Linux Malware


TrickBot Malware made headlines in 2019 by infecting nearly 250 million Google accounts, stealing credentials and personal information, and it's fully capable of disabling the Windows inbuilt antivirus software altogether.

Now, the notorious malware makes a come-back with new module framework dubbed “Anchor_DNS” that can infect Linux device. According to IntezerLabs, the Anchor_DNS is ported to a Linux version called ‘Anchor_Linux’ with the Linux version of the malware targeting VPN and NAS devices running on Linux.

The module not only act as a backdoor to infect Linux systems, but it also contains an embedded Windows TrickBot executable.

How Anchor_Linux TrickBot Malware targets Linux Systems



Anchor_Linux TrickBot Malware is a “Lightweight backdoor with the ability to spread to neighboring Windows boxes using svcctl via SMB” as reported by IntezerLabs.

It acts as covert backdoor tool persistence in UNIX environment which is used as a pivot for Windows exploitation, and also used as an unorthodox attack vector outside of phishing attacks. Anchor_Linux allows the group to target servers in UNIX environment, including VPN and NAS devices and use it to infect corporate networks.

The bad actors can even target non-Windows environments and later pivot to Windows devices on same network.

How to Mitigate against Anchor_Linux malware



Linux users can check for the Anchor_linux infestation by searching for the “/tmp/Anchor.log” file on their system. If there is any such file, it means the system is compromised.

Therefore, it is recommended that the Linux user should scan the system and delete all traces of the malware. Albeit, Anchor_Linux is still in its initial stages, and will continue to evolve, which makes it more dangerous for Linux systems.

Anchor_Linux TrickBot Malware targets VPN and NAS running on Linux

Soccer Jersey


Are you searching for a way to get your favorite football club's jerseys online? UUSoccer.ru is a great online resource that spots all your favorite soccer teams jerseys at low price.

At UUSoccer, you’ll not only find a large selection of soccer jerseys from a wide range of international and national clubs, but also, the jerseys are available at a relatively cheap price and can be shipped to anywhere. UUSoccer is the perhaps best place for you to buy that Arsenal soccer jersey, Manchester United jersey, Barcelona jersey and many other popular clubs jerseys cheap.

They offer discounted soccer jerseys for both children, youths and adults, which are top-of-the-line and made from pretty comfortable, moisture-wicked materials, to ensure that you feel relaxed whether you're on the field or on the stand cheering your favorite team from the sidelines.

Why Choose UUSoccer.ru for your Soccer Jerseys?



While there are lots of places online that claim to sell jerseys at cheap prices, without guarantee of the authenticity of what you are buying, many of these knock-off jersey stores often end up with crooked lettering, or worse, jerseys of the wrong club.

Soccer Jerseys


UUSoccer guarantees the best quality jerseys, the authentic kind you can ever get. Surely, it might cost a little more, but the cost of having a quality jersey from your favorite team to last you for many, many seasons is worth the price. So that you'll stay confident that you're getting a quality piece of soccer jersey at a fraction of the price.

Our Recommendations



On UUSoccer, you'll find a number of different club jerseys with several colors options and players for every single soccer team. And there are some higher-priced jerseys that feature stitched tackle with name and numbers, and others that have embroidered accents.

Additionally, you can also get Rugby Jerseys, NBA Jerseys, Mask Covers, Sport Hats, NHL & NFL Jerseys and many more. And these jerseys are as authentic as they come. Best of all, the online shop offers an option to customize the number and name on your jersey.

UUSoccer.ru - The Best place to Get Your Favorite Sports Jerseys Online Cheaply

BootHole Vulnerability


BootHole vulnerability resides in the GRUB2 bootloader, and if exploited, could potentially allow attackers to bypass the Secure Boot to gain high-privileged persistent access to the targeted systems.

According to security researchers at Eclypsium, the BootHole vulnerability affects almost all Linux distributions and Windows systems using GRUB2 bootloader with Secure Boot.

And the Unified Extensible Firmware Interface (UEFI) also uses a bootloader to load critical components, and the operating system to ensure that only cryptographically signed code executes during the boot process.

How GRUB2 Bootloader Vulnerability affects Linux Systems



BootHole is a buffer overflow vulnerability affecting all versions of GRUB2, and it parses content from the config file, which are typically not signed like other files and executables, allowing attackers to break the trust mechanism.

While GRUB2 is the most popular bootloader in Linux distros, making all such systems vulnerable to attacks. An attacker can gain arbitrary code execution within the UEFI execution environment through the buffer overflow, which could be leveraged to run malware, change the boot process, or execute any other malicious codes.

The grub.cfg file which is located in the EFI system partition could also be used to modify the file, as an attacker will still require initial foothold on the targeted system with admin privileges to eventually enable additional escalation of privilege and persistence on the device.

How the Linux Distros are Responding To BootHole



Eclypsium has responsibly coordinated with the major Linux developers in response to BootHole, with the security teams haven released security fixes for their various affected products and some are still working on the fixes as well.

Debian developers have acknowledged the BootHole vulnerability and are currently doing an in-depth audit of GRUB2’s source code, with Debian 10 “buster” as the first Debian release to include support for UEFI Secure Boot, the Debian security team have scheduled the fixes in the upcoming version 10.5 point release on August 1, 2020.

The most popular Linux distros, Ubuntu have also released updates for GRUB2 bootloader with Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, and 20.04 LTS in 2.06 from the Canonical security team.

BootHole Vulnerability: Affecting both Linux and Windows via GRUB2 bootloader

Industrial VPN


Cybersecurity researchers at Claroty have disclosed remote code execution vulnerabilities that's affecting VPN implementations used to provide remote access to operational technology (OT) networks.

And the dedicated remote access solutions are focused on the industrial control system (ICS) industry, which serves mainly maintenance and monitoring for field controllers and devices such as programmable logic controllers (PLCs) and input/output (IO) devices.

These solutions are deployed at the outer layer boundaries of the network and provide access to the field controllers and devices.

How the VPN Flaws Could allow Attackers Target Critical Infrastructures



The researchers discovered multiple security flaws in Secomean's GateManager, including a critical vulnerability marked as CVE-2020-14500 that could allow overwriting of arbitrary data, executing the code or causing a DoS condition, and running commands as root to obtain user passwords.

With the virtual private network (VPN) typically deployed at level 5 of the Purdue model to provide access to the field controllers located at level 1/0 (see image below), exploiting the vulnerabilities can give attackers direct access to the field devices and cause some security damages.

VPN Flaws


The successful exploitation of the vulnerabilities can give an attacker direct access to the ICS devices and potentially cause damages to organization's infrastructures.

Other vulnerable VPN servers include the Moxa EDR-G902 and EDR-G903 industrial VPN servers was discovered with a stack-based buffer overflow bug (CVE-2020-14511) in the system web server that could be triggered by sending a specially crafted HTTP request, allowing attackers to carry out remote code execution without requiring any credentials.

Also, a proprietary VPN client known as HMS Networks' eCatcher that connects to the company's eWon VPN device was found to be vulnerable to a critical stack-based buffer overflow (CVE-2020-14498) that could be exploited to achieve remote code execution.

How to Mitigate against the VPN Flaws



The various vendors have been duly notified of the vulnerabilities and they responded quickly to release fixes to patch their respective products.

Therefore, it is recommended that users of the products should update to the newly released versions, as for GateManager version 9.2c / 9.2i, Moxa EDR-G902/3 to version v5.5 with firmware updates available for EDR-G902 series and EDR-G903 series, and HMS Networks users should update eCatcher to Version 6.5.5 or later.

VPN Flaws pose security risks to Critical Organization Infrastructures

Red Hat


Red Hat Enterprise Linux (RHEL) 8.3 Beta is finally out after a six-month development cycle, and succeeds the current RHEL 8.2 release, with promise to deliver more stability and production innovation to the enterprise.

While RHEL 8.3 beta has a number of new changes, including system roles for logging, storage, system metrics, disk encryption, kernel, and bootloader, with the new role aimed at helping users to manage large installations through consistent and repeatable configurations at scale.

The Red Hat owned Enterprise Linux (RHEL) platform is targeted at the commercial market, as it restricts the free re-distribution of officially supported versions, albeit it still freely provides the source code.

What's new in Red Hat Enterprise Linux (RHEL) 8.3 Beta?



Red Hat Enterprise Linux (RHEL) 8.3 Beta includes pre-configured Ansible playbooks that simplifies the automation and configuration of common admin tasks like the allocation of storage resources.

It also brings updated Application Streams (AppStream) repository with new languages and tools. Other notable packages in AppStream with their new version are as follows:

  • Ruby 2.7
  • Perl 5.30
  • Nginx 1.18
  • Node.js v14
  • PHP 7.4
  • Git 2.26


Additionally, RHEL 8.3 beta includes the Health Insurance Portability and Accountability Act (HIPAA), with security profiles for the Center for Internet Security (CIS) benchmark. And system administrators can now use the new SCAP (Security Content Automation Protocol) profiles to configure their systems based on the best security practices.

How to Download Red Hat Enterprise Linux (RHEL) 8.3 Beta



For existing users with an active subscription for RHEL, RHEL 8.3 beta can be downloaded directly from Red Hat’s Portal. And if you are a new user who wants to try out RHEL 8.3 beta, you can download it from developer.redhat.com as part of the no-cost Red Hat Enterprise Linux Developer Subscription.

You can check out the release notes for full list of new features, improvements, and security fixes that are available on the RHEL 8.3 beta release.

Red Hat Enterprise Linux (RHEL) 8.3 Beta: Brings Updated AppStream repository

OpenMandriva


OpenMandriva is another Linux distro that carries on the legacy of the legendary Mandriva Linux, and it has released an alpha version of the upcoming OpenMandriva Lx 4.2.

While the most popular Mandriva Linux-based distro, Mageia OS, has already scheduled the final release of Mageia 8 for September 18, haven previously spent over a year in development and it will get security updates and bug fixes for 18 months.

OpenMandriva Lx 4.2 alpha release is primarily for testing purposes to help in finding and fixing all bugs before the stable release.

What's new in OpenMandriva Lx 4.2 alpha release?



OpenMandriva Lx 4.2 alpha release has updated the toolchain that includes systemd 245, LLVM/clang 10.0.1, Linux Kernel 5.7.8, gcc 10.1, glibc 2.31, and Java 14. It has also added the latest version of graphic software stacks such as Wayland 1.20.8, Xorg 1.20.8, and Mesa 20.1.

OpenMandriva Lx 4.2 Alpha


And the default desktop has also refurnished the graphical environment by including the latest KDE Plasma Desktop 5.19.3, Frameworks 5.72.0, and Applications 20.04.3.

Furthermore, it has updated other apps such as Calligra Suite 3.2.1, LibreOffice 7.0.0, Digikam 7.0, Firefox 78, Chromium 83, VLC 3.0.11, Kdenlive 20.04.3, and SimpleScreenRecoder 0.4.2. You can see all the major changes in core components and software updates from the release notes.

How to Get Started with OpenMandriva Lx 4.2 Alpha Release



Since the alpha release is primarily for testing purposes before the stable release, you should not use it on your production system.

Therefore, if you want to test the alpha version, you can download the ISO images for OpenMandriva Lx 4.2 Alpha Release here. The ISO images are available for both x86_64 systems and AMD CPUs from the Ryzen, ThreadRipper, and EPYC families.

OpenMandriva Lx 4.2 Alpha Release: Mandriva Linux-based distro with KDE Plasma

Network Attached Storage


There is a massive malware campaign targeting Taiwanese QNAP's network-attached storage (NAS) appliances, dubbed QSnatch, that tends to steal data from over 62,000 compromised devices, with mostly Western Europe and North America targeted.

According to the US Cybersecurity & Infrastructure Security Agency (CISA) and UK's National Cyber Security Centre (NCSC), all QNAP's network-attached storage (NAS) appliances are potentially vulnerable to QSnatch malware, if the devices have not been updated with the latest security fixes.

The malware hit over 7,000 NAS devices in Germany alone, as reported by the German Computer Emergency Response Team (CERT-Bund).

What is QSnatch Malware mode of Operation?



QSnatch attack involves injecting the malware and using a domain generation algorithm (DGA) to establish a command-and-control (C&C) channel for remote communication with the infected devices and ex-filtrating of sensitive data.

QSnatch Malware Attack


While CISA and NCSC claims the campaign likely started in 2014, and climaxed at mid-2017 as it intensifies over the last few months with approximately 3,900 devices in the UK and 7,600 devices in the US already compromised. Albeit, the infrastructure used by the bad actors in both campaigns is no longer active.

The malware gains persistence by obstructing updates from getting to the infected QNAP device, which it accomplishes by "redirecting core domains used by NAS to local out-of-date versions, and thus prevent updates from getting installed.

How to Mitigate against QSnatch Malware



QSnatch comes with a broad range of capabilities, including a CGI password logger, credential scraper, SSH backdoor capable of executing arbitrary code, and a web shell functionality that enables the malware to access devices remotely.

Therefore, it is recommended that organizations should ensure that devices used have not been previously compromised, and if they detect any sign of compromise, they should run a factory reset on the device before performing firmware upgrade.

Additionally, organizations must verify that QNAP devices are purchased from reputable vendors, and that external connections are blocked when the device is intended for internal storage. And they should follow QNAP's security advisory to prevent further infection.

QSnatch Malware: Stealing Data on QNAP's Network-attached Storage (NAS) Appliances

Microsoft AI


The Dev Channel is Microsoft’s Windows version for testing new features of all kinds, which are not necessarily upcoming feature release, and Windows 10 Insider build 20175 for the Dev Channel brings new AI capabilities that makes eye contact possible during a video chat.

While the new AI capability make your eyes appear to meet the gaze of anyone you are speaking with on a video chat, leveraging Arm-based SQ1 processor on Surface Pro X to make it look like you're looking directly to the person right from the camera.

Also, there is the ability to cycle through Microsoft Edge tabs using ALT+Tab in the Windows 10 Insider build 20175, whereby users can pin active tabs to the taskbar, with enhanced preview capabilities.

How Microsoft's Eye Contact feature works?



The Eye Contact feature relies on AI capabilities of the Surface Pro X's Qualcomm-made Microsoft SQ1 Arm-based processor, and as such, it can only be accessed on the Surface X Pro and the latest Windows 10 Insider Dev Channel preview, build 20175.

Microsoft's Eye Contact


It helps to adjust your gaze on video calls so that you appear to be looking directly in the camera and Windows Insiders can turn this Eye Contact feature on via the Surface app on Surface Pro X.

How to get Windows 10 Insider Preview Build 20175



Microsoft released Windows 10 Insider Preview Build 20175 to Windows Insiders in the Dev Channel on Wednesday last week and Windows Insiders with PCs that have AMD processors only will be able to receive this build.

While some Insiders have complained of their inability to receive the build even with the required PC, Microsoft had after an investigation, released a fix for the issue that was preventing many PCs, including PCs with AMD processors, from being offered this build.

It is recommended that Windows Insiders impacted by this issue will need to follow the steps listed here to receive this build and note that Insider Preview Builds 20161 and below will expire on July 31. So, to avoid hitting this expiration, kindly update to Insider Preview Builds 20170 or newer.

Microsoft teases Eye Contact during video chat in Windows 10 Insider build

Lazarus Group


Lazarus Group, also known as Hidden Cobra, is a North Korea-linked cyber-espionage group that's notorious for the WannaCry ransomware, which had the ability to spread across large networks automatically by exploiting a known bug in Microsoft’s Windows operating system.

Now, the notorious hacking group has unleashed a new multi-platform malware framework (MATA) with the goal of infiltrating corporate entities around the world, to steal confidential customer data and distribute ransomware.

While the MATA malware framework is capable of targeting Windows, Linux, and macOS operating systems, and armed with a wide range of sophisticated features designed to unleash malicious activities on infected machines.

The group had specialized in malware targeted at Windows and macOS systems, but just recently it created a new Remote Access Trojan (RAT) dubbed Dacls that affects both Windows and Linux systems.

Overview of the MATA multi-platform malware framework



MATA malware framework, which is so-called because of reference to the infrastructure as "MataNet" by the malware authors, began as early as 2018, with the victims traced to unnamed companies within software development and internet service provider sectors located in Germany, Poland, Turkey, South Korea, Japan, and India, according to cybersecurity firm Kaspersky.

Mata Malware victims


MATA consists of different versions, with the Windows version made up of a loader used to load an encrypted next-stage payload, an orchestrator module ("lsass.exe") that is capable of loading 15 additional plugins at a time and executing all in memory.

The plugins boasts of such capabilities as allowing the malware to create an HTTP proxy server, manipulate files and system processes, and inject DLLs.

It also allow the hackers to target Linux-based diskless network devices such as IoT devices, routers, and firewalls or macOS systems by masquerading as TinkaOTP, a 2FA app which is based on MinaOTP, an open-source two-factor authentication application.

How MATA malware framework was linked to the Lazarus group



MATA malware framework was linked to the Lazarus Group based on the unique file name format ("c_2910.cls" and "k_3872.cls") found in the orchestrator, which has been previously observed in several variants of malware unleashed by the group.

It is recommended that users should patch their system in timely manner and also check if they've been infected based on the unique file formats ("c_2910.cls" and "k_3872.cls"), which details are used by the Lazarus group.

North Korea-linked Hackers deploy Multi-platform targeted malware framework

REMnux Linux


REMnux is a Linux toolkit for reverse-engineering and analyzing malicious software, with tons of free tools to investigate malware without having to find, install, and configure the tools.

While REMnux Linux previous release was in 2015, which after 5 years has announced the release of REMnux 7.0, with some major updates to the software, and changes to the forensic tools.

