The central voice for Linux and Open Source security news.


Linux file manager flaw leaves security "Bad Taste"

Tue, 25 Jul 2017 11:16:36 +0000 A recently patched flaw in the Linux-based GNOME Files file manager has been discovered that could enable hackers to create malicious Windows-based MSI files which would run malicious VBScript code on Linux.

Pathetic patching leaves over 70,000 Memcached servers still up for grabs

Tue, 25 Jul 2017 11:14:21 +0000 If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't.

A Clever New Tool Shuts Down Ransomware Before It's Too Late

Tue, 25 Jul 2017 11:10:12 +0000 In the last few months, waves of ransomware attacks have pummeled the world, disrupting not just businesses but also vital services like hospital care, energy infrastructure, and telecoms. Which means the research Andrea Continella and his team have pursued recently couldn't be better timed: A tool that detects ransomware automatically, almost instantly, and restores your system from backups before hackers can fully lock it down.

70,000 Memcached Servers Can Be Hacked Using Eight-Month-Old Flaws

Mon, 24 Jul 2017 12:35:56 +0000 Eight months after three critical vulnerabilities were fixed in the memcached open source caching software, there are over 70,000 caching servers directly exposed on the internet that have yet to be patched. Hackers could execute malicious code on them or steal potentially sensitive data from their caches, security researchers warn.

Writing Windows or Linux apps? Microsoft just launched a cloud-powered bug hunter to find the flaws

Mon, 24 Jul 2017 10:40:49 +0000 Microsoft has unveiled a new bug hunting tool, named Microsoft Security Risk Detection, that's built to help customers find and eliminate bugs before attackers can seize on them.

Watch a Homemade Robot Crack a Safe in Just 15 Minutes

Fri, 21 Jul 2017 09:05:53 +0000 Last Christmas, Nathan Seidle's wife gave him a second-hand safe she'd found on Craigslist. It was, at first glance, a strange gift. The couple already owned the same model, a $120 SentrySafe combination fire safe they'd bought from Home Depot. But this one, his wife explained, had a particular feature: The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.

Ubuntu 3364-3: Linux kernel (AWS, GKE) vulnerabilities

Tue, 25 Jul 2017 19:57:00 +0000 Several security issues were fixed in the Linux kernel.

Fedora 25: perl-XML-LibXML Security Update

Tue, 25 Jul 2017 17:41:00 +0000 This release fixes a use-after-free in replaceChild() call.

Fedora 25: qemu Security Update

Tue, 25 Jul 2017 17:39:00 +0000 * CVE-2017-7718: cirrus: OOB read access issue (bz #1443443) * CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040) * CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872) * CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372) * CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622) * CVE-2017-8309: audio: host memory lekage via

Debian: DSA-3920-1: qemu security update

Tue, 25 Jul 2017 16:26:00 +0000 Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310

Debian: DSA-3919-1: openjdk-8 security update

Tue, 25 Jul 2017 16:20:00 +0000 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or

Debian: DSA-3918-1: icedove/thunderbird security update

Tue, 25 Jul 2017 16:14:00 +0000 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases (ESR) of Thunderbird.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.