openSUSE Leap 15.0 Reached End of Life
news.softpedia.com/news/opensu
The openSUSE Leap 15.0 operating system release has reached end of life on November 30th, 2019, which was the last day when it received software updates and security patches.

Intel chip security flaws remain, say security researchers, despite claims
9to5mac.com/2019/11/13/intel-c
Intel chip security flaws that affect all Macs, as well as Windows and Linux machines, still exist, say security researchers – despite the chipmaker’s claims to have fixed them. Similar flaws were found and patched in ARM processors, but there is no suggestion at this stage that further issues remain in these.

Unencrypted SMS database found online, exposing millions of US text messages
betanews.com/2019/12/02/truedi
A huge database of text messages and user data has been discovered online, completely unprotected and free for anyone to browse.

Found by researchers from vpnMentor, the database belongs to US communications company, TrueDialog. Among the exposed data are not only tens of millions of SMS messages, but also private information including usernames and passwords.

Linux Mint 19.3 'Tricia' BETA is mere days away!
betanews.com/2019/12/01/linux-
Back in October, we told you the Linux Mint developers were hoping to have version 19.3 released by Christmas 2019. Well, I have some good news regarding that -- Linux Mint 19.3 "Tricia" it is still on schedule for a release by December 25! Yes, Linux Mint fans, you will likely be treated to something much better than any gift wrapped under your tree-- a new version of the OS you love.

End of life of Fedora 29
It is on this Tuesday November 26, 2019 that Fedora 29 has been declared as end of life.
A month after the release of a version of Fedora n, here Fedora 31, version n-2 (so Fedora 29) is declared as end of life.

Indeed, the end of life of a version means that it will not have any more updates and no more bug will be corrected. For security issues, with unaddressed vulnerabilities, Fedora 29 and earlier users are strongly advised to upgrade to Fedora 31 or 30.

New Roboto botnet emerges targeting Linux servers running Webmin
zdnet.com/article/new-roboto-b
A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto.

Securing emerging technology (IoT) at home
infosec-handbook.eu/blog/ecsm2
IoT devices are everywhere nowadays. The most important task is to become aware of IT in your home network. Many people don’t realize that the live feed of their IP camera is publicly accessible. Others don’t know that their smart vacuum cleaner constantly uploads the indoor layout of their homes to the internet, or that their smart locks can be easily unlocked within seconds.

Windows 10 fake update is nasty ransomware
tomsguide.com/news/do-not-open
A new malware campaign is under way: emails sent from a fake Microsoft address are pushing people to download a malicious Windows 10 “critical update”. Beware!

yo_man boosted

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable
arstechnica.com/information-te
Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server—without any permissions to do so. Camera apps from other manufacturers may still be susceptible.

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable
arstechnica.com/information-te
Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server—without any permissions to do so. Camera apps from other manufacturers may still be susceptible.

US student was allegedly building a custom Gentoo Linux distro for ISIS
zdnet.com/article/us-student-w
US authorities have arrested and charged a 20-year-old student from Chicago with providing material support to ISIS.

According to court documents, the teen allegedly created a Python script to automate saving ISIS multimedia from official social media channels, so other members could re-post it on their own accounts, and help spread the terrorist group's propaganda.

Linux, Windows Users Targeted With New ACBackdoor Malware
bleepingcomputer.com/news/secu
Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.
The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
bleepingcomputer.com/news/secu
A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry due to the extension appended to encrypted files and that it targets clients of the NextCloud file sync and share service.

The malware targets Nextcloud instances and for the time being there is no free decryption tool available for victims.

Confirmed! Microsoft Edge Will be Available on Linux
itsfoss.com/microsoft-edge-lin
Microsoft is overhauling its Edge web browser and it will be based on the open source Chromium browser. Microsoft is also bringing the new Edge browser to desktop Linux however the Linux release might be a bit delayed.

ANDROID SECURITY FLAW: MORE THAN 1BN PHONES COULD BE HACKED WITH SINGLE TEXT MESSAGE
independent.co.uk/life-style/g
A major security flaw with Android mobile operating system has left over a billion Samsung, Huawei, LG and Sony smartphones vulnerable to cyber attacks.

Faile de sécurité +1Millards de Smartphones Android global-informatique-securite.c
Une faille majeure de sécurité avec le système d'exploitation mobile Android a laissé plus d'un milliard de smartphones Samsung, Huawei, LG et Sony vulnérables aux cyber-attaques.

LastPass Bugué... Faites votre mise à jour global-informatique-securite.c
Le gestionnaire de mots de passe, LastPass, a publié une mise à jour la semaine dernière pour corriger un bogue de sécurité qui expose les informations d'identification entrées sur un site précédemment visité.

Manjaro passe à l'étape suivante
Depuis un certain temps, Philip Muller étudie les moyens de sécuriser le projet dans sa forme actuelle et de permettre des activités qui ne peuvent pas être entreprises en tant que "projet de loisir" et, avec le reste de l'équipe, un plan d'action. a été créé.
global-informatique-securite.c

Apple accidentally reopens security flaw in latest iOS version
theguardian.com/technology/201
Apple users are being warned to exercise particular caution over their cybersecurity for the next few days, after the company mistakenly reopened a security flaw in the latest version of iOS.

1.5% of Chrome users’ passwords are known to be compromised, according to Google
digitaltrends.com/computing/go
1.5% of passwords used in Chrome are unsafe and have been released in data breaches, according to new information from Google.
In February, a new feature was introduced to the Google Chrome browser which checks whether users’ passwords are secure.

Show more
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.