REMnux Linux can serve several purposes such as analyzing or reverse-engineering malicious code, examining static properties of suspicious files, performing forensics of infected systems, and exploring behavioral analysis on network interactions.

What's new in REMnux 7.0 Release?



REMnux 7.0 is based on the long-term Ubuntu 18.04 “Bionic Beaver” featuring GNOME desktop environment, with many refreshed or completely removed old tools and some added new software. Some of the added tools are as follows:

  • Nautilus
  • IBus
  • Docker
  • CyberChef
  • XORSearch
  • Balbuzard
  • XORBruteForcer
  • RATDecoders
  • cabextract
  • DC3-MWCP
  • unXOR
  • OpenSSH


The full documentation of all available features and tools in REMnux 7.0 can be found here, with the summary of what is each tool's purpose.

How to Upgrade to REMnux 7.0 Release



REMnux Linux is not available for download, rather you get an OVA format file for a virtual machine, which is unlike other Linux distros, that offers ISO images download.

You can head over to REMnux’s new and extensive documentation to walk you through how to download a virtual appliance, installing it on a dedicated system, or adding to an existing compatible host.

Additionally, you can use an open-source SaltStack tool to automate the process of new software installation and configuration.

REMnux 7.0 Release: Linux Toolkit for Reverse-engineering and Malware Analysis

Future Technologies


Many of the new technologies of the future are living with us in the present. Technological changes that have occurred in recent years have revolutionized various aspects of our lives, ranging from the productive to domestic.

And the incorporation of the technology is creating a stage where we can now have a glimpse of, for instance, within about 50 years many of the jobs that people do today will be taken over by machines or eradicated all togther. Are you ready for the change?

Find below the top 10 New Technologies as written by an avid traveler, and passionate kayaker. But don’t forget to check out his latest writing on fish finder for inflatable kayak.

10 New technologies of the future



A few years ago we imagined a future full of holograms, robots with their own identity, hyper-connectivity andcontrolled by voice commands. And so it has already happened. In fact, it is likely that it happened faster than we expected, since there is now a real acceleration in the field of Artificial Intelligence.

Many of these actions, such as chatbot, have traditionally been developed to act as customer service. This is a concrete example on how humans are designing the new technologies of the future.

1. Automated Simultaneous Translation



Speech and language technologies have advanced by leaps and bounds. While the responsibility lies with the adoption of models based on Machine Learning and Big Data.

And thanks to these large collections of data, technologies are being developed that will allow automatic and simultaneous translation to any language.

2. Devices Controlled with the Mind



The company Emotiv has implemented a technology to control devices with our brain, thoughts and intention.

They designed interfaces that connect our heads to computer, capturing the waves that we generate in our frontal and temporal lobes.

In the same vane, we also have Nanobots and Virtual Reality, technology through which we can connect our brains to the Internet with nanobots, which will project virtual reality from the nervous system.

3. Telepresence, Augmented Reality and Holograms



Hololens


The type of connectivity that Magic leap offers has to do with spatial computing, through which we are allowed to interact in a digital and augmented reality (AR) space anywhere through a device that integrates this type of vision, which device is worn on the head.

4. IoT (Home automation, Clothing, & Graphene)



Over time, the home automation that we are beginning to hear will be introduced to all homes and object, from sneakers to buildings, or mobiles through materials of the future, such as graphene, which allows creating flexible mobiles.

5. Quantum Computing



IBM & CSIC have teamed up to create a quantum computer that works at a speed of 20 quantum bits. The areas in which such rapid calculations may be needed are mostly in the medical field and the financial sectors.

6. Air or Biological Electricity



Not only are the new technologies of the future dedicated to productivity in processes, but they also aim to make all of this sustainable. It is more about processes from biotechnology that may have a positive impact on the environment.

7. Exoskeletons



One of the innovations in which Hyundai has worked in is the manufacture of an exoskeleton that allows the human to have greater strength to load weights, place them accurately and even advance long distances without effort.

8. Space Tourism



Space Shuttle


Nothing is more futuristic than this new technology of the future: SpaceX already have space-race-ready self-driving vehicles.

Tourism holds several new technologies in the future such as visual tour, planning your tour using artificial intelligence, don’t forget to check out the best gifts for travelling businessman article which shows how the future of gifting would be.

9. Subatomic Particles



Does analyzing the behavior of subatomic particles sound like science fiction? Well, actually, it's closer than you think.

This (incredible) technology will allow us to discover and design new materials, find more optimal ways to capture nitrogen to create fertilizers in a more ecological and efficient way, manage molecules at the pharmaceutical level.

10. Blockchain



You have probably heard of Blockchain technology. The smartest way to manage information applicable to several sectors, including: banking, medicine, automotive , marketing and so forth.

As much as there is resistance to change, companies, workers and, ultimately, society, are unwittingly adopting new digital skills and practices. Human beings always have the challenge of effectively exploiting technologies for our benefit, to extend and make quality life accessible to all.

Top 10 New Technologies of the Future and What will be the Impact

Android Malware


ThreatFabric researchers have discovered a new strain of Android malware targeting not only banking apps, but also non-banking ones, to steal login data and credentials, including social networking, and cryptocurrency apps.

The malware, dubbed BlackRock, is a variant of Xerxes banking malware, which is a strain of the LokiBot Android banking trojan that was first discovered in 2016. BlackRock's major exploits includes: intercepting SMS messages, notifications, and also recording keystrokes from targeted apps, as well as being capable of running undetected by antivirus software.

It contains a number of social networking, communication and dating apps that haven't been previously observed in any target lists for other banking Trojans.

How BlackRock Steals Data from Non-Banking Apps



BlackRock steals data by abusing Android's Accessibility Service privileges, which seeks users' permissions under the guise of purported Google updates once it is launched for the first time on the Android device.

BlackRock Malware


It then goes on to grant additional permissions to itself and establish a connection with a remote command-and-control (C&C) server to execute its malicious activities by injecting overlays on the targeted apps' login and payment screens.

BlackRock is different from other malware, in that the sheer number of the applications targeted are enormous, which go beyond the mobile banking apps typically singled out by related Android malware.

What Android users can do to be Safe from BlackRock



If you notice unusual notifications and screen activites on your Android device, or suspect that it has any malware-infected apps, quickly uninstall the app from your device, and also make sure the operating system and apps on your device are up to date.

It is recommended that Android users should always scrutinize the permissions granted to every app installed on their device.

Non-Banking Apps now targeted by New Android Malware to steal Passwords

Microsoft 365


Microsoft designed Endpoint DLP to address the gray areas with working from home, where personal devices like hard drives can be connected to corporate-owned computers.

While Endpoint DLP is now in public preview, it connects to admin’s Microsoft 365 compliance center, as a separate solution within Insider Risk Management, Microsoft 365’s E5 enterprise edition, which uses signals from Windows 10 for indication of suspicious behavior.

According to Microsoft, ensuring that sensitive data is protected from risky or inappropriate sharing, transfer, or use has always been a top priority.

How Endpoint DLP will work to secure Organizations



Endpoint DLP extends Microsoft Information Protection (MIP) classification and protection to all devices.

MIP is a built-in, unified, intelligent, and extensible solution that classifies data, keeps it protected, and prevents data loss across Microsoft 365 apps, third-party SaaS applications, and on premises or in the cloud.

Endpoint DLP


Now, Microsoft 365 customers need to only create DLP policies in the Microsoft 365 compliance center, then apply the policies to Teams, SharePoint, Exchange, OneDrive for Business, and Endpoints, provided the endpoint is onboarded in your environment using established device management onboarding process.

And Endpoint DLP is native to Windows 10 and Microsoft Edge browser, therefore, no need to install or manage additional DLP software on Windows 10 PCs anymore, as they have the benefits of DLP native experiences.

How to Get Started with Endpoint DLP



Endpoint DLP is currently rolling out to customers with Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance.

You can sign up for trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started. To learn more about Microsoft Information Protection and Governance solutions, visit the documentation page.

Microsoft Endpoint DLP Service: New Data Loss Prevention within Microsoft 365

Risk management


Operational risks and businesses aren’t strangers to each other. While some risks might barely impact your business, others could lead to its jeopardy. Risks can impact your business’ reputation, finances, customer retention rates, and even data security.

Ideally, the earlier you can curtail common operations risks, the stronger your business can be as it grows. It all starts with how well you understand your business’ risk landscape. Getting serious with risk assessment is a surefire way to control your business and its future.

Here is how to approach risk assessment to curb common operational risks:

3 Levels of Operational Risk Management



Different risks will call for different stress levels when it comes to handling them. While some operational risks will be time-sensitive, others might not need immediate resolution. The three levels include:

  • In-depth: In an ideal world, all forms of risk management should be done in this way. It involves taking an intensive and extensive approach to risks. You need to learn everything that makes a risk tick and pick ideal solutions. This approach often involves solutions like employee training and hiring risk assessment professionals. However, not all risks can be handled in the same approach.
  • Time-critical Risk Management: This approach applies to risks that are time-sensitive. For instance, you might have to work against time if you want to launch reliable computer software on a specific date. In most cases, risks that demand this approach are often given priority.
  • Deliberate Risk Management: this involves addressing risks that are important but not time-sensitive. You can use this approach for analyzing risks when monitoring the results of a project or during different project cycles.


How to Manage Operational Risk As A Business



It all starts with risk identification. As the first step to defining your risk landscape is to determine the operational risks your business has to face every day. You can start by brainstorming the different risks with your team. Other methods you can use for risk identification include talking with industry experts, assessing your business’ history, and attending industry seminars.

During risk identification, you ought to list down all the risks and their triggers. This process could also involve asking employees about their take on the different risks since they are often the ones at the front-line of managing them.

1. Analyze the Different Risks



How much could an operational risk impact your business? What is the likelihood of the risk actually coming to life? Take your time quantifying the different risks your business faces. You should rate a risk-based on its potential impact and likelihood of happening.

While it might be tough to quantify some risks, doing the same for others will come easy. Take advantage of other businesses that have faced the risks during risk quantification. You can draw insights from how it affected them and how they managed to handle it.

2. Risk Treatment



There is no silver bullet for handling any risk your business faces. While you could have a widely used solution, some solutions might not work in your current circumstances. For a risk treatment solution to be ideal, it shouldn’t strain your manpower or finances too much.

You can choose from four risk treatment options, including risk transfer, risk avoidance, risk mitigation, and risk acceptance. While risks that are too big for you to handle should be avoided, risks that will barely impact your business should be accepted.

If you can handle a risk in-house, pick an ideal risk mitigation measure. For risks that can best be handled by a third party, look for ways to transfer it to them. This can include using insurance or even outsourcing different operational tasks.

3. Risk Monitoring and Control



Operational risk assessment doesn’t end with choosing a risk treatment option. The environment around specific risks could be dynamic, which is why you should constantly monitor the chosen risk treatment options. For instance, new cybersecurity risks are bound to come up with time, limiting the effectiveness of your current risk control measures.

During risk monitoring, take into account the effectiveness of the current risk control measures in place. You should also compare whether there are better control options available, especially if your resources have grown since the last time you monitored a risk. The risk monitoring task should be assigned to specific individuals in your workforce to encourage accountability.

4. Employee Training Is Essential



Employees are at the front-line of curtailing the different operational risks your business faces. As such, it makes sense to keep updating them on your risk landscape. Not only should you create risk management policies, but you should also create training programs for them.

These programs should be flexible enough to allow getting feedback from employees on their effectiveness. Be sure to inform your employees immediately you update a risk management policy.

The best way to solidify your business’ viability is to be in control of its risk landscape. Sure, you can’t control all risks, but curtailing those within your reach strengthens your business. Take risk assessment seriously to build a better future for your business.

Operational Risk Management: How to Manage Operational Risk As A Business

KaOS 2020.07


KaOS is a lean Linux distro built from scratch, focusing on single desktop environment (KDE), toolkit (QT), and x86_64 architecture.

While the newest stable version of the Linux distro, KaOS 2020.07 which follows on the previous 2020.05 comes with updated software packages including the latest Plasma 5.19 desktop that brings a refreshed and consistent design, with other minor changes.

The minor changes include revamped header area for system tray applets and notifications, with the keyboard and Locale module rewritten in QML. Find other new enhancements below.

What’s New in KaOS 2020.07?



KaOS Calamares installer now uses a new module which is rewritten in QML, with the keyboard and Locale module rewritten in QML. It features the latest KDE applications from KDE bundle 20.04.3 and LibreOffice is now the default Office application replacing Calligra.

Besides the default apps, KaOS also added new applications and firmware, such as Photoflare, VVave (the successor of Babe) music player, Kdiff3, sof-firmware, rtl8723de, and rtl8821ce Wi-Fi modules.

Its core components like ICU 66.1, Boost 1.72.0, Krb5 1.18, Glib2 2.64.3-based stack, Guile 2.2.6, Mesa 20.1.3, NetworkManager 1.26.0, Perl 5.30.3, Linux 5.7.8 and Qt 5.15.0 have all been rebuilt for better performance.

And the base packages such as Pciutils 3.7.0, Git 2.27.0, Cfitiso 3.480, Poppler 0.90.1, Libacp 2.39, and Pam 1.4.0 have all been updated to latest software.

Additionally, KaOS Midna theme received a major shift from QtCurve to Kvantum theming system in version 2020.07 for the application style, implemented as a custom Midna Kvantum theme.

How to Upgrade to KaOS 2020.07



For a fresh installation, you can download the ISO images from the official site, and if you’re already running KaOS, you can easily upgrade your package to the latest v2020.07 with the following command.

sudo pacman -Syu


Kindly note that the welcome screen can now display text or other info as a QML file in the Calamares window.

KaOS 2020.07 Release: Brings the latest Plasma 5.19 Desktop for a Consistent design

Hacker


It’s not uncommon for individuals to feel that their activities online aren’t secure. In recent years, news about hackers and data breaches have increased, showing that information stored on your computer systems are increasingly not secure.

In 2017, there was the WannaCry ransomware attack and the privacy breach of the credit bureau, Equifax, leading to the loss of personal information of at least 140 million US citizens. There was also the Uber hack, which its management attempted to cover up. These instances prove that cybercriminals are creating more advanced malicious software that can easily slip through computer defense systems.

Albeit, an antivirus is a tool highly used by several PC users, but the prevalence of cyber breaches in recent times proves that antivirus is not enough. To properly protect your computer system and online activity, you need a variety of tools.

3 Top Security Tools for your Computer



Below, are the tools you should have on your computer discussed in details.

1. Virtual Private Network (VPN)



If you want to access the internet anonymously, you’ll need a VPN. Every computer possesses a unique address called an IP address. Any hacker who has your IP address would be able to track your activities online. A VPN prevents this by hiding your IP address.

A VPN also protects information on your computer by encrypting your data when you’re surfing the internet. Usually, when you perform internet activity, your Internet Service Provider (ISP), browser, and advertisers can spy on it. VPNs tunnel the information received from your device to the party you’re communicating with, ensuring privacy.

2. Vulnerability Scanner



Vulnerability check involves the identification and classification of security loopholes in a particular system. Systems being checked for cybersecurity chinks include networks, software, and hardware systems.

A vulnerability scanner is a tool that performs a security audit on your network or software systems. These scanners work automatically to improve your cybersecurity, and can even create a structured list of systems you need to patch, in order of importance.

Some vulnerability scanners can even automate the patching processes.

3. Email Security



Email security tends towards awareness than being a literary tool. However, other cybersecurity measures could prove futile if you do not educate yourself on the most popular method used to sneak malware into systems.

Malware in the form of an attachment is usually sent through email because individuals tend to trust emails over websites. By opening a suspicious link in your email, you could lose access to several of your online accounts through phishing.

First, check a sender’s email address when you’re viewing an email. If the email tries to create a sense of urgency, prompting you to visit a website for the security of your account, it’s most likely a phishing email. If the email attempts to get you to download an attachment, it could be an email containing malware.

Always hover your mouse arrow above any links you intend to click in an email to see the actual address. Also, don’t download attachments from email addresses that aren’t familiar to you.

Top 3 Online Security Tools you can use apart from Antivirus

Linux-windows-tools


Microsoft's romance with open source has led to the bringing of Process Monitor - Windows Sysinternals to the Linux platform.

While the company embarked on porting Sysinternals tools to Linux starting with ProcDump, a command-line utility with the primary purpose of monitoring applications for CPU spikes.

Besides ProcDump, Microsoft also planned to port other highly popular Sysinternals software packages to Linux, as it has now released preview version 1.0 of Process Monitor (ProcMon) utility for Linux-based operating systems.

What Process Monitor (ProcMon) brings to Linux?



Process Monitor (ProcMon) is an advanced monitoring tool that shows real-time file system, and process/thread activity. 

It combines the features of Filemon and Regmon, two legacy Sysinternals utilities, with an extensive list of enhancements such as rich and non-destructive filtering, reliable process information, simultaneous logging to a file, and much more. See other capabilities below:

  • Configurable and movable columns for any event property
  • Reliable capture of process details, including image path, command line, user and session ID
  • Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
  • Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
  • Process tree tool shows relationship of all processes referenced in a trace
  • Non-destructive filters allow you to set filters without losing data


These uniquely powerful features will make Process Monitor a core utility in Linux system troubleshooting and malware hunting toolkit.

How to Get Started with ProcMon For Linux



If you are already using Procmon on Windows and want to use it on your Linux system as well, it will be quite familiar to you.

You can download and install Procmon on your Linux system, by simply following the installation instructions that's available here. And the Debian package for Procmon 1.0 is also now available for download.

Microsoft releases preview of Process Monitor (ProcMon) utility for Linux

Ubuntu PopCon


Ubuntu has announced that new installs of the package on desktops will no longer include the Popularity Contest (PopCon) by default, after it discovered that the package and its backend are broken.

Ubuntu Popularity Contest (PopCon) had come pre-installed in Ubuntu Linux since the debut of Ubuntu 6.10 in 2006, which help to gather statistics from users to determine what's the most installed packages on Ubuntu systems.

Going forward, Ubuntu plans to remove the popularity-contest package from the standard seed, and all new installs will not include it, haven found it broken since 18.04 LTS without users missing it; so they decided to remove it and discard the Ubuntu delta for the package.

How Ubuntu Popularity Contest (PopCon) works



Ubuntu Popularity Contest (PopCon) gathers statistics from its users to determine the most or least popular of the packages. Although, it is not enabled to track package usage by default, it comes pre-loaded on Ubuntu; which means users have to enable it to anonymously submit a system report.

While the popular and most-used packages are calculated every week on the basis of data submitted by users, and Ubuntu generates the following statistics: total number of people who installed the package, those who use the package regularly, those who installed, but don’t use the package regularly, and those who upgraded the package recently.

Additionally, it records the statistics of the number of people whose entry didn’t quite contain enough information.

Does it Matter if PopCon is Removed from Your Ubuntu Installs?



Given that PopCon is currently broken and no longer works, therefore Ubuntu plans to remove the package from the default installation in future releases.

You don’t have to do anything yet, as the package doesn’t actually compromise your privacy and security. PopCon doesn't work without you giving permission and enabling it, however, if you want to remove it from your current Ubuntu Linux system, simply run the following command:

sudo apt remove popularity-contest


But it isn't recommended to uninstall the Popularity Contest package, as the removal will also remove the ubuntu-standard package.

Ubuntu Popularity Contest (PopCon) no longer bundled with Package by default

Mozilla VPN


Mozilla started testing a virtual private network (VPN) service offering since 2018 to see if users will be willing to pay for better privacy.

Now, the company has formally launched the VPN service, which is known as Mozilla VPN and available for Android and Windows 10, starting from $4.99 per month. The VPN service will ensure that internet traffic from Firefox and the server is encrypted to better thwart the efforts of third party snoopers on its users online activity.

The service is currently available in the United States, Canada, the UK, Singapore, Malaysia, and New Zealand, with plans of expansion to other countries this fall.

What differentiates Mozilla’s VPN from the rests?



Mozilla VPN is capable of protecting up to five devices using device-level encryption, albeit only for Android and Windows devices for now. It runs on a global network of servers powered by Mullvad using the WireGuard protocol, while the company boasts of over 280 servers in more than 30 countries, without bandwidth restrictions.

Mozilla VPN protocol


And the Firefox maker is a mission-driven company, which means you can trust that the money you spend for the VPN product will not only ensure you have a top-notch privacy, but also help in making the internet safer for everyone.

How to Get Started with Mozilla VPN



Mozilla VPN is available in the United States, Canada, the UK, Singapore, Malaysia, and New Zealand, for just $4.99 USD per month.

On installation, the first thing you'll notice is how fast your browsing experience becomes. As Mozilla VPN is based on modern and lean technology, the WireGuard protocol having only 4,000 lines of code, which is a fraction of the size of legacy protocols used by other VPN service providers.

Mozilla VPN has an easy-to-use and simple interface which people who are new to VPN won't find confusing, and setting it up and getting onto the web is just as easy as a breeze. Are you still undecided? Then why not head over to weprivacy.com and check out some of their latest articles on the best VPNs and so much more!

Mozilla launches its VPN service, compatible with Android and Windows 10

Twitter hacked


Twitter suffered what's perhaps the biggest cyberattacks in its history on Wednesday, with number of high-profile accounts, including Amazon CEO Jeff Bezos, Elon Musk, Bill Gates, and that of US presidential candidate Joe Biden, compromised to promote a cryptocurrency scam.

While the attackers posted similar worded messages that urge their millions of followers to send money to specific bitcoin wallet address in return for bigger payback, thus: "Everyone is asking me to give back, and now is the time," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000."

Twitter on its part has identified the security breach as a "coordinated social engineering attack" that leveraged on its internal tools with employees as target who have access to the system.

What's the goal of the Hacking Campaigns?



The attackers behind the operation amassed nearly $120,000 in bitcoins, though it's not yet clear who were behind the attacks, but the attackers could have had direct access to messages sent to and from the affected accounts.

Twitter Cyberattacks


It appears to have been directed against cryptocurrency-focused accounts initially, such as Ripple, Bitcoin, CoinDesk, Coinbase, Gemini, and Binance, all of whose Twitter accounts were hacked, displaying the same message: "We have partnered with CryptoForHealth and are giving back 5000 BTC to the community," and a link to a phishing site that was later taken down.

Also, the Twitter accounts of Apple, Uber, and Elon Musk were all used to post tweets soliciting for bitcoins with the exact same Bitcoin address as on the CryptoForHealth website.

Measures taken by Twitter to contain the Attacks



Twitter took the immediate step of temporarily halting several of the high-profile verified accounts from tweeting altogether, albeit there have been previous cases of account hijacking on Twitter, but it hasn't happened at such a scale on the social network.

This leads to speculations that the hackers probably gained control into a Twitter administrative employee's access to "take over prominent accounts and tweet on their behalf" without even knowing their passwords or requiring two-factor authentication.

The company, however, promised to take significant steps to limit access to the internal systems and tools while investigation is still ongoing on the cyberattacks.

Twitter suffers Biggest Cyberattacks with Several High-profile Accounts affected

Windows DNS server flaw


SigRed is the name given to a new highly critical "wormable" vulnerability with severity score of 10 out of 10 on the CVSS scale, that affects Windows Server versions 2003 to 2019.

While the 17-year-old remote code execution flaw (CVE-2020-1350) was dubbed 'SigRed' by the cybersecurity outfit, Check Point, who discovered the flaw in Windows DNS Server, allowing attackers to spread malicious code from one vulnerable computer to another remotely.

It could also allow an unauthenticated, and remote attacker to gain admin privileges over targeted Windows DNS servers and take complete control of an organization's IT system.

