Hírolvasó

Egy kínai kártékony aktornak tulajdonított adathalászkampány 2022 decembere óta az Egyesült Királyság, Franciaország, Svédország, Ukrajna, Csehország, Magyarország és Szlovákia nagykövetségeit és külügyminisztériumait veszi célba. A biztonsági kutatók „SmugX” névre keresztelték a kampányt.

The post Magyarországot is célpontba vette a SmugX kampány first appeared on Nemzeti Kibervédelmi Intézet.

A népszerű Super Mario 3: Mario Forever Windows-játék trójai telepítője több rosszindulatú malware-rel fertőzte meg a gyanútlan játékosok számítógépét.

The post Super Mario játékkal terjed egy új Windows malware first appeared on Nemzeti Kibervédelmi Intézet.

Joe "Zonker" Brockmeier has been a part of the Linux community for decades; he is now using that experience to write a series on "Red Hat and the Clone Wars". The first two episodes were Red Hat and the Clone Wars and A history of the early 2000s Linux landscape; the latest is The dawn of CentOS:

In 2009, the main project admin for CentOS went radio silent. CentOS had been spun up in the wild west days of the Internet, when it seemed totally fine to let one person hold the domain, communications channels, and funds. Oops.

Folks depending on CentOS suddenly had a Come to Jesus moment. What happens if your production systems depend on a project where the main admin is AWOL and you have no plan for that?

Version 115 of the Firefox browser has been released. New features include support for hardware video decoding on Intel GPUs on Linux and a new "close" option on the tab-manager dropdown. This release is also the end of the line for Windows 7 and 8 support, and for macOS 10.12, 10.13, and 10.14 support as well.

Chuck Lever led a filesystem session at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit on the Linux NFS server, which is also known as NFSD. He wanted to talk about converting the network filesystem to use iomap; that kind of conversion was the topic of the previous session at the summit. Beyond that, he wanted to discuss using folios, which has been a frequent topic at recent LSFMM+BPF gatherings, including this year.

Security updates have been issued by Debian (ghostscript), Fedora (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), SUSE (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and Ubuntu (imagemagick, openldap, php7.4, php8.1, and screen).

Kiberbiztonsági szakemberek egy új, “Snappy” nevű tool-t adtak ki, amely segítségével felismerhetővé válnak a hamis Wi-Fi hozzáférési pontok. A fenyegetetési szereplők szupermarketekben, kávézókban, bevásárlóközpontokban és egyéb közösségi helyeken hamis, azonban valódinak látszó Wi-Fi hozzáférési pontokat hozhatnak létre. Ennek célja, hogy a gyanútlan felhasználókat rávegyék, hogy csatlakozzanak ezekhez a hamis hozzáférési ponthoz, mely eredményeképp a támadók […]

The post Snappy: egy eszköz a hamis Wi-Fi hozzáférési pontok észleléséhez first appeared on Nemzeti Kibervédelmi Intézet.

A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current.

In a message to the tech@ mailing list on July 4th, 2023, David Gwynne (dlg@) presented a diff that adds a new virtual network interface dubbed sec(4). The message reads,

Subject: sec(4): route based ipsec vpns From: David Gwynne <david () gwynne ! id ! au> Date: 2023-07-04 5:26:30 tl;dr: this adds sec(4) p2p ip interfaces. Traffic in and out of these interfaces is protected by IPsec security associations (SAs), but there's no flows (security policy database (SPD) entries) associated with these SAs. The policy for using the sec(4) interfaces and their SAs is route-based instead. Longer version: I was going to use "make ipsec great again^W" as the subject line, but thought better of it. The reason I started on this was to better interoperate with "site-to-site" vpns, in particular AWS Site-to-Site VPNs, and the Auto-Discovery VPN (ADVPN) stuff on fortinet fortigate appliances. Both of these negotiate IPsec tunnels that can carry any traffic at the IPsec level, but use BGP and routes to direct traffic into those tunnels.

Read more…

The C language is expressive in many ways, but it still does not have ways to express many of the relationships between fields in a data structure. That gap can be at least partially filled, though, if one is willing to create and use non-standard extensions. The adoption of of those extensions, in the form of the __counted_by() macro, has been merged for the 6.5 kernel release, even though the compiler feature it depends on has not yet been finalized.

Version 5.38.0 of the Perl language is out. "Perl 5.38.0 represents approximately 12 months of development since Perl 5.36.0 and contains approximately 290,000 lines of changes across 1,500 files from 100 authors." Significant changes include a new class feature, Unicode 15.0 support, a new API for hooking into functions, and more; see the 5.38.0 perldelta page for details.

Security updates have been issued by Debian (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), Fedora (chromium, kubernetes, pcs, and webkitgtk), Scientific Linux (open-vm-tools), SUSE (iniparser, keepass, libvirt, prometheus-ha_cluster_exporter, prometheus-sap_host_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (python-reportlab and vim).

A Proton - az elsősorban a biztonságos ProtonMail szolgáltatásáról híres vállalat - ezen a héten jelentette be a nyílt forráskódú jelszókezelőjének, a Proton Passnak a globális bevezetését. A jelszókezelő mostantól bővítményként elérhető a főbb böngészőkhöz (pl. Google Chrome, Firefox, Brave, Edge), valamint ezenkívül az iPhone/iPad és Android felhasználók számára is.

The post Megjelent a Proton Pass, amely több, mint egy egyszerű jelszókezelő first appeared on Nemzeti Kibervédelmi Intézet.

Az Akami kutatói egy új, sérülékeny SSH szerverek ellen irányuló támadási kampányra figyelmeztetnek.

The post Proxyjacking kampány: sérülékeny SSH hozzáférések veszélyben first appeared on Nemzeti Kibervédelmi Intézet.

The 6.4.1, 6.3.11, and 6.1.37 stable kernels have been released; each contains another set of important fixes.

We are pleased to announce the first ever Linux Kernel Debugging Microconference, and we are now accepting proposals and problem statements.

Kernel debugging can be done in many ways with many purpose-built tools, from printk to Crash, Drgn, KDB/KGDB, and more. These tools are built on layers of standards, formats, implicit standards, and undocumented assumptions that make everything tick. When things work well, the tools stay out of your way and help you resolve your bug. But when things don’t work so well, you’re left debugging your debugger.

The Linux Kernel Debugging Microconference aims to bring together the developers and users of these tools to discuss the shared problems we face. We hope to discuss ongoing work that will improve the state of kernel debuggers, as well as new ideas that will require coordinated development across projects. Some possible topics might include:

• Alternative sources of debuginfo beyond DWARF (kallsyms, BTF, etc)
• Problems related to core debugging tools & utilities (`/proc/vmcore`,  `/proc/kcore`, kexec, kdump, makedumpfile, libkdumpfile, and many more).
• Strategies to handle the interpretation of core kernel subsystems across versions (e.g. slab & vfs).
• Core dump formats and ways they can break & be repaired

Topics outside this narrow list are welcomed: we welcome any topic that would improve the debugging experience, or merits the attention of the developers of these tools & kernel subsystems. The best submissions will describe active work or open problems, and they will welcome debate, discussion, and community consensus.

Submissions can be made via the LPC Call for Proposals, by selecting Linux Kernel Debugging MC for your track.

The first days of the 6.5 merge window have been a bit calmer than usual, with "only" 4,000 non-merge changesets having been pulled into the mainline repository. Those changesets include a fair amount of significant work, though. Read on for LWN's summary of the first set of changes merged for the next major kernel release.

The Register reports from Jiří Benc's DevConf.cz talk on the making of the CentOS Stream kernel.

So, what the team are working on is a Frankenstein's monster, sewn together from different codebases. Although the base kernel is still version 5.14, it is full of backports from upstream. It has the XFS filesystem code from kernel 6.0, the USB subsystem – complete with drivers – and BPF subsystem from kernel 6.2, the wireless stack and all drivers from kernel 6.3, and the multipath TCP/IP code from kernel 6.4 – which at the time of the talk hadn't even been released upstream yet.

Security updates have been issued by Debian (docker-registry, flask, systemd, and trafficserver), Fedora (moodle, python-reportlab, suricata, and vim), Red Hat (go-toolset and golang, go-toolset-1.19 and go-toolset-1.19-golang, go-toolset:rhel8, open-vm-tools, python27:2.7, and python3), SUSE (buildah, chromium, gifsicle, libjxl, sqlite3, and xonotic), and Ubuntu (linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19, linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux-starfive-5.19, linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-azure, linux-azure-5.15, linux-azure-5.4, linux-azure-fde-5.15, linux-bluefield, linux-gcp, linux-gcp-5.15, linux-gcp-5.4, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and linux-oem-6.1).

Több olyan GitHub fiókot figyeltek meg, amelyek rosszindulatú repozitóriumokat töltöttek fel és mind egy csaló kiberbiztonsági céghez köthetőek.

The post Hamis Twitter profilokkal és GitHub repozitóriumokkal terjesztenek káros kódokat first appeared on Nemzeti Kibervédelmi Intézet.