Language Selection

English French German Italian Portuguese Spanish

Security

Network Security Toolkit 30-11210

Filed under
GNU
Linux
Red Hat
Security

We are pleased to announce the latest NST release: "NST 30 SVN:11210". This release is based on Fedora 30 using Linux Kernel: "kernel-5.1.17-300.fc30.x86_64". This release brings the NST distribution on par with Fedora 30.

Read more

Security: Windows, Books, Apple and More

Filed under
Security
  • Windows 7 Enters the Last Six Months of Support [Ed: Microsoft propagandist (for ages) Bogdan Popa won't advise people to hop over to GNU/Linux (which he lies about, saying Microsoft "loves Linux")]

    According to third-party data provided by NetMarketShare, Windows 7 continues to be one of the most popular choices for desktop users.

  • Security bootcamp: 8 must-read books for leaders

    The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture.

    Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.

  • Security scanning your DevOps pipeline

    Security is one of the most important considerations for running in any environment, and using open source software is a great way to handle security without going over budget in your corporate environment or for your home setup. It is easy to talk about the concepts of security, but it's another thing to understand the tools that will get you there. This tutorial explains how to set up security using Jenkins with Anchore.

    There are many ways to run Kubernetes. Using Minikube, a prepackaged virtual machine (VM) environment designed for local testing, reduces the complexity of running an environment.

  • This Is Why We Have Betas. iOS 13 Beta Shows Saved Passwords

    There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk.

    Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.

  • Hackers breached Bulgaria’s tax agency and leaked the data of 5M people

    Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA).

    The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.

Security: FOSS Updates, WhatsApp and Telegram, Windows as Malware and Respect to Fernando Corbató

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).

  • WhatsApp, Telegram Vulnerable To ‘Media File Jacking’: Change Your Settings Now!

    Instant messaging apps like WhatsApp and Telegram keep your messages encrypted in transit, but once a media file reaches your phone, the same cannot be guaranteed.

    Researchers from Symantec have demonstrated how a vulnerability in WhatsApp and Telegram can be exploited by hackers to hijack the media files that are sent through these services.

  • Windows 7 & security-only telemetry - What gives?

    Sometimes, it is hard to separate fact from emotion when it comes to technology. This does not help the end user, because when people come searching for solutions to genuine concerns like this, they first have to filter through outbursts of pent-up frustration as a result of many years of salesy bullshit.

    From the technological point of view, there's nothing new here. However, the fact you now get non-security nonsense with security means you can't really trust updates from Microsoft anymore. So if anything, this will majestically backfire. People don't like being pushed, and I'm amazed with the repeated attempts to do so, again and again.

  • Fernando Corbató, Early Operating System Pioneer And Password Inventor, Dies At 93

    Corbató and his fellow researchers at MIT made possible much of what we now think of as computing.

  • Professor Emeritus Fernando Corbató, MIT computing pioneer, dies at 93

    Longtime MIT professor developed early “time-sharing” operating systems and is widely credited as the creator of the world's first computer password.

Security Leftovers

Filed under
Security
  • EAP-pwd security issues – SAE (Simultaneous Authentication of Equals) WPA3-Personal – potential full password recovery with weak passwords – CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

    it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but:

    your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, just saying… nobody wants meltdown vulnerability of CPUs to actually be able to cause a meltdown)

  • RIP Fernando “Corby” Corbató, inventor of the password (1926-2019)

    Last Friday, legendary MIT computer scientist Fernando “Corby” Corbató passed away at his home in Newton, Massachusetts. He was 93.

    The Oakland-born researcher was responsible for several pivotal advances in the computer science space, most notably the password, which he invented during his pioneering work in computer time sharing.

  • GE Aviation Passwords, Source Code Exposed in Open Jenkins Server [Ed: 'Windows shop' GE needs to hire actual FOSS and GNU/Linux people who know how to properly set up and maintain things. This one is a shot in one's foot.]

    A DNS misconfiguration resulted in an open Jenkins server being available to all.

    A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.

    GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.

  • Open Source Genomic Analysis Software Flaw Patched

    A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.

Security Leftovers

Filed under
Security
  • France Says Ransomware Attacks on Big Companies Are on the Rise [iophk: Windows TCO]

    Attackers changed strategy in the second half of 2018, ditching smaller companies to go after big corporations, sometimes strategic or vital to the nation’s economy, the ministry said on Tuesday in its 2019 cyber threats report. The trend accelerated this year.

  • New Elections Systems Vulnerable to Hacks, AP Analysis Shows

    An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.

    That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023.

  • Unusual Linux Ransomware Targets NAS Servers [Ed: Does not explain how the malware/ransomware gets onto there in the first place and whether it has anything at all to do with "Linux" rather than reckless people who install malware ot very weak passwords. They use a Tux logo/mascot anyway.]

    As for the decision to target NAS, Chris Morales, head of security analytics at Vectra, told Threatpost that it isn’t as common to deploy endpoint monitoring to a Linux dedicated network file server — thus, the QNAPCrypt malware represents the evolution and adaptation of an attack to bypass security controls.

  • Why Trump Caved to China and Huawei

    Everything about the trade war between the United States and China is bewildering. The world’s two largest economies entered a titanic struggle with harsh words and high tariffs, sending shudders through the global economy. Hundreds of billions of dollars of goods on either side stood before tariff walls that seemed unbreachable. Truces would come out of nowhere—as at the 2018 G20 meeting in Buenos Aires—but then they would be set aside by U.S. President Donald Trump in a stream of tweets at odd hours.

    In May, Trump went after Huawei, one of the world’s largest technology firms. The attack this time was not on economic grounds. Trump accused Huawei of being an espionage arm of the Chinese government. Firms from the United States that supplied Huawei with software and chips would no longer be permitted to do so. Trump’s diplomats went on the road to strongarm U.S. allies into no longer using Huawei technology in their countries. Pressure on China resulted in the arrest of Meng Wanzhou, Huawei’s chief financial officer, on charges of bank and wire fraud in relation to U.S. sanctions against Iran. Meng Wanzhou is the daughter of Huawei’s founder, Ren Zhengfei.

Security Leftovers

Filed under
Security
  • Microsoft Discreetly Drops ‘Telemetry’ As Part Of Larger ‘Security Cumulative Update’ Without First Informing Windows 7 Users? [Ed: Microsoft being Microsoft and backporting surveillance; With Windows Update any piece of software can become more malicious overnight.]

    Microsoft appears to have once again attempted to sneak telemetry components. The company released security updates for all supported operating systems on the July 2019 Patch Day. However, this month’s cumulative updates, which were supposed to contain only security-related components, contain an unexpected compatibility/telemetry component.

    The suspicious components were hidden in plain sight. Incidentally, this is the second time Microsoft has attempted to insert telemetry components. However, during the first attempt the Windows OS maker had openly mentioned the inclusion of the telemetry components, whereas this time, the company didn’t offer any indication. This methodology appears to an attempt to garner more accurate data about usage and installation patterns of the Windows operating system as Microsoft will soon phase out Windows 7.

    Windows Update delivered several packages of security and reliability fixes for Windows 7 earlier this week. The packages are different for each of the Windows operating system’s versions that Microsoft officially supports. However, the ‘cumulative update’ package contained a rather suspicious component. The security update in question was intended for Microsoft Windows 7 Operating System (OS) which was released as part of the July 2019 Patch Day.

  • Swimlane research team open sources pyattack

    As security teams adopt the Mitre ATT&CK Framework to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical.

    Today, we are excited to announce the Swimlane research team has released pyattck—a Python package to interact with the Mitre ATT&CK Framework. There are many different open-source projects being released on a daily basis, but we wanted to provide a straightforward Python package that allows the user to identify known relationships between all verticals of the Mitre ATT&CK Framework.

  • Strongbox Password Safe is a free, open-source KeePass client for iOS [Ed: iOS from Apple has back doors (see Vault 7 from Wikileaks for instance), so you should not put any passwords in it]
  • Research Finds Loads of Container Vulnerabilities

    Docker containers are great in that it’s easy to get started building an application using frameworks and components that others have made available via open source projects. The challenge, however, is not all those projects are current in terms of their cybersecurity patches. In fact, a developer of a framework may not even be actively supporting it anymore.

    A new report from vulnerability management platform vendor Kenna Security highlights the extent of the problem in the Docker community. Via the VulnerabilitiesContainer.org site, Kenna Security is sharing the results of analyses of containers being reused widely that find some of these open source projects have hundreds of unresolved Common Vulnerabilities and Exposure (CVE) issues.

  • A World of Infinite Choice in Open Source Software

    We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary development teams operate.

    As part of the research we identified the top 3% of DevOps teams using exemplary practices. (Take the quiz to see how your team stacks up.)

    Before we could truly understand these practice, we had to have the right context. The report’s first goal was to compare the use of open source in 2019 - to that of years past - and understand the broader environment developers are working in. As anticipated, open source component use continues to rocket upward.

  • In memoriam – Corby Corbató, MIT computer science pioneer, dies at 93

    Almost everyone’s heard of Linux – it’s the operating system kernel that’s behind a significant proportion of servers on the internet, including most of Google, Facebook, Amazon and many other contemporary online juggernauts.

    In its Android flavour, Linux powers the majority of smartphones out there, and in one form or another it’s also the kernel of choice for many so-called IoT devices such as bike computers, home Wi-Fi routers, webcams, baby monitors and even doorlocks.

    Most people who use Linux know that the name is a sort-of pun on Unix, the operating system that Linux most resembles.

    And Unix, of course, is the operating system behind a significant proportion of the devices out there that don’t run Linux, being at the heart of Apple’s macOS and iOS systems, as well as the various and widely-used open source BSD distributions.

Confirmed: Microsoft Windows Zero-Day Exploit Used In Government Espionage Operation

Filed under
Microsoft
Security

It has been revealed that a threat actor once best known for cyber bank robbery in Russia has made a move to espionage. The highly targeted attacks against government institutions in Eastern Europe, which took place during June 2019, employed the use of a Microsoft Windows zero-day exploit. In and of itself this isn't unusual as there have been plenty of Windows zero-days discovered. However, this is the first time that researchers had seen the Buhtrap group using a zero-day attack, although the group has been involved in the cyber-spying business for some years now across Eastern Europe and Central Asia.

Anton Cherepanov, a senior malware researcher at security vendor ESET, explained how the zero-day exploit abused a local privilege escalation vulnerability in Microsoft Windows in order to run arbitrary code and install applications, and view or change data on the compromised systems. As soon as the researchers had properly analyzed the exploit, it was reported to the Microsoft Security Response Center, and a fix was included in the July 9 "Patch Tuesday" update.

The vulnerability itself only impacted older versions of Windows, specifically variations of Windows and Windows Server 2008. This is because, as Cherepanov explained, "since Windows 8 a user process is not allowed to map the NULL page. Microsoft back-ported this mitigation to Windows 7 for x64-based systems." The advice, predictably, is to upgrade to a newer version of the operating system if possible. Especially as critical security updates will disappear soon when extended support for Windows 7 Service Pack 1 ends in January 2020. Gavin Millard, vice-president of intelligence at Tenable, warns users not to be complacent seeing as the vulnerability is "now being actively exploited in the wild," advising that "patches should be deployed as soon as possible."

Read more

Security Leftovers

Filed under
Security
  • Adjusting the Scope of our Security Vulnerability Disclosure Program

    At EFF we put security and privacy first. That's why over three years ago we launched EFF's Security Vulnerability Disclosure Program. The Disclosure Program is a set of guidelines on how security researchers can tell EFF about bugs in the software we develop, like HTTPS Everywhere or Certbot. When we launched the program, it was a bit of an experiment. After all, as a lean, member-driven nonprofit, we can't give out the tremendous cash rewards that large corporations can provide for zero days. Instead, all we can offer security researchers in return for their hard work is recognition on our EFF Security Hall of Fame page and other non-cash rewards like EFF gear or complimentary EFF memberships.

