Language Selection

English French German Italian Portuguese Spanish

Security

Windows Back Doors for NSA, Libssh (Not Related to OpenSSH) Patched

Filed under
Security
  • Windows servers still infected by DarkPulsar NSA exploit

    Researchers from security outfit Kaspersky Lab say they have found about 50 systems infected by the DarkPulsar malware, part of the NSA exploits which were dumped online by a group calling itself the Shadow Brokers in 2017.
    A research brief written by Andrey Dolgushev, Dmitry Tarakanov and Vasily Berdnikov said DarkPulsar was in the implants category of the dump which included two frameworks called DanderSpritz and FuzzBunch. DarkPulsar was not a backdoor in itself, but just the administrative part of a backdoor.

  • Kaspersky says it detected infections with DarkPulsar, alleged NSA malware

    The hacking tools were leaked by a group of hackers known as the Shadow Brokers, who claimed they stole them from the Equation Group, a codename given by the cyber-security industry to a group that's universally believed to be the NSA.

    DarkPulsar went mostly unnoticed for more than 18 months as the 2017 dump also included EternalBlue, the exploit that powered last year's three ransomware outbreaks --WannaCry, NotPetya, and Bad Rabbit.

    Almost all the infosec community's eyes have been focused on EternalBlue for the past year, and for a good reason, as the exploit has now become commodity malware.

    But in recent months, Kaspersky researchers have also started to dig deeper into the other hacking tools leaked by the Shadow Brokers last year.

    They looked at FuzzBunch, which is an exploit framework that the Equation Group has been using to deploy exploits and malware on victims' systems using a CLI interface similar to the Metasploit pen-testing framework.

  • Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now

Security: Telstra, Google+ and Facebook Incidents, and Latest Updates

Filed under
Security

Security: Cracking, Elections and Apache

Filed under
Security
  • Hack [sic] on 8 adult websites exposes oodles of intimate user data

    A recent [crack] of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users.

  • Professors discuss election security, voting systems at panel

    Amid questions of election security and potential system hacking in the upcoming midterm elections, Engineering prof. J. Alex Halderman spoke at the University of Michigan Alumni Center Thursday night about vulnerabilities in U.S. voting systems. Last June, Halderman appeared before the Senate Select Committee on Intelligence to testify about such.

    [...]

    “If an attack takes place, we won’t necessarily see the physical evidence," Halderman said. "The physical evidence that it took place is a discrepancy between what’s written on a piece of paper and what a computer total of that paper says. Because elections are so complicated, they’re so noisy, because the [crackers] can hide their traces in various ways, we won’t necessarily see when something like this happen for the first time. We've got to be ready.”

  • Apache Access Vulnerability Could Affect Thousands of Applications

    A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
    Vulnerabilities in Apache functions have been at the root of significant breaches, including the one suffered by Equifax. Now new research indicates that another such vulnerability may be putting thousands of applications at risk.

    Lawrence Cashdollar, a vulnerability researcher and member of Akamai's Security Incident Response Team, found an issue with the way that thousands of code projects are using Apache .htaccess, leaving them vulnerable to unauthorized access and a subsequent file upload attack in which auto-executing code is uploaded to an application.

Security: U.S. CMS Breach and New Security Woes for Popular 'IoT' Protocols

Filed under
Security
  • U.S. CMS says 75,000 individuals' files accessed in data breach
  • CMS Responding to Suspicious Activity in Agent and Broker Exchanges Portal

    At this time, we believe that approximately 75,000 individuals’ files were accessed. While this is a small fraction of consumer records present on the FFE, any breach of our system is unacceptable.

  • New Security Woes for Popular IoT Protocols

    Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
    Security researcher Federico Maggi had been collecting data – some of it sensitive in nature – from hundreds of thousands of Message Queuing Telemetry Transport (MQTT) servers he found sitting wide open on the public Internet via Shodan. "I would probe them and listen for 10 seconds or so, and just collect data from them," he says.

    He found data on sensors and other devices sitting in manufacturing and automotive networks, for instance, as well as typical consumer Internet of Things (IoT) gadgets.

    The majority of data, Maggi says, came from consumer devices and sensors or was data he couldn’t identify. "There was a good amount of data from factories, and I was able to find data coming from pretty expensive industrial machines, including a robot," he says.

Security: ZDNet/CBS FUD, WiFi4EU, and Krack Wi-Fi

Filed under
Security
  • Open source web hosting software compromised with DDoS malware [Ed: CBS hired Catalin Cimpanu for him to have a broader platform with which to associate "Open Source" with security issues (does he say "proprietary" when it's proprietary, too?). Microsoft has long financed efforts to associate FOSS/copyleft with security issues and stigmatise it with licensing terror.]
  • Commission tried to hide details of 'WiFi4EU' glitch

    The European Commission has tried to hide information related to technical problems its free wifi fund portal suffered, by claiming that it was "out of scope".

    It released documents to EUobserver following an access to documents request - but heavily redacted some of the key papers.

    However, one of the documents has been leaked and published online. A comparison between the leaked version and the one released by the commission clearly shows that the commission went too far with its redactions.

  • The Flawed System Behind the Krack Wi-Fi Meltdown

    "If there is one thing to learn from this, it's that standards can't be closed off from security researchers," says Robert Graham, an analyst for the cybersecurity firm Erratasec. "The bug here is actually pretty easy to prevent, and pretty obvious. It's the fact that security researchers couldn't get their hands on the standards that meant that it was able to hide."

    The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security, the popular cryptographic protocol used in web encryption, WPA2 doesn't make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.

Security Leftovers

Filed under
Security

Open-source hardware could defend against the next generation of hacking

Filed under
Hardware
OSS
Security

Imagine you had a secret document you had to store away from prying eyes. And you have a choice: You could buy a safe made by a company that kept the workings of its locks secret. Or you could buy a safe whose manufacturer openly published the designs, letting everyone – including thieves – see how they’re made. Which would you choose?

It might seem unexpected, but as an engineering professor, I’d pick the second option. The first one might be safe – but I simply don’t know. I’d have to take the company’s word for it. Maybe it’s a reputable company with a longstanding pedigree of quality, but I’d be betting my information’s security on the company upholding its traditions. By contrast, I can judge the security of the second safe for myself – or ask an expert to evaluate it. I’ll be better informed about how secure my safe is, and therefore more confident that my document is safe inside it. That’s the value of open-source technology.

Read more

Security: DMARC, ShieldX, Spectre V2, Equifax/TransUnion and More

Filed under
Security
  • DMARC Email Security Adoption Soars as US Government Deadline Hits
  • ShieldX Integrates Intention Engine Into Elastic Security Platform

    ShieldX announced its new Elastic Security Platform on Oct. 17 providing organizations with Docker container based data center security, that uses advanced machine learning to determine intent.

    At the core of the Elastic Security Platform is a technology that ShieldX calls the Adaptive Intention Engine that automatically determines the right policy and approach for security controls across multicloud environments. The intent-based security model can provide network microsegmentation, firewall and malware detection capabilities, among other features.

  • Spectre V2 "Lite" App-To-App Protection Mode Readying For The Linux Kernel

    We are approaching one year since the Spectre and Meltdown CPU vulnerabilities shocked the industry, and while no new CPU speculative execution vulnerabilities have been made public recently, the Linux kernel developers continue improving upon the Spectre/Meltdown software-based mitigation techniques for helping to offset incurred performance costs with current generation hardware.

  • Another Massive Credit Reporting Database Breached By Criminals

    Lots of companies like gathering lots of data. Many do this without explicit permission from the people they're collecting from. They sell this info to others. They collect and collect and collect and it's not until there's a problem that many people seem to feel the collection itself is a problem.

    The Equifax breach is a perfectly illustrative case. Lenders wanted a service that could rate borrowers quickly to determine their trustworthiness. This required a massive amount of data to be collected from numerous creditors, along with personally-identifiable information to authenticate the gathered data. The database built by Equifax was a prime target for exploitation. That this information would ultimately end up in the hands of criminals was pretty much inevitable.

    But Equifax isn't the only credit reporting service collecting massive amounts of data but failing to properly secure it. TransUnion not only collects a lot of the same information, but it sells access to cops, lenders, private investigators, landlords… whoever might want to do one-stop shopping for personal and financial data. This includes criminals, because of course it does.

  • Security updates for Wednesday
  • LibSSH Flaw Allows Hackers to Take Over Servers Without Password
  • This iPhone Passcode Bypass Allows Hackers To View And Share Your Images

    If you look at the video, the iOS vulnerability can be seen as part of running accessibility features on the device. He used the iPhone VoiceOver feature and the Siri assistant to access the Photo Library, open photos and send them to another device chosen by the attacker.

Security: Facebook, GNU Binutils and Epson/HP

Filed under
Security
  • What To Do If Your Account Was Caught in the Facebook Breach

    Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

    30 Million Accounts Affected

    The number of users whose access tokens were stolen is lower than Facebook originally estimated. When Facebook first announced this incident, it stated that attackers may have been able to steal access tokens—digital “keys” that control your login information and keep you logged in—from 50 to 90 million accounts. Since then, further investigation has revised that number down to 30 million accounts.

    The attackers were able to access an incredibly broad array of information from those accounts. The 30 million compromised accounts fall into three main categories. For 15 million users, attackers access names and phone numbers, emails, or both (depending on what people had listed).

  • GNU Binutils read_reloc Function Denial of Service Vulnerability [CVE-2018-18309]
  • Security Updates Are Even Breaking Your Printer (On Purpose)

    Printer manufacturers hate third-party ink cartridges. They want you buying the expensive, official ones. Epson and HP have issued sneaky “updates” that break these cheaper cartridges, forcing you to buy the expensive ones.

    HP pioneered this technique back in 2016, rolling out a “security update” to its OfficeJet and OfficeJet Pro printers that activated a helpful new feature—helpful for HP’s bottom line, at least. Now, before printing, the printer would verify you’re using new HP ink cartridges. If you’re using a competitor’s ink cartridge or a refilled HP ink cartridge, printing would stop. After some flaming in the press, HP sort-of apologized, but not really.

Security: Stamos, E-mail and RAT Arrest

Filed under
Security
Syndicate content

More in Tux Machines

Ubuntu MATE 18.10 Released for GPD Pocket PCs, Raspberry Pi Images Coming Soon

Shipping with the latest MATE 1.20.3 desktop environment and Linux 4.18 kernel, Ubuntu MATE 18.10 is now available with updated apps and core components, better hardware support, and, for the first time, images for the GDP Pocket and GDP Pocket 2 handheld computers, along with the generic images for 64-bit Intel PCs. According to Martin Wimpress, Ubuntu MATE 18.10 (Cosmic Cuttlefish) includes some hardware-specific tweaks and other improvements to core components in an attempt to make the Linux-based operating system work out-of-the-box and without any hiccups on both the GDP Pocket and GDP Pocket 2 tiny computers. Read more

Plasma 5.14.2

Today KDE releases a Bugfix update to KDE Plasma 5, versioned 5.14.2. Plasma 5.14 was released in October with many feature refinements and new modules to complete the desktop experience. Read more Also: KDE Plasma 5.14.2 Desktop Environment Improves Firmware Updates, Snap Support

Red Hat and Fedora Leftovers

  • Red Hat: Creativity is risky (and other truths open leaders need to hear)
    Leaders are all too aware of the importance of invention and innovation. Today, the health and wealth of their businesses have become increasingly dependent on the creation of new products and processes. In the digital age especially, competition is more fierce than ever as global markets open and expand. Just keeping pace with change requires a focus on constant improvement and consistent learning. And that says nothing about building for tomorrow.
  • APAC Financial Services Institutions Bank on Red Hat to Enhance Agility
  • APAC banks aim to use open source to enhance agility
  • Huawei CloudFabric Supports Container Network Deployment Automation, Improving Enterprise Service Agility
    At HUAWEI CONNECT 2018, Huawei announced that its CloudFabric Cloud Data Center Solution supports container network deployment automation and will be available for the industry-leading enterprise Kubernetes platform via a new plug-in.
  • Redis Labs Integrates With Red Hat OpenShift, Hits 1B Milestone
    Redis Labs is integrating its enterprise platform as a hosted and managed database service on Red Hat’s OpenShift Container Platform. That integration includes built-in support for Red Hat’s recently launched Kubernetes Operator. The Redis Enterprise integration will allow customers to deploy and manage Redis databases as a stateful Kubernetes service. It will also allow users to run Redis Enterprise on premises or across any cloud environment.
  • Needham & Company Starts Red Hat (RHT) at Buy
  • Fedora Toolbox — Hacking on Fedora Silverblue
    Fedora Silverblue is a modern and graphical operating system targetted at laptops, tablets and desktop computers. It is the next-generation Fedora Workstation that promises painless upgrades, clear separation between the OS and applications, and secure and cross-platform applications. The basic operating system is an immutable OSTree image, and all the applications are Flatpaks. It’s great! However, if you are a hacker and decide to set up a development environment, you immediately run into the immutable OS image and the absence of dnf. You can’t install your favourite tools, editors and SDKs the way you’d normally do on Fedora Workstation. You can either unlock your immutable OS image to install RPMs through rpm-ostree and give up the benefit of painless upgrades; or create a Docker container to get an RPM-based toolbox but be prepared to mess around with root permissions and having to figure out why your SSH agent or display server isn’t working.
  • Fedora 28 : Alien, Steam and Fedora distro.

Raspberry Pi: Hands-on with the updated Raspbian Linux

wrote last week about the new Raspbian Linux release, but in that post I was mostly concerned with the disappearance of the Wolfram (and Mathematica) packages, and I didn't really do justice to the release itself. So now I have continued with installing or upgrading it on all of my Raspberry Pi systems, and this post will concentrate on the process and results from that. First, the new ISO images are available from the Raspberry Pi Downloads page (as always), and the Release Notes have been added to the usual text document. I have only downloaded the plain Raspbian images, I don't bother with the NOOBS images much any more - but the new ISO is included in those as well of course. Please note that the SHA-256 checksum for the images is given on the web page, so be sure to verify that before you continue with the file that you downloaded. If you prefer stronger (or weaker) verification, you can find a PGP signature (and an SHA-1 checksum) on the Raspbian images download page. Read more