Language Selection

English French German Italian Portuguese Spanish

Security

Security: Windows and Facebook Messenger

Filed under
Security
  • “I Just Pressed Shift Key 5 Times” — User Gains Full Access On A Windows XP ATM Machine

    When you’re running Windows XP in today’s times, you shouldn’t expect your machine to fully bulletproof against different kinds of malware attacks. Now combine it with some poor implementation on an ATM machine that demands heavy security measures and you’ve got a recipe for disaster.

  • Windows XP ATM Machine “Hacked” by Simply Pressing Shift Five Times in a Row

    We’ve known for a while that ATM machines running Windows XP (Embedded version or not) are exposed to attacks, but when we mix the lack of updates with bad configuration from IT admins what we get is a vulnerability that’s worryingly easy to exploit.

    One of the users of Russian blogging platform Habrahabr discovered that an ATM machine operated by state-owned bank Sberbank runs Windows XP and suffers from a security hole that makes it possible for pretty much anyone to completely hack it.

    While it’s not hard to figure out what hacking of an ATM machine means, it appears that the full-screen lock system that prevented the ATM interface from accessing other parts of the operating system could be bypassed by simply invoking Sticky Keys.

  • Cryptojacking Bot “Digimine” Spreading Via FB Messenger in Google Chrome Desktop

    Cryptocurrency mining is on the rise and so does the number of instances where wrong ways are used to harvest the digital currency. Just a day before yesterday, we told you about the Loapi Android malware that mines Monero on your device. Even if you’re sitting at a place like Starbucks, mining can happen anytime.

  • Digmine Cryptocurrency Miner Spreading via Facebook Messenger

    We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker (비트코인 채굴기 bot) it was referred to in a report of recent related incidents in South Korea. We’ve also seen Digmine spreading in other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It’s not far-off for Digmine to reach other countries given the way it propagates.

Security: Updates, Synopsys/Black Duck FUD, and Two-Factor Security Authentication

Filed under
Security
  • Security updates for Thursday
  • Synopsys: Going the distance with open source vulnerabilities [Ed: Having absorbed the Microsoft-connected FUD firm Black Duck, Synopsys is now a FUD source against FOSS. Puff pieces like these one will be common.]
  • Twitter Expands Two-Factor Security Authentication Options

    Back in May 2013, Twitter first added a Two-Factor Authentication (2FA) capability to its service, relying on SMS to deliver a six-digit login code. Now after four and a half years, Twitter is adding new options, announcing on Dec. 20 that its' 2FA approach will support third party tools.

    Twitter calls its' 2FA approach login verification and it provides a second layer of authentication and protection for Twitter accounts. Rather than just having a username and a password to get access to an account, 2FA approaches require a second password, that is randomly generated by a secondary device, or service like SMS.

    "We're rolling out an update to login verification," the official Twitter Safety account wrote in a message. "You’ll now be able to use a third party app for two-factor authentication instead of SMS text messages."

Security: Talking to Your Family About Digital Security, VLC, Rutkowska's Talk and Updates

Filed under
Security
  • How to Talk to Your Family About Digital Security

    You and your family are sipping hot cocoa, gathered around the [holiday object of your choice], and your family member suddenly asks: “Can you help me with my [insert device here]?”

    They need a question answered about their computer, phone, tablet, video game console, or internet-connected device. Maybe they have related questions about their online accounts.

    Or maybe there is a teenager or college student in your family that posts intensely personal information online, and has just realized that they should probably maintain more privacy in their online lives—but isn’t sure how to start.

  • EU offers cash bounties to improve the security of VLC media player

    You can now submit bugs you find in VLC Media Player on HackerOne, where bounties ranging from $100 for low-severity bugs and up to $2,000 for critical bugs are offered.

    With a total budget of €60,000, the VLC bug bounty is only a first “proof of concept” bug bounty in order to learn more about how to run future bounties within FOSSA-2.

  • Security through Distrusting

    At one extreme, we would like to ensure everything (software, hardware, infrastructure) is trusted. This means the code has no bugs or backdoors, patches are always available and deployed, admins always competent and trustworthy, and the infrastructure always reliable…

    On the other end of the spectrum, however, we would like to distrust (nearly) all components and actors, and have no single almighty element in the system.

    In my opinion, the industry has been way too much focused on this first approach, which I see as overly naive and non-scalable to more complex systems.

  • Rutkowska: Trust Makes Us Vulnerable

    Rutkowska argued that security professionals can - and should - minimize their trust in modern technologies, many of which could put users at risk. She presented several examples of how current technology leaves users vulnerable and how they could potentially be made secure.

  • Security updates for Wednesday

Security: Bromium, EternalBlue/EternalSynerg, Updates, Reproducible Builds and Zealot Campaign

Filed under
Security

Security: CryptoJacking Android FUD, North Korea Blamed for NSA/Microsoft Back Doors

Filed under
Security

Microsoft Ransom (WannaCry), Logjam Revisited

Filed under
OSS
Security
  • Remember WannaCry Ransomware Attack? This Country Has Been Publicly Blamed By The U.S.
  • Liberating SSH from Logjam leftovers

    A recent Request for Comment at the Internet Engineering Task Force calls for SSH developers to deprecate 1,024-bit moduli.

