You are here

Subscribe to Feed
Përditësimi: 3 orë 59 min më parë

Mageia 2024-0229: flatpak Security Advisory Updates

13 orë 20 min më parë
A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. References: -

Mageia 2024-0228: python-scikit-learn Security Advisory Updates

13 orë 20 min më parë
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset

Fedora 40: composer 2024-9ed24c98cd Security Advisory Updates

14 orë 1 min më parë
Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241) Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)

Debian LTS: DLA-3838-1: composer Security Advisory Updates

Mër, 19/06/2024 - 9:56md
It was discovered that there were a number of command-line injection vulnerabilities in Composer, a popular dependency manager for PHP. The 'install', 'status', 'reinstall' and 'remove' functionality had

Debian LTS: DLA-3837-1: libndp Security Advisory Updates

Mër, 19/06/2024 - 8:53md
It was discovered that there was a buffer overflow vulnerability in libndp, a library for implementing IPv6's "Neighbor Discovery Protocol" (NDP) and is used by Network Manager and other networking tools.

Embracing Anonymity and Privacy: Tails 6.4 Release Insights

Mar, 18/06/2024 - 10:59md
As digital privacy and security evolves, anonymity cannot be overemphasized. Tails is a live operating system designed to keep its focus on privacy and anonymity. Its unique focus allows you to boot it on almost any computer using a USB stick or DVD drive and use state-of-the-art cryptographic tools for protecting files, emails, and instant messaging conversations without leaving a trace behind on your machine. With its focus on anonymity and its use of state-of-the-art cryptographic tools to encrypt files and instant messaging conversations from being kept under lock and key.TAILS (an acronym for The Amnesic Incognito Live System) leverages the Tor network to protect online privacy and evade censorship. Each Tails session acts like a clean slate when shutting down; no data remains from session to session unless saved into an encrypted Persistent Storage space.New Features in Tails 6.4Tails version 6.4 brings many notable updates that will appeal to Linux administrators and privacy-minded users alike. Cryptography Strength Reinforced with Random SeedOne of the key enhancements for Tails is including a random seed on USB flash drives as part of our cryptographic strength enhancement. This feature is invaluable in strengthening cryptography across our system''such as Tor, HTTPS connections, and the Persistent Storage feature''by strengthening cryptography across them. By keeping this random seed outside Persistent Storage itself, all users benefit from increased cryptographic protections regardless of configuration differences.Tails 6.4 Switches to HTTPS over Onion Services for APT RepositoriesIn an unconventional move from past versions, Tails 6.4 has transitioned away from using onion services for Debian and Tails APT repositories in favor of HTTPS addresses to improve reliability for the Additional Software feature and streamline software management for users.Software Updates and Bug FixesOne compelling factor in adopting Tails 6.4 is its current software stack and array of fixed problems. Tails 6.4 offers an updated Tor Browser (13.0.16) and Tor client ( to give users access to the latest developments in secure browsing; email communication has also been improved thanks to an upgraded Thunderbird (115.12.0).Numerous bugs have been addressed to enhance user experience significantly. Problem resolution includes fixing and unlocking Persistent Storage issues, connecting to mobile broadband networks on particular hardware, and reenabling Thunderbird's previously disabled PDF reader due to security. Furthermore, user experience refinements such as more informative error messages in Tails Cloner and smooth interactions when using the Unlock VeraCrypt Volumes utility demonstrate developers' attentiveness towards user feedback.Upgrading and New InstallationsFor existing users, upgrading to Tails 6.4 should be straightforward, with automatic upgrades from as early as version 6.0 being available for automatic upgrading. Newcomers or those wishing for manual upgrades can follow detailed installation instructions provided by the Tails project, which are explicitly tailored for various platforms.Why Linux Administrators Should Take NoteLinux administrators who prioritize security and seek to safeguard their systems against surveillance and censorship will find Tails 6.4 indispensable. With its enhanced cryptographic measures, commitment to updating core components like the Tor Browser and client, and quick bug resolution, Tails exudes an environment designed specifically to secure its systems.Administrators will appreciate Tor's operational transparency--all network traffic is automatically routed through it, eliminating risks related to network surveillance. Furthermore, its persistent storage feature enables safekeeping of essential files, configurations and software across sessions without jeopardizing its security posture.Alternatives to Tails for Privacy and SecurityTails stands out for its anonymity and security features, but it isn't alone in this respect. Linux distributions such as Whonix and Qubes OS also provide similar functionality; Whonix operates by isolating user internet connections within an isolated virtual machine that routes all traffic via Tor. Meanwhile, Qubes takes an alternative approach by compartmentalizing various aspects of its OS into isolated VMs to prevent malware from crossing boundaries. Open Source choices ftw!Learn More about Tails and PrivacyTails 6.4 is evidence of this project's ongoing dedication to privacy, security, and user experience. With every update, Tails equips the global community with toolsets designed to increase online anonymity while guarding against surveillance intrusions. Linux administrators who place great value in security measures will find this release compelling enough to upgrade existing systems or implement this OS into their operations in an increasingly monitored digital world.Best distro for privacy and security in 2024Which distros are most focused on privacy ?How to Encrypt Files on LinuxEnhanced Privacy with Predator-OS

