LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 44 min 20 sek zpět

Sn1per - Penetration Testing Automation Scanner

23 Květen, 2017 - 12:45
LinuxSecurity.com: Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Kategorie: Hacking & Security

Hackers Unlock Samsung Galaxy S8 With Fake Iris

23 Květen, 2017 - 12:40
LinuxSecurity.com: Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.
Kategorie: Hacking & Security

Yahoo retires ImageMagick library after 18-byte exploit leaks user email content

22 Květen, 2017 - 13:00
LinuxSecurity.com: Yahoo has decided to retire the use of the ImageMagick library following a researcher's disclosure of a simple way to break the system to cause email information leaks.
Kategorie: Hacking & Security

Proposed PATCH Act forces US snoops to quit hoarding code exploits

19 Květen, 2017 - 12:00
LinuxSecurity.com: Two US senators have proposed a law limiting American intelligence agencies' secret stockpiles of vulnerabilities found in products.
Kategorie: Hacking & Security

Twitter abandons 'Do Not Track' privacy protection

19 Květen, 2017 - 11:54
LinuxSecurity.com: Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web.
Kategorie: Hacking & Security

Good news, OpenVPN fans: Your software's only a little bit buggy

18 Květen, 2017 - 13:24
LinuxSecurity.com: The venerable OpenVPN client has been given a mostly clean bill of health. Between December and February, a team led by Johns Hopkins University crypto-boffin Dr Matthew Green has been auditing OpenVPN 2.4's code.
Kategorie: Hacking & Security

Will Linux protect you from ransomware attacks?

18 Květen, 2017 - 13:23
LinuxSecurity.com: Ransomware attacks are all the rage these days among hackers, and many people are worried about becoming victims. Are Linux users secure against such attacks?
Kategorie: Hacking & Security

The Ransomware Meltdown Experts Warned About Is Here

16 Květen, 2017 - 13:20
LinuxSecurity.com: A new strain of ransomware has spread quickly all over the world, causing crises in National Health Service hospitals and facilities around England, and gaining particular traction in Spain, where it has hobbled the large telecom company Telefonica, the natural gas company Gas Natural, and the electrical company Iberdrola.
Kategorie: Hacking & Security

NSA Brute-Force Keysearch Machine

16 Květen, 2017 - 13:17
LinuxSecurity.com: The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It's based on a document that was accidentally shared on the Internet by NYU.
Kategorie: Hacking & Security

Lessons from last week's cyberattack

15 Květen, 2017 - 11:57
LinuxSecurity.com: Early Friday morning the world experienced the year's latest cyberattack. Starting first in the United Kingdom and Spain, the malicious "WannaCrypt" software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year.
Kategorie: Hacking & Security

More UPNP woes: Crashable library bites routers and software

15 Květen, 2017 - 11:46
LinuxSecurity.com: It's a patch for vendors and developers, but it could be nasty: there's a bug in a Universal Plug'N'Play (UPNP), used in a wide range of black-box devices. The bug, in miniupnpc, allows the lightweight UPNP library to be crashed by an attacker - and while the discoverer only confirmed its risk as a denial-of-service vector, library crashes always carry at least the potential that an attacker could find a way through to a shell.
Kategorie: Hacking & Security

Gmail Docs phishing attack: Google targets devs with tighter web app ID checks

15 Květen, 2017 - 11:43
LinuxSecurity.com: Google is slowing down the process for publishing web applications to prevent a repeat of the phishing attack that abused users' trust in its sign-in system with a fake Google Docs app.
Kategorie: Hacking & Security

Microsoft blames US stockpiled vulnerability for ransomware attack

15 Květen, 2017 - 11:39
LinuxSecurity.com: Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.
Kategorie: Hacking & Security

Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

13 Květen, 2017 - 18:29
LinuxSecurity.com: A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).
Kategorie: Hacking & Security

DDOS attacks in Q1 2017

12 Květen, 2017 - 13:10
LinuxSecurity.com: Thanks to IoT botnets, DDoS attacks have finally turned from something of a novelty into an everyday occurrence. According to the A10 Networks survey, this year the 'DDoS of Things' (DoT) has reached critical mass - in each attack, hundreds of thousands of devices connected to the Internet are being leveraged.
Kategorie: Hacking & Security

Vendors approve of NIST password draft

12 Květen, 2017 - 13:03
LinuxSecurity.com: A recently released draft of the National Institute of Standards and Technology's (NIST's) digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.
Kategorie: Hacking & Security

Keylogger Found in Audio Driver of HP Laptops

12 Květen, 2017 - 12:59
LinuxSecurity.com: The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
Kategorie: Hacking & Security

SELinux and --no-new-privs and the setpriv command

11 Květen, 2017 - 11:54
LinuxSecurity.com: SELinux transitions are in some ways similar to a setuid executable in that when a transition happens the new process has different security properties then the calling process. When you execute setuid executable, your parent process has one UID, but the child process has a different UID.
Kategorie: Hacking & Security

Kevin Mitnick performs hacking tricks, live on Wall Street

11 Květen, 2017 - 11:52
LinuxSecurity.com: The second annual Cyber Investing Summit, held on Wall Street at the New York Stock Exchange, announced that Kevin Mitnick, the world's most famous hacker, will be its opening act on May 23, 2017.
Kategorie: Hacking & Security

Hacker dumps, magnet links, and you

11 Květen, 2017 - 11:50
LinuxSecurity.com: In an excellent post pointing out Wikileaks deserves none of the credit given them in the #MacronLeaks, the author erroneously stated that after Archive.org took down the files, that Wikileaks provided links to a second archive. This is not true. Instead, Wikileaks simply pointed to what's known as "magnet links" of the first archive. Understanding magnet links is critical to understanding all these links and dumps, so I thought I'd describe them.
Kategorie: Hacking & Security