Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Linux botnet attacks increase in scale

    Hackers are using malware which targets Linux to build botnets to launch distributed denial of service (DDoS attacks) security researchers have warned.

    The so-called BillGates Trojan botnet family of malware - apparently so named by the virus writers because it targets machines running Linux, not Windows - has been labelled with a "high" risk factor in a threat advisory issued by Akamai's Security Intelligence Research Team.

  • Mumblehard takedown ends army of Linux servers from spamming

    One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016.

    ESET is operating a sinkhole server for all known Mumblehard components. We are sharing the sinkhole data with CERT-Bund, which is taking care of notifying the affected parties around the world through their national CERTs.

  • Ubuntu patches Linux kernel security bugs
  • Linux Kernel Security Bugs Patched

    Ubuntu users can install the update via the Unity Dash. To update, search the Unity Dash for the Software Updater utility and allow the program to reload the software repositories and search for new drivers. Once the Software Updater has found the updates, simply click on the "Install All" button to install them on your machine. Since this is a kernel update, you will need to reboot your device after the update. Canonical notes that the kernel updates have been given a new version number, which may require some users to recompile and reinstall all third party kernel modules.

  • Google reveals its shift to an open security architecture

    Google has revealed how it completely changed its security architecture, shifting from a traditional infrastructure to a more open model in which all network traffic is treated with suspicion.

    The project, called BeyondCorp, shifted the company from a perimeter security model to one where access to services and tools are not gated according to a user's physical location or their originating network, but instead deploys access policies based on information about a device, its state and associated user.

Security Leftovers

Filed under
Security

IoT and Linux

Filed under
Linux
Security
  • Linux’s Torvalds surprised by IoT uptake

    Linux founder Linus Torvalds is starting to appreciate the use of his operating system as a backbone for embedded systems, especially in the world of Internet of Things (IoT), speaking at the Embedded Linux Conference & OpenIoT Summit for the first time this week.

  • Linus Torvalds isn't worried about IoT security

    Devices like smart heaters, smart bulbs and smart refrigerators have direct access to unlimited power supply; they have direct access to the internet. And things can go really bad.

    And with IDC predicting that the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020, security is becoming a very serious topic.

  • Samsung's SmartThings

    If you pick up a Samsung Smart TV this year, you'll be certain to find "Linux Inside" in many ways. Samsung continues to build on its Tizen-powered Smart TV UI, which this year it will enhance with integrated SmartThings IoT hub technology, enabling the TV as the control center for a smart home. Samsung's SUHD TVs for 2016 will enable users to connect with, control and monitor hundreds of other compatible devices including lights, locks, thermostats, cameras, speakers, appliances, sensors and the like.

Canonical Patches Six New Linux Kernel Vulnerabilities in Ubuntu 15.10 and 14.04

Filed under
Security
Ubuntu

Today, April 6, Canonical has announced the availability of new kernel versions for its Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.10 for Raspberry Pi 2, and Ubuntu 14.04 LTS (Trusty Tahr) operating systems.

Read more

Security Leftovers

Filed under
Security
  • Shodan2Sheets

    After spending last night working on a Reverse DNS Function for Google Sheets I couldnt leave well enough alone and wrote Shodan2Sheets tonight using the shodan.io api.

  • Security is a process, not a reaction

    If this sounds familiar, you are probably running a web application of some kind. Maybe your whole business depends on it. Maybe you didn't hear about the latest world-on-fire vulnerability. Panic.

    How do you keep up with security issues when everything is happening so fast? Which parts of your technical stack are the most at risk? Is the customer data safe? Do you really need to care?

  • Three-year-old IBM patch for critical Java flaw is broken

    Attackers can easily bypass the patch to exploit a vulnerability that allows them to escape from the Java security sandbox

  • FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

    The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

    The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.

  • Sources: Trump Hotels Breached Again

    Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.

Security Leftovers

Filed under
Security

Matriux Linux Operating System For Hackers — An Alternative To Kali Linux

Filed under
GNU
Linux
Security

Matriux is an open source Linux-based operating system that’s designed in accordance with the needs of security researchers and professionals. The OS comes with more than 300 hacking tools that include the likes of Wireshark, Aircrack-ng, Nmap, Vidalia, TrueCrypt and more. Matriux hacking OS features a traditional desktop environment that’s powered by GNOME Classic

Read more

Security Leftovers

Filed under
Security
  • Linux Ransomware and why everyone could be affected [Ed: Bitdefender ad as ‘article’]
  • Kaiten targets Linux routers, gateways, access points and now IoT

    Change default passwords on network equipment even if it is not reachable from the Internet.

  • Security is really about Risk vs Reward

    Every now and then the conversation erupts about what is security really? There's the old saying that the only secure computer is one that's off (or fill in your favorite quote here, there are hundreds). But the thing is, security isn't the binary concept: you can be secure, or insecure. That's not how anything works. Everything is a sliding scale, you are never secure, you are never insecure. You're somewhere in the middle. Rather than bumble around about your risk though, you need to understand what's going on and plan for the risk.

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Syndicate content

More in Tux Machines

More From Red Hat Summit

Android Leftovers

Ubuntu 16.10 Alpha 1 to Come Only in Ubuntu MATE, Ubuntu Kylin & Lubuntu Flavors

In only two days from the moment of writing this article, we will be able to get a very early taste of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system, as the first Alpha build should be released, as planned, on June 30, 2016. Read more

Lenovo and Red Hat advance partnership with telco push

Two Triangle tech titans are teaming up to create cloud solutions for the changing telco space: Lenovo and Red Hat. It’s not their first collaboration, says Brian Connors, vice president of next generation IT and business development in Lenovo’s Research Triangle Park-based Data Center Group. Red Hat even invested in Lenovo’s RTP executive briefing center, where its technology is currently “displayed prominently as customers come in." Read more