Ubuntu 6793-2: Git Security Advisory Updates

Mar, 18/06/2024 - 9:36md
Git could be made to run programs as your login if it clones a crafted repository.

Rethinking WiFi and Router Security: A Deep Dive into the Recent ASUS Flaw and Secure Alternatives

Mar, 18/06/2024 - 2:42pd
At a time of rapid technological progress, the security of our digital tools - particularly WiFi routers - has become critical. Recent news from ASUS sent shockwaves through the cybersecurity community when multiple models of their routers were found with critical flaws that exposed an ongoing challenge of protecting networks against intrusions.Unpacking the Critical Flaw in ASUS RoutersAccording to an extensive report by RedPacket Security, ASUS recently resolved an authentication bypass vulnerability known as CVE-2024-3080, which scored 9.8 on the Common Vulnerability Scoring System scale, indicating its severity. This security hole allowed unauthenticated, remote attackers to access devices for unauthorized gains without authentication, granting them any legitimate privileges whatsoever.Another high-severity buffer overflow flaw, CVE-2024-3079, compounded this security hole by enabling remote attackers with administrative privileges to execute arbitrary commands remotely on devices with administrative rights. These vulnerabilities could constitute an exploit chain compromising all security protection on affected routers.ASUS routers such as the ZenWiFi XT8, RT-AX88U, RT-AX58U, and others were affected. ASUS quickly responded with software updates to address these vulnerabilities.This incident raises a fundamental issue regarding routers' reliance on proprietary software. While manufacturers frequently push out security patches, proprietary programs' closed nature means vulnerabilities remain unseen until a breach occurs, leaving users vulnerable.Embracing Open Source: A Route to Enhanced SecurityOpen-source firmware and operating systems offer an alternative to proprietary router software. Their publicly collaborative development processes make security flaws less likely to go undetected.OpenWRT {modal image="" thumbnail-width="250" thumbnail-height="63" }{/modal}OpenWrt is one of the most widely used open-source router operating systems available. It provides highly configurable control over performance and security settings, surpassing what most stock router firmware allows. OpenWrt also features an innovative package management system that enables users to add or remove features as desired, making the operating system leaner and more cost-effective than others.Here are five of the best features of OpenWrt: Extensive Hardware Support: OpenWrt supports a wide range of devices, from home routers to professional-grade equipment, making it adaptable to various networking situations. Fully Writeable Filesystem: With its roots in Linux, OpenWrt provides a fully writeable filesystem. Users can modify, add, or delete any file, similar to a traditional Linux distribution, offering unparalleled flexibility. Customizable Packages: OpenWrt allows users to install and remove packages to customize the router for specific needs without bloating the system with unnecessary features. Advanced Network Capabilities: OpenWrt contains many out-of-the-box network features, including IPv6 support, VLANs, traffic shaping, VPN, and firewall configurations, allowing for detailed network management.\ Active Community and Development: The vibrant OpenWrt community and ongoing development mean the firmware is constantly updated. New features are regularly added, and security vulnerabilities are promptly addressed, enhancing your network's functionality and security.These features underscore OpenWrt's flexibility and capabilities, making it a powerful choice for users looking to maximize their router's potential.DD-WRT {modal image="" thumbnail-width="195" thumbnail-height="231" }{/modal}Like OpenWrt, DD-WRT is another Linux-based firmware that enhances routers by improving network stability, range expansion, and security features such as VPN integration and VLAN support. Furthermore, its community is quite active, providing resources and forums for help and advice regarding its usage. The five best features of DD-WRT include: Advanced Quality of Service (QoS): This technology enables intricate control over bandwidth allocation to prioritize traffic or devices for improved network performance. VPN Integration: Facilitates the integration of a Virtual Private Network directly within the router, securing all connected devices without individual configuration. Wireless Bridge and Repeater Modes: Allows routers to function as wireless repeaters or bridges, extending the wireless network's coverage or connecting wired devices to a wireless network. VLAN Support: Supports Virtual LANs for better network segmentation, enhancing security and management, and is especially useful for guest or separate IoT networks. DNS Caching: Stores DNS queries locally to speed up webpage loading times, resulting in a faster internet experience for all network users.Tomato {modal image="" thumbnail-width="257" thumbnail-height="122" }{/modal}Tomato firmware is known for its user-friendly interface and emphasis on real-time network monitoring, supporting many of the same models as DD-WRT while offering more secure security features than its stock counterpart.Here are five of the best features of Tomato firmware for routers: Bandwidth Monitoring: This allows users to monitor network traffic and bandwidth usage, making it easier to manage network resources effectively. Advanced Quality of Service (QoS) provides detailed settings to prioritize network traffic, which helps optimize performance for critical applications. Access Control: Offers robust options to manage and control access to the network, enhancing security by restricting unauthorized usage. Built-in OpenVPN Server/Client: Integrates support for OpenVPN, enabling secure VPN connectivity for enhanced privacy and secure remote access. IP/MAC Bandwidth Limiter: This tool enables setting bandwidth limits for specific IP addresses or MAC addresses, useful in managing bandwidth consumption per device.These features enhance network management, security, and performance, making Tomato firmware a valuable choice for users with compatible Broadcom-based routers.pfSense {modal image="" thumbnail-width="190" thumbnail-height="143" }{/modal}While not specifically for routers, pfSense can transform an old computer into a powerful firewall and router. Based on FreeBSD and widely regarded as one of the safest and most flexible network administration solutions available today, pfSense handles everything from routing and firewalling to VPN provisioning easily. Here are the five best features of pfSense router firmware: Comprehensive Firewall Security: pfSense provides an advanced firewall with stateful packet inspection, anti-spoofing, and more, for robust network protection. Versatile VPN Support: It supports multiple VPN protocols, including IPsec, OpenVPN, and WireGuard, enabling secure and flexible remote access configurations. High Availability and Redundancy: This service offers features like CARP (Common Address Redundancy Protocol) and pfsync to ensure network uptime and reliability through failover and redundancy setups. Traffic Shaping and QoS: This allows detailed control over network traffic, enabling the prioritization of critical services to maintain optimal performance and reduce congestion. Extensibility with Packages: This can be extended with a wide range of packages for additional features, such as Snort for intrusion detection, Squid for web caching, and more, tailoring the system to specific needs.AsusWRT-Merlin: Custom Firmware Powering ASUS Routers {modal image="" thumbnail-width="180" thumbnail-height="196" }{/modal}AsusWRT-Merlin is a third-party firmware developed for select ASUS routers by Eric Sauvageau to improve upon the original AsusWRT firmware without drastically altering its user experience or user interface. Retaining all original features while adding improvements, bug fixes, and occasional new ones;Eric Sauvageau leads the development of AsusWRT-Merlin with support from The Merlin Group, users, and developers who contribute to its ongoing maintenance and enhancement. Their efforts focus on stability, improved performance, and better customization possibilities across ASUS router models supported by this open-source firmware project.Using AsusWRT-Merlin can bring many advantages for users who appreciate open source's philosophy and its associated benefits: Improved Security: Regular updates from the Merlin Group may include security patches which make your router less susceptible to vulnerabilities discovered over time. Enhanced Features: The AsusWRT-Merlin includes additional features not found in its predecessor AsusWRT, such as DNS over HTTPS support (DoH), enhanced Quality of Service capabilities (QoS), and the option to monitor real-time bandwidth usage. Customizability Freedom: Fans looking to tailor their network according to specific needs will appreciate the various settings and tweaks available. Active Community Support: Our vibrant community works tirelessly on improvements and shares knowledge for troubleshooting and advanced configurations. Open Source Firmware Limitations AsusWRT-Merlin keeps users familiar with AsusWRT at ease since its GUI and overall design philosophy are the same as before, helping ease any learning curve. Open-source firmware such as this also comes with some restrictions users should be aware of: Warranty Concerns: Installing third-party firmware could void your device's manufacturer warranty; users should check their warranty terms before proceeding. Limited Support: While community support exists for using third-party firmware such as AsusWRT-Merlin, users will not receive official assistance from ASUS for issues caused by using such third-party solutions. Compatibility and Stability: Not all routers can support third-party firmware, and while open-source firmware tends to be stable, poorly executed updates or incompatible configurations could create stability issues. Learning Curve: For less tech-savvy, understanding all the additional features and configuration options may take more effort than familiarising themselves with stock firmware's user-friendly setups. No Guarantee of Features: Unfortunately, Merlin may not support all the proprietary features found in AsusWRT; some features present may also sometimes be removed if they pose significant bugs or security risks. Although open-source firmware such as AsusWRT-Merlin may have disadvantages, many advanced users find the advantages far outweigh them, particularly its enhanced control and security features. Individuals looking to maximize the potential of their router will discover that this version provides a robust upgrade from the original AsusWRT, offering both familiarity with stock firmware and access to more sophisticated capabilities of fully open-source solutions. Making the Switch to Open-Source Firmware for Enhanced Network Security Transitioning to open-source firmware like AsusWRT-Merlin can be an important strategic move for users who prioritize network security. However, this endeavor must be carefully prepared to ensure a successful transition. Before making the change, you must verify whether or not the open-source firmware you've selected is compatible with your router model. Not all routers support all firmware installations; installing incompatible ones could result in functional severe issues or even brick your device. Once compatibility has been confirmed, backing up existing router settings as a protective measure can prevent data loss and help ensure smooth transition processes. As installation processes can differ between router models, it is wise to refer to an after-installing guide tailored specifically for your router model for after-installation instructions and potential obstacles related to firmware upgrading processes. Such guides often offer step-by-step guidance and can help address common obstacles encountered during this process. The Bigger Picture The ASUS incident highlights the need for more proactive security measures in network hardware. By turning to open-source solutions, users can take advantage of collective approaches to security where vulnerabilities can be quickly identified and patched by an international community of developers. Transitioning to open-source software might initially appear daunting; however, spending the time and energy learning how to utilize these powerful tools can significantly boost both the security and efficiency of home or office networks. Open source network management represents more than software changes; it represents a wider trend toward transparency and community in cybersecurity''an essential aspect in today's increasingly interconnected society.

