improving security systems.

    Perilli is currently the general manager for Cloud Management Strategy for Red Hat, the world’s leading provider of open source solutions. The technology company recently hosted a full-house Red Hat Forum Asia Pacific in Manila, where key senior executives were in attendance.

  • Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox

    Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts.

  • Air Force to develop cyber-squadrons, Gen. Hyten says at Broadmoor symposium

    The Air Force plans to revolutionize how it handles computer warfare by beefing up its force of cyberspace experts while contracting out easier jobs, like running the service's network.

  • USENIX Enigma 2016 - Usable Security–The Source Awakens

Security Leftovers

Filed under
Security
  • Rootkit Security: The Next Big Challenge

    Combining this with the Juniper issue, where VPN communication could have been hacked, got me thinking about how firmware can be verified and how to ensure that it’s doing what we think it should be doing and not what someone else wants it to do.

  • What Are Your Container Security Options?

    When virtual machine technology emerged, many organizations' initial approach to security was to apply the same security measures to virtual machines as they did to physical machines. Only later did more specialized software emerge that was specifically designed to meet the security requirements of virtual machines.

    That process is now beginning to repeat itself, with software specifically designed to meet the security requirements of containers now starting to emerge. Some examples of specialized container security software include Clair and Twistlock.

  • In the shadows of the cyber colossus

    It might come as a surprise that South Africa is not always rated near the bottom in international surveys. According to various reports, the country comes out either third or sixth in the world of top cyber crime hotspots.

  • Mysterious spike in WordPress hacks silently delivers ransomware to visitors

    It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.

Syndicate content

More in Tux Machines

No Ubuntu Back Doors, Windows and Mac Migrations

Today in Linux news Microsoft's market share has dipped below 90% and Mac is disappearing from Linux conventions. Ubuntu founder Mark Shuttleworth said in an interview today that security and encryption are a commitment of Ubuntu's. Jesse Smith reviewed the latest version of Ubuntu and OMG!Ubuntu! shared some glimpses of Ubuntu in the wild. Bryan Lunduke listed 12 "Linux geeks" all users should follow on social media and Sandra Gittlen highlighted six colleges that "immerse students in Open Source." Read more

pfSense 2.3 Open-Source BSD Firewall Gets Patch That Fixes NTP Security Issues

pfSense developer Chris Buechler announced the availability of a small update for the stable pfSense 2.3 open-source firewall platform based on the FreeBSD operating system. Introduced as pfSense 2.3 Update 1, this is a small patch that only fixes the recently discovered security issues in the Network Time Protocol (NTP) packages, upgrading them from version 4.2.8p6 to 4.2.8p7, and it shouldn't be confused with pfSense 2.3.1, which will be released in the coming weeks as the first maintenance build. Read more

Contributing to open source software with Ian Varley of Salesforce

With open source, you're expanding the sphere of people who might potentially care a lot about your code. You find others who have similar problems, and who can leverage your work and maybe even extend it. The knowledge that you've helped someone avoid "rebuilding the wheel" is really gratifying, and it's amplified when those people actually start getting so involved that they give you contributions of code or ideas. The project picks up steam, and you might even get unforeseen help tackling those issues you didn't have bandwidth to tackle yourself. Really, it's the gift that keeps on giving. Read more

IPFire 2.19 Core Update 101 Patches Cross-Site-Scripting Vulnerability in Web UI

The development team behind the IPFire software have announced the general availability of the Core Update 101 of the IPFire 2.19 Linux kernel-based firewall distribution. Read more