Security News

Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk.

Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said in a report published last week.

A report looking into the security of the Linux kernel's release signing process has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to use of static keys for SSH access. The most severe issue noted, though only rated as a medium on a scale from informational at the bottom to high at the top, was that developers who are able to commit code directly to the Linux kernel repositories were not mandated to use hardware security keys - making any breach of their personal systems, as in the 2011 attack, considerably more serious.

" Ukrainian cops bring out the BFG and cut open some doors. A repeated request for destructive Linux code enters its 15th year.

Linux marketplaces that are based on the Pling platform are impacted by a cross-site scripting vulnerability and potentially exposed to supply chain attacks, according to German cybersecurity consultancy Positive Security. Positive Security co-founder Fabian Bräunlein discovered that all Pling-based marketplaces are impacted by a wormable XSS that potentially opens the door for supply chain attacks.

An unpatched stored cross-site-scripting security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. To boot, the PlingStore application is affected by an unpatched remote code-execution vulnerability, which researchers said can be triggered from any website while the app is running - allowing for drive-by attacks.

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution. The vulnerability stems from the manner the store's product listings page parses HTML or embedded media fields, thereby potentially allowing an attacker to inject malicious JavaScript code that could result in arbitrary code execution.

The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some. "Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."

Kernel.org Subject: PC speaker Date: Mon, 14 Jun 2021 23:32:32 -0400 Is it possible to write a kernel module which, when loaded, will blow the PC speaker? The idea was raised about seeing if there was a way to blow the PC speaker by loading a kernel module.

This week, Microsoft's Linux package repositories suffered an hours-long outage, followed by performance issues spanning over a day. Microsoft engineers have acknowledged the issue and are working towards a resolution.