NEWS
JBoss Vulnerability Could Lead to SamSam Ransomware
Researchers at Cisco Talos found a vulnerability in JBoss that can be exploited by SamSam ransomware. Cisco Talos said in a blog post, "As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2,100 backdoors installed across nearly 1600 IP addresses." The research firm says they estimate over 3.2 million machines are at risk.
SamSam is distributed through compromised servers and then holds victim systems for ransom. Attackers are using the JexBoss open source tool to test and then exploit JBoss application servers. Once they gain access to the network, they start encrypting Windows systems using SamSam.
Cisco Talos suggests that if your server is vulnerable, the first piece of advice is to remove external access to the server. "Ideally, you would also re-image the system and install updated versions of the software," the firm said in the blog post.
New Exploit Bypasses Windows AppLocker
A new Windows vulnerability allows attackers to install any application on Windows systems, bypassing AppLocker. AppLocker is a feature of Windows 7 and Windows Server 2008 R2 that allows admins to manage application access to users. This serious flaw targets business users and not just home users, and it affects the latest Windows 10 systems, as well as earlier versions of Windows going all the way back to Windows 7.
The vulnerability was accidentally discovered by Casey Smith, who realized that the Windows command-line utility Regsvr32 can be exploited to bypass AppLocker by registering and unregistering DLLs. Because this method doesn't touch the system registry, system admins won't find any trace of changes to the system.
Microsoft has not yet released a fix for the vulnerability; however, users can mitigate it by blocking Regsvr from the Windows Firewall.
More Online
Linux Magazine
Off the Beat * Bruce Byfield
Why the Ubuntu Tablet Matters
I am not generally a technophile. I don't obsess over hardware stats, and I judge hardware on how well it does its job. Yet recently, I found myself anticipating the release of three pieces of hardware. One is the pi-topCEED, the Raspberry Pi-based computer for education.
Hating Microsoft
Hating Microsoft has been part of open source from the start. Infamous for its executives calling Linux unAmerican, the equivalent of communism and a cancer, Microsoft has been the arch-enemy, working behind the scenes in reality almost as much as in the minds of conspiracy theorists, the proprietary and corporate antithesis of everything that open source is about.
The Satisfactions of a Free License
Offer free software developers money, and they are practical enough to accept it. However, what keeps many of them at work are the intrinsic rewards, not the external ones.
Ordering a custom computer
"You can't customize your computer," a sysadmin once admonished me. "The parts need to be carefully matched with one another, and that's not a job for an amateur." Despite this advice, I have ordered customized workstations for over two decades.
Paw Prints * Jon "maddog" Hall
Brazil: Free and Open Source Culture Is Economics, Not Politics
Over the years people have accused Free and Open Source Culture (FOSC) of being a "religion." Other people have used FOSC as a political tool, assigning the advocacy of FOSC to one political party; usually the "left," "liberal" or (as some people call them) "progressive" party. FOSC is none of these.
Productivity Sauce * Dmitri Popov
Ansiweather: Weather in the Terminal
Sometimes the simplest tool can also prove to be an indispensable one. Take Ansiweather, for example: This one-trick pony displays the current weather conditions and forecast right in the terminal, and that's all it does.
Prune Your Photo Library with fdupes
If your photo library contains thousands of photos, chances are it has duplicate files lurking in its corners. But finding and removing these unwelcome guests can be tricky, unless you use the fdupes tool for the job.
Instant Pronounceable Passwords with passwds.ninja
The passwds.ninja web app can come in rather handy when you need an easy-to-remember password.
ADMIN HPC
http://hpc.admin-magazine.com/
Interview with the Developer of Singularity * Jeff Layton
Sometimes we see the names of people working on the Linux kernel or other high-profile projects, but we don't hear much about these people working behind the scenes that are contributing their knowledge for the greater good.
A Container for HPC * Jeff Layton
Containers have become an important part of the IT industry because (1) they are more efficient than full (hardware-level) virtualization and (2) the container workflow readily supports DevOps.
ADMIN Online
http://www.admin-magazine.com/
Backups Using rdiff-backup and rsnapshot * Georg Schönberger
The first step in ensuring comprehensive backups is to consider where the backups should be stored; therefore, a separate backup server is often used that connects to other computers and initiates the backups.
Integrating FreeIPA with Active Directory * Thorsten Scherf
A directory service usually provides a wealth of information on top of the classic user and group accounts, including machine and service accounts, security rules, and possibly DNS information and other data that administrators would like to store centrally to deliver to clients in the domain.
Freeing your Data from Ransomware * Thomas Gronenwald and Stefan Becker
One of the latest trends among cyber criminals is to encrypt files on a network, forcing the user to pay a ransom for the decryption of their data.
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.
-
DebConf24 to be Held in South Korea
Busan will be the location of the latest DebConf running July 28 through August 4