Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security

Canonical Outs Live Patch Kernel Update for Ubuntu 16.04 to Patch Security Flaws

Filed under
Security
Ubuntu

Just one day after announcing the availability of new kernel versions for all of its supported Ubuntu Linux operating systems, Canonical published a new kernel live patch security notice for Ubuntu 16.04 LTS (Xenial Xerus).

Read more

Security News

Filed under
Security
  • News in brief: DirtyCOW patched for Android; naked lack of security; South Korea hacked
  • Millions exposed to malvertising that hid attack code in banner pixels

    Researchers from antivirus provider Eset said "Stegano," as they've dubbed the campaign, dates back to 2014. Beginning in early October, its unusually stealthy operators scored a major coup by getting the ads displayed on a variety of unnamed reputable news sites, each with millions of daily visitors. Borrowing from the word steganography—the practice of concealing secret messages inside a larger document that dates back to at least 440 BC—Stegano hides parts of its malicious code in parameters controlling the transparency of pixels used to display banner ads. While the attack code alters the tone or color of the images, the changes are almost invisible to the untrained eye.

  • Backdoor accounts found in 80 Sony IP security camera models

    Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version.

    Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price.

    One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday.

  • I'm giving up on PGP

    After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys.

    This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It's about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.

Ubuntu Core has the keys to IoT security

Filed under
Security
Ubuntu

In October, a DDoS attack on Dyn's infrastructure took down a big chunk of the internet, making sites like Amazon and Twitter inaccessible. It was the first major attack involving IoT (internet of things) devices. Fortunately, it was also a benign attack: no one got hurt, no one died.

However, the next attack could be catastrophic. No one knows when it will happen. No one knows the magnitude.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • There’s a new DDoS army, and it could soon rival record-setting Mirai

    For almost three months, Internet-of-things botnets built by software called Mirai have been a driving force behind a new breed of attacks so powerful they threaten the Internet as we know it. Now, a new botnet is emerging that could soon magnify or even rival that threat.

    The as-yet unnamed botnet was first detected on November 23, the day before the US Thanksgiving holiday. For exactly 8.5 hours, it delivered a non-stop stream of junk traffic to undisclosed targets, according to this post published Friday by content delivery network CloudFlare. Every day for the next six days at roughly the same time, the same network pumped out an almost identical barrage, which is aimed at a small number of targets mostly on the US West Coast. More recently, the attacks have run for 24 hours at a time.

  • Open source Roundcube webmail can be attacked ... by sending it an e-mail

    The developers of open source webmail package Roundcube want sysadmins to push in a patch, because a bug in versions prior to 1.2.3 let an attacker crash it remotely – by sending what looks like valid e-mail data.

    The authors overlooked sanitising the fifth argument (the _from parameter) in mail() – and that meant someone only needed to compose an e-mail with malicious info in that argument to attack Roundcube.

    [...]

    Roundcube posted a patch to GitHub at the end of November, and issued a version 1.2.3 here.

  • Latest Android security update fixes Dirty COW, GPS vulnerabilities
  • Open Source Flaws Found in Security Software

    Yet another industry survey has flagged open source software that according to one estimate accounts for half of the global code base as a growing security threat. Moreover, a review released by Flexera Software also found that the very security products designed to protect IT infrastructure are themselves riddled with vulnerabilities embedded in open source software.

FFmpeg 3.2.2 "Hypatia" Open-Source Multimedia Framework Released with 30 Fixes

Filed under
OSS
Security

Today, December 6, 2016, the development team behind the powerful, open-source, free, and cross-platform FFmpeg multimedia framework released a new maintenance update in the FFmpeg 3.2 "Hypatia" series.

Read more

Security News

Filed under
Security

Security News

Filed under
Security
  • HP shutting down default FTP, Telnet access to network printers

    Security experts consider the aging FTP and Telnet protocols unsafe, and HP has decided to clamp down on access to networked printers through the remote-access tools.

    Some of HP's new business printers will, by default, be closed to remote access via protocols like FTP and Telnet. However, customers can activate remote printing access through those protocols if needed.

  • Google Chrome 55 Fixes Flaws, Blocks Flash
  • Cyberattacks are going to get a lot worse, former NSA official says

    The face of cybercrime is changing. Healthcare has gone from a declared mission of stealing personal data to much more disruptive issues. In fact, healthcare has seen the largest jump in ransomware attacks than in any other industry.

    When Joel Brenner opened the HIMSS Privacy & Security Forum in Boston Monday morning, the Massachusetts Institute of Technology research fellow - who focuses on cybersecurity, privacy and intelligence policy - and former senior counsel at the National Security Agency, didn’t sugarcoat the state of healthcare security.

    The government isn’t going to sort out that problem until we suffer some great losses, Brenner said.

  • Google Debuts Continuous Fuzzer for Open Source Software

    A new Google program aimed at continuously fuzzing open source software has already detected over 150 bugs.

    The program, OSS-Fuzz, currently in beta mode, is designed to help unearth programming errors in open source software via fuzz testing. Fuzz testing, or fuzzing is when bits of randomly generated code is inputted into programs as a means to discover code and security flaws.

  • Chrome 55 Now Blocks Flash, Uses HTML5 by Default

    Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year.

    Back in May, Google's staff announced that starting with Q4 2016, Chrome would use HTML5 by default, while Flash would be turned off.

    While some of the initial implementation details of the "HTML5 By Default" plan changed since May, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Ransomware: Windows is the elephant in the room

    Ransomware has slowly become the most common and most difficult threat posed to companies and individuals alike over the last year.

    And there is one common thread to practically all ransomware attacks: Windows.

    Microsoft acolytes, supporters and astro-turfers can scream till they are blue in the face, but it is very rare to see ransomware that attacks any other platform.

    Of course, these Redmond backers are careful to say that ransomware attacks "computer users", not Windows users.

    But statistics tell the truth. In 2015, the average number of infections hitting Windows users was between 23,000 and 35,000, according to Symantec.

    In March, this number ballooned to 56,000 with the arrival of the Locky ransomware. And in the first quarter of 2016, US$209 million was paid by Windows users in order to make their locked files accessible again.

  • GCC Tackling Support For ARMv8-M Security Extensions

    GCC developers have been working to support the compiler-side changes for dealing with ARMv8-M Security Extensions.

Syndicate content

More in Tux Machines

Red Hat After Graphics People

GNOME News

  • Desk Changer is a Wallpaper Slideshow Extension for GNOME
    Have you been looking for a GNOME wallpaper slideshow extension? If so, you can stop. In the comments to our recent post on the way GNOME handles wallpapers a number of readers asked whether GNOME had an image slideshow feature built in, without the need for third-party apps and the like. The answer is yes, GNOME does. Sort of.
  • Minwaita: A Compact Version of Theme Adwaita for Gnome Desktop
    As you may already know that Ubuntu is switching back to Gnome, this is the transition time for Ubuntu to switch back. Some creators are motivated and creating themes for Gnome desktop, which is a good thing and hopefully we shall see plenty of Gnome themes and icons around soon. As its name shows "Minwaita" it is minimal/compact version of Adwaita theme, the theme is available after some enhancements to make Gnome more sleek and more vanilla Gnome experience without moving to away from Adwaita's design. This theme is compatible with Gnome 3.20 and up versions. This theme was released back in November, 2016 and still in continuous development that means if you find any problem or bug in the theme then report it to get it fixed in the next update. Obsidian-1 icons used in the following screenshots.
  • Gnome Pomodoro Timer Can Help You Increase Productivity
    If you are struggling with focus on something, it could be your work or study then try Pomodoro technique, this method developed by Francesco Cirillo in the late 1980s. The technique uses a timer to break down work into intervals, traditionally 25 minutes in length, separated by short breaks. You can read more about Pomodoro here.
  • Widget hierarchies in GTK+ 4.0
    In GTK+3, only GtkContainer subclasses can have child widgets. This makes a lot of sense for “public” container children like we know them, e.g. GtkBox — i.e. the developer can add, remove and reorder child widgets arbitrarily and the container just does layout.

Red Hat News

Leftovers: Ubuntu and Debian