#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Linux News | Breaking Cybersecurity News | The Hacker News

BackTrack 5 R2 Released, New Kernel, New Tools

BackTrack 5 R2 Released, New Kernel, New Tools

Mar 01, 2012
BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and Installing VMware P
Ascend D quad : World's fastest Android by Huawei

Ascend D quad : World's fastest Android by Huawei

Feb 27, 2012
Ascend D quad : World's fastest Android by Huawei Huawei has introduced what it calls the world's fastest quad-core smartphone, the Huawei Ascend D quad. Powered by Huawei's K3V2 quad-core 1.2GHz/1.5GHz processor the beast comes with Android 4.0. In an aggressive presentation at the Mobile World Congress Show in Barcelona, Huawei repeatedly compared its new product to Samsung's Galaxy Nexus and Apple's latest iPhone. Huawei also unveiled the Ascend D quad XL and Ascend D1. Both devices include 32-bit true color graphic processors, an 8-megapixel rear-facing camera with 1080p full HD video capture and a 1.3-megapixel front-facing camera with 720p video capture. The phone also has Dolby 5.1 Surround Sound and Audience earSmart voice technology and an 8-megapixel BSI rear-facing camera, 1.3 megapixel front-facing camera, and 1080p full HD video-capture and playback capabilities. Ascend D Quad is much faster, too- 20 percent to 30 percent faster, in fact, than one running
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Android.Bmaster Exploits root access to connect to Botnet

Android.Bmaster Exploits root access to connect to Botnet

Feb 10, 2012
Android.Bmaster Exploits root access to connect to Botnet A new piece of Android malware named Android.Bmaster , first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog . This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The malware, mostly found on Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread.  RootSmart is designed to escape detection by being named " com.google.android.smart, " which the same name as a settings app included by default with Android operating systems. Mullaney explained that once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated." The malware posts some user and phone-specific data to t
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Glances v1.3.7 released - System monitoring tool for Linux

Glances v1.3.7 released - System monitoring tool for Linux

Feb 02, 2012
Glances v1.3.7 released - System monitoring tool for Linux Glances is a system monitoring tool for GNU/Linux distributions. It grabs information from your system and display its in a CLI curses screen.Glances can monitor CPU, average load, memory, network interface, disk IO, file system space and processes. When a alert is detected, stat is automatically colored and the processes list sorted by CPU or memory.The latest version (1.3.7) displays a log history in the bottom of the screen with the latests alerts. Glances use a standard GNU style installer: $ tar zxvf glances-1.3.7.tar.gz $ cd glances-1.3.7 $ ./configure $ make $ sudo make install Get More info from  Documentation  and  Official site . Download Glances v1.3.7 from Here .
Microsoft Windows 8 with Resilient File System (ReFS)

Microsoft Windows 8 with Resilient File System (ReFS)

Jan 19, 2012
Microsoft Windows 8 with Resilient File System (ReFS) Microsoft is switching to the Resilient File System for Windows 8, but only the server edition will support the new and more robust file system. While Windows 8 client machines will continue to use the NTFS filesystem. ReFS is meant to maintain compatibility with the most frequently-used features of NTFS, including Bitlocker encryption compatibility, Access Control Lists (ACLs) to control permissions, change notifications, symbolic links, and others, while shedding legacy features and picking up new ones to make it more useful and versatile on today's drives. Also, in its current state ReFS cannot be used for removable media, or for any partition used to boot Windows – it is purely a file system solution for data storage right now. Windows 8 clients will be able to access and read ReFS partitions from launch though. According to a blog post from the Windows engineering team, the key goals of ReFS are: 'a high degree' of c
Fake Angry Birds Game spreading Malware from Android Market

Fake Angry Birds Game spreading Malware from Android Market

Jan 16, 2012
Fake Angry Birds Game  spreading Malware from Android Market From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner's permissions and access private data stored on their smartphone. Avast Blog explain this as - For example, if someone tried to look for "Cut the rope free", this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused.  The fake apps include "Cut the Rope", "Need for Speed", "Assassins Creed", "Where's My Water? ","Riptide GP", "Great Little War Game", "World of Goo", "Angry Bir
Security Enhanced (SE) Android Released by National Security Agency (NSA)

Security Enhanced (SE) Android Released by National Security Agency (NSA)

Jan 14, 2012
Security Enhanced (SE) Android Released by National Security Agency (NSA) The National Security Agency (NSA) releases the first version of Android Security Enhanced . The system is designed to minimize the impact of security holes on Android . SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.  How can SELinux help Android? Confine privileged daemons. Protect them from misuse. Limit the damage that can be done via them. Sandbox and isolate apps. Strongly separate apps from each other and from the system. Prevent privilege escalation by apps. Provide centralized, analyzable policy. Distinctive features SE Android: Per-file security labeling support for yaffs2, Filesystem images (yaffs2 and ext4) labeled at build time, Kernel permission checks controlling B
From the In-Security Land to Security in the Cloud

