Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices

A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.

According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

Read the full article here

New Attack Method Delivers Malware Via Mouse Hover

Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.

Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.

Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.

“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.

“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover

Installing Linux Kernel v4.10

I started using CentOS over several other Distros that I have been testing ever the years. I still have an Ubuntu laptop just to keep up to date with things seeing that it’s one of the most popular ones.

I’ve covered installing Kernels before but I wanted to refresh that topic and include how to do it on CentOS.

Continue reading Installing Linux Kernel v4.10

Netgear Router Security Update

Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.

Tip:
To find the model/version number, check the bottom or back panel of your NETGEAR device.

From the vulnerability Notes Database:

R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND

Continue reading Netgear Router Security Update

Bringing down the Net?

Security expert Bruce Schneier recently talked about how someone is learning how to take down the internet. We have seen lots of companies talk about attacks on their infrastructure, breaches, hacking and stealing accounts, etc. As per the companies, it seems name of the attacks are made out to seem like probing for ways to get into networks and do harm.

It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
– Bruce Schneier

Continue reading Bringing down the Net?

Researchers find over 100 spying Tor nodes

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Continue reading Researchers find over 100 spying Tor nodes

Linux Kernel Zero Day Vulnerability CVE-2016-0728

This vulnerability has existed since 2012 and it affects Android and Linux systems running Linux Kernel version 3.8+, and Linux server or desktop running kernel 3.8+ is vulnerable.

As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).

How do I fix this?

First some background on what the CVE-2016-0728 bug is. From the Perception Point Research Team

CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let’s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.

Continue reading Linux Kernel Zero Day Vulnerability CVE-2016-0728

Ubuntu and Debian End-of-Life Timeline

Ubuntu

Standard Ubuntu releases are supported for 9 months and Ubuntu LTS (Long Term Support) releases are supported for five years on both the desktop and the server. During that time, there will be security fixes and other critical updates.
Continue reading Ubuntu and Debian End-of-Life Timeline

SSH Private-Public Key Auth for Linux and Mac

First Things First

First off, let’s talk about SSH keys and Security real briefly so that you can understand a bit more about what’s going on here and why it’s important. With all the issues happening in today’s digital age, everyone needs to start thinking about and taking one thing very seriously. You know, all the hacking and spying going on around us all.

One of the ways you can accomplish that is by using stronger encryption methods, in this case … SSH Keys or Public Key Cryptography. One of the major things is the key size. 1024 was common but that has long been hacked and not used anymore for websites and other public; so logically many are moving on to 2048 and even 4096, which is what I use.

SSH Keys provide a much more secure way to log into your servers than using passwords. While passwords can be easily broken by brute force attacks, SSH Keys way more difficult and if using a higher key can be almost impossible to decipher.

How does it work?

Generating a key pair provides you with a Private and a Public Key. You place the public key on a server you will connect to leaving the private key on your machine. When you SSH to your server you will not need to enter your password as your public key will be unlocked by your private key and you will be verified and allowed to get in. Continue reading SSH Private-Public Key Auth for Linux and Mac

Reasons to love Windows 10

Microsoft has already revealed features, such as a smarter Cortana and Xbox integration, that may appeal to existing Windows users and lure those on other operating systems. Here are 10 reasons why Windows 10 could effortlessly pull you away from your Mac or Chrome operating system when it debuts for PCs and tablets on July 29.

Cortana

Forget Siri and all of the other personal assistant bots out there. Cortana is back from her greatly exaggerated death in Halo 4, and she’s better than ever.

Edge

The new browser, set to debut with Windows 10, is integrated with Cortana. This means you’ll receive streamlined content based on your preferences and browsing habits.

Xbox

For the first time, Xbox will officially be integrated with the operating system when it debuts, which means that everything from gameplay recording to streaming can be done in sync with any Windows 10 device.

OneDrive

Windows users are able to begin a project on one device, then carry it over to another Windows, Android or iOS device, thanks to OneDrive’s synchronization over the cloud. 15 GB of storage to Windows users for free, and unlimited storage to Office 365 subscribers.

Hello

Windows Hello is a new security feature that focuses on making sure you are you. It greets users and allows them to log into their device with their face, iris or finger.

Store

Store has come a long way since the beginning with new additions such as Drawboard PDF and GoToMeeting. Now, Microsoft has promised that its apps will be ready to wow you come Windows 10.

2-in-1

Continuum will allow 2-in-1 devices to smoothly transition from tablet-to-PC mode (and vice versa), allowing you to work in any circumstance.

Office

Microsoft has confirmed that Windows 10 users will have access to new universal Windows applications for Word, Excel and PowerPoint. They will all be available for purchase separately, meaning you don’t need to invest in the whole Microsoft Office Suite if you only want one program.

IT

Windows Update for Business will come with distribution rings, where IT professionals can choose which devices receive updates. Additionally, IT will be able to decide when updates should – and should not – occur, according to specific time frames. Enterprise Mobility Suite and System Center can be integrated seamlessly with the update as well.

Defender

Windows 10 will come with Windows Defender, the company’s free anti-malware protection. Microsoft promises ongoing security updates for the supported lifetime of its devices.