Language Selection

English French German Italian Portuguese Spanish

Security

Security: Renesas RZ/G Linux Platform and More PuTTY Holes

Filed under
Security

Security leftovers

Filed under
Security

Security: Red Team, Reproducible Builds, Updates, Network Monitoring and NetFlow Collectors

Filed under
Security
  • So You Want to Red Team?

    So there’s a lot of confusion out there about Penetration Testing and Red Teaming. I wanted to put together a list of resources for those familiar with infosec or penetration testing who want to get into red teaming or at least get a better understanding of the methodologies and techniques used by red teamers.

    First, it’s important to note that Red Teaming is predominantly comprised of two things: alternative analysis and adversary simulation. Red teams do not attempt to find “all the vulnerabilities” and do not usually try to have a wide breadth of coverage. Instead, red teams seek to simulate an adversary with a particular objective, predominantly to act as a “sparring partner” for blue teams. Keep in mind, red teams are the only adversary that will debrief with the blue team so that blue team can figure out what they missed or could have done differently.

  • Reproducible builds folks: Reproducible Builds: Weekly report #204
  • Security updates for Wednesday
  • 4 Things You Need to Know About Network Monitoring

    Did you realize hacking attempts happen once every 39 seconds? The overwhelming majority of these attacks target business owners. If your network security is not up to par, it is only a matter of time before your network is infiltrated.

    Luckily, there are a variety of Network Monitoring Tools on the market that can keep you one step ahead of potential cyber-attacks. The key to finding the right solutions for your network is getting advice from an IT professional.

  • The 5 Best NetFlow Collectors For Linux in 2019

    Managing networks require the use of specialized tools that give you the necessary visibility to ensure all in running smoothly at all times. Unlike road traffic where slowdowns and obstructions can easily be pinpointed, network traffic is not something that’s easy to see. This is why tools like NetFlow can help. The NetFlow technology can give you some insight on what traffic is traversing your network instead of just how much traffic there is. Read on as we review some of the best NetFlow collectors and analyzers for Linux.

Security: Updates, Debian LTS Work, Microsoft Mess (LockerGoga Ransomware), NetBIOS and VeraCrypt

Filed under
Security
  • Security updates for Tuesday
  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, February 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • What You Need to Know About the LockerGoga Ransomware

    Trend Micro’s solutions, such as Trend Micro™ Security, Smart Protection Suites, and Worry-Free™ Business Security, actively detect and block LockerGoga. Trend Micro detects the ransomware and its variants as Ransom.Win32.LOCKERGOGA.THBOGAI, Ransom.Win32.LOCKERGOGA.AA, and Ransom.Win64.LOCKERGOGA.A. Our in-depth analysis of LockerGoga is still ongoing, and we will update this FAQ as we uncover more details on this threat.

    [...]

    LockerGoga encrypts files stored on systems such as desktops, laptops, and servers. Each time LockerGoga encrypts a file, a registry key (HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session00{01-20}) is modified. After the encryption process, LockerGoga leaves a ransom note in a text file (README_LOCKED.txt) in the desktop folder.

  • LockerGoga: The Dangerously Changing Face Of Ransomware

    Ransomware is a type of malware which encrypts the user’s file until he/she does not hand over a designated sum of ransom. However, the recent iteration of the infamous malware known as LockerGoga Ransomware could have catastrophic effects in the digital as well as physical space.

    The first instance of the dangerous LockerGoga ransomware surfaced in January 2019. Hackers attacked a French consultancy company by the name of Altran Technologies. The attack rendered the company’s firewall disabled and closed down it’s IT network.

  • Scanner NetBIOS Auxiliary Modules

    The nbname auxiliary module scans a range of hosts and determines their hostnames via NetBIOS.

  • Essential System Tools: VeraCrypt – Strong disk encryption software

    This is the latest in our series of articles highlighting essential system tools. These are small, indispensable utilities, useful for system administrators as well as regular users of Linux based systems. The series examines both graphical and text based open source utilities. For details of all tools in this series, please check the table at the summary page of this article.

    For this article, we’ll look at VeraCrypt, free and open source cross-platform disk encryption software that builds on the discontinued TrueCrypt. There’s support for Linux, FreeBSD, Mac OS X, and Windows. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption. It also resolves many vulnerabilities and security issues inherent in TrueCrypt together with a ton of modifications.

Security: Windows, SystemD, Intrusion Detection System and ShadowHammer

Filed under
Security
  • How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business

     

    Each impacted system had three key elements:
     

         
    • They all ran Microsoft Windows.
    •    

    • Files, including some system files, had been encrypted.
    •    

    • The network interface on every system had been disabled.
    •    

    • The local user accounts on every system had their password changed.
    •  

  • Exploiting systemd-journald Part 2

     

    In this post, we explore how to compute the hash preimages necessary to write a controlled value into libc’s __free_hook as described in part one. This is an important step in bypassing ASLR, as the address of the target location to which we redirect execution (which is system in our case) will be changing between each instance of systemd-journald. Consequently, successful exploitation in the presence of ASLR requires computing a hash preimage dynamically to correspond with the respective address space of that instance of systemd-journald. How to disclose the location of system, and writing an exploit to completely bypass ASLR, are beyond the scope of this post.  

  • Introducing IPFire's new Intrusion Prevention System

    With the next IPFire release, we are going to release huge changes to our Intrusion Detection System. Those bring packet analysis that IPFire does to a new level and we are very excited to tell you more about it in this announcement!

  • ShadowHammer: Hackers Installed Backdoor On 1 Million ASUS Devices

Mozilla Thunderbird 60.6.1 Released with Critical Security Fixes

Filed under
Moz/FF
Security

Mozilla Thunderbird 60.6.1 comes with the same security patches that were released as part of Firefox 66.0.1 last week.

As explained in the official advisory here, Mozilla resolved two different security flaws, both of which were reported by Trend Micro’s Zero Day Initiative.

Read more

Which are the most insecure languages?

Filed under
Software
Security

From top to bottom, technology is riddled with security errors. At the lowest level, we have hardware errors such as Intel's Meltdown and Spectre bugs. Just above those, we have programming language security holes, and boy, do we have a lot of those!

WhiteSource, an open-source security company, recently did a study of open source security vulnerabilities in the seven most widely used languages over the past decade. To find the bugs, the company used it language security database. This contains data on open-source vulnerabilities from multiple sources such as the National Vulnerability Database (NVD), security advisories, GitHub issue trackers, and open-source projects issue trackers.

Read more

Security: Security Onion OS, ARPwatch and Helpsystems

Filed under
Security
  • Peeling the Onion — Security Onion OS

    In a world where security threats feel out of control, the security professional needs some help to do their job. Security tools are an important part of the armory for those professionals. But there is quite a bit of choice, including open-source enterprise toolkits. The question being asked is do you build your own setup, or do you look to other solutions to give you what you need to tackle cyberthreats?

    Security Onion is a Linux distro that is based on Ubuntu and contains a wide spectrum of security tools. It is so named because these tools are built as layers to provide defensive technologies in the form of a variety of analytical tools. When you install Security Onion, you are effectively building a defensive threat-hunting platform.

  • Network Awareness Using ARPwatch | Roadmap to Securing Your Infrastructure

    Unless you already have a network access control (NAC) solution in place, most of you probably don’t know when a new device is put on your network. Yes, we know the dangers that exist, such as rogue DHCP servers or “drop boxes” that attackers leave behind to gain a foothold inside your network. The question remains, how can we identify when something new is put on our network without spending a ton of money and time on a NAC? One word: ARPwatch.

    So, what is ARPwatch and what does it do? ARPwatch is a tool that watches for ARP traffic on a network and then records every MAC address it sees in a database. Every time it sees a new MAC address, it can send you an email alert to let you know there’s a new device on the network. It’s a great tool for identifying not only new devices but also ARP spoofing and network flip/flops, for which you’ll receive email notifications.

  • Episode 17: Be Afraid. Be Very Afraid.

    Katherine Druckman and Doc Searls talk to Bob Erdman, Security Product Manager for Helpsystems about Linux security threats.

LOCKDOWN Aiming To Be In Linux 5.2 For Tightening Up Hardware/Kernel Access

Filed under
Linux
Google
Security

Google developer Matthew Garrett recently took over work on the long-standing "LOCKDOWN" kernel patches with a goal of preventing the running kernel image from being modified and strengthen the boundary between UID 0 and the kernel. These patches, which have been around for years and shipped by some Linux distributions, didn't make it into the recent Linux 5.1 merge window but now a pull request has been issued in trying to ship it with Linux 5.2.

Read more

Security: ASUS, Tesla and HackerOne

Filed under
Security
  • Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

    Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.

    ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

    The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.

    Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore. In the meantime, Kaspersky has published some of the technical details on its website.

