New Online Malware Tracking Service Sparks DDoS Security Threats
Malware writers today always try to conceal their identities, right? Wrong
Linux Hacks & Cracks - Page 76
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
SocksEscort Linux Router Malware Botnet Takedown Operation Lightning
Authorities have dismantled SocksEscort, a service that sold access to a large proxy network built from compromised residential routers. Investigators say much of the infrastructure sat on infected SOHO networking devices, many running embedded Linux...
Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
We’ve been telling ourselves that Snap apps are sandbox...
UNC2891: Banking Heists with Linux Malware Exploiting Physical Access
UNC2891 has been working its way through gaps in ATM se...
Discover Hacks/Cracks News
Time Warner Modems: Security Advisory on Admin Access Risk
A blogger helping to tune a friend's wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribers' homes, leaving them open to attack.
Understanding Social Engineering: Tactics Used By Hackers
While there are an infinite number of social engineering exploits, typical ones include the following: Stealing passwords: In this common maneuver, the hacker uses information from a social networking profile to guess a victim's password reminder question. This technique was used to hack Twitterand break into Sarah Palin's e-mail.
Exploring Full-Disk Encryption Risks with the Evil Maid Attack
Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.
Decline in P2P Sharing in Sweden Due to Pirate Party Influence
Figures from Sweden suggest six out of ten P2P users have stopped or significantly reduced their unlicensed file sharing, AFP reports.
Hotmail: 10,000 Accounts Hacked In Ongoing Phishing Investigation
Thousands of accounts on web-based e-mail system Hotmail have been compromised in a phishing attack, software giant Microsoft has confirmed.
Bruteforce Attacks Reveal Poor Sysadmin Practices On Linux Systems
SOME LAZY Linux administrators are living in a dreamworld where they believe their systems are secure just because they use Linux, according to an insecurity expert. Peter Hansteen claims that a third round of low-intensity, distributed bruteforce password attacks is now in progress because of sloppy admin practices on Linux systems. So far about a thousand servers have been compromised.
Jacob Appelbaum's SSL Certificate Trick and Associated Risks
On the Noisebridge hacker mailing list, security specialist Jacob Appelbaum has published an SSL certificate and pertinent private key that together allow web servers to avoid triggering an alert in vulnerable browsers - irrespective of the domain for which the certificate is submitted. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers
Windows SMB v2 Exploit: Unpatched Threats for Remote Code Execution
Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
Malware Infiltration In 100-Node Linux Cluster Due To Admin Failures
Recently, a Russian security researcher discovered a 100-node Linux "cluster" that was running a botnet which was, in turn, connected to a group of desktop machines. Altogether these machines were serving up malware.
Exploring Open Source Trends in Malware Development and Cybercrime
Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.
Investigation: Ukrainian Hackers' Facebook Hacking Scheme Exposed
Eastern European hackers are offering to crack into any Facebook account for a fee of $100, payable online through Western Union, though circumstantial evidence suggests that the scheme might just as easily be geared towards ripping-off potential clients while delivering nothing.
China: Game Server Admins Arrested For DDoS Cyber Attack
A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game provider trying to take down rivals. Police in Foshan, a city in Guangdong, have announced that they arrested four individuals for the attack, noting that they would go to trial sometime in the mysterious future.
Twitter Security Advisory: XSS Risk For Account Takeover
A newly exposed cross-site scripting (XSS) vulnerability in Twitter lets an attacker wrest control of a victim's account merely by sending him or her a tweet. U.K. researcher James Slater reported the serious flaw earlier this week, and now says Twitter's fix in response to his disclosure doesn't actually fix the problem.
Ehud Tenenbaum's Guilty Plea In Multi-State Bank Fraud Case
Hacker Ehud Tenenbaum has pleaded guilty in connection to charges of fraud that netted millions of dollars from banks in Indiana, Florida, Texas and California, according to the U.S. Attorney's office in New York.
Linux: Critical Security Flaw in GCC and Its Recommended Fixes
Everything has security problems, even Linux. An old and obscure problem with the gcc compiler was recently discovered to have left a security hole in essentially every version of Linux that anyone is likely to be running. Here's what you need to know about fixing it.
Heartland Payment Systems Data Breach: SQL Injection Impact Analysis
This week's disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web application security vulnerabilities, just as the breach at TJX focused attention on wireless issues.
Albert Gonzalez Indicted For Largest Credit Card Theft In History
The same guy responsible for the TJX breach, and now serving time, is now accused of stealing 130 million credit cards from 7-Eleven and two unnamed retail chains. The best part is that he once worked with federal authorities to identify co-conspirators in another online theft.The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins, The New York Times
Massive Data Breach: 130 Million Credit Cards Stolen by TJX Hacker
The constellation of hacks connected to the TJX hacker is growing. Albert
All Linux Kernels Security Advisory: Critical Privilege Escalation
Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!