Other Sites

9to5Linux

Red Hat Enterprise Linux 9.5 Released with Sudo System Role and Podman 5.0

Highlights of Red Hat Enterprise Linux 9.5 include several new system roles, including a new role for sudo to automate the configuration of sudo at scale, Red Hat Satellite 6.16 with support for installing the Satellite Server and capsules on Red Hat Enterprise Linux 9 systems, and new file management capabilities in Web Console for performing routine file management tasks without using the command line.

Fedora 42 to Port the Anaconda Installer to Wayland, Default to Anaconda WebUI

The Anaconda WebUI installer was initially planned for the Fedora Linux 39 release, but it was delayed as it needed more work. Now, the Fedora Project aims to ship it with next year’s Fedora Linux 42 release as the default installer for the flagship Fedora Workstation edition featuring the GNOME desktop environment.

Valve Releases Steam Client Update to Further Improve Native Linux Gaming

The last Steam Client update brought a bunch of changes to improve Linux gaming for native titles by implementing support for executing native Linux game titles in the Steam for Linux runtime 1.0 (scout) by default rather than of the legacy runtime environment. The new Steam Client update fixes an issue where native Linux titles could occasionally run in the wrong runtime.

PeaZip 10.1 File Archiver Improves Resilience to Password Guessing Attacks

PeaZip 10.1 is here only two weeks after PeaZip 10 and updates the backend to Pea 1.21, which introduces scrypt KDF as the default option instead of PBKDF2 to improve resilience to password-guessing attacks. This change alone increases the memory cost up to 1GB per instance. KDF was supported since Pea 1.5.

Ubuntu Buzz !

How To Change File Associations on Kubuntu

This article will help you configure file association on Kubuntu. File association, also known as "Open With", is the configuration that determines what application opens what file type, such as PDF should be opened with PDF reader, MP3 should be opened by MP3 player and so on. Every system has its own file associations. When you have many applications and choices, you might need to change such association so your favorite file type can be opened by default with your favorite application. We will show you it is easy to do on Kubuntu 22.04 "Jammy Jellyfish". Now let's start it out!

Kubuntu 22.04 with Legacy Oxygen Theme

This tutorial will help you using silver, metallic theme "Oxygen" that was popular in the era of KDE 4 on the modern Kubuntu 22.04 "Jammy Jellyfish". In short, we will use Elarun as wallpaper and Oxygen as the rest of the whole themes including application style, colors, icons, Plasma style, and splash screen. All in all, we want to offer the best visual experience we had in the past to new generation of Kubuntu users as well as the long time users themselves especially those who appreciate nostalgia. Finally, we hope you will enjoy this!

Tor Project blog

New Release: Tor Browser 14.0.2

This version fixes a tor crash bug on macOS when attempting to visit onion sites with PoW protections enabled (tor-browser#43245)

LinuxGizmos.com

Cost-Effective DART-MX91 SoM with 1.4GHz NXP i.MX 91 Processor Available from $35

Variscite has introduced the DART-MX91 System on Module, a compact and cost-effective solution within the DART Pin2Pin family, targeting edge devices for IoT, smart cities, industrial applications, and more.

Celeron Powered Fanless Mini PC with Dual 4K Display Support and M.2 2280 Slot

The EMP-100 is a compact, fanless mini PC built for versatile applications, including digital signage, industrial control, and retail environments. Designed with an aluminum chassis and VESA mounting support, it provides silent performance, dual 4K display support, and storage expansion via an M.2 2280 slot.

Security Leftovers

posted by Roy Schestowitz on Nov 03, 2022

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022.

According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.

Some of the more recent attacks in 2021 and 2021 have singled out five different banks in Burkina Faso, Benin, Ivory Coast, and Senegal. Many of the victims identified are said to have been compromised twice, and their infrastructure subsequently weaponized to strike other organizations.
What closed-source software developers can learn from their open-source counterparts - Help Net Security

Open-source software has reached greater levels of security than ever before, but its increased adoption comes with new challenges.

In this Help Net Security video, Josep Prat, Open Source Engineering Director at Aiven, illustrates how threat actors see greater use of open-source software as an opportunity, deploying new methods targeting tech professionals and open-source projects. Phishing attacks and compromised open-source applications are now a clear and constant danger for developers and the community.

By its very nature, open source is easily accessible and open to all, making it all the more concerning that many hacking groups carrying out these attacks are linked to hostile groups and organizations. Open-source developers must be aware of these new trends and carefully check change requests in their projects.
CISA Releases Three Industrial Control Systems Advisories | CISA

CISA has released three (3) Industrial Control Systems (ICS) advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ETIC Telecom Remote Access Server (RAS) | CISA

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines.
Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (pypy3), Fedora (drupal7, git, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and php), Oracle (kernel, lua, openssl, pcs, php-pear, pki-core, python3.9, and zlib), Red Hat (kernel, kernel-rt, kpatch-patch, lua, openssl-container, pcs, php-pear, pki-core, python3.9, and zlib), Scientific Linux (kernel, pcs, and php-pear), SUSE (EternalTerminal, hsqldb, ntfs-3g_ntfsprogs, privoxy, rubygem-actionview-4_2, sqlite3, and xorg-x11-server), and Ubuntu (ntfs-3g, python3.10, and sqlite3).
iTWire - Ransomware most destructive online crime, ACSC report claims

Ransomware attacks are more or less exclusively limited to systems running versions of Microsoft's Windows operating system.
iTWire - Real estate firm Harcourts latest to suffer data breach

Real estate company Harcourts says its Melbourne City franchise has been breached in what it describes as a "cyber incident", with the route for entry being a device used by the franchisee's service provider Stafflink.

The company said in a statement on Thursday it became aware on 24 October that its rental property database had been infiltrated by a third party.

Harcourts lists a total of 216 franchisees on its website and the statement said each office had its own operating system and IT infrastructure.

Regarding the data that was accessed, the statement said: "The rental property database holds personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider, Stafflink, to provide it with administrative support.
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group.

This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News.

Black Basta, which emerged earlier this year, has been attributed to a ransomware spree that has claimed over 90 organizations as of September 2022, suggesting that the adversary is both well-organized and well-resourced.
Apple Releases Security Update for Xcode | CISA

Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
Cisco Releases Security Updates for Multiple Products | CISA

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Other Recent Tux Machines' Posts

GIMP 3.0 Release Candidate Is Now Available for Public Testing: The development team behind the popular GIMP open-source image editing software announced today the general availability of the Release Candidate (RC) milestone of the highly anticipated GIMP 3.0 release.
Engineering Thelio Astra: We sat down with System76 Mechanical Engineer, Britain and Product Manager
Serving Faster [original]: Trotting ahead
DXVK 2.5 Improves Memory Management in God of War and Other Video Games: DXVK 2.5 Vulkan-based implementation of D3D9, D3D10, and D3D11 for Linux / Wine is now available for download as a significant update that improves support for multiple games.
CachyOS ISO Release for November Improves Support for AMD and NVIDIA Users: The development team behind the Arch Linux-based CachyOS distribution released today a new ISO snapshot that brings various improvements for AMD and NVIDIA GPUs, as well as other changes.
Security and Windows TCO: round 2 for today
Today in Techrights: Some of the latest articles
Leftovers: Free, Libre, and Open Source Software and GNU/Linux News: today's leftovers
Exploring Fedora’s Future: Anaconda Web UI Installer is Now Open for Testing With a New Design: Months have passed since, and we now have a closer look at the final version of it, all set to debut next year
LibreArts Weekly recap and GIMP: graphics and some GIMP focus
Cloud Native Containers on FreeBSD and Automatic Display switch for OpenBSD laptop: a pair of BSD picks
Programming Leftovers: Programming stuff, some R
Security Leftovers: not many for now
Linux Devices and Open Hardware: System76, Raspberry Pi, and more
today's howtos: many howtos for today
Fedora / Red Hat / IBM Leftovers: buzzwords aplenty
Red Hat Enterprise Linux 9.5 Released with Sudo System Role and Podman 5.0: Red Hat announced today the release and general availability of Red Hat Enterprise Linux 9.5 as the latest version of this enterprise Linux distribution.
Proprietary or Pseudo-Free Software for GNU/Linux: easy to think it's what they claim
WordPress 6.7 'Rollins': WordPress 6.7, code-named 'Rollins,' celebrates legendary jazz saxophonist Sonny Rollins and debuts the sleek, versatile Twenty Twenty-Five theme, designed for any blog, any scale
Popular Rockchip SBC distro in limbo after maintainer burns out: Sometimes these companies will even change their licensing
Debian Developers' Takes and Views: from planet debian
today's leftovers: GNU/Linux and Free, Libre, and Open Source Software focus
Security Leftovers: Security picks, only 3 for now
today's howtos: first long batch
Fedora 42 to Port the Anaconda Installer to Wayland, Default to Anaconda WebUI: The upcoming Fedora Linux 42 release, due out in late April or early May 2025, promises to port the Anaconda system installer as a native Wayland application and also default to the long-awaited Anaconda WebUI installer for the Fedora Workstation edition.
Games: Proton Experimental, Karate Survivor, Dungeon Clawler, and More: 8 new articles from GamingOnLinux
Valve Releases Steam Client Update to Further Improve Native Linux Gaming: Valve released today a new Steam Client update to the stable channel to further improve native Linux gaming, the newly introduced game recording feature, as well as Steam VR and Steam Input.
Android Leftovers: Nothing OS 3.0 gets a second beta as Android 15's stable release nears
QNX 8 Goes Free for Learning and Personal Projects: BlackBerry offers free access to QNX 8, its powerful real-time OS
See How It's Made: Denver Computer Manufacturer Opens Doors for Free Tours: If you’ve ever wondered what goes into making a computer from scratch, Denver’s own System76 has the answer
Best Free and Open Source Software: We recommend the best free and open source alternatives for Linux
Expirion Linux – distro based on Devuan: Expirion Linux is a distro based on Devuan and uses the Refracta Installer
Why Can EU Citizen’s Petition for Software Freedom, but We Can’t?: Somebody from Austria has petitioned the European Parliament to start using Linux and open-source apps instead of Microsoft stuff
Today in Techrights: Some of the latest articles
Red Hat is acquiring AI optimization startup Neural Magic: Red Hat, the IBM-owned open source software firm, is acquiring Neural Magi
today's howtos (and Google starts spewing out fake howtos made by LLMs): The WWW is getting worse
Programming Leftovers: Development related links
Raspberry Pi With Proprietary Spyware, Steam Deck (DRM), and Handheld Replica Sound Voltex Game: 3 leftovers stories
Free Software and Web Leftovers: mostly Web
Ubuntu and BSD Leftovers: Some GNU/Linux and BSDs
Audiocasts/Shows: Linux User Space, Late Night Linux, and LINUX Unplugged: 3 new episodes
Software Leftovers: 3 misc. posts about FGSS
It's FOSS Series on openEuler: 5 introductory articles
today's leftovers: Canonical and more
Security Leftovers and Windows TCO: a pair of Windows TCO tales
Linux Kernel: Magic Trackpad and NVIDIA Support: Some kernel news
Devices/Embedded and Open Hardware/Modding: Raspberry Pi and More: But mostly Raspberry Pi stories
Latest From Red Hat's Official Site: From redhat.com
today's howtos: many howtos for today
PeaZip 10.1 File Archiver Improves Resilience to Password Guessing Attacks: PeaZip 10.1 has been released today as a new update to this open-source, free, and cross-platform file compression and encryption software featuring GTK and Qt interfaces for Linux, macOS, and Windows.
GNOME 48 Release Schedule & Potential New Features: GNOME 47 ‘Denver’ proved a decent update to the GNOME desktop
Fedora KDE Plasma Spin Gains Equal Footing With Gnome Edition: Fedora has made a major change to its project, elevating the version running KDE Plasma from an Spin to an official Edition, alongside Fedora Workstation with Gnome
Android Leftovers: Here's How I Find Great Android Games on the Play Store
Reimagining the Fedora Linux installer: Anaconda’s new “Web UI”: The Fedora Linux installer, Anaconda, has been around for 25 years
Games: Rogue Point, ColdRidge, and More: 8 new stories from GamingOnLinux
Debian 12.8 “Bookworm” Released with 68 Bug Fixes and 50 Security Updates: The Debian Project announced today the release and general availability of Debian 12.8 as the seventh ISO update to the latest Debian GNU/Linux 12 “Bookworm” operating system series.
This Linux Timer Tool Uses MPRIS in an Unexpected Way: MPRIS is something most of us associate with music apps and movie players
A sit-down with Ubuntu founder Mark 'SABDFL' Shuttleworth: Talking to the distro's self-appointed benevolent dictator for life about 20 years of Ubuntu
Free and Open Source Software: PairDrop offers local file sharing in your web browser
Of Color and Software: We have been hard at work making sure our design system keeps moving forward
RIP Jérémy Bobbio (Lunar): Longtime Debian and Tor developer, Jérémy Bobbio—perhaps better known as "Lunar"—died on November 8
5 Linux commands you need to have ready - just in case: Why keep a first aid kit or fire extinguisher in your home
Ubuntu Unity still has one of my favorite PC interfaces of all time: If you're looking for an efficient desktop, Unity is hard to beat, and there's an official spin ready to make your life a bit easier
WordPress’s Mullenweg Puts Lipstick on His WP Engine Argument: “I want to jump back two months ago,” Jolo said. “What happened?”
399 Days... [original]: On my main workstation
Today in Techrights: Some of the latest articles
Speed, Not Complexity, is What Visitors Need [original]: he database of new pages is being populated but not accessed by site visitors, to whom only static pages are accessible