  • Hackers break into the Tesla car web browser to win a Model 3
  • Sonatype and HackerOne partner on open source vulnerability reporting
Syndicate content

More in Tux Machines

today's howtos

Games: Lutris and More

  • Epic Games Store Now On Linux Thanks To Lutris
    While the Epic Games Store itself is not officially supported by the open source Linux operating system, a third-party gaming client has now made sure that you can access the store and launcher on your own distro. The Epic Games Store is now accessible on Linux via the Lutris Gaming client. The client is available to all Linux users, who in the past has provided the same users a way to play PC games without the need to have Windows installed in their machines. Although Linux is not necessarily the go-to platform when it comes to PC gaming, there is a very niche audience dedicated to making the platform work in favor of open-source and to counteract what could be perceived as a heavily Windows-biased PC gaming community. Linux gaming is somewhat tedious to the relatively casual or normal user, although there are some within the Linux community that advertise and try to foster its growth in terms of gaming, as there are some games that can run better on the operating system. That is to say, if you have a lot of patience to try and make it work.
  • You Died but a Necromancer revived you is good fun in a small package
    Sometimes, simplicity is what makes a game and in the case of You Died BaNRY that's very true. The game has little depth to it but makes up for that in just how frantic and fun it can be. The entire gameplay is just you (or you and friends) attempting to cross a small level filled with platforms, spikes and all sorts of crazy traps. It's ridiculously easy to get into as well, since the controls are so basic all you need to worry about is your movement.
  • Forager is a weirdly addictive casual grinding game that has mined into my heart
    I'm not usually one for games that have you endlessly wander around, collect resources, build a little and repeat but Forager is so ridiculously charming it's lovely.
  • DragonRuby Game Toolkit, a cross-platform way to make games with Ruby
    Now for something a little different! Ryan "Icculus" Gordon, a name known for many Linux ports and SDL2 teamed up with indie developer Amir Rajan to create a new cross-platform toolkit. Why was it created? Well, in a nutshell they both "hate the complexity of today's engines" and this toolkit was actually made to help ship A Dark Room for the Nintendo Switch, which shows how versatile it is.

10+ Open Source Software Writing Tools That Every Writer Should Know

Being a professional writer requires two key things to help ensure success: commitment and support. The former comes from the writer, and the latter comes from the tools he (or she) uses to get the job done. Below is a list of 11 great and lesser-known writing tools or apps, many of which are free and open-source, that can help improve the quality of your writing and make you a more productive and successful writer. Read more

today's leftovers

  • Newer isn't always better when performance is critical
    Some years before I formalised my engineering education, I was working as an instrument technician on a seismic survey vessel mapping an area off West Africa. These ships map the geology under the sea bed as the first stage of marine oil exploration. In full production, a single vessel will generate a revenue of several hundred thousand dollars a day. So you need to have a good excuse for when the recording system fails and you leave a hole in the survey coverage, especially when you have an ex-military Norwegian built like the proverbial Viking as party manager. The recording system was crashing; no error warnings, no smoke or fire. It just stopped recording. Repeatedly. The survey was looking like a cartoon Swiss cheese that had been attacked by hungry mice. What had changed? To save money the company had developed its own recording system, replacing Old Faithful with New Unreliable. I had my reservations when the prototype was tested in parallel with Old Faithful leading to my tearing out the connection between the two systems with under a minute to the start of a production line to go. I was younger then and could handle the excitement.
  • Minikube: 5 ways IT teams can use it
    As far as tool names go, Minikube is a pretty good reflection of what it does: It takes the vast cloud-scale of Kubernetes and shrinks it down so that it fits on your laptop. Don’t mistake that for a lack of power or functionality, though: You can do plenty with Minikube. And while developers, DevOps engineers, and the like might be the most likely to run it on a regular basis, IT leaders and the C-suite can use it, too. That’s part of the beauty. “With just a few installation commands, anyone can have a fully functioning Kubernetes cluster, ready for learning or supporting development efforts,” says Chris Ciborowski, CEO and cofounder at Nebulaworks.
  • Ubuntu Podcast from the UK LoCo: S12E02 – Light Force
    This week we have been upgrading disk drives (again) and playing Elite Dangerous. We discuss Mark’s homebrew Raspberry Pi based streaming box, bring you some command line love and go over your feedback. It’s Season 12 Episode 02 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.
  • Altered, a sweet looking puzzle game where you're part of the puzzle is coming to Linux
    Releasing sometime this Summer, Altered looks like a rather sweet take on the puzzle genre as you're a block that forms part of a puzzle. The developer, Glitchheart, describes it as a "meditative" puzzle game that mixes difficult puzzles in with a "soothing atmosphere". The description made me chuckle a little, as you can make it seem as soothing as you want but if the puzzles really do get difficult you can't stop players getting frustrated. Still, solving puzzles doesn't need to make you sweat which is more the point here as it seems there's no set time limits and no dangers.
  • How To Navigate Directories Faster In Linux