Language Selection

English French German Italian Portuguese Spanish

Security

Security: Windows/NSA Back Doors and 'Joys' of Cryptocurrency Malware

Filed under
Microsoft
Security

Security: Linux Kernel Runtime Guard (LKRG), Windows Malware, and Black Duck's Latest FUD

Filed under
Security
  • OpenWall unveils kernel protection project

    The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

    In the company's explanation, the Linux Kernel Runtime Guard (LKRG) is described as a module that “attempts to post-detect and hopefully promptly respond to unauthorised modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection).”

    Developed by Adam Zabrocki (@adam_pi3) and now championed by OpenWall, the first cut of the code landed last week.

  • Complex PZChao Windows malware has more than one string to its bow

    Security firm Bitdefender says it has been monitoring a complex custom-built piece of Windows malware, that it has named PZChao because of the name of the domain at which its command and control server resides.

  • Monero Cryptocurrency Miner Leverages NSA Exploit

    In a growing development, attackers have leveraged an exploit found in almost all generations of Microsoft Windows. EternalBlue is a security vulnerability that allowed WannaCry to run rampant in over 150 different countries and took down parts of the National Health Service (NHS), as well as Petya/NonPetya (a strain of ransomware that inspired NATO to assemble an entire cyber operation to combat it).

  • Monero mining botnet uses NSA exploit to infect Windows servers

    Microsoft Windows servers around the globe are playing host to a mining botnet known as Smominru Monero, which may have made as much as US$3.6 million for its operators based on the current value of the Monero cryptocurrency.

  • Health tech and open source– what should manufacturers do to keep medical devices safe? [Ed: Black Duck spreads FUD, as usual. Pretends to be doing journalism, but here it just promotes its proprietary things.]

SUSE releases live patching for big iron, real-time OS update

Filed under
Security
SUSE

Germany-based Linux vendor SUSE Linux has launched live patching for its enterprise Linux distribution that runs on IBM Power Systems and also a service pack for its real-tine enterprise distribution that will enable systems running it to handle both real-time and non-real-time workloads on a single virtual machine.

Read more

Security: The Internet of Connected Sex Toys, Gas Stations, Hospitals With Windows and More

Filed under
Security
  • The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

    The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk.

    The sex tech industry has been a top-to-bottom series of farces and catastrophes. [...]

  • These app-controlled sex toys can be 'remotely taken over by hackers'

    In an advisory published Thursday (1 January), researchers said bugs in a customer database meant that attackers could have easily accessed user details, including "names, cleartext passwords and explicit image galleries" being stored by the company.

  • Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

    Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

    But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

    The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store's network. An attacker could also simply alter fuel prices and steal petrol.

  • Healthcare IT Systems: Tempting Targets for Ransomware

    Well, there’s no use in waiting, I suppose. Two Thursdays ago, Chicago-based electronic health records provider Allscripts Healthcare Solutions suffered a ransomware attack that paralyzed some of its services. This past Friday, the company announced it had completely recovered from the cyberattack. But not before a class action lawsuit [pdf] was filed against it by an orthopedic non-surgery practice for failing to secure its systems and data from a well-known cybersecurity threat, i.e., a strain of SamSam.

    The ransomware attack impaired Allscripts’ data centers in Raleigh and Charlotte, North Carolina, affecting a number of applications, such as its Professional EHR and Electronic Prescriptions for Controlled Substances (EPCS) hosted services, which were mostly restored within five days, according to the company. Other services, like clinical decision support, analytics, data extraction, and regulatory reporting, took the longest to make operational again.

  • Pwn2Own 2018 Expands Targets and Raises Prize Pool to $2M

    The annual Pwn2own hacking competition run by Trend Micro's Zero Day Initiative (ZDI) is set to return for 2018, along with a longer list of targets and more money for security researchers, than ever before.

    Pwn2own is a security researcher contest that typically has two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies. The first event of 2018 is set for March 14-16 and will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category.

  • Disable Flash Player!! Critical Vulnerability Gives Away Your System Controls

Proprietary Security: Abobe, Windows, and Patching Buggy Chips

Filed under
Security
  • An Adobe Flash 0day is being actively exploited in the wild

    The critical, use-after-free vulnerability, which is indexed as CVE-2018-4877, resides in the latest version of the widely installed Flash, researchers from Cisco Systems' Talos group said in a blog post. Adobe said separately that versions earlier than current Flash 28.0.0.137 are also susceptible. The vulnerability came to light on Wednesday when South Korea's CERT issued an advisory warning that attack code was circulating in the wild that exploited the zeroday flaw.

    Talos said the exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. Once the SWF object is triggered, it installs ROKRAT, a remote administration tool Talos has been tracking since January 2017. Until now, the group behind ROKRAT—which Talos calls Group 123—has relied on social engineering or exploits of older, previously known vulnerabilities that targets hadn't yet patched. This is the first time the group has used a zeroday exploit.

  • Cryptocurrency botnets are rendering some companies unable to operate

    Like Zealot, Smominru uses other exploit techniques to infect targeted computers, but it can fall back on the NSA-developed EternalBlue in certain cases, presumably for spreading from machine to machine inside infected networks or when other infection techniques fail on a machine that hasn't been patched. Smominru also makes use of the Windows Management Interface. Proofpoint said that the botnet is also likely exacting a punishing performance impact on the business networks it infects by slowing down servers and driving up electricity costs.

  • 6 important security takeaways from applying Spectre and Meltdown patches

    A flurry of patching commenced across all industries once these vulnerabilities came to light due to the severity involved. Here are seven important lessons I took away from the process:]...

Meltdown-Spectre Latest

Filed under
Security

Security: Updates for FOSS, Botnets for Windows

Filed under
Security

Which Linux Kernel Version Is ‘Stable’?

Filed under
Linux
Security

Almost every time Linus Torvalds releases a new mainline Linux kernel, there's inevitable confusion about which kernel is the "stable" one now. Is it the brand new X.Y one, or the previous X.Y-1.Z one? Is the brand new kernel too new? Should you stick to the previous release?

The kernel.org page doesn't really help clear up this confusion. Currently, right at the top of the page. we see that 4.15 is the latest stable kernel -- but then in the table below, 4.14.16 is listed as "stable," and 4.15 as "mainline." Frustrating, eh?

Unfortunately, there are no easy answers. We use the word "stable" for two different things here: as the name of the Git tree where the release originated, and as indicator of whether the kernel should be considered “stable” as in “production-ready.”

Read more

Security: Flash, FOSS and More

Filed under
Security
  • New Adobe Flash Zero-Day Spotted in the Wild

    South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

    According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

    "An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents.

  • Growth of open source adoption increases number of security vulnerabilities [Ed: No, Equifax was the opposite. It's proof that patches were available but were not being applied.]

    The 2017 Equifax breach served as a major PSA of the growing size and scope of security vulnerabilities in open source — software components and applications. Despite many of them being “known,” these security flaws pose a potentially debilitating risk to enterprise security.

  • Software Composition Analysis: Identify Risk in Open Source Componentsf

    In March of 2017, it was reported that certain versions of the Apache Struts 2 Framework were vulnerable to Remote Code Execution attacks. If you were using a vulnerable version of the Apache Struts 2, the recommended remediation was to upgrade to Apache Struts 2.3.32 or 2.5.10.1. The issue was a Remote Code Execution bug in the Jakarta Multipart parser of Apache Struts 2 that could allow an attacker to execute malicious commands on the server when uploading files based on the parser.

  • Mitigating known security risks in open source libraries

    This chapter focuses on all you should know about fixing vulnerable packages, including remediation options, tooling, and various nuances. Note that SCA tools traditionally focused on finding or preventing vulnerabilities, and most put little emphasis on fix beyond providing advisory information or logging an issue. Therefore, you may need to implement some of these remediations yourself, at least until more SCA solutions expand to include them.

  • How to eliminate the default route for greater security

Spectre/Meltdown Pits Transparency Against Liability: Which is More Important to You?

Filed under
Security

There is a lot of righteous anger directed toward Intel over CPU bugs that were revealed by Spectre/Meltdown. I agree that things could have been handled better, particularly with regards to transparency and the sharing of information among the relevant user communities that could have worked together to deploy effective patches in a timely fashion. People also aren’t wrong that consumer protection laws obligate manufacturers to honor warranties, particularly when a product is not fit for use as represented, if it contains defective material or workmanship, or fails to meet regulatory compliance.

However, as an open source hardware optimist, and someone who someday aspires to see more open source silicon on the market, I want to highlight that demanding Intel return, exchange, or offer rebates on CPUs purchased within a reasonable warranty period is entirely at odds with demands that Intel act with greater transparency in sharing bugs and source code.

Read more

Syndicate content

More in Tux Machines

Linux 4.18 RC2 Released From China

  • Linux 4.18-rc2
    Another week, another -rc. I'm still traveling - now in China - but at least I'm doing this rc Sunday _evening_ local time rather than _morning_. And next rc I'll be back home and over rmy jetlag (knock wood) so everything should be back to the traditional schedule. Anyway, it's early in the rc series yet, but things look fairly normal. About a third of the patch is drivers (drm and s390 stand out, but here's networking and block updates too, and misc noise all over). We also had some of the core dma files move from drivers/base/dma-* (and lib/dma-*) to kernel/dma/*. We sometimes do code movement (and other "renaming" things) after the merge window simply because it tends to be less disruptive that way. Another 20% is under "tools" - mainly due to some selftest updates for rseq, but there's some turbostat and perf tooling work too. We also had some noticeable filesystem updates, particularly to cifs. I'm going to point those out, because some of them probably shouldn't have been in rc2. They were "fixes" not in the "regressions" sense, but in the "missing features" sense. So please, people, the "fixes" during the rc series really should be things that are _regressions_. If it used to work, and it no longer does, then fixing that is a good and proper fix. Or if something oopses or has a security implication, then the fix for that is a real fix. But if it's something that has never worked, even if it "fixes" some behavior, then it's new development, and that should come in during the merge window. Just because you think it's a "fix" doesn't mean that it really is one, at least in the "during the rc series" sense. Anyway, with that small rant out of the way, the rest is mostly arch updates (x86, powerpc, arm64, mips), and core networking. Go forth and test. Things look fairly sane, it's not really all that scary. Shortlog appended for people who want to scan through what changed. Linus
  • Linux 4.18-rc2 Released With A Normal Week's Worth Of Changes
    Due to traveling in China, Linus Torvalds has released the Linux 4.18-rc2 kernel a half-day ahead of schedule, but overall things are looking good for Linux 4.18.

A GTK+ 3 update

  • A GTK+ 3 update
    When we started development towards GTK+ 4, we laid out a plan that said GTK+ 3.22 would be the final, stable branch of GTK+ 3. And we’ve stuck to this for a while. I has served us reasonably well — GTK+ 3 stopped changing in drastic ways, which was well-received, and we are finally seeing applications moving from GTK+ 2.
  • GTK+ 3.24 To Deliver Some New Features While Waiting For GTK4
    While the GNOME tool-kit developers have been hard at work on GTK4 roughly the past two years and have kept GTK3 frozen at GTK+ 3.22, a GTK+ 3.24 release is now being worked on to deliver some new features until GTK+ 4.0 is ready to be released. While GTK+ 4.0 is shaping up well and GTK+ 3.22 was planned to be the last GTK3 stable release, the developers have had second thoughts due to GTK+ 4 taking time to mature. Some limited new features are being offered up in the GTK+ 3.24 release to debut this September.

Finally: First stable release of KBibTeX for KDE Frameworks 5

After almost exactly two years of being work-in-progress, the first stable release of KBibTeX for KDE Frameworks 5 has been published! You can grab the sources at your local KDE mirror. Some distributions like ArchLinux already ship binary packages. After one beta and one release candidate, now comes the final release. You may wonder why this release gets version number 0.8.1 but not 0.8 as expected. This is simply due to the fact that I noticed a bug in CMakeLists.txt when computing version numbers which did not work if the version number just had two fields, i. e. no ‘patch’ version. As the code and the tag of 0.8 was already pushed, I had no alternative than to fix the problem and increase the version number. Otherwise, the ChangeLog (alternative view) is virtually unchanged compared to the last pre-release. Read more

Today in Techrights