|
Source: NY Times - Posted by Dave Wreski
|
Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.
The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks. |
|
|
Source: Google Security Blog - Posted by Dave Wreski
|
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance. |
|
|
Source: The Register UK - Posted by Anthony Pell
|
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. |
|
|
Source: Wired - Posted by Alex
|
Cryptojacking, which exploded in popularity this fall, has an ostensibly worthy goal: Use an untapped resource to create an alternative revenue stream for games or media sites, and reduce reliance on ads. |
|
|
Source: Ctrl Blog - Posted by Dave Wreski
|
Thanks to Daniel Aleksandersen for sending this in. “One of Fedora’s differentiating features compared to other Linux distributions is its well-maintained and low-friction default SELinux policy set. The two virtual private server (VPS) hosting providers Linode and Vultr have been offering server instances of Fedora Server with Security-Enhanced Linux (SELinux) enforcement disabled by default." |
|
|
Source: python sweetness - Posted by Dave Wreski
|
|
Thanks to Daniel Aleksandersen for sending this in. "tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. |
|
|
Source: LinuxSecurity Contributors - Posted by Anthony Pell
|
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. |
|
|
Source: Computer Weekly - Posted by Alex
|
Ransomware targeting cloud services is one of the six biggest cyber threats likely to face organisations in 2018, according to the Massachusetts Institute of Technology |
|
|
Source: Hacker News - Posted by Anthony Pell
|
A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. |
|
|
Source: SDX Central - Posted by Alex
|
Once upon a time, standards were our friends. They provided industry-accepted blueprints for building homogeneous infrastructures that were reliably interoperable. Company A could confidently build an application and — because of standards — know that it would perform as expected on infrastructure run by Company B. |
|
|
Source: LinuxSecurity Contributors - Posted by Anthony Pell
|
|
Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. |
|
|
Source: Nautilus - Posted by Alex
|
|
Justin Trudeau, the Canadian prime minister, certainly raised the profile of quantum computing a few notches last year, when he gamely—if vaguely1—described it for a press conference. But we’ve heard a lot about quantum computers in the past few years, as Google, I.B.M., and N.A.S.A., as well as many, many universities, have all been working on, or putting money into, quantum computers for various ends. |
|
|
Source: Secplicity - Posted by Anthony Pell
|
|
With IoT botnets added to their roadmap, the hackers are now looking to supercharge it by exploiting Linux. Many IoT devices use inexpensive embedded Linux systems, which are notorious for having insecure defaults. By creating just a little malware code, these hackers think they can double their botnet power. |
|
|
Posted by Alex
|
|
A key feature of the new LinuxONE Emperor II, IBM Secure Service Container is an exclusive LinuxONE technology that represents a significant leap forward in data privacy and security capabilities. Last year, more than four billion data records were lost or stolen, a 556 percent increase over 2015 1. |
|
