Language Selection

English French German Italian Portuguese Spanish

Security: Updates, WordPress 5.1.1 in Debian, Threats in Devices and Facebook Downtime

Filed under
Security
  • Security updates for Thursday
  • WordPress 5.1.1

    The Debian packages for WordPress version 5.1.1 are being updated as I write this. This is a security fix for WordPress that stops comments causing a cross-site scripting bug. It’s an important one to update.

  • 25 Most Common IoT Security Threats in an Increasingly Connected World

    The Internet of Things (IoT) is growing rapidly. IoT is the connectivity of devices over the internet. It’s like a social network or an email service, but instead of connecting people, IoT actually connects smart devices which include, but not limited to your computers, smartphones, smart home appliances, automation tools, and more.

    However, similar to all types of technologies out there, IoT is a double-edged sword as well. It has its upsides, but there are serious threats that accompany this technology. As manufacturers are racing against each other to bring the latest device in the market, not many of them are thinking about the security issues associated with their IoT devices.

  • Facebook Suffers Global Outage, Claims DDoS Not the Cause

    Facebook users around the world had a singular question for much of March 13: Is Facebook down?

    As it turns out, the global social media giant and its related Instagram and WhatsApp services were in fact unavailable and down for much of the day. Some service was restored by March 14, though full global availability across all Facebook services is still intermittent. With Facebook down, the company ironically had to resort to using rival social media service Twitter to keep many of its users informed.

    "We’re aware that some people are currently having trouble accessing the Facebook family of apps," Facebook wrote in a Twitter message. "We’re working to resolve the issue as soon as possible."

    Facebook also provided minimal updates via its platform status dashboard for developers, with the first indication of trouble reported at 10:32 a.m. PT on March 13.

    "We are currently experiencing issues that may cause some API requests to take longer or fail unexpectedly," the status page reports. "We are investigating the issue and working on a resolution."

More in Tux Machines

Security: Sphinx, Ransomware, Webmin, YubiKey

  • Exposed Sphinx Servers Are No Challenge for Hackers [Ed: That’s the same agency and the same troll site that initially promoted the lies and the FUD about VLC]

    A popular open-source text search server, Sphinx offers impressive performance for indexing and searching data in databases or just in files. It is cross-platform, available for Linux, Windows, macOS, Solaris, FreeBSD, and a few other operating systems. [...] CERT-Bund posted the warning on Twitter today alerting network operators and providers about the risk of running Sphinx servers with a default configuration that are open on the web. The organization highlights that Sphinx lacks any authentication mechanisms. Exposing it on the web gives an attacker the possibility "to read, modify or delete any data stored in the Sphinx database."

  • Ransomware Hits Texas Local Governments [iophk: Windows TCO]

    The attack was observed on the morning of August 16 and appears to have been launched by a single threat actor, the DIR announcement reads.

    The State Operations Center (SOC) was activated soon after the attack reports started to come in, and DIR says that all of the entities that were actually or potentially affected appear to have been identified and notified.

    A total of twenty-three entities have been confirmed as impacted so far, and the responders are working on bringing the affected systems back online.

  • Webmin Backdoored for Over a Year

    The security hole impacts Webmin 1.882 through 1.921, but most versions are not vulnerable in their default configuration as the affected feature is not enabled by default. Version 1.890 is affected in the default configuration. The issue has been addressed with the release of Webmin 1.930 and Usermin version 1.780.

  • The YubiKey 5Ci is the 'first' iOS-compatible security key

    Like other YubiKey options in the 5 series, the YubiKey 5Ci supports multiple authentication protocols, including IDO2/WebAuthn, FIDO U2F, OTP (one-time-password), PIV (Smart Card), and OpenPGP.

Android Leftovers

Analysis of the state of play of Open Source policies in EU Member States

The study on OSS policies will answer the following research questions, each of which will be elaborated upon in dedicated chapters: [...] Read more

Android Leftovers