    Despite the limited rewards, the program has been a tremendous success. As of June 1, 2019, we've had over seventy different security researchers report valid security vulnerabilities to us, as you can see on our Security Hall of Fame page.

  • Court: Computer Experts May Examine Georgia Voting Systems

    A federal court in Georgia has ruled that Georgia election officials must allow the Coalition for Good Governance to review the state's election management databases. The Coalition argued that the databases "provide the roadmap that needs to be analyzed to identify flaws" in the state election system.

  • Hackers breach Canonical GitHub account [Ed: They breached a Microsoft GitHub account, but never blame Microsoft for anything...]

    Hackers compromised credentials to break into a Canonical Ltd. GitHub account...

Linux May Gain Protection Against Hyper-Threading Attacks

Filed under
Linux
Security

Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel’s Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.

The Oracle developers didn't specify whether or not the recent MDS attacks against Intel’s HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.

Read more

Security: Microsoft Windows Strikes Again

Filed under
Microsoft
Security
  • U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack

    The U.S. Coast Guard has issued an official warning to owners of ships that cybersecurity at sea needs updating, and updating urgently. In the Marine Safety Alert published June 8, the Coast Guard "strongly encourages" that cybersecurity assessments are conducted to "better understand the extent of their cyber vulnerabilities." This follows an interagency investigation, led by the Coast Guard, into a "significant cyber incident" that had exposed critical control systems of a deep draft vessel bound for the Port of New York in February 2019 to what it called "significant vulnerabilities."

  • Malware on the High Seas: US Coast Guard Issues Alert [iophk: Windows TCO is not a laughing matter. Get rid of it.]

    The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.

  • Eurofins Scientific: Forensic services firm paid ransom after cyber-attack [iophk: Windows TCO]

    BBC News has not been told how much money was involved in the ransom payment or when it was paid.

    The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

  • Eurofins Scientific Paid Up in Response to Ransomware Attack: Report [iophk: Windows TCO]

    Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.

  • Eurofins Scientific forensics firm pays after hit with ransomware [iophk: Windows TCO]

    Eurofins didn’t disclose how much it paid to retrieve its information but the money was likely paid between June 10, when Eurofins issued a statement about the attack, and June 24 when it published an update saying it had “identified the variant of the malware used” in the attack and had strengthened its cybersecurity.

  • [Old] Combating WannaCry and Other Ransomware with OpenZFS Snapshots [iophk: use FreeBSD, OpenBSD, or GNU/Linux on the desktop to avoid ransomware and servers to avoid ransomware damage]

    OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.

Syndicate content

More in Tux Machines

Announcing Oracle Solaris 11.4 SRU12

Today we are releasing the SRU 12 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1. Read more Also: Oracle Solaris 11.4 SRU12 Released - Adds GCC 9.1 Compiler & Python 3.7

Redcore Linux 1908 Released, Which Fixes Many of the Pending Bugs

Redcore Linux developer has released the new version of Redcore Linux 1908 and code name is Mira. This release fixes most of the outstanding bugs and some more polishing. Also, added new features as well. Bunch of packages (1000+) got updated because this release is based on Gentoo’s testing branch, unlike previous releases which were based on a mix of Gentoo’s stable and testing branches. Starting from Redcore Linux 1908, the packages shold be up-to-date since it’s using Gentoo’s testing branch. Read more

Red Hat Satellite 6.6 Beta is now available with enhancements across reporting, automation, and supportability

We are pleased to announce that Red Hat Satellite 6.6 is now available in beta to current Satellite customers. Red Hat Satellite is a scalable platform to manage patching, provisioning, and subscription management of your Red Hat infrastructure, regardless of where it is running. The Satellite 6.6 beta is focused on enhancements across reporting, automation, and supportability While Satellite 6.6 Beta supports Red Hat Enterprise Linux 8 hosts, it is important to note that Satellite 6.6 must be installed on a Red Hat Enterprise Linux 7 host. Support for running Satellite itself on a Red Hat Enterprise Linux 8 host is scheduled for a later release. Read more Also: Serverless on Kubernetes, diverse automation, and more industry trends

Android Leftovers