LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 6 min 34 sek zpět

Secure Wifi Hijacked by KRACK Vulns in WPA2

17 Říjen, 2017 - 12:43
LinuxSecurity.com: All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
Kategorie: Hacking & Security

Linus Torvalds says targeted fuzzing is improving Linux security

17 Říjen, 2017 - 12:40
LinuxSecurity.com: Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes.
Kategorie: Hacking & Security

Crypto-coin miners caught toiling away in hacked cloud boxes

17 Říjen, 2017 - 12:39
LinuxSecurity.com: Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining.
Kategorie: Hacking & Security

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

16 Říjen, 2017 - 11:33
LinuxSecurity.com: An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
Kategorie: Hacking & Security

Linux vulnerable to privilege escalation

16 Říjen, 2017 - 11:30
LinuxSecurity.com: An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).
Kategorie: Hacking & Security

What is a firewall?

13 Říjen, 2017 - 11:53
LinuxSecurity.com: Network-based firewalls have become almost ubiquitous across US enterprises for their proven defense against an ever-increasing array of threats.
Kategorie: Hacking & Security

500 million PCs are being used for stealth cryptocurrency mining online

13 Říjen, 2017 - 11:52
LinuxSecurity.com: A new report suggests hundreds of websites have taken The Pirate Bay's lead and are now using visitor PCs to mine cryptocurrency without the consent of users.
Kategorie: Hacking & Security

10 layers of Linux container security

12 Říjen, 2017 - 13:26
LinuxSecurity.com: Containers provide an easy way to package applications and deliver them seamlessly from development to test to production. This helps ensure consistency across a variety of environments, including physical servers, virtual machines (VMs), or private or public clouds.
Kategorie: Hacking & Security

Apache Patches Optionsbleed Flaw in HTTP Server

12 Říjen, 2017 - 13:24
LinuxSecurity.com: The Apache HTTP Web Server (commonly simply referred to as 'Apache') is the most widely deployed web server in the world, and until last week, it was at risk from a security vulnerability known as Optionsbleed.
Kategorie: Hacking & Security

Secure Messaging with Onion Services, a How-To

12 Říjen, 2017 - 13:21
LinuxSecurity.com: This post explores how Tor onion services can be integrated into existing web services, making them more secure. This integration will use the "publish / subscribe" pattern over Tor to trigger re-builds of the txtorcon documentation (which is hosted on an onion service). We will use Tor to transport the published messages so the network-location of the machine hosting the onion service remains hidden.
Kategorie: Hacking & Security

Accenture left a huge trove of highly sensitive data on exposed servers

10 Říjen, 2017 - 14:48
LinuxSecurity.com: Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.
Kategorie: Hacking & Security

SELinux blocks loading kernel modules

10 Říjen, 2017 - 14:41
LinuxSecurity.com: The kernel has a feature where it will load certain kernel modules for a process, when certain syscalls are made. For example, loading a kernel module when a process attempts to create a different network socket.
Kategorie: Hacking & Security

VPN logs helped unmask alleged 'net stalker, say feds

9 Říjen, 2017 - 15:05
LinuxSecurity.com: Virtual private network provider PureVPN helped the FBI track down an Internet stalker, by combing its logs to reveal his IP address.
Kategorie: Hacking & Security

Mozilla pilots Cliqz engine in Firefox to slurp user browsing data

9 Říjen, 2017 - 15:04
LinuxSecurity.com: Mozilla has launched a pilot program using Cliqz technology to pull user browsing data in Firefox.
Kategorie: Hacking & Security

Cyber security as big a challenge as counter-terrorism, says spy chief

9 Říjen, 2017 - 15:02
LinuxSecurity.com: Defending against cyber-attacks is as big a challenge for the UK as protecting against terrorism, according to the director of GCHQ.
Kategorie: Hacking & Security

On encryption, the UK sets a collision course with Europe

6 Říjen, 2017 - 12:17
LinuxSecurity.com: Is encryption a threat to law and order, or an essential tool for staying secure online? Two events this week show how much disagreement there still is about it.
Kategorie: Hacking & Security

Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT

6 Říjen, 2017 - 12:15
LinuxSecurity.com: Google researchers disclosed seven serious flaws in an open-source DNS software package Dnsmasq, which is is commonly preinstalled on routers, servers, smartphones, IoT devices and operating systems such the Linux distributions Ubuntu and Debian. The most severe of the vulnerabilities could be remotely exploited to run malicious code and hijack the device.
Kategorie: Hacking & Security

Another W3C API exposing users to browser snitching

6 Říjen, 2017 - 12:12
LinuxSecurity.com: Yet another W3C API can be turned against the user, privacy boffin Lukasz Olejnik has warned - this time, it's in how browsers store and check credit card data.
Kategorie: Hacking & Security

Step aside, Windows! Open source and Linux are IT's new security headache

6 Říjen, 2017 - 11:52
LinuxSecurity.com: Windows has long been the world's biggest malware draw, exploited for decades by attackers. It continues today: The Carbon Black security firm analyzed 1,000 ransomware samples over the last six months and found that nearly 99% of them targeted Windows.
Kategorie: Hacking & Security

The Flusihoc Dynasty, A Long Standing DDoS Botnet

5 Říjen, 2017 - 11:31
LinuxSecurity.com: Since 2015, ASERT has observed and followed a DDoS Botnet named Flusihoc. To date very little has been published about this family, despite numerous anti-virus and intrusion detection signatures created by various vendors. Flusihoc has remained persistent with multiple variants, over 500 unique samples in our malware zoo, and continued development.
Kategorie: Hacking & Security