Tux Machines
Posted by Roy Schestowitz on Mar 11, 2023
=> New Episodes of Sudo show, Linux Out Loud, and Kernel Podcast | 10 Best Lightweight Linux Distros for Old Computers (2023)
=> ↺ Security updates for Wednesday [LWN.net]
Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip).
=> ↺ Security updates for Thursday
Security updates have been issued by CentOS (kernel, pesign, samba, and zlib), Oracle (kernel), Slackware (httpd), SUSE (emacs, libxslt, nodejs12, nodejs14, nodejs16, openssl, poppler, python-py, python-wheel, xen, and xorg-x11-server), and Ubuntu (linux-gcp-5.4, linux-gkeop, opusfile, and samba).
=> ↺ Building a Pentest Lab for Beginners: Tips and Tricks for Success
A penetration testing (pentest) lab is a safe and controlled environment where you can practice and improve your hacking skills without breaking the law. Building your own pentest lab is an excellent way to gain practical experience and learn new techniques.
=> ↺ Andrea Corbellini: Authenticated encryption: why you need it and how it works
In this article I want to explore a common problem of modern cryptographic ciphers: malleability. I will explain that problem with some hands-on examples, and then look in detail at how that problem is solved through the use of authenticated encryption. I will describe in particular two algorithms that provide authenticated encryption: ChaCha20-Poly1305 and AES-GCM, and briefly mention some of their variants.
If we want to encrypt some data, a very common approach is to use a symmetric cipher. When we use a symmetric cipher, we hold a secret key, which is generally a sequence of bits chosen at random of some fixed length (nowadays ranging from 128 to 256 bits). The symmetric cipher takes two inputs: the secret key, and the message that we want to encrypt, and produces a single output: a ciphertext. Decryption is the inverse process: it takes the secret key and the ciphertext as the input and yields back the original message as an output. With symmetric ciphers, we use the same secret key both to encrypt and decrypt messages, and this is why they are called symmetric (this is in contrast with public key cryptography, or asymmetric cryptography, where encryption and decryption are performed using two different keys: a public key and a private key).
=> ↺ Custom Chinese Malware Found on SonicWall Appliance
Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality.
=> ↺ Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks
Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers.
=> ↺ Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
An analysis found that over 40 exploited vulnerabilities, mostly leveraged by botnets, are missing from CISA’s ‘must patch’ catalog.
=> ↺ IceFire Ransomware Portends a Broader Shift From Windows to Linux
In recent weeks, hackers have been deploying the "IceFire" ransomware against Linux enterprise networks, a noted shift for what was once a Windows-only malware.
A report from SentinelOne published today suggests that this may represent a budding trend. Ransomware actors have been targeting Linux systems more than ever in cyberattacks in recent weeks and months, notable not least because "in comparison to Windows, Linux is more difficult to deploy ransomware against, particularly at scale," Alex Delamotte, security researcher at SentinelOne, tells Dark Reading.
=> ↺ IceFire ransomware now encrypts both Linux and Windows systems
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor.
SentinelLabs security researchers found that the gang has breached the networks of several media and entertainment organizations around the world in recent weeks, starting mid-February, according to a report shared in advance with BleepingComputer.
Once inside their networks, the attackers deploy their new malware variant to encrypt the victims' Linux systems.
When executed, IceFire ransomware encrypts files, appends the '.ifire' extension to the filename, and then covers its tracks by deleting itself and removing the binary.
=> ↺ IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world.
The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to cybersecurity company SentinelOne.
=> ↺ Jenkins Server Vulnerabilities Chained for Remote Code Execution
Two vulnerabilities recently addressed in Jenkins server can be chained to achieve arbitrary code execution.
=> ↺ Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS
Fortinet has patched a critical buffer underflow vulnerability in FortiOS and FortiProxy that could lead to remote code execution without authentication.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB