Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Debian Pushes Major Kernel Update to Debian Jessie, Fixes Over 20 Security Flaws

Filed under
Security
Debian

Today, June 28, 2016, Debian Project, through Salvatore Bonaccorso, published details about a major Linux kernel security update for the Debian GNU/Linux 8 "Jessie" operating system.

Read more

Security Leftovers

Filed under
Security
  • Chrome vulnerability lets attackers steal movies from streaming services

    A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.

  • Large botnet of CCTV devices knock the snot out of jewelry website

    Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices.

    The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.

  • Study finds Password Misuse in Hospitals a Steaming Hot Mess

    Hospitals are pretty hygienic places – except when it comes to passwords, it seems.

    That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff.

    The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.

  • Why are hackers increasingly targeting the healthcare industry?

    Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack.

    In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identify theft. This personal data often contains information regarding a patient’s medical history, which could be used in targeted spear-phishing attacks.

  • Making the internet more secure
  • Beyond Monocultures
  • Dodging Raindrops Escaping the Public Cloud

Security Leftovers

Filed under
Security

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 16.04, Update Now

Filed under
Linux
Security
Ubuntu

Today, June 27, 2016, Canonical published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update.

Read more

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • Teardrop Attack: What Is It And How Does It Work?

    In Teardrop Attack, fragmented packets that are sent in the to the target machine, are buggy in nature and the victim’s machine is unable to reassemble those packets due to the bug in the TCP/IP fragmentation.

  • Updating code can mean fewer security headaches

    Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.

    In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations" build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.

  • Over half of world's top domains weak against email spoofing

    Over half of the world's most popular online services have misconfigured servers which could place users at risk from spoof emails, researchers have warned.

    According to Swedish cybersecurity firm Detectify, poor authentication processes and configuration settings in servers belonging to hundreds of major online domains are could put users at risk of legitimate-looking phishing campaigns and fraudulent emails.

Linux Kernel 4.6.3 Has Multiple Networking Improvements, Better SPARC Support

Filed under
Linux
Security

Today, June 24, 2016, renowned Linux kernel developer Greg Kroah-Hartman has announced the general availability of the third maintenance release for the Linux 4.6 kernel series.

Linux kernel 4.6.3 is here two weeks after the release of the second maintenance update in the series, Linux kernel 4.6.2, to change a total of 88 files, with 1302 insertions and 967 deletions. Unfortunately, very few GNU/Linux distributions have adopted the Linux 4.6 series, despite the fact that Greg Kroah-Hartman urged everyone to move to this most advanced kernel branch as soon as possible from Linux 4.5, which reached end of life.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Google Hacker Donates His $15,000 Bug Bounty Cash Award To Charity

    Google’s leading security engineer Tavis Ormandy recently won a bug bounty challenge run by security solutions firm Bromium and decided to donate the money to charity. Following his gesture, Bromium matched Ormandy’s donation and donated $15,000 to Amnesty International organization.

  • Mozilla Awards $385,000 to Open Source Projects as part of MOSS “Mission Partners” Program

    For many years people with visual impairments and the legally blind have paid a steep price to access the Web on Windows-based computers. The market-leading software for screen readers costs well over $1,000. The high price is a considerable obstacle to keeping the Web open and accessible to all. The NVDA Project has developed an open source screen reader that is free to download and to use, and which works well with Firefox. NVDA aligns with one of the Mozilla Manifesto’s principles: “The Internet is a global public resource that must remain open and accessible.”

  • TOR Project And Security Experts Making A “Hardened” Version Of TOR To Defeat FBI

    The TOR Project is working closely with security researchers to implement a new technique to secure the TOR Browser against the FBI’s de-anonymization exploits. Called “Selfrando”, this technique will fight the FBI’s “Code Reuse” exploits and create a “hardened” version of TOR.

Syndicate content

More in Tux Machines

Salix 14.2 Xfce Edition Officially Released Based on Slackware 14.2, Xfce 4.12

After being in development for the past three months, the Salix 14.2 Xfce Edition operating system has finally hit the stable channels, and it is now available for download. Based on the Slackware 14.2 GNU/Linux distribution and built around the lightweight and highly customizable Xfce 4.12 desktop environment, Salix 14.2 Xfce Edition ships with numerous improvements and new features that some of you who managed to test-drive the Beta and Release Candidate pre-releases are already accustomed with. Of course, many of the core components and default applications have been updated to their latest versions. Read more

Leftovers: Security

  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option
    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.
  • Emergency Service Window for Kolab Now
    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems; The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software. Read more

GNOME Control Center 3.22 to Update the Keyboard Settings, Improve Networking

The upcoming GNOME 3.22 desktop environment is still in the works, and a first Beta build was seeded to public beta testers last week, bringing multiple enhancements and new features to most of its core components and apps. While GNOME 3.22 Beta was announced on August 22, it appears that the maintainers of certain core packages needed a little more time to work on various improvements and polish their applications before they were suitable for public testing. And this is the case of GNOME Control Center, which was recently updated to version 3.21.90, which means 3.22 Beta. Read more