Emojis as Weapons: Dissecting DISGOMOJI's Malware Assault on Government Security

Hën, 17/06/2024 - 7:38md
DISGOMOJI malware represents an innovative development in cyber espionage tactics, particularly its refined approach to targeting government agencies in India. Originating from altering an open-source cybersecurity project previously known as discord-c2, its appearance reinforces an emerging trend of adapting and evolving existing tools into intricate cyberespionage campaigns.DISGOMOJI's deployment is highly sophisticated. It employs Discord's widespread use to communicate command and control (C2) messages using emojis, effectively concealing malicious activities within seemingly innocent traffic and complicating efforts to detect and neutralize this threat.A recent analysis by cybersecurity firm Volexity reports that the DISGOMOJI malware appears to be targeting systems running the Linux distribution BOSS, which is widely utilized by Indian government entities. The attackers behind this initiative--identified by Pakistan-based threat actor UTA0137--is clearly intent on infiltrating and potentially breaching Indian government infrastructure.DISGOMOJI appears to gain entry through phishing attacks , an effective and common method for credential theft and malware delivery. What distinguishes DISGOMOJI is its persistent mechanism and use of emoji commands, like using a camera with the flash emoji to take screenshots or the Fox Emoji to zip all Firefox profiles on target devices. Such commands demonstrate its clever design and allow attackers to acquire sensitive data without leaving a trace on compromised systems.DISGOMOJI's open-source nature and adaptable design create a further risk; the malware can be adjusted and deployed against additional targets beyond India's government. Furthermore, its ability to bypass Discord's attempts at shutting down malicious servers by managing tokens to allow attackers to update client configuration easily demonstrates the difficulty of countering such an advanced threat.Additional ConsiderationsThe open-source nature of DISGOMOJI raises important issues about the duality of publicly available cybersecurity tools and projects. While open-source projects provide great resources for research, education, and legitimate defensive purposes, they also serve as blueprints that could be modified maliciously.Linux administrators and cybersecurity professionals, particularly in industries vulnerable to being targeted by espionage-focused malware, should view DISGOMOJI as an illustration of cyberspace's ongoing arms race. This would emphasize the necessity for constant vigilance, education on emerging threat vectors, and implementation of multilayered security measures that detect and prevent such targeted threats.DISGOMOJI malware targeting Linux systems marks a striking change in cyber threats targeting these environments. While traditional malware relies on textual-based command and control (C2) mechanisms, DISGOMOJI's use of emoticons for command transmission through Discord is both novel and alarming - bypassing security systems designed to monitor more conventional indicators of compromise thereby creating new difficulties for detection and mitigation.How Does DISGOMOJI Compare with Other Linux Malware and Ransomware?To better assess this threat, it would be useful to compare DISGOMOJI against other significant malware threats like other significant Linux malware and ransomware such as DISGOMOJI that has appeared lately. When comparing them side-by-side, several aspects stand out:Method of Communication: Most Linux-targeting threats, like Ebury botnet, employ traditional botnet communication methods like IRC channels or HTTP-based C2 infrastructures for command and control (C2). But DISGOMOJI stands out by employing popular, legitimate services for C2, making its traffic harder to distinguish from benign communications.Targeting and Sophistication: Where Mirai uses brute-force attacks against IoT devices to create large botnets for DDoS purposes, DISGOMOJI appears more focused on espionage with targeted attacks against specific government agencies - suggesting an even higher level of sophistication behind its operations that may include state actors.Stealth and Persistence: DISGOMOJI utilizes advanced stealth techniques, such as displaying a decoy PDF, to avoid detection while employing persistence mechanisms like cron jobs and XDG autostart entries, similar to those used by other sophisticated malware. This makes it more complex and more challenging for security analysts to detect and remove it, making it resistant to removal.How Concerned Should Linux and InfoSec Administrators Be?Linux and InfoSec administrators should view DISGOMOJI with great concern due to its unique C2 strategy, targeted nature, sophisticated deployment mechanisms, and sophisticated persistence mechanisms. Awareness and preparation can greatly reduce its threat; an understanding that Linux systems are susceptible to targeted attacks is paramount, so security posture adjustments must be made accordingly. mes Mitigation StrategiesAdministrators need to implement various mitigation strategies to protect themselves from threats such as DISGOMOJI:Enhance Monitoring and Detection : Employ advanced monitoring solutions capable of analyzing network traffic behavior and detecting anomalous patterns such as using legitimate services like Discord for potential C2 communications.Regular System and Patch Updates and Patching : Regular system and application updates help protect against vulnerabilities that could serve as entryways to infections, acting as initial infection vectors for hackers and cybercriminals.Phishing Awareness Training : Since DISGOMOJI utilizes phishing as the initial entryway into their network, training staff to identify and respond to any attempted phishing is an essential defense against infection.Segregation : By isolating critical networks and restricting access to essential services only, network segmentation helps contain any malware outbreaks should an infection arise.Application Whitelisting and Restricted Script Execution : Block any unapproved applications from running and restrict script execution capabilities to limit malware's ability to launch payload or establish persistence.Utilize Security Tools with Machine Learning Capabilities : For effective defense against new attack vectors, implement solutions that leverage machine learning for threat identification and blocking using behavioral analysis. This approach may be more successful in blocking threats with novel behaviors than traditional solutions.Improved Email Filtering : Email security measures must be strengthened with robust filtering rules to prevent phishing scams from succeeding.Discord Usage Policy : Organizations should implement policies to review and potentially restrict the use of Discord and similar platforms when necessary or monitor its usage on sensitive systems.Community Vigilance : As this open-source malware is spread widely through threat vectors, cybersecurity communities should remain vigilant in monitoring and sharing intelligence on variations of DISGOMOJI malware as a collective defense approach.While DISGOMOJI poses a substantial threat to Linux systems, increased awareness, advanced detection tools, and robust security practices can reduce its threat.

Debian LTS: DLA-3830-1: libvpx Security Advisory Updates

Dje, 16/06/2024 - 10:24md
Integer overflows have been fixed in libvpx, a library for decoding and encoding VP8 and VP9 videos. For Debian 10 buster, this problem has been fixed in version

Debian: DSA-5713-1: libndp Security Advisory Updates

Dje, 16/06/2024 - 7:59md
A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.

Fedora 40: thunderbird 2024-748bedc96c Security Advisory Updates

Dje, 16/06/2024 - 4:49md
Update to 115.12.0

Fedora 40: booth 2024-8a545718b1 Security Advisory Updates

Dje, 16/06/2024 - 4:48md
Security fix for CVE-2024-3049

Fedora 39: booth 2024-17e71fc540 Security Advisory Updates

Dje, 16/06/2024 - 3:28pd
Security fix for CVE-2024-3049

Mageia 2024-0224: atril Security Advisory Updates

Dje, 16/06/2024 - 1:08pd
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The

Fedora 40: chromium 2024-5acee8c47f Security Advisory Updates

Pre, 14/06/2024 - 3:46pd
update to 126.0.6478.55 High CVE-2024-5830: Type Confusion in V8 High CVE-2024-5831: Use after free in Dawn High CVE-2024-5832: Use after free in Dawn High CVE-2024-5833: Type Confusion in V8

Fedora 40: cyrus-imapd 2024-f3e0255c75 Security Advisory Updates

Pre, 14/06/2024 - 3:45pd
Security fix for CVE-2024-34055

Mageia 2024-0217: golang Security Advisory Updates

Pre, 14/06/2024 - 3:32pd
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. (CVE-2024-24789)

Debian LTS: DLA-3826-1: cups Security Advisory Updates

Enj, 13/06/2024 - 11:57md
An issue has been found in cups, the Common UNIX Printing System(tm). When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an

Oracle7: ELSA-2024-3741 : bind, bind-dyndb-ldap, and dhcp Important (aarch64) Security Advisory Updates

Enj, 13/06/2024 - 10:44md
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: