SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
# Linux
7 Jul 2017

Wikileaks unveils CIA implants that steal SSH credentials from Windows & Linux PCs

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.

Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.

Read more
Tags:
Windows Linux Wikileaks CIA surveillance information leaks
Source:
The Hacker News
1867
6 Jul 2017

Linux's systemd vulnerable to DNS server attack

Security experts are warning of a bug that could allow hackers to craft TCP packets that fool Linux's initialization deamon systemd, which could cause systems to crash or make them run malicious code.

Ubuntu maker Canonical has released a patch to address the issue discovered by Chris Coulson, a software engineer at the firm. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," Coulson wrote. The bug could be used by a remote attacker to cause a denial of service in the daemon or execute arbitrary code.

Read more
Tags:
information leaks Linux
Source:
ZDNet
1605
29 May 2017

A wormable code-execution bug has lurked in Samba for 7 years

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The flaw can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met.

Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it.

Read more
Tags:
information leaks Linux
Source:
ArsTechnica
1820
24 Feb 2017

11-year old Linux Kernel local privilege escalation flaw discovered

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.

Over a decade old Linux Kernel bug has been discovered by security researcher Andrey Konovalov in the DCCP implementation using Syzkaller, a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."

Read more
Tags:
information leaks Linux
Source:
The Hacker News
1753
17 Aug 2016

Internet traffic hijacking Linux flaw affects 80% of Android devices

An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications.

Even the latest Android Nougat Preview is considered to be vulnerable. The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 and the Linux Foundation has already patched the Linux kernel. However, the vulnerability is now affecting a large portion of the Android ecosystem.

Read more
Tags:
Android Linux information leaks
Source:
The Hacker News
1872
18 Jul 2016

Ubuntu Linux forum hacked! The weakest link in the security is still humans

No software is immune to being hacked! Not even Linux. The Ubuntu online forums have been hacked, and data belonging to over 2 Million users have been compromised, Canonical announced.

The compromised users’ data include their IP addresses, usernames, and email addresses, according to the company, who failed to apply a patch to secure its users' data. However, users should keep in mind that the hack did not affect the Ubuntu operating system, or it was not due to a vulnerability or weakness in the OS. Instead, the breach only affected the Ubuntu online forums that people use to discuss the OS.

Read more
Tags:
information leaks Linux Ubuntu
Source:
The Hacker News
2518
11 Feb 2016

Vulnerability in font processing library affects Linux, OpenOffice, Firefox

Four vulnerabilities in the Graphite font processing library allow attackers to compromise machines by supplying them with malicious fonts. Graphite's authors describe the library as a tool capable of creating "smart fonts" that can display dynamic glyphs for showing complex writing systems.

Many applications use Graphite, and among them are Firefox, Pale Moon, Thunderbird, OpenOffice, LibreOffice, and WorldPad, but the library is also used in many Linux distros. According to an advisory, this library includes four vulnerabilities. The worst is an out-of-bounds read bug that allows attackers to crash the system and even execute arbitrary code on the machine.

Read more
Tags:
information leaks Linux Libgraphite
Source:
Softpedia
2193
20 Jan 2016

New Trojan spies on Linux users

Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.

Discovered four days ago, Linux.Ekocms is only the latest threat targeting Linux PCs, after the Linux.Encoder ransomware family and the Linux XOR DDoS malware had caused a large number of issues last autumn and put a dent in Linux's status as impermeable when it comes to malware infections. According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.

Read more
Tags:
surveillance Linux trojan
Source:
Softpedia
2477
24 Feb 2015

What are the most vulnerable operating systems?

A lot of security vulnerabilities were reported every day in 2014. The number of vulnerabilities discovered each year in operating systems, applications, and hardware has skyrocketed in a nasty trend, according to analysis by GFI Software.

The top spot for vulnerabilities in operating systems no longer goes to Microsoft Windows. 2014 was a tough year for Linux users from internet security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. GFI said the worst offender in 2014 for having security flaws was third-party applications.

Read more
Tags:
information leaks Apple Linux
Source:
Network World
3333
3 Feb 2015

Everything you need to know about GHOST vulnerability

The funkily-named bug of the week is GHOST. It's a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. As it happens, the vulnerability is connected with network names and numbers.

The spooky name comes from the system functions where the vulnerable code was found. An attacker may be able to rig up messages or network requests that crash your program; and with a bit of trial and error, they might be able to trigger that crash in a way that gives them control over your computer. That's known as a Remote Code Execution exploit, similar to the bug recently found in the super-secure Blackphone.

Read more
Tags:
GHOST information leaks Linux
Source:
Naked Security
2268
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015