linux Archives - TuxCare

New Ransomware hits Chile’s Windows and Linux servers

A ransomware attack that began on Thursday, August 25, involved Windows and Linux systems operated by the Chilean government agency, and the incident was verified by the Chilean computer security and incident response team (CSIRT).

According to Chile CSIRT, the hackers stopped all running virtual machines and encrypted their files while adding the “.crypt” filename extension. The authority explained that the malware has functions for various types of malicious activity, including stealing credentials from web browsers, the list of detachable devices for encryption, and evading antivirus detection by means of execution timeouts.

The ransomware attack is a double extortion attack. The attackers provided the Chilean CSIRT with a communication channel through which they could negotiate the payment of a ransom. This will help prevent the attackers from leaking the files and unlock the encrypted data.

The attackers set a deadline of three days and threatened to sell the stolen data to other cybercriminals on the dark web. While the Chilean CSIRT did not name the group behind the attack, the extension attached to the encrypted files indicated, however, that the malware pointed to ‘RedAlert’ ransomware. RedAlert ransomware used the ‘.encrpt’ extension in attacks that targeted both Windows servers and Linux-VMWare ESXi machines.

In his analysis of the malware, Chilean threat analyst Germán Fernández stated that the strain appears to be entirely new and that the researchers with whom he analyzed the malware could not link it to known families.

“One particular thing about the attack, is that the threat actors distributed the ransom note at a previous stage to the deployment of the ransomware as the final payload, possibly for evasion issues or to avoid having their contact details leaked when sharing the final sample,” Fernández said.

To protect against further attacks, Chile’s cybersecurity organization recommends a number of security measures to all government agencies and large private organizations. These include using a properly configured firewall and antivirus tool, updating VMware and Microsoft assets, securing key data, verifying the configuration of anti-spam filters, implementing network segmentation, and patching and mitigating new vulnerabilities.

The sources for this piece include an article in BleepingComputer.

Cyberattacks Targeting Linux Users Skyrockets

Cybersecurity researchers at Trend Micro have identified a 75% leap year-over-year in the number of ransomware attacks targeting Linux users.

Apart from ransomware groups, there is also a 145% increase in Linux-based cryptocurrency-mining malware attacks. In this case, the attackers secretly exploit the power of infected computers and servers to mine for cryptocurrency for themselves.

Hackers are generally motivated to target industries where they know there is a high possibility of making money. Therefore, encrypting Linux systems could be lucrative judging by how fast attacks targeting Linux servers are increasing.

One of the identified strategies used by cyberattacks to compromise Linux systems is by exploiting unpatched vulnerabilities. The report identified one of the flaws known as Dirty Pipe.

Dirty Pipe is tracked as CVE-2022-0847 and it affects the Linux kernel from version 5.8 and up which attackers can use to escalate their privileges and run code.

To protect systems from cyberattacks, researchers recommend that all security patches be applied as soon as possible. This will prevent attackers from taking advantage of publicly available exploits.

It is also important that organizations apply multi-factor authentication across the ecosystem. MFA will provide an additional layer of defense and prevent ransomware hackers from conducting lateral movement across the network.

“New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision. That’s why it’s essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface,” said Jon Clay, VP of threat intelligence for Trend Micro.

The sources for this piece include an article in ZDNet.

Firefox 105 Offers New Features for Linux Users

Mozilla is promoting the upcoming Firefox 105 with amazing features and the new version is now available to the beta channel for public testing, early adopters, and bleeding edgers.

As part of the new update, Mozilla has used the long-awaited two-finger swipe gesture horizontally on Linux for navigating back and forward on a site without holding down the Alt key.

Firefox 105 will also fix some memory issues that were present in earlier versions of the open source web browsers and were well noticed on low-memory systems.

“Firefox is less likely to run out of memory on Linux and also performs better towards the rest of the system when memory is running low,” Mozilla said.

Firefox 105 offers a new option in the Print Preview dialog, which allows users to print only the current page, and the scripting tool provides web developers with support for defining persistent scripts.

Although Firefox 105 is not yet a major release, it is good to see that Mozilla is already dealing with major issues, with the final release of Firefox 105 scheduled for September 20, 2022.

Users interested in the current better version can test the new Linux changes by downloading the binary for 64-bit systems from the official website or for 32-bit systems from Mozilla’s FTP server.

Mozilla has released software requirements for GNU/Linux, although the company has stated that GNU/Linux distributors can provide packages for user distribution that have different requirements. Firefox will not run at all without the following libraries or packages, including glibc 2.17 or higher, GTK+ 3.14 or higher, libstdc++ 4.81 or higher and x.Org 1.0 or higher (1.7 or higher is recommended).

The sources for this piece include an article in 9TO5LINUX.

Linux Patch Triggers iGPU vs. dGPU Debate

Kai-Heng Feng released a patch on Tuesday that allows users’ laptops to switch their external monitor connections to be routed via a laptop’s discrete GPU rather the integrated GPU.

A Graphics Processing Unit (GPU) is a single-chip processor primarily used to manage and enhance the performance of video and graphics. A GPU is specifically designed to process graphic information such as geometry, color, shading, and textures of an image.

Although Feng’s patch has been criticized by some developers, it is believed that Feng’s patch, which works on mobile workstations such as the HP ZBook G8, can allow external monitor connections to be routed through the discrete GPU rather than through the built-in Intel graphics, ultimately providing space for more monitors to be supported.

Among the biggest critics of Feng’s approach are Lyude Paul of Red Hat and Karol Herbst of Red Hat.

According to Lyude Paul, the HP ZBook and similar notebooks tend to rely on NVIDIA graphics for their dedicated GPU. However, the use of Feng’s Nouveau driver forces external displays to use the Nouveau-powered GPU, which reduces performance due to the current re-clocking limitations.

In his review, Karol Herbst of Red Hat explained that the forced discrete use of GPU for external displays could lead to an increased thermal/power pressure.

Although Feng believes that his approach provides a better experience for users, its use affects the support of the Nouveau driver for booting the clock frequencies. However, his approach could offer significant benefits if it is revised to improve its logic or used as an optional change.

The sources for this piece include an article in PHORONIX.

Linux Distributions That Offers Fast Configuration of Openbox

Openbox is the default window manager in LXDE and LXQt and is used in various Linux distributions. Many consider Openbox to be a free, stackable window manager for the X Window system. Openbox is considered a “lightweight” GUI and its unique design can make its functionality more agile on operating systems such as Linux. Moreover, the speed and design of Openbox allow it to run on older or obsolete devices with slower processors.

Although it can be installed on almost any Linux distribution, it is still very difficult to configure it as it takes a lot of time and effort.

To solve this problem, it is advisable that users use a Linux distribution that offers an Openbox variant.

The leading Linux distributions that enable Openbox include Archcraft, ArcolinuxB Openbox, AV Linux MX Edition, Bunsenlabs Linux, Crunchbangplusplus, Mabox Linux, and Sparky Linux Openbox.

Archcraft offers the feature as the default desktop and it offers a minimal and lightweight environment as it can run under 500 MB without compromising the looks. The UI elements are cohesive, users can change themes and it has built-in support for AUR and Chaotic-AUR.

ArcolinuxB Openbox distro is good for the Linux desktop, especially for those interested in learning Arch (the main theme of the Arcolinux project).

AV Linux MX Edition is based on MX Linux, but with Openbox as Windows Manager. It uses the powerful Liquorix kernel and offers low latency audio, while also supporting Windows audio via wine-staging.

Bunsenlabs Linux is a Debian-based distribution that provides a lightweight and easily customizable Openbox desktop. It is based on Debian 10, which means that users get the older version of apps in Repos.

The sources for this piece include an article in ITFOSS.

Kubuntu Focus NX Mini Linux PC Unveiled With New Features

The Kubuntu Focus team has unveiled the new Kubuntu Focus NX Mini Linux PC, which will expand the Linux hardware offering to more users.

Kubuntu Focus is primarily concerned with the production of Linux PCs.

The unveiled Kubuntu Focus NX has many juicy features, including the fact that it is powered by Intel CPUs of the 11th generation, including the Intel Core i5-1135G7 or Intel Core i7-1165G7 with 4 cores and 8 threads. It has integrated Intel Iris Xe graphics and supports up to four 4K displays.

