Novosti o sigurnosti, propustima i zanimljivostima

A sada nešto potpuno drugačije: https://www.gnu.org/proprietary/malware-apple.en.html

apple je malware

https://securityaffairs.co/wordpress/76 ... lware.html

xbash bot/malware/criptominer radi na penđerima i ljinuxu. Ajmo, navali narode dok ima:)

Googleov Jann Horn, član prjekta Zero, koji je otkrio Meltdown i Spectre, nedavno je otkrio rupu u Linux kernelu kako preuzeti root ovlasti, CVE-2018-17182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182. Torvalds je to zakrpao već dan poslije. Međutim, Debian i Ubuntu odugovlače. Canonical kaže da će 1.10. Horn kritizira da je to predugo, te nakon što zakrpa postane javna da i loši momci mogu to iskoristiti do vremena kad ga distribucije implementiraju.

https://www.zdnet.com/article/google-pr ... s-at-risk/

50 milijuna izloženo facebook exploitu koji je u međuvremenu patchiran: https://www.wired.com/story/facebook-se ... -accounts/

Debian CVE za mariadb server: https://www.debian.org/security/2018/dsa-4341

https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/
https://mariadb.com/kb/en/mariadb/maria ... ase-notes/

Stanko Cerin je na par grupa po fejsari napravio otvoren poziv pa prenosim ovdje:

Ako imate ideju za razvoj inovativnog INFOSEC proizvoda ili usluge, mi imamo odmah zainteresirane investitore.

https://www.theinquirer.net/inquirer/ne ... iXvalN3j48

Linux virus koji uđe na sustav i rudari kriptovalutu monero.

https://www.theinquirer.net/inquirer/news/3066979/this-linux-virus-is-a-total-jerk-even-by-malware-standards?fbclid=IwAR2SNVMqs1bwj7zFC16FjnpfdsMeD_HfaKv0VL21teVKPAGgjiXvalN3j48

Linux virus koji uđe na sustav i rudari kriptovalutu monero.

Molim lijepo, nije virus nego malware skripta. I ne "uđe u sustav" ništa lakše nego moja baba.

Nemoj nasjedati na te poluinformacije, evo ti pravi članak o tom "malware-u":
https://www.itwire.com/security/85406-l ... h-ssh.html
ukratko citat čovjeka odgovornog za pronalaženje (ili možda i pisanje - tko zna) te malware skripte:

Asked about how the malware could gain access to systems, Vurasko responded, "In the first place it works like this: somebody searches for servers with [the] SSH port open; he is trying to brute [force] servers he found; if the brute force attack was successful, he connects to the compromised server using brute-forced credentials and starts the malware."

Znači, brute force lutrija da dobiješ root, ništa ovdje za vidjeti - idemo dalje.

https://www.theinquirer.net/inquirer/news/3066979/this-linux-virus-is-a-total-jerk-even-by-malware-standards?fbclid=IwAR2SNVMqs1bwj7zFC16FjnpfdsMeD_HfaKv0VL21teVKPAGgjiXvalN3j48

Linux virus koji uđe na sustav i rudari kriptovalutu monero.

Molim lijepo, nije virus nego malware skripta. I ne "uđe u sustav" ništa lakše nego moja baba.

Nemoj nasjedati na te poluinformacije, evo ti pravi članak o tom "malware-u":
https://www.itwire.com/security/85406-l ... h-ssh.html
ukratko citat čovjeka odgovornog za pronalaženje (ili možda i pisanje - tko zna) te malware skripte:

Asked about how the malware could gain access to systems, Vurasko responded, "In the first place it works like this: somebody searches for servers with [the] SSH port open; he is trying to brute [force] servers he found; if the brute force attack was successful, he connects to the compromised server using brute-forced credentials and starts the malware."

Znači, brute force lutrija da dobiješ root, ništa ovdje za vidjeti - idemo dalje.

Drago mi je da se topic prati

Drago mi je da se topic prati

Je, Velika Sestra sve vidi!