From the In-Security Land to Security in the Cloud

Jan 04, 2012
From the In-Security Land to Security in the Cloud " This article aims to share with you some thoughts and concepts associated with Cloud Computing and the risks involved for those who want to venture into the benefits it offers " --  Mariano M. RĂ­o " From the In-Security Land to Security in the Cloud " will try to reflect how true it is that the cloud is dangerous or more dangerous than "land" and in turn how much of what is required to the cloud is rarely seen implemented on the ground. When companies begin their assessment to go to the cloud, the first comments are generally related to the "dangers" associated with privacy and confidentiality of information, the availability of services and other issues that represent the cloud as an undesirable place to visit. This turns out to be real, but as real as could be the situation of exposure of the information in an organization that does not have security program information or at least care with
Android mobile internet tethering become undetectable by carriers

Android mobile internet tethering become undetectable by carriers

Jan 03, 2012
Android mobile internet tethering become undetectable by carriers When the idea that your smartphone's data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now. What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it's completely (nearly) undetectable by carriers. " Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop. " Koushik Dutta said. " I am
GateOne Beta - Terminal emulator for HTML5 web browsers

GateOne Beta - Terminal emulator for HTML5 web browsers

Oct 14, 2011
GateOne Beta - Terminal emulator for HTML5 web browsers The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also supports HTTP over SSL (https) secure connections from the browser to the server and authentication technologies such as Kerberos. It has its own internal plug-in system (plug-ins can be written in Python, JavaScript and CSS); currently available plug-ins for Gate One include SSH client connections, session recording and playback, and a bookmark manager for storing terminal sessions. Top features: * No browser plugins required! * Supports multiple simultaneous terminal sessions. As many as your hardware can handle. * Users can re-connect to their running terminals whenever they like from anywhere. * Can be embedded into other applications. Add a terminal--running whatever application(s)
Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed

Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed

Sep 30, 2011
Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed Major security flaw found in AT&T's upcoming Samsung Galaxy S II device. Guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed. All you have to do : Wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data. AT&T's Version of Samsung Galaxy S II is confirmed to have this security flaw, but the Sprint version or other does not suffer from this. Even I just check my own Samsung Galaxy S II (Indian Version), Yeah - ITS SAFE :) Video Demonstration [ Source ]
Linux.com down again due to Security Breach

Linux.com down again due to Security Breach

Sep 16, 2011
Linux.com down again due to Security Breach Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack. Regarding coming back online , Linux.com says " Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way. " The added " We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and wil
Suggested The Linux 3.1 Kernel logo

Suggested The Linux 3.1 Kernel logo

Sep 11, 2011
Suggested The Linux 3.1 Kernel logo This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread . To mark the upcoming release of the Linux 3.1 kernel IBM's Darrick Wong has proposed changing the familiar solo-Tux logo to something more, well, befitting of the version number. This proposed logo for the Linux 3.1 kernel isn't to raise awareness for any animals or other causes. but to poke fun at Microsoft Windows 3.1. Darrick Wong of IBM has proposed replacing the Tux logo in the Linux 3.1 kernel with a new logo that makes mockery of Microsoft's Windows 3.1 operating system that began selling 19 years ago.
Kernel.org Server Rooted and 448 users credentials compromised

Kernel.org Server Rooted and 448 users credentials compromised

Aug 31, 2011
Kernel.org Server Rooted and 448 users credentials compromised The main kernel.org page is currently carrying a notice that the site has suffered a security breach. " Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. " As the update mentions, there's little to be gained by tampering with the git repositories there anyway. The infection occurred no later than August 12 and wasn't detected for another 17 days. The systems were infected by an off-the-shelf, a self-injecting rootkit known as Phalanx that has attacked sensitive Linux systems before. What happened? Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they man
Linux Kernel 3.1 RC2 Released

Linux Kernel 3.1 RC2 Released

Aug 15, 2011
Linux Kernel 3.1 RC2 Released Linus Torvalds has announced the release of Linux kernel 3.1 rc2. There isn't too much to see and Linus notes that this is a fairly calm release for coming just one week after the close of the Linux 3.1 kernel merge window.  As LKML is down at the moment, below is the 3.1-rc2 release announcement from Linus: Hey, nice calm first week after the merge window. Good job. Or maybe people are just being lazy, and everybody is on vacation. Whatever. Don't tell me. I'm reasonably happy, I want to stay that way. That said, I would be happy if it calmed down further. 300+ commits for -rc2 is good, but please make me even happier for -rc3 by ONLY sending me real fixes. Think of it as "fairly late in the -rc series", because I really want to compensate for the merge window being fairly chaotic. Linus
Emperor Hacking Team : iM4n account exposed

Emperor Hacking Team : iM4n account exposed

Aug 12, 2011
Emperor Hacking Team : iM4n account exposed Just a few days back, the Backbox Linux distribution based website got hacked by the Emperor Hacking Team. A few hours later, Backbox maintainers managed to reconstruct the attack step by step and found infos that proved "iM4n" as the attacker. He owns an account on www.server4you.de, a webhosting company specialized in virtually dedicated servers. His account has been hacked. Brief technical report:  https://raffaele.backbox.org/content/im4n-account-exposed Backbox Team : " Backbox is just a Linux distribution. Such an attack was absolutely unexpected. The 'dreaded' eMP3R0r_TEAM turned out to be a group of iranian activists who carry out random attacks on potential vulnerable websites by targeting mostly European ones. During our investigation and analysis we were able to obtain complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity.
BlackBuntu V0.3 Released

BlackBuntu V0.3 Released

Aug 05, 2011
BlackBuntu V0.3 Released For Blackbuntu 0.3 we are supporting both x86 and x86_64 architectures.Security and Penetration Testing tools available in Blackbuntu : Information Gathering Network Mapping Vulnerability Identification Penetration Privilege Escalation Maintaining Access Radio Network Analysis VoIP Analysis Digital Forensic Reverse Engineering Miscellanious You can download the Blackbuntu Community Edition 0.3 ISO DVD with the following link: ISO Image(Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent VMWARE (Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent Virtual Box Image(Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent
Red Hat Enterprise Linux 5.7 Released

Red Hat Enterprise Linux 5.7 Released

Jul 25, 2011
Red Hat Enterprise Linux 5.7 Released Red Hat has updated Enterprise Linux 5.7, which now includes several features from Red Hat Enterprise Linux 6. The operating system processors supports deployments on Intel, AMD, POWER and IBM System z architectures. Highlights of Red Hat Enterprise Linux 5.7 include: Hardware enablement Support for new hardware from Red Hat partners encompassing processors, chipsets and new drivers for storage, networking, and graphics allows Red Hat Enterprise Linux 5 deployments to benefit from new hardware platforms delivered in 2011, including Intel, AMD, POWER and IBM System z. Virtualization improvements Several virtualization enhancements in Red Hat Enterprise Linux 5.7 include improved migration performance for KVM, as well as several performance and scalability improvements for the Xen hypervisor. SCAP support OpenSCAP introduces support for the Security Content Automation Protocol, including a library and set of utilities, giving a stan
VirtualBox 4.1 Final for Linux Released

VirtualBox 4.1 Final for Linux Released

Jul 25, 2011
VirtualBox 4.1 Final for Linux Released VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. This version is a major update. The following major new features were added: Support for cloning of VMs (bug #5853, see the manual for more information): full clones can be created through the GUI and VBoxManage, linked clones only through VBoxManage GUI: enhanced wizard for creating new virtual disks GUI: new wizard for copying virtual disks GUI: keep the aspect ratio in scale mode (Windows and OSX hosts only; bug #7822) VMM: raised the memory limit for 64-bit hosts to 1TB Experimental support for PCI passthrough for Linux hosts, see the manual for more information Windows guests: Experimental WDDM graphics driver, supporting Windows Aero (bug #4607) and providing Direct3D support using a cleaner approach (no need to install the guest drivers in Safe Mode anymore) Guest Additions: status of modules and features can now be
NetSecL Linux 3.2 released with new XFCE

NetSecL Linux 3.2 released with new XFCE

Jul 18, 2011
NetSecL Linux 3.2 released with new XFCE NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible. GrSecurity kernel is updated to 2.6.32.8 please check installation instructions if you wish to use GrSecurity. Features : - Ext4 issue with GrSecurity is resolved - booting in VM with new GrSecurity resolved - New Metasploit - Firefox 5 - Updated Exploit-db repository - GrSecurity Kernel – locked from zypper – you can update the whole system without worrying - Snort-inline reintegrated (get snort rules and change them to drop – if you use the advanced firewall) - Size of the ISO smaller with 200 MB this allowed us to have a sub project NetSecL Toolset a minimal VM with console, webshell and all pentesting tools! Minimal System Requirements for running the live DVD: 512 MB of RAM Minimal System Requiremen
Cybersecurity Resources