Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Scams, OWASP and More

Filed under
Security
  • Updated packages in the past weeks: Plasma5, gcc_multilib, openjdk7 and more

    I do regular updates of packages in my repository. I focus on the software that is popular, or relevant to Slackware. For the software with a high visibility I usually write a blog post to alert people to the new stuff.
    During the last couple of weeks I have not been writing so much about updates due to personal circumstances, some of it has to do with the Corona outbreak.

    I was also affected the death of Erik Jan Tromp (Slackware’s alphageek) early March just after I visited him for a final time in his apartment in Leeuwarden.

  • How Visa built its own container security solution

    Instead of deploying a combination of commercial solutions and spending resources on getting them to work for its environment, Visa's security team went back to basics and created its own continuous monitoring solution that handles security policy enforcement, incident detection and remediation, a project that earned the company a CSO50 Award for security excellence. Called MASHUP (Micro-services based Adaptive Security Hardening and Usage Platform), the solution takes advantage of the native capabilities that already exist on container orchestration platforms such as cgroups, filesystem access controls, and SELinux policies, and it is primarily built on top of open-source tools and libraries.

  • Hackers Use Fake HIV Test Results As Lure to Infect Computers and Steal Data

    Previously, experts found evidence that online crooks were using the novel coronavirus (COVID-19) as a phishing lure, attempting to exploit fears surrounding the ongoing outbreak.

  • Threat Dragon: OWASP launches desktop version of popular threat modeling tool

    The Open Web Application Security Project (OWASP) has released an installable desktop variant of Threat Dragon, its popular threat modeling application.

    The free and open source Threat Dragon tool includes system diagramming and a rule engine to automatically determine and rank security threats, suggest mitigations, and implement countermeasures.

    The newly launched desktop version is based on Electron. There are installers available for both Windows and macOS, as well as RPM and Debian packages for Linux. Models are stored on the local file system.

    There’s also a web application, with model files stored in GitHub – other storage is planned for the future – and OWASP says it is currently maintaining a working prototype in sync with the master code branch.

  • Open-source options offer increased SOC tool interoperability

    Anecdotal evidence of security operations center (SOC) tool overload is overwhelming — at CSO we hear complaints from industry sources about this problem all the time — but the 2019 SANS SOC Survey attempted to quantify the problem. For most survey respondents, there were roughly equal numbers of SOC analysts as there were full-time employees tasked with maintaining the SOC security tools. That's on top of the expense of purchasing those security tools in the first place.

    [...]

    Since October, 25 organisations have joined the OCA, and the alliance hopes to continue to grow to encompass all the major cybersecurity vendors today. Other members include Indegy, CrowdStrike, Fortinet and ReversingLabs.

    “What we’re trying to do as an industry, if we can align around a common data model and a common set of APIs, then that problem [a lack of interoperable security tools] becomes a much smaller problem than it is today,” Chris Smith, principal engineer at McAfee, tells CSO.

    STIX (Structured Threat Information eXpression) is useful “if you’re threat hunting and you want to query all your other tools for evidence of a certain artefact use STIXShifter to ask that question in a vendor-neutral platform agnostic language,” the GitHub rep said.

    “STIXShifter would be the technology that enables a company to search for an indicator of compromise across multiple tools, data repositories,” Jason Keirstead, chief architect, IBM Security Threat Management, tells CSO. (IBM contributed STIXShifter to the project.) “If that search turns up a compromised device, OpenDXL Ontology would be the mechanism that would be used to issue alerts/notifications across other tools in order to begin remediation.”

  • Warning: Are You Using One Of These 20 Dangerous Smartphone PINs?

    But some PIN codes are much more secure than others, and you might be surprised to find out which are the most easy to guess. You would assume, for example, that a longer PIN code was better, but six digit numbers provide little more security than four digit ones, according to a study by researchers from Ruhr University, the Max Planck Institute for Security and Privacy in Bochum, Germany and George Washington University in the U.S.

  • Binance Adds Open-Source Implementation for Edwards-Curve Digital Signature

    By putting consistent efforts, the development team of Binance is excited for the implementation of a powerful new technology. Binance announces the open-source implementation of a TSS library for Edwards-Curve Digital Signature Algorithm-(ECDSA) which aims to extend support for different blockchains like Cardano, NANO, Stellar Lumens, Waves, and Libra.

    Binance announced the implementation of an open-source Threshold Signature Scheme (TSS) library three months ago, which is considered to be a major step taken by Binance that will further contribute to the development of open-source blockchain. The library is reconcilable with ECDSA-based blockchains, which comprises of Binance Chain, Bitcoin, and Ethereum networks, which is already used to build token swap bridges and more.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.