Subscribe: LinuxSecurity.com
http://www.linuxsecurity.com/linuxsecurity_hybrid.rdf
Preview: LinuxSecurity.com

LinuxSecurity.com



The central voice for Linux and Open Source security news.



 



Blowing the Whistle on Bad Attribution

Fri, 18 Aug 2017 11:15:05 +0000

LinuxSecurity.com: The New York Times this week published a fascinating story about a young programmer in Ukraine who'd turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It's a good read, as long as you can ignore that the premise of the piece is completely wrong.



Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets

Thu, 17 Aug 2017 09:52:08 +0000

LinuxSecurity.com: In a new report, Incapsula warns about a new type of ferocious DDoS attack that uses "pulse waves" to hit multiple targets. Pulse wave DDoS is a new attack tactic designed by skilled bad actors "to double the botnet's output and exploit soft spots in 'appliance first cloud second' hybrid mitigation solutions."



A Deep Flaw in Your Car Lets Hackers Shut Down Safety Features

Thu, 17 Aug 2017 08:05:23 +0000

LinuxSecurity.com: Since two security researchers showed they could hijack a moving Jeep on a highway three years ago, both automakers and the cybersecurity industry have accepted that connected cars are as vulnerable to hacking as anything else linked to the internet.



Take Part in a Study to Help Improve Onion Services

Wed, 16 Aug 2017 14:06:32 +0000

LinuxSecurity.com: I am a postdoc at Princeton University studying computer security and human-computer interaction. My colleagues and I want to understand how Tor users interact with onion services (formerly known as hidden services). The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains?



Google awards student $10k for discovery of App Engine data leak flaw

Wed, 16 Aug 2017 14:04:11 +0000

LinuxSecurity.com: Google has awarded $10,000 to a high school student for the discovery of a bug in Google's App Engine server which could lead to information disclosure.



Top 10 Enterprise Encryption Products

Wed, 16 Aug 2017 13:59:35 +0000

LinuxSecurity.com: A decade ago, encryption was hot enterprise security news. As a measure of its effectiveness as a technology, it has been incorporated as a key feature in many security suites since. But that doesn't mean it has faded in importance. With so many incidents of ransomware, fraud and data breaches in the news, encrypting sensitive data remains a vital necessity.



openSUSE: 2017:2119-1: important: mariadb

Wed, 09 Aug 2017 21:21:00 +0000

LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.



Fedora 25: cacti Security Update

Wed, 09 Aug 2017 16:14:00 +0000

LinuxSecurity.com: - Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: https://www.cacti.net/release_notes.php?version=1.1.16 ---- - Update to 1.1.15 Release notes: https://www.cacti.net/release_notes.php?version=1.1.15 ---- - Update to 1.1.14 Release notes: https://www.cacti.net/release_notes.php?version=1.1.14



Fedora 25: community-mysql Security Update

Wed, 09 Aug 2017 16:12:00 +0000

LinuxSecurity.com: **Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633,



SuSE: 2017:2114-1: important: Linux Kernel Live Patch 0 for SLE 12 SP3

Wed, 09 Aug 2017 15:18:00 +0000

LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.



Fedora 26: pspp Security Update

Wed, 09 Aug 2017 12:17:00 +0000

LinuxSecurity.com: * FTBFS with GCC 7



Fedora 26: community-mysql Security Update

Wed, 09 Aug 2017 12:13:00 +0000

LinuxSecurity.com: **Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633,



Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000

LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.



Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000

LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.