LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 56 min 26 sek zpět

Google proposes sending Symantec to TLS sin bin

24 Březen, 2017 - 12:05
LinuxSecurity.com: Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.
Kategorie: Hacking & Security

FBI director floats international framework on access to encrypted data

24 Březen, 2017 - 12:03
LinuxSecurity.com: FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.
Kategorie: Hacking & Security

Is Linux Mint a secure distribution?

23 Březen, 2017 - 10:15
LinuxSecurity.com: Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?
Kategorie: Hacking & Security

Mozilla beats rivals, patches Firefox's Pwn2Own bug

23 Březen, 2017 - 10:12
LinuxSecurity.com: Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.
Kategorie: Hacking & Security

LastPass hit by password stealing and code execution vulnerabilities

22 Březen, 2017 - 12:02
LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass.
Kategorie: Hacking & Security

US-CERT Warns That HTTPS Inspection Tools Weaken TLS

22 Březen, 2017 - 12:00
LinuxSecurity.com: HTTPS inspection tools are, in essence, a security team's authorized man-in-the-middle attacker: they intercept encrypted SSL/TLS traffic, in order to, for example, search it for malware that uses HTTPS to connect to malicious servers. However, in an alert today, US-CERT warned that HTTPS interception weakens TLS security, advising that organizations "carefully consider the pros and cons of such products before implementing."
Kategorie: Hacking & Security

A simple command allows the CIA to commandeer 318 models of Cisco switches

22 Březen, 2017 - 11:58
LinuxSecurity.com: Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.
Kategorie: Hacking & Security

Old Linux kernel security bug bites

21 Březen, 2017 - 13:42
LinuxSecurity.com: OK, hands up, who knows what High-Level Data Link Control (HDLC) is? It's an archaic networking data framing protocol that's used in modems, X.25, frame-relay, ISDN, and other now uncommon networking technologies. I know it because I used to work with them back in the day. You'll get to know it now because a researcher discovered a security hole hidden within the Linux kernel driver that implements it.
Kategorie: Hacking & Security

Firefox gets complaint for labeling unencrypted login page insecure

21 Březen, 2017 - 13:17
LinuxSecurity.com: The operator of a website that accepts subscriber logins only over unencrypted HTTP pages has taken to Mozilla's Bugzilla bug-reporting service to complain that the Firefox browser is warning that the page isn't suitable for the transmission of passwords.
Kategorie: Hacking & Security

Virtual machine escape fetches $105,000 at Pwn2Own hacking contest

20 Březen, 2017 - 11:50
LinuxSecurity.com: Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
Kategorie: Hacking & Security

GitHub awards researcher $18,000 for remote code execution flaw discovery

20 Březen, 2017 - 11:48
LinuxSecurity.com: GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution.
Kategorie: Hacking & Security

Ethical Hacking: The Most Important Job No One Talks About

17 Březen, 2017 - 11:45
LinuxSecurity.com: If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers. Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers.
Kategorie: Hacking & Security

This laptop-bricking USB stick just got even more dangerous

17 Březen, 2017 - 11:33
LinuxSecurity.com: Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars? Now there's a new version, and it's even more dangerous than before.
Kategorie: Hacking & Security

In-the-wild exploits ramp up against high-impact sites using Apache Struts

16 Březen, 2017 - 11:15
LinuxSecurity.com: Eight days after developers patched a critical flaw in the Apache Struts Web application framework, there has been no let-up in the volley of attacks attempting to exploit the vulnerability, which affects a disproportionate number of high-impact websites, a security researcher said Tuesday.
Kategorie: Hacking & Security

Inside the Russian hack of Yahoo: How they did it

16 Březen, 2017 - 11:14
LinuxSecurity.com: One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.
Kategorie: Hacking & Security

Mozilla: Everyone's scared of hackers but clueless about fending them off

15 Březen, 2017 - 11:46
LinuxSecurity.com: According to Firefox maker Mozilla, we're nearly all afraid of hackers, but few of us feel we can protect ourselves from them.
Kategorie: Hacking & Security

Hire a DDoS service to take down your enemies

15 Březen, 2017 - 11:45
LinuxSecurity.com: With the onrush of connected internet of things (IoT) devices, distributed denial-of-service attacks are becoming a dangerous trend. Similar to what happened to DNS service provider Dyn last fall, anyone and everyone is in the crosshairs. The idea of using unprotected IoT devices as a way to bombard networks is gaining momentum.
Kategorie: Hacking & Security

Debunking 5 Myths About DNS

15 Březen, 2017 - 11:44
LinuxSecurity.com: From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
Kategorie: Hacking & Security

Malware found preinstalled on 38 Android phones used by 2 companies

14 Březen, 2017 - 11:45
LinuxSecurity.com: A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices. An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app.
Kategorie: Hacking & Security

It's time to turn on HTTPS: the benefits are well worth the effort

14 Březen, 2017 - 11:44
LinuxSecurity.com: After Edward Snowden revealed that online communications were being collected en masse by some of the world's most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we've passed the tipping point.
Kategorie: Hacking & Security