News
New Android Malware Found
Security researchers at Kaspersky Labs have discovered a new malware that affects Android devices. Nikita Buchka wrote on a blog post: "Instead of attacking a user, it attacks the WiFi network the user is connected to, or, to be precise, the wireless router that serves the network."
The trojan deploys the brute-force attack to guess the password and access the device. Once the password is cracked, it modifies the DNS server in the router, redirecting all traffic through their own servers and malicious websites.
What makes things really bad is, as Buchka explained, that instead of affecting users, the malware affects the entire network, which means every user on that network is exposed. Kaspersky recommends checking the DNS settings of your router.
There are currently two versions of the app: one is a fake mobile client for Chinese search engine Baidu and the second one is about WiFi network. It's the same old story where cybercriminals are offering malicious fake apps outside of official app stores. Always use the official app stores. Anyone using official Google Play Store for app installation is safe.
The lesson here is: don't install random apps from random websites.
Serious Bug Found in Ubuntu
An Irish security researcher Donncha O'Cearbhaill found a remote execution bug in Ubuntu's Apport crash reporter that can infect a system with malicious code.
O'Cearbhaill wrote on his blog, "The bug allows for reliable code injection when a user simply opens a malicious file. The following video demonstrates the exploit opening the Gnome calculator. The executed payload also replaces the exploit file with a decoy zip file to cover its tracks."
O'Cearbhaill reports that Ubuntu will open any unknown file with apport-gtk if it begins with ProblemType . What makes things worse is that Apport is installed by default on all Ubuntu systems after 12.10, which also includes forks like Linux Mint.
If you are using any Ubuntu-based distribution, you are vulnerable. The hole has been patched, but it does expose one major problem with Linux: Often such bugs hide for years and even decades, and security experts often lack incentives for finding them. Unlike Google, which rewards such discoveries, Linux vendors often depend on the community.
Commercial Linux distributions like Ubuntu should start a reward program to encourage security researchers to find such bugs. Without enough eyes, all bugs are deep.
If you are using any Ubuntu-based distribution, please update your system immediately.
More Online
Linux Magazine
Off the Beat * Bruce Byfield
LibreOffice MUFFIN risks being half-baked
On December 21, The Document Foundation announced that LibreOffice 5.3 would include MUFFIN (My User Friendly & Flexible INterface).
How Signal does security right
A couple of weeks ago, I was writing about Echo Whisper Systems' Signal, which encrypts voice and text messages for Android and iOS phones.
Taking a stand for ethical tech
Several weeks ago, I discussed taking a stand against unethical parts of your work.
Paw Prints * Jon "maddog" Hall
LPIC OT DevOPs Engineer -- Request for help in the Job Task Analysis
Some of my readers may know that I am the Chair for the Board of Directors of the Linux Professional Institute (LPI).
ADMIN HPC
http://hpc.admin-magazine.com/
Modern Fortran -- Part 2 * Jeff Layton
Fortran 90 catapulted Fortran from a perceived "old" language to a modern language on equal footing with any other.
ADMIN Online
http://www.admin-magazine.com/
Hyper-V containers with Windows Server 2016 * Nils Kaczenski
The release of Windows Server 2016 also heralds a new version of Hyper-V, with improved cloud security, flexible virtual hardware, rolling upgrades of Hyper-V clusters, and production checkpoints.
A script for strict packet filter updates * Matthias Wubbeling
Automatically create restrictive rules in Linux iptables packet filters.
Writing SELinux modules * Thorsten Scherf
Much has happened in the field of SELinux in the last few years, including the development of new usability features.
Setting up Windows clients with Chef * Tam Hanna
Chef administrators unafraid of a learning curve can employ a powerful tool for Windows client management.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.