Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers: Let's Encrypt, GM, Silverlight 0-day

Filed under
Security
  • Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

    It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers.

    The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS using a Let's Encrypt-issued cert. The site used the Angler Exploit Kit to infect their machines with the software nasty, which is designed to raid their online bank accounts.

  • GM Asks Friendly Hackers to Report Its Cars’ Security Flaws

    As automotive cybersecurity has become an increasingly heated concern, security researchers and auto giants have been locked in an uneasy standoff. Now one Detroit mega-carmaker has taken a first baby step toward cooperating with friendly car hackers, asking for their help in identifying and fixing its vehicles’ security bugs.

  • The Mysterious Case of CVE-2016-0034: the hunt for a Microsoft Silverlight 0-day [Ed: back door?]

    Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company.

    For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the breach. Previously, “Phineas Fisher” did a similar attack against Gamma International, another company in the spyware/surveillance business.

Canonical Patches Critical OpenSSH Vulnerabilities in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

The Ubuntu developers working for Canonical to patch the latest security flaws in various core components and applications of all supported Ubuntu Linux operating systems published today, January 14, 2016, a new security notice informing users about the availability of an update for the OpenSSH software.

Read more

SSH Hole and Other Security News

Filed under
Security

Pretty Nasty DHCP Vulnerabilty Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has published details about a DHCP vulnerability that has been found and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04.

Read more

Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

Filed under
OSS
Security

A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently.

Read more

Tails Call for testing: 2.0~rc1

Filed under
GNU
Linux
Security
Debian

You can help Tails! The first release candidate for the upcoming version 2.0 is out. We are very excited and cannot wait to hear what you think about it Smile

Read more

Security Leftovers

Filed under
Security

Drupal Hardens Its Security in Response to Criticism

Filed under
OSS
Drupal
Security

The open-source Drupal content-management system (CMS) is talking steps to help protect against multiple potential risks that have been publicly revealed. On Jan. 6, security research vendor IOactive first disclosed the issues, which are focused on the Drupal update process. The Drupal project's security team is aware of the concerns and is fixing all the issues, though it is also downplaying the overall risk.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Gmail and a Can of Spam

    I am still trying to figure out the events that led to this intrusion. I’ve read almost everything there is to read on Google’s Gmail pages, without finding much. Google seems adamant about not giving-out one-on-one help, but maybe I just didn’t look long enough. On my own, I’ve evoked two step verification on my main email addresses, so that’s settled. But still…I’d like to figure out when and how this breach took place. What magic sequence of events happened to allow this?

    Did I mention I’m a security idiot? Yeah…I thought I did.

    It feels strange to again delve into antivirus and malware protection. I’ve been a smug, self-assured dummy when it comes to online threats and Linux in general. And while what happened can’t really be blamed on Linux per se, it happened in a Linux neighborhood, so I am going to arm myself against any and all malware comers

    Although I’m not above paying for good software, trying to discern what software is good and which is shiny junk can be a daunting challenge, especially in the Linuxsphere. In the tests I’ve studied over the past four days, ClamAV seems to be an online favorite, but they lack the one thing I am going to need on our Reglue kid’s computers: a friendly, useful graphical interface. I’m not going to tell an 11-year-old to drop to the command line to do anything, even if they do need to learn that the blinking prompt can make magic things happen. In time, I will teach them, but for now…. ClamAV failed the initial tests.

  • 602 Gbps! This May Have Been the Largest DDoS Attack in History

    Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

    Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC's websites and Republican presidential candidate Donald Trump's main campaign website over this past holiday weekend.

  • How to Set up a Successful Bug Bounty Program [VIDEO]

    A bug bounty program is among the most impactful additions to a software security process. With a bug bounty program, security researchers submit reports on potential vulnerabilities, typically with the promise of a reward or "bounty" for their efforts.

Syndicate content

More in Tux Machines

Red Hat News

Is Canonical the Victim of High Expectations?

When Ubuntu was new, those who questioned it were mostly Debian developers, disgruntled because they were not hired or because Ubuntu failed to acknowledge its debt to Debian. Today, however, a vocal minority seems to view Canonical Software, the company behind Ubuntu, as a Microsoft in the making. From being the uncritical darling of open source, Canonical is closely and cynically scrutinized, and its motives constantly questioned. So how did this transformation happen? Suspicion about corporations is hardly new in open source, yet Canonical seems singled out in a way that SUSE or Red Hat only occasionally are. Read more

Permabit offers deduplication to Linux masses – almost

Permabit has moved beyond OEMs, making the latest release of its dedupe technology available as a Linux software package so that ISVs, professional services folks and systems integrators in its Hybrid Cloud Professional Services partners programme can use it. Previously it was available to OEMs in Albireo (dedupe) and Virtual Data Optimizer or Virtual Data Optimizer, VDO (dedupe+compression+thin provisioning) form. VDO v6 is designed for the cloud service provider market, Permabit says, and the VDO for Hybrid Cloud package simplifies VDO installation and configuration in Red Hat Enterprise Linux (RHEL) data centres. Read more

Mozilla involves the community in its “open-source” rebrand

Mozilla is bending the terms of the rebrand with a “branding without walls” open-source initiative. Read more