Linux

now browsing by tag

 
 

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk | #microsoft | #hacking | #cybersecurity | #cybersecurity | #infosecurity | #hacker

Source: National Cyber Security – Produced By Gregory Evans

The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new […]

The post LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk | #microsoft | #hacking | #cybersecurity | #cybersecurity | #infosecurity | #hacker appeared first on National Cyber Security.

View full post on National Cyber Security

Thursday: Vodafone trouble, clubhouse freedom, Windows & Linux loopholes | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker

Source: National Cyber Security – Produced By Gregory Evans

The flood disaster in western Germany and the associated climate change and its effects are still on everyone’s lips, but currently a lot is also about various security gaps in […]

The post Thursday: Vodafone trouble, clubhouse freedom, Windows & Linux loopholes | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker appeared first on National Cyber Security.

View full post on National Cyber Security

Pale Moon 29.3.0 – Neowin | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker

Source: National Cyber Security – Produced By Gregory Evans

Razvan SereaNews ReporterNeowin · Jul 20, 2021 00:36 EDT Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease […]

The post Pale Moon 29.3.0 – Neowin | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Google develops Linux tool that tackles USB keystroke injection attacks

Source: National Cyber Security – Produced By Gregory Evans

‘Voight kampff test’ provides warnings about thumb drive malfeasance

Google has developed a tool for Linux machines that combats USB keystroke injection attacks by flagging suspicious keystroke speeds and blocking devices classified as malicious.

Keystroke injection attacks can execute malicious commands via a thumb drive connected to a host machine, by running code that mimics keystrokes entered by a human user.

In a post on the Google Open Source blog, Google security engineer Sebastian Neuner explained Google’s tool uses two heuristic variables – KEYSTROKE_WINDOW and ABNORMAL_TYPING – to distinguish between benign and malicious inputs.

Measuring the time between two keystrokes, KEYSTROKE_WINDOW can generate false positives if users hit two keys almost simultaneously, although accuracy rises along with the number of keystrokes logged.

ABNORMAL_TYPING specifies the ‘interarrival time’ – or gap – between keystrokes.

The heuristic works because automated keystroke inputs are typically faster than those of humans, among other factors.

Neuner advises users to recalibrate the default parameters by gauging their own typing speed using online utilities whilst running the Google tool in ‘monitoring’ mode.

Done over several days or even weeks, this should gradually lower the false positive rate until eliminated, he explained.

The process trains the system to recognise the normal typing pattern of a user thereby helping it to reduce the number of false alarms, instances where genuine user input is incorrectly flagged up as malign.

Simple, inexpensive, widely available

Keystroke injection tools are relatively inexpensive and widely available online, noted Neuner.

Darren Kitchen, founder of pen test tool developer Hak5, is well placed to comment. He invented keystroke injection in 2008 and pioneered the first tool to simulate attacks: the USB Rubber Ducky, which featured in the iconic hacker TV Series Mr. Robot.

“Keystroke injection attacks are popular because they’re simple – the barrier to entry is extremely low,” Kitchen, also founder and host of the popular Hak5 Podcast, told The Daily Swig. “I developed the now de facto language, Ducky Script, so anyone can learn it in a minute or two.”

Keystroke injection attacks are also difficult to detect and prevent, according to Neuner, since they’re delivered via the most widely used computer peripheral connector: the humble USB.

Keystrokes are also sent “in a human eyeblink while being effectively invisible to the victim” sitting at the computer, he said. Kitchen pointed out that the “USB Rubber Ducky can type over 1,000 words per minute with perfect accuracy and never needs a coffee break”.

Kitchen recounts how he developed keystroke injection to “automate my then mundane IT job – fixing printers in the terminal with one-liners”, before realizing that it “violated the inherent trust computers have in humans.

“That’s a flaw that’s hard to fix,” he continued, “because we want computers to trust us, and the way we speak to them (Alexa notwithstanding) is by keystrokes.”

‘Hacking the Gibson’

However, the attack is “only as powerful as the user that logged in”, said Kitchen, adding that he probably wouldn’t be “hacking the Gibson” since his machines are restricted in what the ordinary user can do.

“On the other hand, if you’re in an organization that has ignored security best practices over the past decade, and all of your ordinary users have administrative privileges, then yeah – keystroke injection attacks are a problem (and you probably have many more).”

Neuner, who posted two videos demonstrating an attack against a machine with and without the tool installed, advised against viewing Google’s utility as a comprehensive fix.

“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” he said.

The security engineer added that Linux tools like fine-grained udev rules or open source projects like USBGuard, through which users can define policies and block specific or all USB devices while the screen is locked, can add further protection.

Matthias Deeg, head of research and development at German pen testing firm SySS GmbH, said it remained to be seen how effective Google’s tool would prove.

“In my opinion, this new tool is interesting and may actually help preventing automated keystroke injection attacks, for instance via bad USB devices,” Deeg, who has researched wireless input devices, including their use for keystroke injection attacks, told The Daily Swig.

“However, we have not yet tested this tool and its implemented heuristics used for detecting automated keystroke injection attacks, and thus cannot say how easily it can be bypassed by tweaking the keystroke injection behavior of the attacker tool. This appears to be a good old cat-and-mouse game.”

A Github README for the Google tool includes a step-by-step setup and operation guide. The utility is run as a systemd daemon, which is enabled on reboot.

RELATED WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer

Source link

The post #hacking | Google develops Linux tool that tackles USB keystroke injection attacks appeared first on National Cyber Security.

View full post on National Cyber Security

#linuxsecurity | Is Linux Really Immune to Viruses and Malware? Here’s the Truth

Source: National Cyber Security – Produced By Gregory Evans

Advertisement

One reason people switch to Linux is to have better security. Once you switch to Linux, the thinking goes, you no longer have to worry about viruses and other types of malware. But while this is largely true in practice, desktop Linux isn’t actually all that secure.

If a virus wants to wreck shop on your free and open source desktop, there’s a good chance that it can.

Why Malware Is Less Common on Linux Desktops

Image Credit: Kevin Horvat/Unsplash

Malware is unwanted code that somehow made its way onto your computer in order to perform functions designed with malicious intent. Sometimes these programs slow down a machine or cause it to crash entirely. The creators may then demand a ransom in order to fix the machine.

Sometimes malware uploads information to remote servers, giving someone access to your saved data or vital credentials that you type, such as passwords and credit card numbers.

People tend to create malware for Windows because that’s the operating system found on the most PCs. This increases the odds that a virus will spread from one computer to another.

Virus makers tend to target less technical users that are easier to fool with bogus web banners and phishing scams. Viruses also spread among people who know how to pirate music and TV shows but don’t understand how these files may be infected.

There are antivirus programs for Linux


The 6 Best Free Linux Antivirus Programs




The 6 Best Free Linux Antivirus Programs

Think Linux doesn’t need antivirus? Think again. These free antivirus tools can ensure your Linux box remains virus-free.
Read More

, but even their purpose is often to help protect Windows users.

Linux Desktop Malware Exists, But It’s Rare

One piece of malware has recently made news for targeting the Linux desktop. EvilGNOME runs on the GNOME desktop environment by pretending to be an extension.

GNOME is the most common Linux desktop environment


GNOME Explained: A Look at One of Linux’s Most Popular Desktops




GNOME Explained: A Look at One of Linux’s Most Popular Desktops

You’re interested in Linux, and you’ve come across “GNOME”, an acronym for GNU Network Object Model Environment. GNOME is one of the most popular open source interfaces, but what does that mean?
Read More

, found as the default interface on two of the most popular Linux distros, Ubuntu and Fedora, and on computers that ship directly from Linux manufacturers such as System76 and Purism. Legitimate extensions allow you to alter many aspects of the GNOME desktop.

The malware known as EvilGNOME is able to take screenshots and record audio from your PC’s microphone. It can also upload your personal files. A more detailed breakdown is available in a report by Intezer Labs, who gave EvilGNOME its name.

This malware didn’t attract attention for being particularly likely to impact large numbers of people. It was considered newsworthy because it existed at all.

Most Linux Malware Targets Servers

A datacenter room with server racks
Image Credit: Taylor Vick/Unsplash

Linux is relatively rare on desktops, but it’s the most prominent operating system found on servers powering the web and managing much of the world’s digital infrastructure.

Many attacks target websites rather than PCs. Hackers often look for vulnerabilities in network daemons that they can use to gain access to Linux-powered servers. Some will install a malicious script on a server that then targets visitors rather than the system itself.

Hacking Linux-powered machines, whether they are servers or IoT devices, is one way to go about infecting the web or creating botnets.

Linux’s Design Is Not Inherently Secure

Desktop Linux in its current form is hardly a fortress. Compared to Windows XP, where malicious software could gain administrator access without prompting for a password, Linux offered much better security. These days, Microsoft has made changes to close that gap. Since Vista, Windows has issued a prompt.

Yet fretting about the security of system files almost misses the point. Most of the data we care about isn’t saved in our root system folders. It’s the personal data in our home directory that’s irreplaceable and most revealing. Software on Linux, malicious or otherwise, doesn’t need your password to access this data and share it with others.

User accounts can also run scripts that activate your microphone, turn on your webcam, log key presses, and record what happens onscreen.

In other words, it almost doesn’t matter how secure the Linux kernel is, or the safeguards surrounding various system components, if it’s the vulnerabilities in apps and the desktop environment that can put the data you care most about at risk.

EvilGNOME doesn’t install itself among your system files. It lurks in a hidden folder in your home directory. On the positive side, that makes it easier to remove. But you have to first know it’s there.

4 Reasons Why Linux Relatively Safe to Use

While Linux isn’t immune to exploits, in day-to-day use, it still provides a much safer environment than Windows. Here are a few reasons why.

1. Multiple Distros, Environments, and System Components

App developers have a hard time developing for Linux because there are so many versions to support. The same challenge faces malware creators. What’s the best way to infiltrate someone’s computer? Do you sneak code in the DEB or RPM format?

You may try to exploit a vulnerability in the Xorg display server or in a particular window compositor, only to find that users have something else installed.

2. App Stores and Package Managers Shield Linux Users

Traditional Linux package management systems put app maintainers and reviewers between users and their software source. As long as you get all of your software from these trusted sources, you’re very unlikely to run into anything malicious.

Avoid copying and pasting command line instructions to install software, especially when you don’t know exactly what the command is doing and you’re unsure of the source.

3. Newer Technologies Actively Consider Security

New app formats like Flatpak and Snap introduce permissions and sandboxing, limiting what apps can access. The new Wayland display server can prevents apps from taking screenshots or recording happens onscreen, making it harder to exploit.

4. The Source Code Is Open for Anyone to Read

The primary advantage of Linux comes from being able to view the code. Since Linux is open source rather than proprietary, you don’t have to worry about the desktop itself working against you, acting as spyware itself or suffering from exploits that haven’t been disclosed for commercial reasons.

Even if you can’t make sense of the code, you can read the blog posts or reports by someone that does.

Should You Be Afraid of Linux Malware?

It’s a myth that Linux users don’t have to worry about viruses, but if you stick to your distro’s app stores or other trusted sources such as Flathub, you’re unlikely to stumble across anything dangerous.

No matter which operating system you use, it’s important that you adopt safe digital habits. Don’t make the mistake of believing that switching to Linux means you can download from sketchy sites without concern.

Yet for most of us, the biggest risk probably isn’t malware. If you’ve created a large number of online accounts or depend on cloud services, phishing scams are a much larger threat


How to Spot a Phishing Email




How to Spot a Phishing Email

Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud.
Read More

to your data, whether or not you use Linux.

Source link

The post #linuxsecurity | Is Linux Really Immune to Viruses and Malware? Here’s the Truth appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners

The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.

The new campaign uses the legitimate, open-source XMRig cryptominer in conjunction with exploiting the old vulnerability CVE-2013-2618, which is found in Cacti’s Network Weathermap plug-in, according to a Trend Micro Cyber Safety Solutions Team report. The vulnerability is a cross-site scripting vulnerability in editor.php in Network Weathermap before 0.97b and allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

This active campaign is hitting targets primarily in active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.

“As to why they’re exploiting an old security flaw: Network Weathermap only has two publicly reported vulnerabilities so far, both from June 2014. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool” the team wrote.

Trend Micro was able to trace the activity back to two usernames associated with two Monero wallets where $74,677 has been deposited as of March 21.

Read More….

advertisement:

The post Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

WikiLeaks reveals CIA malware for hacking Linux computers

Source: National Cyber Security – Produced By Gregory Evans

The CIA has developed strains of malware specifically designed to target Linux computers. The existence of the malware, known as OutlawCountry, was revealed by WikiLeaks. It demonstrates the CIA is intent on accessing all kinds of computer system. Generally, mainstream malware attacks tend to focus on consumer-oriented operating systems like…

The post WikiLeaks reveals CIA malware for hacking Linux computers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hack lets PS4 run Steam Linux games

Source: National Cyber Security – Produced By Gregory Evans

This current generation of consoles, both the PlayStation 4 and the Xbox One, did something substantially different from their predecessors. For the first time, they sported desktop PC components inside, practically making them special purpose PCs fine-tuned for gaming. That fact, of course, has piqued the curiosity of many modders and hackers in actually making […] View full post on AmIHackerProof.com | Can You Be Hacked?

The post Hack lets PS4 run Steam Linux games appeared first on National Cyber Security.

View full post on National Cyber Security

Secpanel – Linux cloud security

National Cyber Security

Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Secpanel – Linux cloud security appeared first on National Cyber Security.

View full post on National Cyber Security