Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
  • Guest Blog Post: Leaking silhouettes of cross-origin images – Attack & Defense

    This is a writeup of a vulnerability I found in Chromium and Firefox that could allow a malicious page to read some parts of an image located on an origin it is not supposed to be able to access. Although technically interesting, it is quite limited in scope—I am not aware of any major websites it could’ve been used against. As of November 17th, 2020, the vulnerability has been fixed in the most recent versions of both browsers.


    I reported this bug to Mozilla on May 29th, 2020 through the Mozilla Security Bug Bounty program and to Google through the Chrome Vulnerability Reward the next day. It took some time to figure out which graphics backend is used in Firefox by default these days. With the help of a Google engineer and some profiling tools, we identified that the same piece of Skia code was responsible for this behavior in both browsers.

    Google updated Skia to remove branching on alpha value in blit_row_s32a_opaque completely on August 29th, 2020 and merged that change into Chromium on the same day. Mozilla merged the change on October 6th, 2020.

    Google has issued CVE-2020-16012 to notify users about this bug.

    Both vendors offered very generous bounties for my reports. It’s been a pleasure working with Mozilla and Google to get this fixed, and I would like to take this opportunity to thank Mike Klein from Google and Lee Salzman from Mozilla for their work on diagnosing and fixing the bug. I would also like to thank Tom Ritter and Lee Salzman from Mozilla for their helpful feedback on drafts of this blog post.

  • Kaspersky: old malware and SolarWinds attack code similar, but don't leap to conclusions

    Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

  • Why The Latest Cyberattack Was Different

    What sets the SolarWinds attack apart from previous incidents is its sheer scale. The company has over 300,000 customers worldwide, according to filings made to the U.S. Securities and Exchange Commission. Throughout 2020, SolarWinds sent out software updates to roughly 18,000 of them. To date, at least 250 networks have reportedly been affected by the booby-trapped file. Shortly after being downloaded, the virus executes commands that create a backdoor in the network to transfer files, disable services, and reboot machines. Targeted institutions include the U.S. departments of Defense, Homeland Security, State, Energy, and the Treasury; all five branches of the U.S. military; the National Nuclear Security Administration, and 425 of the Fortune 500 companies, including Cisco, Equifax, MasterCard, and Microsoft. There have been other major cyberattacks in the past, but none has achieved this kind of penetration. By compromising powerful governments and businesses, including some of the most successful technology companies, the SolarWinds exploit shatters the illusion of information security. The [attack] has also spooked the financial services sector.

  • Russia, Reuters and postcards make for a very silly red scare

    The kind of silly claims made by Western news media when it comes to cyber security attacks can be gauged from the latest "exclusive" put out by the British news agency Reuters: a claim that the FBI is investigating a postcard sent to security firm FireEye after it began looking closely at an attack on its own infrastructure.

  • Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks [iophk: Windows kills]

    he security vendor’s latest data covers the period from the beginning of November to the end of 2020, and compares it with the previous two months (September-October), a spokesperson confirmed to Infosecurity.

    It revealed a 45% increase in attacks on the healthcare sector, versus less than half this figure (22%) for all other verticals. November was particularly bad, with HCOs suffering 626 weekly attacks on average per organization, compared with 430 in the previous two months.

    Although the attacks span a variety of categories — including ransomware, botnets, remote code execution and DDoS — perhaps unsurprisingly, it is ransomware that displayed the largest increase overall and poses the biggest threat to HCOs, according to Check Point.

    Ryuk and Sodinokibi (REvil) were highlighted as the main culprits.

  • New Year, New Ransomware: Babuk Locker Targets Large Corporations [iophk: Windows TCO]

    The ransomware, which comes in the form of a 32-bit .EXE file, notably lacks obfuscation. It’s also not yet clear how the ransomware is initially spread to victims.

    “So far, we don’t know how the ransomware got into the company, but it’s most likely phishing similar to other ransomware groups’ approaches,” Dong told Threatpost.

  • Ransomware attack forces three-week shutdown of NT Government IT system [iophk: Windows TCO]

    The NT Department of Corporate and Digital Development has told the ABC that an undisclosed perpetrator targeted the unnamed supplier of its web-based corporate software system last year.

  • Staffing firm target of cyber attack [iophk: Windows TCO]

    The [attackers] did not demand a ransom, though Ehrnrooth speculated that such a request would likely have followed if the company had messaged the addresses specified by the [attackers].

    The attack may have put at risk the personal details of tens of thousands of people whose information was on file with the staffing company.

  • Ubiquiti: Change Your Password, Enable 2FA

    Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

  • State Department Website Briefly Altered to Say Trump’s Presidency Ends Jan. 11

    On Monday, an update to the U.S. State Department site said President Trump’s time in office was ending on Jan. 11, before the page was removed.


    BuzzFeed News reported that a “disgruntled employee” had made the changes. Reps for the State Department did not immediately respond to a request for comment.

  • Microsoft fixes Windows 10 bug forcing restarts

    Microsoft has finally fixed a troublesome bug in Windows 10 that caused forced reboots on some systems running the October 2020 Update.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.