Language Selection

English French German Italian Portuguese Spanish

Security

Black Duck Attacks FOSS Again, for Marketing Purposes, Pretends It's "Research"

Filed under
OSS
Security

Security Leftovers

Filed under
Security
  • 'Benign' worm seeks out vulnerable smart devices

    A "benign" worm is scouring the net seeking out poorly protected smart gadgets.

    CCTV systems, routers, digital video recorders and other internet-of-things (IoT) devices are now believed to be harbouring the Hajime worm.

  • How to manage the computer-security threat

    COMPUTER security is a contradiction in terms. Consider the past year alone: cyberthieves stole $81m from the central bank of Bangladesh; the $4.8bn takeover of Yahoo, an internet firm, by Verizon, a telecoms firm, was nearly derailed by two enormous data breaches; and Russian hackers interfered in the American presidential election.

    Away from the headlines, a black market in computerised extortion, hacking-for-hire and stolen digital goods is booming. The problem is about to get worse. Computers increasingly deal not just with abstract data like credit-card details and databases, but also with the real world of physical objects and vulnerable human bodies. A modern car is a computer on wheels; an aeroplane is a computer with wings. The arrival of the “Internet of Things” will see computers baked into everything from road signs and MRI scanners to prosthetics and insulin pumps. There is little evidence that these gadgets will be any more trustworthy than their desktop counterparts. Hackers have already proved that they can take remote control of connected cars and pacemakers.

  • Security updates for Thursday
  • Open Source Remote Access Trojan Targets Telegram Users

    Remote access Trojans are mainly used to steal consumer data, either for consumers themselves or the conglomerate keeping this information safe from prying eyes. However, it appears criminals are looking at a different approach for these tools right now. A new open source remote access Trojan can now be used to extract data from the Telegram communication platform.

Security Leftovers

Filed under
Security
  • A vigilante hacker may have built a computer worm to protect smart devices

    The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn’t done anything malicious.

    Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It’s also been carrying a message written from its developer.

  • vuln disclosure and risk equilibrium
  • How to Look at Mission-Critical Safety in the Internet of Cars

    The autonomous car will redefine how we travel, ship inventory, and design infrastructure. As physical objects become more deeply integrated into the Internet of Things, the connected car will soon become an essential component of the IoT ecosystem.

    An important element as we look towards actually implementing the autonomous car is understanding how mission-critical safety software and the Internet of Cars will operate within the car ecosystem. This is a blog that tries to explain what is happening currently; the importance of creating a security-first approach with open source software; and how we at EPAM are approach and solving some of the common problems.

  • Google tells users with borked WiFi to stop using Windows 10
  • Tanium exposed hospital’s IT while using its network in sales demos

    Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company's executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn't know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital's IT systems. Until recently, some of that data was shown in publicly posted videos.

  • Tanium CEO Apologizes for Being 'Hard-Edged' After Executive Exodus

    Cybersecurity startup used hospital's computer network for sales pitches without permission

Tails 2.12 Anonymous Live OS Is Out, Drops I2P as Alternative Anonymity Network

Filed under
Security
Debian

The development team behind the popular and open-source Tails amnesic incognito live system announced today, April 19, 2017, the release and immediate availability for download of the Tails 2.12 maintenance update.

Tails 2.12 is the second security update to the Tails 2.x series, and possibly the last one to be published as the development of the major Tails 3.0 release nears its end. Besides addressing various long-standing issues and patching recently discovered security holes, Tails 2.12 ships with the more recent Linux 4.9.13 kernel.

Read more

Oracle Patches Solaris 10

Filed under
Server
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Ubuntu 16.04 LTS Users Get New Kernel Live Update, 14 Vulnerabilities Patched

Filed under
Security
Ubuntu

If you're using Canonical's kernel live patch update system for rebootless Linux kernel updates, Benjamin M. Romer is informing users about the availability of a major patch.

Read more

Security Leftovers

Filed under
Security
  • Using Microsegmentation to Prevent Security Breaches

    No one likes to admit it but most of what has passed for IT security in the enterprise has historically been rudimentary at best. Most organizations physically segmented their networks behind a series of firewalls deployed at the edge of the network. The trouble is that once malware gets past the firewall it could move laterally almost anywhere in the data center.

    With the rise of network virtualization, a new approach to microsegmenting networks is now possible. The new approach involves using microsegmenting to prevent malware from laterally generating East-West traffic across the data center. Instead of a physical instance of a firewall, there is now a virtual instance of a firewall that is simpler to provision and update.

  • Latest Exploit Dump By Shadow Brokers Contains Easy-To-Use Windows Exploits, Most Already Patched By Microsoft [Ed: Sad to see TechDirt repeating Microsoft's lies in the same way many ‘journalists’ repeated Apple lies after Vault 7 revelations. Some of the holes remain unpatched, and some versions (still under support) will always remain unpatched.]

    Not that those with the latest and greatest should rest easy. The NSA hasn't stopped producing and purchasing exploits. The SB stash was a few years old. Current Microsoft software remains under attack from state intelligence agencies and criminals. But this dump of tools shows just how powerful the NSA's toolkit is -- one made even more dangerous by its apparent ease of use. It makes exploit delivery possible for anyone, not just those with a very specific skillset.

  • Leaked NSA exploits plant a bull's-eye on Windows Server

    Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS.

    The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks.

  • The YARA tool for Linux security - part 001.
  • Twistlock 2.0 Improves Container Security and Compliance

    Container security vendor Twistlock is updating its namesake platform with a 2.0 release that aims to help improve container visibility and security.

    Twistlock first debuted its container security platform in November 2015, providing runtime security options for container deployments. The platform has evolved since then with a steady stream of updates. The new Twistlock 2.0 update, includes several enhanced container security capabilities as well as a new backend code infrastructure.

Syndicate content

More in Tux Machines

Tizen 3.0 and Home Spying Appliances

Vulkan FOSS Adoptions

  • SDL 2.0.6 released, introduces Vulkan support
    The cross-platform development library has seen the release of its latest version. Quite a few exciting changes this time around, including support for Vulkan and more types of gamepads. SDL [Official Site] is something that has been used in quite a diverse array of projects and plenty of game ports that have made their way to Linux have taken advantage of it. The latest release has its fair share of general improvements but most noticeable is the implementation of Vulkan support. This hopefully will make it easier for developers to take advantage of the Vulkan API and help it gain more traction.
  • X.Org Foundation Has Become A Khronos Adopter
    The X.Org Foundation board announced during this week's XDC2017 summit that they have officially completed the paperwork to become a Khronos adopter. The X.Org Foundation is now considered a pro-bono adopter for The Khronos Group so that the community-based open-source drivers targeting Khronos APIs for conformance can submit conformance test results and become a certified implementation.

Security: DHS on Potential Voting Machines Cracking, Joomla Patches Critical Flaw

  • DHS tells 21 states they were Russia hacking targets before 2016 election
  • 1. WikiLeaks, Russian edition: how it’s being viewed
    Russia has been investing heavily in a vision of cyberdemocracy that will link the public directly with government officials to increase official responsiveness. But it is also enforcing some of the toughest cybersecurity laws to empower law enforcement access to communications and ban technologies that could be used to evade surveillance. Could WikiLeaks put a check on Russia’s cyber regime? This week, the online activist group released the first of a promised series of document dumps on the nature and workings of Russia’s surveillance state. So far, the data has offered no bombshells. “It’s mostly technical stuff. It doesn’t contain any state contracts, or even a single mention of the FSB [security service], but there is some data here that’s worth publishing,” says Andrei Soldatov, coauthor of “The Red Web,” a history of the Soviet and Russian internet. But, he adds, “Anything that gets people talking about Russia's capabilities and actions in this area should be seen as a positive development.”
  • Joomla patches eight-year-old critical CMS bug
    Joomla has patched a critical bug which could be used to steal account information and fully compromise website domains. This week, the content management system (CMS) provider issued a security advisory detailing the flaw, which is found in the LDAP authentication plugin. Lightweight Directory Access Protocol (LDAP) is used by Joomla to access directories over TCP/IP. The plugin is integrated with the CMS. Joomla considers the bug a "medium" severity issue, but according to researchers from RIPS Technologies, the problem is closer to a critical status.
  • Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
    With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password with blind injection techniques and to fully take over any Joomla! <= 3.7.5 installation within seconds that uses LDAP for authentication. Joomla! has fixed the vulnerability in the latest version 3.8.

OpenSUSE fonts – The sleeping beauty guide

Pandora’s box of fonts is one of the many ailments of the distro world. As long as we do not have standards, and some rather strict ones at that, we will continue to suffer from bad fonts, bad contrast, bad ergonomics, and in general, settings that are not designed for sustained, prolonged use. It’s a shame, because humans actually use computers to interface with information, to READ text and interpret knowledge using the power of language. It’s the most critical element of the whole thing. OpenSUSE under-delivers on two fonts – anti-aliasing and hinting options that are less than ideal, and then it lacks the necessary font libraries to make a relevant, modern and pleasing desktop for general use. All of this can be easily solved if there’s more attention, love and passion for the end product. After all, don’t you want people to be spending a lot of time interacting, using and enjoying the distro? Hopefully, one day, all this will be ancient history. We will be able to choose any which system and never worry or wonder how our experience is going to be impacted by the choice of drivers, monitors, software frameworks, or even where we live. For the time being, if you intend on using openSUSE, this little guide should help you achieve a better, smoother, higher-quality rendering of fonts on the screen, allowing you to enjoy the truly neat Plasma desktop to the fullest. Oh, in the openSUSE review, I promised we would handle this, and handle it we did! Take care. Read more