Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Windows zero day [sic] under attack was first reported in 2019 [iophk: Windows TCO]

    Among those that stands out is CVE-2022-34713.

    That’s both for the fact that Microsoft says exploitation has been detected, meaning a prompt patch or mitigation should be a priority, but because Imre Rad, the Hungarian security researcher who reported the vulnerability (or at least a close variation of it), had reported it to Redmond back in December 2019.

  • Microsoft urges Windows users to run patch for DogWalk zero-day [sic] exploit

    The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn’t consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June’s Patch Tuesday update.

  • The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part Sleepy

    This is part one of a two-part guest blog post, where first we'll look at the root cause of the CVE-2021-0920 vulnerability. In the second post, we'll dive into the in-the-wild 0-day exploitation of the vulnerability and post-compromise modules.

  • A Linux Zero-Day Was Finally Patched After Half a Decade of Inaction With Help From Google

    Google’s Threat Analysis Group revealed new details today about its efforts to identify and help patch a zero-day exploit impacting Android devices built by a commercial surveillance vendor and dating back to at least 2016. The research, presented at the Black Hat cybersecurity conference in Las Vegas, represents the latest attempt by Google to step up its efforts against a growing private surveillance industry that’s thriving, according to the researchers.

  • Stratus Red Team: Open-source tool for adversary emulation in the cloud - Help Net Security

    In this Help Net Security video, Christophe Tafani-Dereeper, Cloud Security Researcher and Advocate at DataDog, talks about Stratus Red Team, an open-source project for adversary emulation and validation of threat detection in the cloud. The tool supports common AWS and Kubernetes attack techniques.

    If you’re at Black Hat USA 2022, you can learn more about Stratus Red Team. Christophe will be at the Arsenal, doing demos and answering questions on Wednesday, August 10, starting at 11:30AM.

  • Slack admits to leaking hashed passwords for five years [Ed: Does not surprise me us all. They only admit this because they got caught, hence they need to spin this somehow, belittling the severity, just as LastPass did after several blunders (it had suffered a breach). The way forward is self-hosting and encrypting things (on server one controls, not leasing).]
  • iTWire - Cisco reveals attack on company's network by ransomware group

    Global networking giant Cisco has revealed that its systems have been breached, with the break-in becoming apparent on 24 May and effected through stolen employee credentials obtained from a personal Google account.

    The company's Talos Intelligence security unit issued a long blog post on Wednesday, providing details of the incident, but not specifying when the actual break-in occurred.

    The website Bleeping Computer, which reports on numerous ransomware incidents, said it had been emailed a list of files last week, which were claimed to have been stolen during the attack.

  • A marquee week for cybersecurity in Vegas- POLITICO

More in Tux Machines

today's howtos

  • How to Change Comment Color in Vim – Fix Unreadable Blue Color

    Are you annoyed about the comment color in vim? The dark blue color of the comment is often hard to read. In this tutorial, we learn how to change the comment color in Vim. There are few methods we can use to look vim comment very readable.

  • How to Add Repository to Debian

    APT checks the health of all the packages, and dependencies of the package before installing it. APT fetches packages from one or more repositories. A repository (package source) is basically a network server. The term "package" refers to an individual file with a .deb extension that contains either all or part of an application. The normal installation comes with default repositories configured, but these contain only a few packages out of an ocean of free software available. In this tutorial, we learn how to add the package repository to Debian.

  • Making a Video of a Single Window

    I recently wanted to send someone a video of a program doing some interesting things in a single X11 window. Recording the whole desktop is easy (some readers may remember my post on Aeschylus which does just that) but it will include irrelevant (and possibly unwanted) parts of the screen, leading to unnecessarily large files. I couldn't immediately find a tool which did what I wanted on OpenBSD [1] but through a combination of xwininfo, FFmpeg, and hk I was able to put together exactly what I needed in short order. Even better, I was able to easily post-process the video to shrink its file size, speed it up, and contort it to the dimension requirements of various platforms. Here's a video straight out of the little script I put together: [...]

  • Things You Can And Can’t Do

    And it got me thinking about what you can and can’t do — what you do and don’t have control over.

  • allow-new-zones in BIND 9.16 on CentOS 8 Stream under SELinux

    We run these training systems with SELinux enabled (I wouldn’t, but my colleague likes it :-), and that’s the reason I aborted the lab: I couldn’t tell students how to solve the cause other than by disabling SELinux entirely, but there wasn’t enough time for that.

  • Will the IndieWeb Ever Become Mainstream?

    This is an interesting question, thanks for asking it, Jeremy. I do have some history with the IndieWeb, and some opinions, so let’s dive in.

    The short answer to the question is a resounding no, and it all boils down to the fact that the IndieWeb is really complicated to implement, so it will only ever appeal to developers.

  • How to Install CUPS Print Server on Ubuntu 22.04

    If your business has multiple personal computers in the network which need to print, then we need a device called a print server. Print server act intermediate between PC and printers which accept print jobs from PC and send them to respective printers. CUPS is the primary mechanism in the Unix-like operating system for printing and print services. It can allow a computer to act as a Print server. In this tutorial, we learn how to set up CUPS print server on Ubuntu 22.04.

Open Hardware: XON/XOFF and Raspberry Pi Pico

  • From XON/XOFF to Forward Incremental Search

    In the olden days of computing, software flow control with control codes XON and XOFF was a necessary feature that dumb terminals needed to support. When a terminal received more data than it could display, there needed to be a way for the terminal to tell the remote host to pause sending more data. The control code 19 was chosen for this. The control code 17 was chosen to tell the remote host to resume transmission of data.

  • Raspberry Pi Pico Used in Plug and Play System Monitor | Tom's Hardware

    Dmytro Panin is at it again, creating a teeny system monitor for his MacBook from scratch with help from our favorite microcontroller, the Raspberry Pi Pico. This plug-and-play system monitor (opens in new tab) lets him keep a close eye on resource usage without having to close any windows or launch any third-party programs. The device is Pico-powered and plugs right into the MacBook to function. It has a display screen that showcases a custom GUI featuring four bar graphs that update in real-time to show the performance of different components, including the CPU, GPU, memory, and SSD usage. It makes it possible to see how hard your PC is running at a glance.

Security Leftovers

How to Apply Accent Colour in Ubuntu Desktop

A step-by-step tutorial on how to apply accent colour in Ubuntu desktop (GNOME) with tips for Kubuntu and others. Read more