news
Security Leftovers
-
Scoop News Group ☛ North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism
A new report from DTEX Systems is the deepest look at how North Korea’s remote IT workforce schemes are the tip of the iceberg when it comes to its cyber operations.
-
Krebs On Security ☛ Breachforums Boss to Pay $700k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack).
-
LWN ☛ Oniux: kernel-level Tor isolation for GNU/Linux applications
The Tor project has announced the oniux utility which provides Tor network isolation, using Linux namespaces, for third-party applications.
Namespaces are a powerful feature that gives us the ability to isolate Tor network access of an arbitrary application. We put each application in a network namespace that doesn't provide access to system-wide network interfaces (such as eth0), and instead provides a custom network interface onion0.
-
Bleeping Computer ☛ New Tor Oniux tool anonymizes any Linux app's network traffic
Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections.
Unlike classic methods like torsocks, which rely on user-space tricks, Oniux uses Linux namespaces to create a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured.
Linux namespaces are a kernel feature that allows processes to run in isolated environments, each with its own view of specific system resources like networking, processes, or file mounts.
-
InfoSecurity Magazine ☛ New Linux Vulnerabilities Surge 967% in a Year [Ed: Complete nonsense with fictional, misleading numbers]
However, there was one bright spot: a decrease in RCE vulnerabilities for Linux (-85% YoY) and macOS (-44%).