The price of the product starts at $695 for the base configuration with Intel Core i5-1135G7 processors, 8GB RAM and 250 GB SSD storage.

The Kubuntu Focus NX mini PC features the latest pre-installed Kubuntu 22.04 LTS (jammy jellyfish) operating system which is the latest. The operating system is supported for three years until 2025 and features the long-term supported KDE Plasma 5.24 LTS desktop environment. This desktop operating system can be upgraded to KDE Plasma 5.25 and higher.

Further piquant features are the possibility to customize the PC with up to 64 GB 3200 Mhz dual channel RAM as well as up to 6 TB (2 TB NVMe and 4 TB SSD) storage with optional full disk encryption.

The mini PC has two Thunderbolt 3 / USB-C ports with DisplayPort 1.4, one HDMI 2.0b port, one Mini DisplayPort 1.4 port, three USB-A 3.2 Gen2 ports, one Gigabit LAN RJ45 port, one SDXC card reader and one 2-in-1 audio jack.

“The NX is perfect for developers, creators, and engineers that want or need compatibility with the OS that powers the internet and billion of other devices. We feel its tiny footprint, high performance and the Kubuntu 22.04 LTS OS makes it a great choice for development workstations, office servers and media centers. Thanks to the great part selection, one can easily add an eGPU to run large ML pipelines or turbo-charge rendering performance when needed,” explained Michael Mikowski, General Manager.

The sources for this piece include an article in 9To5Linux.

Linux 6.1 Help Users Identify Faulty CPUs

Linux Kernel 6.1 one of the latest updates to the Linux operating system provides users with a new logging system that will enable them to identify faulty CPUs and their associated cores within a server.

The logging system detects which core, CPU, and socket failed at a given time. However, the logger is far from perfect, as there is a possibility that the kernel gets rescheduled toward another CPU or CPU core, although it can still help identify faulty CPUs or cores.

“This is not perfect, since the task might get rescheduled on another CPU between when the fault hit, and when the message is printed, but in practice, this has been good enough to help people identify several bad CPU cores,” explained Rik van Riel, the author of the change.

Often CPU bugs have the ability to be “oddly specific,” where certain programs or pieces of code only crash the core.

“In a large enough fleet of computers, it is common to have a few bad CPUs. Those can often be identified by seeing that some commonly run kernel code, which runs fine everywhere else, keeps crashing on the same CPU core on one particular bad system. However, the failure mode in CPUs that have gone bad over the years are often oddly specific, and the only bad behavior seen might be segfaulting in programs like bash, Python, or various system daemons that run fine everywhere else,” said Riel.

The logging system will help detect potentially faulty processors and will be in use from Linux 6.1 later this year. It will also complement the new Intel In-Field Scan, MCEs, EDAC reporting and others.

The sources for this piece include an article in Tech Radar.

Steps to Recover Lost and Deleted Data in Linux

Losing files can generally be a painful experience, especially when it comes to a lot of vital information and Linux users are not exempted. Often, when these files are deleted, they cannot be recovered because people do not have the technical know-how to deal with them.

It is however possible to recover files. To recover deleted or lost files, illustration is needed. For example, a file ‘linuxshelltips’ on removable media (/dev/sdb5) on our Linux system at (/media/dnyce/117137A85FFD287C) partition was deleted and needs to be restored.

It is possible to recover deleted files in Linux with TestDisk Data Recovery Tool. Not only is the tool effective in recovering lost data, it can also be used to restore corrupted file systems in a Linux environment.

TestDisk Data Recovery Tool can be installed on major Linux distributions. Once installed, it is important to switch to the root user account and start TestDisk and press [Enter] on the highlighted option that says “Create a new log file.”

Once the action has been taken, users will receive a list of all the hard disk devices present on their systems. They can then navigate to the device from which they want to recover their lost data.

The next action is to use the keyboard arrow keys and navigate to the [Proceed] menu option at the bottom of the drive list.

