Language Selection

English French German Italian Portuguese Spanish

Security

NSA Exploits and Keylogger in HP Hardware

Filed under
Security
  • Hackers use NSA exploits to mine Monero

    Zealot campaign used Eternalblue and Eternalsynergy to mine cryptocurrency on networks.

    Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks.

    They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits.

  • NSA Cyberweapons Help Hackers Mine Cryptocurrency

    Hackers are using leaked NSA cyberweapons to mine cryptocurrency over vulnerable servers.

    The weapons can be used to take over Windows and Linux systems, and download malware that can mine the digital currency Monero, according to security provider F5 Networks.

  • Linux And Windows Machines Being Attacked By “Zealot” Campaign To Mine Cryptocurrency
  • How the Zealot Attack Uses Apache Struts Flaw to Mine Crypto-Currency

    Network security vendor F5 has discovered a new attack that makes use of known vulnerabilities including the same Apache Struts vulnerability linked to the Equifax breach to mine the Monero cryptocurrency.

    F5's threat researchers have dubbed the campaign "Zealot", which is also the name of a file that is part of multi-stage attack. The Zealot files include python scripts that trigger the EternalBlue and Eternal Synergy exploits that were first publicly disclosed by the Shadow Brokers hacking group and were allegedly first created by the U.S. National Security Agency (NSA) linked Equation Group.

  • HP’s Keylogger Not a Keylogger, Says Synaptics

    HP has recently come under fire for allegedly bundling a keylogger into its drivers, allowing the company or cybercriminals who could hijack it to record every keystroke of the user.

    But Synaptics, the company that builds and provides TouchPads for HP and other OEMs on the market, says the keylogger in question isn’t actually a keylogger, as it was implemented solely with the purpose of serving as a debug tool.

    In a security brief published recently, Synaptics says HP isn’t the only company that offers drivers with this debug tool included by default, but all OEMs featuring its hardware.

    “Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions,” the firm says.

Security: Hackers, Back Doors, Microsoft Scam and Bots

Filed under
Security
  • Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

    News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

    From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

  • We need to talk about mathematical backdoors in encryption algorithms

    Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued.

    Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control.

    In defence of cryptography, researchers have set out to validate technology that underpins the secure exchange of information and e-commerce. Eric Filiol,  head of research at ESIEA, the operational cryptology and virology lab, argued that only implementation backdoors (at the protocol/implementation/management level) are generally considered. Not enough effort is being put into looking for mathematical backdoors or by-design backdoors, he maintains.

  • How a Dorm Room Minecraft Scam Brought Down the Internet

     

    Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

  • Microsoft's Edge browser is in serious trouble

     

    Analytics firm Net Applications revised its methodology to cull bots from its browser share numbers and found that as much as half of the traffic to Edge on Windows 10 was artificially inflated.  

Security: Vista 10, Ransom, and "Zealot"

Filed under
Security
  • Face Palm: Windows 10 Bundled A Password Manager That Exposed Your Saved Passwords

    bout 16 months ago, a Google Project Zero researcher found a critical bug in a password manager named Keeper. The bug allowed Keeper to inject its trusted UI into untrusted web pages with a content script. This allowed websites to steal user passwords using techniques like clickjacking.

    In a surprising development, Tavis Ormandy, the same researcher, has found that Microsoft bundled the same password manager with Windows 10. “I recently created a fresh Windows 10 VM with a pristine image from MSDN, and found that a password manager called “Keeper” is now installed by default,” he said. Moreover, a similar flaw was again found in this pre-installed password manager, which remained present for eight days.

  • British companies 'stockpile' Bitcoin to use as ransomware hush money
  • "Zealot" Campaign Uses NSA Exploits to Mine Monero on Windows and Linux Servers

    An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.

    The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers.

Security: Mirai, Vista 10, Starbucks, and Hacking Team Investigation

Filed under
Security
  • Mirai IoT Botnet Co-Authors Plead Guilty

    The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

  • Google Researcher Finds Flaw in Pre-Installed Windows 10 Password Manager

    Google security researcher Tavis Ormandy, who has previously discovered, reported, and disclosed several major bugs in Windows and its features, came across a new security vulnerability affecting Microsoft users.

    This time, the flaw exists in the Keeper password manager that comes pre-installed in some Windows 10 versions, with Ormandy explaining that it’s similar to a vulnerability that he discovered in August 2016.

    “I remember filing a bug a while ago about how they were injecting privileged UI into pages,” Ormandy explained on December 14. “I checked and, they're doing the same thing again with this version,” he continues.

  • Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners

    The free Wi-Fi that the Buenos Aires Starbucks offers to its customers was being used to mine for cryptocurrency, and what’s worse, it used people’s laptops to do it.

    The whole thing was discovered by Stensul CEO Noah Dinkin who actually paid a visit to the store and wanted to browse the web using the free Wi-Fi, only to discover that his laptop was unknowingly converted into a cryptocurrency miner.

    He then turned to Twitter to ask Starbucks if they know about the what he described as bitcoin mining taking place without customers knowing about it.

    “Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand,” he said in his tweet.

  • Italian Prosecutor Makes Request to Close Hacking Team Investigation

    The damaging data breach that exposed the secrets of an infamous surveillance tech company might go unsolved forever. After more than two years, the Italian prosecutor who was investigating the attack on the Milan-based Hacking Team has asked the case to be dismissed, according to multiple sources.

    On Monday, the Milan prosecutor Alessandro Gobbis sent a notice to the people under investigation informing them that he had sent the judge a request to shut down the investigation, according to a copy of the document obtained by Motherboard.

Parrot Security 3.10 Ethical Hacking OS Adds Full Firejail/AppArmor Sandboxing

Filed under
Security
Debian

ParrotSec devs released today a new stable version of their Debian-based Parrot Security OS ethical hacking and penetration testing GNU/Linux distribution.

There are many enhancements implemented in the Parrot Security OS 3.10 release, but the biggest new feature is the introduction of a full Firejail and AppArmor sandboxing system that should proactively protect the operating system from attacks by isolating its components with the combination of various security techniques.

"The first experiments were already introduced in Parrot 3.9 with the inclusion of Firejail, but we took almost a month of hard work to make it even better with the improvement of many profiles, the introduction of the AppArmor support and enough time to make all the tests," reads today's announcement.

Read more

Also: Parrot 3.10 is out

Red Hat: Common Criteria Certification and Thunderbolt

Filed under
Red Hat
Security

Security: Bolt, Updates, NIST, Starbucks

Filed under
Security

Introducing bolt: Thunderbolt 3 security levels for GNU/Linux

Filed under
GNU
Linux
Security

Today I released the first version 0.1 (aka "Accidentally Working") of bolt, a system daemon that manages Thunderbolt 3 devices. It provides a D-Bus API to list devices, enroll them (authorize and store them in the local database) and forget them again (remove previously enrolled devices). It also emits signals if new devices are connected (or removed). During enrollment devices can be set to be automatically authorized as soon as they are connected. A command line tool, called boltctl, can be used to control the daemon and perform all the above mentioned tasks (see the man page of boltctl(1) for details).

Read more

Security: VLC Bug Bounty, Avast Tools, Intel ME

Filed under
Security
  • European Commission Kicks Off Open-Source Bug Bounty

    The European Commission has announced its first-ever bug bounty program, and is calling on hackers to find vulnerabilities in VLC, a popular open-source multimedia player loaded on every workstation at the Commission.

    The program has kicked off with a three-week, invitation-only session, after which it will be open to the public. Rewards include a minimum of $2,000 for critical severity bugs, especially remote code execution.

    High severity bugs such as code execution without user intervention, will start at $750. Medium severity bugs will start at a minimum of $300; these include code execution with user intervention, high-impact crashes and infinite loops. Low-severity bugs, like information leaks, crashes and the like, will pay out starting at $100.

  • Avast launches open-source decompiler for machine code

    Keeping up with the latest malware and virus threats is a daunting task, even for industry professionals. Any device connected to the Internet is a target for being infected and abused. In order to stop attacks from happening, there needs to be an understanding of how they work so that a prevention method can be developed.

    To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS.

  • Avast makes 'RetDec' machine-code decompiler open source on GitHub

    Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.

  • The Intel ME vulnerabilities are a big deal for some people, harmless for most

    (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)

    I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and it's not absolutely the worst case scenario but it's still pretty bad. The short version is that one of the (signed) pieces of early bringup code for the ME reads an unsigned file from flash and parses it. Providing a malformed file could result in a buffer overflow, and a moderately complicated exploit chain could be built that allowed the ME's exploit mitigation features to be bypassed, resulting in arbitrary code execution on the ME.

    Getting this file into flash in the first place is the difficult bit. The ME region shouldn't be writable at OS runtime, so the most practical way for an attacker to achieve this is to physically disassemble the machine and directly reprogram it. The AMT management interface may provide a vector for a remote attacker to achieve this - for this to be possible, AMT must be enabled and provisioned and the attacker must have valid credentials[1]. Most systems don't have provisioned AMT, so most users don't have to worry about this.

Cryptography in Ubuntu 16.04 and GTK2 Demotion

Filed under
GNOME
Security
Ubuntu
  • Canonical Announces Certified FIPS 140-2 Cryptographic Packages for Ubuntu 16.04

    Canonical announced on Wednesday the availability of officially certified FIPS 140-2 cryptographic packages for the long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series through its Cryptographic Module Validation Program.

    Level 1 FIPS 140-2 cryptographic packages can now be purchased for your Ubuntu 16.04 LTS operating system through Canonical's Ubuntu Advantage service or as a separate, standalone product. Ubuntu Advantage subscribers can already find the FIPS-compliant modules in the Ubuntu Advantage private archive if they use Ubuntu 16.04 LTS (Xenial Xerus) on their PCs.

  • GTK2 demotion
  • Ubuntu Developers Working Towards The Eventual Demotion Of GTK2

    Not only are Ubuntu developers working towards demoting Python 2 on their Linux distribution but they are also working on being able to demote the GTK2 tool-kit from the main archive to universe followed by its eventual removal in the future.

    Matthias Klose is hoping to organize more work towards this slow demotion process of GTK2 and ideally to get some of the issues cleared up ahead of the Ubuntu 18.04 Long-Term Support release in April.

Syndicate content

More in Tux Machines

Server: GNU/Linux Dominance in Supercomputers, Windows Dominance in Downtime

  • Five Supercomputers That Aren't Supercomputers
    A supercomputer, of course, isn't really a "computer." It's not one giant processor sitting atop an even larger motherboard. Instead, it's a network of thousands of computers tied together to form a single whole, dedicated to a singular set of tasks. They tend to be really fast, but according to the folks at the International Supercomputing Conference, speed is not a prerequisite for being a supercomputer. But speed does help them process tons of data quickly to help solve some of the world's most pressing problems. Summit, for example, is already booked for things such as cancer research; energy research, to model a fusion reactor and its magnetically confined plasma tohasten commercial development of fusion energy; and medical research using AI, centering around identifying patterns in the function and evolution of human proteins and cellular systems to increase understanding of Alzheimer’s, heart disease, or addiction, and to inform the drug discovery process.
  • Office 365 is suffering widespread borkage across Blighty
     

    Some users are complaining that O365 is "completely unusable" with others are reporting a noticeable slowdown, whinging that it's taking 30 minutes to send and receive emails.  

Google: VR180, Android and the Asus Chromebook Flip C101

Security Leftovers

  • Hackers May Have Already Defeated Apple’s USB Restricted Mode For iPhone
    Recently, the iPhone-maker announced a security feature to prevent unauthorized cracking of iPhones. When the device isn’t unlocked for an hour, the Lightning port can be used for nothing but charging. The feature is a part of the iOS 12 update, which is expected to launch later this month.
  • Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature
    Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible. That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet.
  • How Secure Are Wi-Fi Security Cameras?
  • Trump-Kim Meeting Was a Magnet For Russian Cyberattacks

KDE: Usability and Productivity initiative, Kraft and Konsole

  • This week in Usability & Productivity, part 23
    This has been a bit of a light week for KDE’s Usability and Productivity initiative, probably because everyone’s basking in the warm glow of a well-received release: KDE Plasma 5.13 came out on Tuesday and is getting great reviews!
  • Kraft Version 0.81 Released
    I am happy to announce the release of Kraft version 0.81. Kraft is a Qt based desktop application that helps you to handle documents like quotes and invoices in your small business. Version 0.81 is a bugfix release for the previous version 0.80, which was the first stable release based on Qt5 and KDE Frameworks5. Even though it came with way more new features than just the port, it’s first release has proven it’s stability in day-to-day business now for a few month.
  • Giving Konsole some love
    I started to hack in Konsole, and first I was afraid, I was petrified. You know, touching those hardcore apps that are the center of the KDE Software Collection. I started touching it mostly because some easy to fix bugs weren’t fixed, and as every cool user knows, this is free software. So I could pay for someone to fix my bugs, or I could download the source code and try to figure out what the hell was wrong with it. I choosed the second approach.