Latest security news

zabadabadoo · 18 June 2021 09:22

Polkit vulnerability. Ubuntu 20.04 but not Ubuntu 18.04 according to this:

@AZorin any comment re Z15, Z16 being vulnerable?

AZorin · 18 June 2021 11:19

Zorin OS 15 is not vulnerable as the code in question is not present in its version of polkit.

The issue has been fixed in Zorin OS 16 with version 0.105-26ubuntu1.1 of the polkit package, which was created on 26 May (a week before the vulnerability was publicly announced). Simply install the latest updates in the Software Updater to stay safe.

zabadabadoo · 30 June 2021 12:35

Just seen this reported on another forum:

Aravisian · 30 June 2021 18:47

I wonder if this news is related to these issues?:

swarfendor437 · 15 November 2021 22:09

In case you missed this (I did) - Audacity is now spyware:

https://www.youtube.com/watch?v=2yFpU2rSGGM

Alternatives:

Aravisian · 15 November 2021 22:19

Agreed. In fact...

swarfendor437 · 15 November 2021 22:24

Well guess I missed your post with not being around for a bit. Just checked my Feren OS install and still on 2.2 so good for now in that regard.

zabadabadoo · 11 December 2021 17:45

carmar · 22 January 2022 05:48

Changed from General to Tutorial.

swarfendor437 · 17 December 2022 18:54

Excellent Tutorial on desktop security.

swarfendor437 · 13 January 2023 22:29

Latest Linux Security News:

rolltide101x · 17 June 2023 16:53

swarfendor437 · 18 June 2023 13:41

SuSE Linux has issued multiple fixes for this issue in 2022:

https://linuxsecurity.com/search?searchword=IO-u r i n g &searchphrase=all

Latest Linux Malware News:

https://linuxsecurity.com/features/must-read-articles/linux-malware-the-truth-about-this-growing-threat-updated

And cross platform weak vectors where Java is running, primarily in Browsers:

https://linuxsecurity.com/news/security-vulnerabilities/openjdk-dos-info-disclosure-vulns-fixed

Ice Cat browser refuses web pages with Java and Stallman urges users to complain to owners of websites to remove Java code.

Chinese Hack attacks:

https://linuxsecurity.com/news/cryptography/chinese-hackers-use-dns-over-https-for-linux-malware-communication

And fake security researchers using stolen ID:

https://linuxsecurity.com/news/hackscracks/fake-zero-day-poc-exploits-on-github-push-windows-linux-malware

Note stupid censorship not allowing "u r i n g" remove spaces when in browser.

swarfendor437 · 19 June 2023 07:47

Tools for checking exploit vulnerabilities of the Linux kernel:

Aravisian · 10 August 2023 09:18

Crosslink:

Reference 10 Aug 23:

Intel Response:

Aravisian · 10 August 2023 15:09

Oh, I wouldn't go that far...

"Zenception":

Interestingly, I notice today that the link I posted yesterday is down. Apparently hackread has been ummm... cough...
hacked...

zabadabadoo · 10 August 2023 15:38

Link is still working here. Maybe they put another 5cents in the meter.

4box · 10 August 2023 17:26

**[Q] Is there any mitigation for Downfall?**

[A] Intel is releasing a microcode update which blocks transient results of gather instructions and prevent attacker code from observing speculative data from *Gather*.

I'd never heard of a "microcode update", some info if anyone's interested.

These Intel updates: will they work on Zorin, or if things like Secure Boot / UEFI are disabled?

Aravisian · 10 August 2023 17:54

Yes. These are not related to Secure Boot.
The microcode and firmware deal with the hardware (motherboard) Operating System, not Windows or Linux operating system.

4box · 10 August 2023 18:13

I ask because, often, the update to fix firmware issues comes as a Windows .exe file only. Not sure what we could do if that's the case here.