Although TestDisk tends to highlight the most practical option, users are advised to select the default option for the partition table by pressing [Enter] on the keyboard, then clicking on the [Advanced] option and pressing [Enter] on the keyboard.

After that, users can navigate to the partition option, which displays the [Undelete] option at the bottom of the terminal window, and press [Enter] on their keyboard.

After the action, the deleted linuxshelltips file is restored.

Users who wish to recover more than one file are advised to use the keyboard key [a] to select/deselect them. To copy multiple selected files, it is recommended to use the keyboard key [c].

The sources for this piece include an article in Linuxshelltips.

The Safest Browsers for Linux Users

Security remains a top priority for Linux users worldwide. Apart from security, users are interested in browsers that can guarantee privacy. especially in a world where third-party applications and social media platforms use their data secretly and without consent.

While many users want secure browsers that will keep them safe and prevent their browsers from being tampered with by third parties and cyberattacks, many are unaware of the browsers that can guarantee their security.

Linux is an operating system. An operating system is software that manages all hardware resources connected to a desktop or laptop.

Among the best browsers for Linux users that can offer maximum security are Ungoogled Chromium, GoLogin, Brave, Vivaldi, and Tor.

Ungoogled Chromium is an open source version of Google Chrome that offers Linux users independence from Google’s web services (Google Hotwording, Host Detector, URLs, tracking, Sage Browsing, etc), replaces Google’s web services with open source alternatives, blocks all pop-up windows in all tabs, and removes and replaces with custom alternatives binaries from source codes.

GoLogin is an anti-detect borrower that allows users to use multiple accounts at the same time. It offers a number of advantages, including the separation of customized profiles for each account, control of digital fingerprint, suitable for teamwork, anonymous surfing, installation on an unlimited number of devices, access to the TOR VPN network and free proxies’ inclusion.

Brave Browser provides users with a VPN to change their IP address. It also offers some other benefits, including the end of tracking and invasive advertising on every website visited, separation of incognito windows with private search, blocking cookies and reducing digital fingerprints, protecting users from malware and phishing, the anonymous browsing option on the Internet, and others.

Vivaldi can customize all settings to increase user security. Other advantages include blocking tracking, blocking all add-ons without extensions and plugins, regular updates, a user-friendly interface similar to Chromium, no recording of the user’s personal data by Vivaldi itself, end-to-end encryption for synchronized days, and others.

Tor offers remarkable benefits for all Linux distributions. Tor offers hefty benefits such as torrent prevention, user-friendly anonymous browsing, tracking protection, the ability to change geolocation and avoid censorship, and the ability to access the dark web.

The sources for this piece include an article in LINUXSTANS.

Linux Malware Reach All-Time High In 2022

Although Linux is the most private and secure operating system, according to AtlasVPN, it has seen an increase in malware samples.

The results showed that Linux malware grew exponentially in the first half of 2022, reaching an all-time high after 1.7 million samples were discovered by researchers.

While most malware sampling took place in the first half of 2022, malware samples recorded in the first half of 2022 between January and June 2022 increased by almost 650% from 226,324 to nearly 1.7 million. The trend however continued, albeit at a reduced pace.

The increase in malware samples targeting Linux remains surprising, and it underscores a new trend of attackers focus on Linux. Although a short decline has been recorded, it remains unclear whether more malware samples will target Linux or whether the decline in malware samples will continue.

Researchers found that April had the highest number of malware samples registered, with 400,931. The report found that the huge increase in malware samples follows a massive decline that was already recorded between the fourth quarter of 2021 and the first quarter of 2022.

At one point, a 2% decline was recorded, but the decline did not last long.

According to AtlasVPN, the “cumulative number of new Linux malware samples in H1 2022 was 31% higher than the number of such samples in the whole of 2022.”

However, despite the massive increase in Linux malware samples, Windows takes the lead as the most malware-infected operating system. AtlasVPN acknowledged Windows position stating that “41.4 million newly programmed Windows malware samples were identified in H1 2022.”

Linux remains a secure operating system for developers and other users. The operating systems provide various security features, including an open source framework, user privilege model, and built-in kernel security defenses.

The sources for this piece include an article in MUO.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching