close
  • Ar chevron_right

    10 malicious Python packages exposed in latest repository attack

    news.movim.eu / ArsTechnica · Tuesday, 9 August - 18:01 · 1 minute

Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

    news.movim.eu / ArsTechnica · Saturday, 15 May, 2021 - 10:00

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Enlarge (credit: Sean Rayford | Getty Images)

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coast , reports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night , the decision to give in to hackers' demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don't have the backups and other infrastructure necessary to recover otherwise, can't or don't want to take the time to recover on their own, or decide that it's cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims' financials before springing their traps , allowing them to set the highest possible price that their victims can still potentially afford.

Read 11 remaining paragraphs | Comments

index?i=lWQwpmFeF6c:iVko6v6MAzM:V_sGLiPBpWUindex?i=lWQwpmFeF6c:iVko6v6MAzM:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Be chevron_right

    XMPP for IoT: Visualisation of Meteorological Live Data for Renewable Energy

    pubsub.movim.eu / berlin-xmpp-meetup · Tuesday, 11 May, 2021 - 15:29 edit

Dan and Tim will present a beautiful web application based on Strophe.js and Flot.js to visualise live measuremen data transmitted via XMPP PubSub/PEP. This is not about instant messaging at all, this is IoT, but security included.

When? Wednesday, 2021-05-12 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where? Online, via our MUC (xmpp:berlin-meetup@conference.conversations.im?join). A Jitsi video conference will be announced there.

See you then!

#jabber #berlin #meetup #community #xmpp #iot #webapplication #javascript #strophejs #flotjs #pubsub #pep #security #renewableenergy

If the French service Qwant.com is set as the #search provider in your web #browser (Firefox, Iridium...), it may occur that it shows a message telling it's not "available" in your region. This can happen if you're using TOR, a VPN, or for other reasons.

To circumvent this, you may :

  1. Go to the search bar (CTRL + L), edit qwant.com as ddg.gg and hit Enter, you'll go to #DuckDuckGo with the same request.
  2. Or for the next searches, write as following into the search bar: !ddg my keywords to perform the same search throught Duck Duck Go, instead of your original #request my keywords

If it happens too often, change the default search engine.

  • Ar chevron_right

    Chrome users have faced 3 security concerns over the past 24 hours

    news.movim.eu / ArsTechnica · Friday, 5 February, 2021 - 21:21

Chrome users have faced 3 security concerns over the past 24 hours

(credit: Chrome )

Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls. Let’s discuss them one by one.

First up, the Great Suspender, an extension with more than 2 million downloads from the Chrome Web Store, has been pulled from Google servers and deleted from users’ computers. The extension has been an almost essential tool for users with small amounts of RAM on their devices. Since Chrome tabs are known to consume large amounts of memory, the Great Suspender temporarily suspends tabs that haven’t been opened recently. That allows Chrome to run smoothly on systems with modest resources.

Characteristically terse

Google's official reason for the removal is characteristically terse. Messages displayed on devices that had the extension installed say only, “This extension contains malware” along with an indication that it has been removed. A Google spokesman declined to elaborate.

Read 11 remaining paragraphs | Comments

index?i=ooMPqnL1CuE:eWEW5oucaNA:V_sGLiPBpWUindex?i=ooMPqnL1CuE:eWEW5oucaNA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ga chevron_right

    Update your NVIDIA drivers due to multiple security issues found

    news.movim.eu / GamingOnLinux · Sunday, 10 January, 2021 - 12:00 · 1 minute

Here's something we missed with the latest NVIDIA driver updates - turns out that NVIDIA had multiple security issues that they put out in a recent security bulletin. Multiple issues affect both Windows and Linux, across multiple versions of the official NVIDIA proprietary driver.

The ones that affect the Linux desktop are:

  • CVE‑2021‑1052: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."
  • CVE‑2021‑1053: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service."
  • CVE‑2021‑1056: "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure."

There's also some vGPU security issues too, which also affect Linux but they're not regular desktop stuff.

If you want to make sure you're totally safe you should update to the latest driver in the series you're using. Going by the information on the NVIDIA security page you should be good on (or better) 460.32.03 which is the latest "Production Branch" driver, 450.102.04 and 390.141 being the latest Legacy driver.

You can look out for future security info here from NVIDIA.

Article from GamingOnLinux.com - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
  • Ar chevron_right

    Florida posted the password to a key disaster system on its website

    news.movim.eu / ArsTechnica · Wednesday, 9 December, 2020 - 18:29 · 1 minute

The words

Enlarge / Florida's apparently being a little too welcoming at the moment. (credit: iLLiePhotography | Getty Images )

Florida police said a raid they conducted Monday on the Tallahassee home of Rebekah Jones, a data scientist who the state fired from her job in May, was part of an investigation into an unauthorized access of a state emergency-responder system. It turns out, however, that not only do all state employees with access to that system share a single username and password, but also those credentials are publicly available on the Internet for anyone to read.

The background

Jones on Monday shared a video of the police raid on her house as part of a Twitter thread in which she explained the police were serving a search warrant on her house following a complaint from the Department of Health. That complaint, in turn, was related to a message sent to Florida emergency responders back in November.

About 1,700 members of Florida's emergency-response team received the communication on November 10, according to the affidavit ( PDF ) cited in the search warrant for Jones' home. The message urged recipients to "speak up before another 17,000 people are dead. You know this is wrong. You don’t have to be a part of this. Be a hero. Speak out before it's too late."

Read 10 remaining paragraphs | Comments

index?i=9Zw1hsVWFxY:QCNGt_YTFU0:V_sGLiPBpWUindex?i=9Zw1hsVWFxY:QCNGt_YTFU0:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Apple lets some Big Sur network traffic bypass firewalls

    news.movim.eu / ArsTechnica · Tuesday, 17 November, 2020 - 20:48 · 1 minute

A somewhat cartoonish diagram illustrates issues with a firewall.

Enlarge (credit: Patrick Wardle)

Firewalls aren’t just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts.

Beginning with Big Sur released last week, some 50 Apple-specific apps and processes are no longer routed through firewalls like Little Snitch and Lulu. The undocumented exemption came to light only after Patrick Wardle, a security researcher at a Mac and iOS enterprise developer Jamf, disclosed the change over the weekend.

“100% blind”

To demonstrate the risks that come with this move, Wardle—a former hacker for the NSA—demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. He set Lulu to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that interacted with one of the apps that Apple exempted. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to receive commands and exfiltrate sensitive data.

Read 9 remaining paragraphs | Comments

index?i=XUr9W5AHxRs:f8o-Q-ENo-E:V_sGLiPBpWUindex?i=XUr9W5AHxRs:f8o-Q-ENo-E:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA