Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Reviewing Important Healthcare Cybersecurity Frameworks [Ed: Microsoft Windows]

    Just recently, a ransomware attack affected Hollywood Presbyterian in California, causing the hospital to pay $17,000 to regain access to its databases.

  • U.S., Canada issue joint alert on 'ransomware' after hospital attacks [iophk: The governments need to track down those spreading Windows in the hospitals.]

    The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked.

    The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

  • NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info

    The National Institute of Standards and Technology (NIST) has developed new encryption methods for securing financial data and other sensitive information.

    The NIST publication SP 800-38G authored by Morris Dworkin specifies cryptography standards for both binary and non-binary data, preserving the look and feel of the unencrypted digits. Earlier encryption methods designed by NIST worked for binary data. But for strings of decimal numbers, there was no feasible technique to produce coded data that preserves the original format.

LibreOffice 5.2 Launches in August, First Bug Hunting Session Starts April 22

Filed under
LibO
Security

On March 31, 2016, The Document Foundation Co-Founder Italo Vignoli announced the release plan for the upcoming major release of the world's popular free office suite, LibreOffice 5.2.

Read more

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Your router could succumb to a new Telnet worm

    Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

    Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

  • Remaiten Is a New DDoS Bot Targeting Linux-Based Home Routers

    Malware coders have created a new DDoS bot called Remaiten that targets home routers running on common Linux architectures, which also shares a lot of similarities with other DDoS bots like Tsunami and Gafgyt.

  • Oh, Look: Yet Another Security Flaw In Government Websites

    Or worse. The open direct could lead to spyware and malware, rather than just advertising masquerading as content or bottom-feeder clickbait. Fortunately, you can keep an eye on what URLs are being reached using these open redirects via this link. Unfortunately, it may be only citizens keeping an eye on that page, and they're in no position to prevent further abuse.

  • CNBC Asks Readers To Submit Their Password To Check Its Strength Into Exploitable Widget

    People's passwords and their relative strength and weakness is a subject I know quite well. As part of my business, we regularly battle users who think very simple passwords, often times relating to their birthdays and whatnot, are sufficient. Sometimes they simply make "password" or a similiar variant their go-to option. So, when CNBC put together a widget for readers to input the passwords they use to get feedback on their strength or weakness, I completely understand what they were attempting to accomplish. Password security is a real issue, after all -- which is what makes it all the more face-palming that the widget CNBC used was found to be exploitable.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Linux Security Summit 2016 – CFP Announced!

    The 2016 Linux Security Summit (LSS) will be held in Toronto, Canada, on 25th and 26th, co-located with LinuxCon North America. See the full announcement.

  • Tuesday's security updates
  • Your computerdump sister also can hack Linux – Orange Tekno Time

    A newly discovered vulnerability makes it incredibly easy to break into a large pool of Linux-based computers. A security hole found in Grub2, a widely-used bootloader in many Linux distributions including Ubuntu and Red Hat, allows a user to login to a computer by pressing the backspace key 28 times. Various Linux distributions have released a patch for the vulnerability.

  • New DDoS Defense Turns Servers Into 'Moving Targets'

    The distributed denial-of-service (DDoS) attack is the classic cheap hack. It requires virtually nothing of those who wield it beyond the ability to download something from the internet, yet a DDoS offers unusually public consequences (most real security breaches happen in the dark). It is also difficult to defend against, in some part because it doesn't involve actually breaching a network at all—just flooding it with more innocuous-seeming traffic than it can handle.

  • Google Offers Rare Glimpse at Its Data Center Security Measures

    Laser beam intrusion detection systems, iris scanners and customized access cards are just some of the controls that Google uses to protect its data centers.

    A laser beam intrusion detection system, customized electronic access cards and biometric iris scans are just some of the multilevel security measures that Google has implemented to control access to its data centers.

  • Ransomware is scary, but not for the reasons you think it is

    If we keep thinking about this and bring the ransomware to its logical conclusion, the future versions are going to request a constant ongoing payment. Not a one time get out of jail free event. Why charge them once when you can charge them over and over again? Most modern infrastructures are complex enough it will be hard to impossible to remove an extremely clever bit of malware. It's going to be time for the good guys to step it up here, more thoughts on that some other day though.

    There is even a silly angle that's fun to ponder. We could imagine ransomware that attacks other known malware. If the ransomware is getting a constant ongoing payment, it would be bad if anything else could remove it, from legitimate software to other ransomware. While I don't think antivirus and ransomware will ever converge on the same point, it's still fun to think about.

KDE Plasma 5.6 Gets Its First Point Release, Brings Small Bug Fixes

Filed under
KDE
Security

Today, March 29, 2016, KDE had the great pleasure of announcing the immediate availability of the first point release for the stable KDE Plasma 5.6 desktop environment.

Read more

Security Leftovers

Filed under
Security
  • XSS Hits Zen Cart Open-Source E-commerce App

    Multiple Cross-Site Scripting (XSS) vulnerabilities have been uncovered in the popular online open source shopping cart application, Zen Cart.

    XSS, allows the attacker to inject malicious client-side scripts into a website, which are later executed by the victims while browsing the website. There are different cross-site scripting variants, all of which can be used to craft different types of attacks. In this case, malicious XSS injections could result in hackers gaining access to cookies and sensitive information, and could allow site defacement, which can result in further attacks.

  • Popular Shopping Cart App Plugs Dozens of XSS Vulnerabilities

    Popular open source shopping cart app Zen Cart is warning its users of dozens of cross-site scripting vulnerabilities found in its software. Affected websites, security experts say, risk exposing customers to malware, theft of cookies data and site defacement.

    Researchers at the security firm Trustwave discovered the vulnerabilities in September 2015 and have worked closely with Zen Cart to update the (1.5.4) shopping cart software. On March 17, Zen Cart released a 1.5.5 update to its software along with a patch for previous versions of Zen Cart, for those customers that wanted to continue using the older platform. Public disclosure of the vulnerability was on Friday.

  • CVE-2016-0774 Linux Kernel moderate vulnerability

A Peek At Upcoming Open Source Enhancements In IBM i

Filed under
OSS
Security

It's hard to quantify the value created through open source development of software. Last year, the Linux Foundation released a white paper that found the total value of the development of the Linux operating system amounted to $5 billion. In 2013, IBM itself committed to donating $1 billion in cold hard cash to further development of Linux and other open source projects. When one considers that nearly all of the cutting-edge IT work being done in distributed computing (i.e., the worlds of Hadoop, Spark, Kafka, and NoSQL databases) involves open sharing of source code--mostly through the Apache Software Foundation--then the humongous value that open source brings comes into view.

Read more

Syndicate content

More in Tux Machines

More From Red Hat Summit

Android Leftovers

Ubuntu 16.10 Alpha 1 to Come Only in Ubuntu MATE, Ubuntu Kylin & Lubuntu Flavors

In only two days from the moment of writing this article, we will be able to get a very early taste of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system, as the first Alpha build should be released, as planned, on June 30, 2016. Read more

Lenovo and Red Hat advance partnership with telco push

Two Triangle tech titans are teaming up to create cloud solutions for the changing telco space: Lenovo and Red Hat. It’s not their first collaboration, says Brian Connors, vice president of next generation IT and business development in Lenovo’s Research Triangle Park-based Data Center Group. Red Hat even invested in Lenovo’s RTP executive briefing center, where its technology is currently “displayed prominently as customers come in." Read more