Apple has been steadily positioning itself as the anti-Facebook for a while now, and between verbal jabs aimed at the social media giant and privacy-focused product decisions, the patient goodwill campaign seems to be working. Unfortunately, Apple isn’t going to save us, and now’s the time to keep your guard up. Continue reading Apple Isn’t Your Friend
Systemd, the Linux world’s favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you’re affected.
Continue reading Systemd Vulnerable to DNS Attacks
A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.
Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.
Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:
Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.
Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.
Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.
“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.
“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover
I started using CentOS over several other Distros that I have been testing ever the years. I still have an Ubuntu laptop just to keep up to date with things seeing that it’s one of the most popular ones.
I’ve covered installing Kernels before but I wanted to refresh that topic and include how to do it on CentOS.
Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.
From the vulnerability Notes Database:
R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 22.214.171.124_1.1.93, R6400 version 126.96.36.199_1.0.11, and R8000 version 188.8.131.52_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.
By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND
Security expert Bruce Schneier recently talked about how someone is learning how to take down the internet. We have seen lots of companies talk about attacks on their infrastructure, breaches, hacking and stealing accounts, etc. As per the companies, it seems name of the attacks are made out to seem like probing for ways to get into networks and do harm.
It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
– Bruce Schneier