Language Selection

English French German Italian Portuguese Spanish

Proprietary Leftovers and Security

Filed under
Security
  • Update woes that never end: Microsoft halts Patch of a Patch of a Patch rollout to fix printing issues

    March 2021 has not been a particularly good month for some users of Microsoft's Windows 10 operating system. The company released the cumulative updates for March that fixed security issues on all supported versions of Windows. Shortly thereafter, reports emerged that printing would cause bluescreens on some devices. Users would get "APC_INDEX_MISMATCH for win32kfull.sys" bluescreen messages as printing caused Windows to crash.

  • Angry MacBook owners get class action status for butterfly keyboard suit

    A judge has certified a class action suit against Apple for its fragile butterfly keyboard design. The suit covers anyone who purchased an Apple MacBook with a butterfly keyboard in seven states: California, New York, Florida, Illinois, New Jersey, Washington, and Michigan. That includes people who bought a MacBook model dating between 2015 and 2017, a MacBook Pro model between 2016 and 2019, or a MacBook Air between 2018 and 2019.

    Judge Edward Davila certified the case with seven subclasses on March 8th in California, but the order remained sealed until late last week. It raises the stakes for a suit that was first filed in 2018, three years after Apple added the controversial butterfly switches to its laptops.

  • Microsoft in talks with Discord over $10 billion-plus acquisition: report

    Discord has about 140 million monthly users and made $130 million in revenue last year, The Wall Street Journal recently reported, though the company isn’t yet profitable. Its last valuation was $7 billion after a funding round in December generated $100 million.

    Discord’s software is free for most users, but the company makes money through $9.99 monthly Nitro subscriptions that offer more advanced features like higher resolution screensharing, extra sticker packs, and larger upload limits.

  • Microsoft reportedly have Discord in their sights to acquire

    In an article on Bloomberg which cites anonymous sources "familiar with the matter", Microsoft are are in talks to buy Discord for more than $10 billion USD. This follows from another article from VentureBeat that claims Discord has been exploring options for a sale and has "signed an exclusive acquisition discussion with one party". Earlier this month the WSJ talked about how Discord revenue has increased quite a lot to $130 million in 2020 (up from $45 million in 2019) but it's not actually profitable yet.

  • Microsoft in Talks to Buy Discord for More Than $10 Billion

    Discord has been talking to potential buyers and software giant Microsoft is in the running, but no deal is imminent, said the people, who asked not to be identified because the discussions are private. Discord is more likely to go public than sell itself, one person said. Representatives for Microsoft and Discord declined to comment. VentureBeat reported earlier on Monday that Discord was engaged in sales talks.

  • Microsoft in talks to acquire Discord for more than $10 billion: Report

    Microsoft Corp is in talks to buy messaging platform Discord Inc for more than $10 billion, Bloomberg News reported, citing people familiar with the matter.

  • Chinese [cracker] group responsible for cyber-attack on Finnish parliament [iophk: Windows TCO]

    The Finnish Security and Intelligence Service (Supo) has identified the group behind the cyber-attack against the Finnish parliament’s IT systems last autumn.

    A group called APT31 is responsible for the “state-run cyberespionage operation,” according to the intelligence service’s press release published Thursday, and according to data security experts, the operation has been traced to China.

  • Microsoft's RDP attack vector of choice for ransomware groups in 2020

    A report from New Zealand-headquartered security vendor Emsisoft said last year was another lucrative for those using ransomware to make money, with many COVID-themed attacks trying to take advantage of the public interest in the pandemic.

    The report said 506,185 ransomware submissions - estimated to be only a quarter of the total attacks - were made to the company and the ID Ransomware service, the latter created by its researcher, Michael Gillespie. It enables people to find out which ransomware has hit them and also suggests a free decryptor if one is available.

  • Many systems still offline at Eastern Health after network attack

    Melbourne's Eastern Health is still experiencing what it describes as "significant impacts" due to a network attack that it announced last Wednesday.

  • Teen who hacked Twitter accounts of Biden, Obama, Musk, Bezos and more is sentenced to 3 years in prison

    In order to gain access to these high-profile accounts, Clark posed as an employee of Twitter and was able to trick another employee into giving him access to the customer service portal.

  • RedTorch Formed from Ashes of Norse Corp.

    Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

  • Informing Clients and Former Clients of Data Breaches [Ed: Just tell them you use Microsoft Windows so they can conclude that none of their data is safe]

    Law firms are targets of hackers, and patent firms in particular are so. Why? Because hackers know they have the “wheat” separated from the chaff, and hackers believe firms also have less robust security than their clients. See Am. B. Ass’n. Formal Eth. Op. 483 (here). That is likely more so in disbursed work forces caused by the pandemic.

    In that opinion, the ABA explained the duties of a firm to use reasonable care to avoid hacking. If a hacking occurred, the opinion concluded that a firm had to notify current clients and provide sufficient information to them to respond. The ABA refused to say that lawyers owed such an obligation to former clients.

  • Open Source Initiative board election results scrapped after security hole found, exploited to rig outcome

    The Open Source Initiative (OSI) on Friday said it will redo its recent Board Election after uncovering a voting irregularity that affected the results.

    "This week we found a vulnerability in our voting processes that was exploited and had an impact on the outcome of the recent Board Election," said Deb Nicholson, interim general manager for the OSI, a non-profit that oversees the Open Source Definition and advocates for open source software. "That vulnerability has now been closed."

    The Register asked OSI whether anyone could provide further details about what went wrong.

    "At this moment, we’re aware of at least one case where an entity voted more than once," said Nicholson in an email to The Register. "We will share more when we can, but we want to make absolutely sure that we understand what happened first."

    Asked to clarify the nature of the vulnerability, Nicholson replied, "It was a vulnerability in our processes and the way we use our database."

    OSI uses open source voting software Helios but insists the issue had to do with "an internal piece of our process, not Helios."

  • [Older] Fifteen-Year-Old Linux Vulnerability Allows Local Privilege Escalation, Information Leak, and Denial of Service

    The three bugs CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365, associated with Linux iSCSI vulnerability allow a basic local user to gain root privileges.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.