    RFC 8270 was authored by Mark Baushke (at Juniper Networks but working as an individual) and Loganaden Velvindron (of Mauritian group Hackers.mu) in response to demand for a response to the 2015 Logjam bug.

    Logjam, discovered by Johns Hopkins cryptoboffin Matthew Green, would let a state-level actor attack Diffie-Hellman cryptosystems using 1,024-bit primes.

Security: Breaches, Russia Panic, and NSA Exploits

Filed under
Security

NSA Exploits and Keylogger in HP Hardware

Filed under
Security
  • Hackers use NSA exploits to mine Monero

    Zealot campaign used Eternalblue and Eternalsynergy to mine cryptocurrency on networks.

    Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks.

    They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits.

  • NSA Cyberweapons Help Hackers Mine Cryptocurrency

    Hackers are using leaked NSA cyberweapons to mine cryptocurrency over vulnerable servers.

    The weapons can be used to take over Windows and Linux systems, and download malware that can mine the digital currency Monero, according to security provider F5 Networks.

  • Linux And Windows Machines Being Attacked By “Zealot” Campaign To Mine Cryptocurrency
  • How the Zealot Attack Uses Apache Struts Flaw to Mine Crypto-Currency

    Network security vendor F5 has discovered a new attack that makes use of known vulnerabilities including the same Apache Struts vulnerability linked to the Equifax breach to mine the Monero cryptocurrency.

    F5's threat researchers have dubbed the campaign "Zealot", which is also the name of a file that is part of multi-stage attack. The Zealot files include python scripts that trigger the EternalBlue and Eternal Synergy exploits that were first publicly disclosed by the Shadow Brokers hacking group and were allegedly first created by the U.S. National Security Agency (NSA) linked Equation Group.

  • HP’s Keylogger Not a Keylogger, Says Synaptics

    HP has recently come under fire for allegedly bundling a keylogger into its drivers, allowing the company or cybercriminals who could hijack it to record every keystroke of the user.

    But Synaptics, the company that builds and provides TouchPads for HP and other OEMs on the market, says the keylogger in question isn’t actually a keylogger, as it was implemented solely with the purpose of serving as a debug tool.

    In a security brief published recently, Synaptics says HP isn’t the only company that offers drivers with this debug tool included by default, but all OEMs featuring its hardware.

    “Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions,” the firm says.

Security: Hackers, Back Doors, Microsoft Scam and Bots

Filed under
Security
  • Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

    News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

    From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

  • We need to talk about mathematical backdoors in encryption algorithms

    Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued.

    Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control.

    In defence of cryptography, researchers have set out to validate technology that underpins the secure exchange of information and e-commerce. Eric Filiol,  head of research at ESIEA, the operational cryptology and virology lab, argued that only implementation backdoors (at the protocol/implementation/management level) are generally considered. Not enough effort is being put into looking for mathematical backdoors or by-design backdoors, he maintains.

  • How a Dorm Room Minecraft Scam Brought Down the Internet

     

    Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

  • Microsoft's Edge browser is in serious trouble

     

    Analytics firm Net Applications revised its methodology to cull bots from its browser share numbers and found that as much as half of the traffic to Edge on Windows 10 was artificially inflated.  

Security: Vista 10, Ransom, and "Zealot"

Filed under
Security
  • Face Palm: Windows 10 Bundled A Password Manager That Exposed Your Saved Passwords

    bout 16 months ago, a Google Project Zero researcher found a critical bug in a password manager named Keeper. The bug allowed Keeper to inject its trusted UI into untrusted web pages with a content script. This allowed websites to steal user passwords using techniques like clickjacking.

    In a surprising development, Tavis Ormandy, the same researcher, has found that Microsoft bundled the same password manager with Windows 10. “I recently created a fresh Windows 10 VM with a pristine image from MSDN, and found that a password manager called “Keeper” is now installed by default,” he said. Moreover, a similar flaw was again found in this pre-installed password manager, which remained present for eight days.

  • British companies 'stockpile' Bitcoin to use as ransomware hush money
  • "Zealot" Campaign Uses NSA Exploits to Mine Monero on Windows and Linux Servers

    An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.

    The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers.

Syndicate content

More in Tux Machines

OSS Leftovers

  • Open source movement to disrupt NFV and SDN marketplace
    According to Technology Business Research’s 1Q18 NFV/SDN Telecom Market Landscape report, open-source groups will spur NFV and SDN adoption by establishing industry standards that foster interoperability among a broader range of solution providers.
  • First look at Google Chrome's UI design refresh
    Users of Google Chrome Canary, the cutting edge version of Google's web browser, have a chance to get a sneak peek of a user interface design refresh that Google may plan to launch in all versions of Chrome eventually. The feature is hidden behind a flag currently but that is a common practice by Google; the company uses flags to hide future features from the general population. While there is no guarantee that features will land in Chrome one day, it is often the case that Google uses experimental flags to prepare the wider release.
  • Mozilla Thunderbird: Thunderbird April News Update: GSoC, 60 Beta 4, New Thunderbird Council
    Due to lots of news coming out of the Thunderbird project, I’ve decided to combine three different blog posts I was working on into one news update that gives people an idea of what has been happening in the Thunderbird community this month.
  • New Mozilla Poll: Support for Net Neutrality Grows, Trust in ISPs Dips
    “Today marks the ostensible effective date for the FCC’s net neutrality repeal order, but it does not mark the end of net neutrality,” says Denelle Dixon, Mozilla COO. “And not just because some procedural steps remain before the official overturning of the rules — but because Mozilla and other supporters of net neutrality are fighting to protect it in the courts and in Congress.” Also today: Mozilla is publishing results from a nationwide poll that reveals where Americans stand on the issue. Our survey reinforces what grassroots action has already demonstrated: The repeal contradicts most Americans’ wishes. The nation wants strong net neutrality rules.
  • Another Summer of Code with Smack
    I’m very happy to announce that once again I will participate in the Summer of Code. Last year I worked on OMEMO encrypted Jingle Filetransfer for the XMPP client library Smack. This year, I will once again contribute to the Smack project. A big thanks goes out to Daniel Gultsch and Conversations.im, who act as an umbrella organization.
  • NOAA’s Mission Toward Open Data Sharing
    The goal of the National Oceanic and Atmospheric Administration (NOAA) is to put all of its data — data about weather, climate, ocean coasts, fisheries, and ecosystems – into the hands of the people who need it most. The trick is translating the hard data and making it useful to people who aren’t necessarily subject matter experts, said Edward Kearns, the NOAA’s first ever data officer, speaking at the recent Open Source Leadership Summit (OSLS).   NOAA’s mission is similar to NASA’s in that it is science based, but “our mission is operations; to get the quality information to the American people that they need to run their businesses, to protect their lives and property, to manage their water resources, to manage their ocean resources,” said Kearns, during his talk titled “Realizing the Full Potential of NOAA’s Open Data.” He said that NOAA was doing Big Data long before the term was coined and that the agency has way too much of it – to the tune of 30 petabytes in its archives with another 200 petabytes of data in a working data store. Not surprisingly, NOAA officials have a hard time moving it around and managing it, Kearns said.
  • Document Freedom Day Singapore 2018
    On the 28 March 2018, Fedora Ambassadors organized Document Freedom Day in Singapore. Document Freedom Day is a day which like-minded folks who care about libre document formats gather to discuss and raise awareness of libre document formats. Libre document formats help reduce restrictions and vendor lock-ins. They are also an important tool that enables our right to read freely.

How to Run Android Apps and Games on Linux

Want to run Android apps on Linux? How about play Android games? Several options are available, but the one that works the best is Anbox, a useful tool that runs your favorite Android apps on Linux without emulation. Here’s how to get it up and running on your Linux PC today. Read more Also: 8 Best Android Apps For Kids To Help Children Learn With Fun | 2018 Edition

SUSE: openSUSE Tumbleweed and SUSE in HPC

  • Krita, Linux Kernel, KDEConnect Get Updated in Tumbleweed
    There have been a few openSUSE Tumbleweed snapshots released in the past two weeks that brought some new features and fixes to users. This blog will go over the past two snapshots. The last snapshot, 20180416, had several packages updated. The adobe-sourceserifpro-fonts package updated to version 2.000; with the change, the fonts were refined to make the Semibold and Bold heavier. Both dbus-1 and dbus-1-x11 were updated to 1.12.6, which fixed some regreations introduced in version 1.10.18 and 1.11.0. The gtk-vnc 0.7.2 package deprecated the manual python2 binding, which will be deleted in the next release, in favor of GObject introspection. Notifications that caused a crash were fixed in kdeconnect-kde 1.3.0. The 4.16.2 Linux Kernel made ip_tunnel, ipv6, ip6_gre, ip6_tunnel and vti6 better to validate user provided tunnel names. Due to a build system failure, not all 4.16.2 binaries were built correctly; this will be resolved in the 20180417 snapshot, which will be released shortly. Krita 4.0.1 had multiple fixes from its major version upgrade. The visual diff and merge tool meld 3.19.0 added new features like a new per-pane status bar with selectors for syntax highlighting and text encoding. Python Imaging Library python-Pillow 5.1.0 removed the freetype-2.9.patch and YaST had several packages with a version bump.
  • SUSE Linux Enterprise High Performance Computing in the SLE 15 Beta Program!
  • SUSE Linux Enterprise 15 Prepares HPC Module
    The upcoming release of SUSE Linux Enterprise 15 is offering an HPC (High Performance Computing) module for development, control, and compute nodes. Today that SLE15-HPC module is now available in beta.

OPNsense 18.1.6

For more than 3 years now, OPNsense is driving innovation through modularising and hardening the code base, quick and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. Read more