How SigRed Spreads Malicious DNS Responses



As Windows DNS server parses an incoming query or a response for forwarded query, which query happens when a DNS server cannot resolve the IP address for a given domain, it results the query to be forwarded to an authoritative DNS name server (NS).

SigRed exploit this architecture, by configuring an NS resource records to point to a malicious name server (ns1.41414141.club), and querying the target DNS server for the domain to have the latter parse responses from the name server for subsequent queries from the domain or its subdomains.

The vulnerability stems from the function for allocating memory in the resource record ("RR_AllocateEx"), which generates a bigger result than 65,535 bytes to cause integer overflow that would lead to a smaller allocation than what's expected.

And SigRed can be triggered remotely via a browser, such as IE and Edge (non-Chromium version), allowing an attacker to exploit Windows DNS servers' support for query pipelining features to "smuggle" DNS query within an HTTP request payload to a target DNS server on visiting a maliciously crafted website.

How to Mitigate against SigRed Vulnerability



All organizations using Microsoft infrastructure is at major risk, therefore it's recommended that they patch their affected Windows DNS Servers to mitigate the risk, otherwise left unpatched, the risk would result to a complete breach of the corporate network.

There is a temporary workaround, with the maximum length of a DNS message (over TCP) set to "0xFF00" to eliminate the chances of a buffer overflow, as follows:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS


Fortunately, DNS clients ("dnsapi.dll") aren't susceptible to the flaw, as Microsoft manages different code bases for the DNS server and DNS client, and it doesn't synchronize bug patches between them.

SigRed Vulnerability: 17-year-old Remote Code Execution flaw affecting Windows DNS Server

Java Platform Module system


The Java Platform Module System (JPMS) is a code-level structure introduced in Java 9, which collects related packages together, thus making it easier to organize the code.

While Java’s top-level code organization element was the package until Java 9, and now, starting with Java 9 that has changed: as the module has replaced the package. The module system brings a new, higher-level descriptor which is added for use by JARs, incorporating the module-info.java file.

JPMS as the outcome of project Jigsaw, makes it easier for developers to organize large applications and libraries, to better handle the decomposition for more devices.

What JPMS brings to the Java Platform?



Given that JPMS is a Standard Edition feature, it therefore affects every aspect of Java and the change will allow most code to function without modification on moving from Java 8 to 9.

There are some exceptions, however and as the idea behind a module is to allow collection of related packages that are available to the module, while hiding the elements from external users of the module, which is to say that a module allows another level of encapsulation.

Above all, it will improve the structure and security of the platform and JDK itself, including the app performance.

Using Modules in the JDK



Now that the JDK itself is composed of modules, once you have JDK on your system, you'll also have the source.

Within your JDK install directory is a /lib directory and inside that directory is a src.zip file. Simply unzip the file into a /src directory and then, look inside the /src directory, navigating to the /java.base directory. There you'll find the module-info.java file. Open it!

And note that when running the Java compiler against modules, you'll need to specify the module path in like manner as the class path, as it allows the dependencies to be resolved.

Java Platform Module System (JPMS) makes organizing code easier

Debian


Debian 8 “Jessie” reached its end-of-life (EOL) on June 30, 2020 and subsequently, the Debian Team announced the discontinuation of support and security patches or any other updates for Debian 8.

While Debian 8 was released with 5-year long-term support, but after completing its lifetime, it is now an Extended Long Term Support (ELTS) release with extended support for enterprises, who can still extend the support of Debian 8 for another five years under the Extended Long Term Support (ELTS) by paying a fee.

The LTS Team have prepared the transition to Debian 9 "Stretch", as the current stable release and to take over support from the Security Team on July 6, 2020 with the final point update for stretch scheduled for release on July 18, 2020.

Release Timeline for Debian 9 “Stretch” LTS



Debian 8 GNU/Linux was released on April 25, 2015, and it completed its lifetime on June 30, 2020; it now becomes the current ELTS release with extended support for enterprises.

Now, Debian 9 which was released on June 17th, 2017, is the current LTS version, and it's scheduled to receive a final point update on July 18, 2020. With the Debian LTS Team providing long-support for Debian 9 from July 06, 2020, to June 30, 2022.

Debian LTS Timeline


Some major changes expected with the final point update includes: improved APT package manager, the default MariaDB replacing MySQL, and modern branch of GnuPG in the gnupg package.

How to Upgrade to Debian 9



As expected, Debian 9 Stretch will receive a final point update on July 18, 2020. And the Debian LTS Team will provide long-term-support for Debian 9 from July 06, 2020, to June 30, 2022.

You can upgrade from Debian 8 to 9, the next LTS version, by first updating your /etc/apt/sources.list and running the commands:

sudo apt clean
sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
sudo apt autoremove


For futher information and guidance, you can check out the official upgrade guide for Debian 8 Jessie.

Debian 8 ‘Jessie’ GNU/Linux Extended Long Term Support (ELTS) for Enterprises

Joker malware


Joker Malware is a family of prevalent Android malware, notorious for billing fraud and spyware capabilities, that was first discovered in 2017.

Infamously called Joker, the malware has found a new trick to bypass Google's Play Store security by obfuscating the malicious DEX file as Base64 encoded strings, and then decodes and loading it on the compromised devices.

According to Check Point’s researchers, the new variant of Joker is fully capable of downloading additional malware to the compromised device, and stealthingly subscribing the user to premium services.

The malware hides under the guise of legitimate apps to subscribe unsuspecting Android users for premium services without their consent or knowledge.

Joker's earlier Malware Campaigns



Joker was first discovered in 2017, as one of the most prevalent Android malware, notorious for billing fraud and spyware capabilities, including stealing SMSes, contact lists, and device information.

Earlier campaigns involving Joker were uncovered by Trend Micro, with a number of malware-infected Android apps which are repeatedly finding ways to exploit security gaps in Google's Play Store malware checks.

The authors behind the large-scale malware operation have resorted to a variety of ways to avoid detection, like using encryption to hide strings from analysis engines, and fake reviews to lure unsuspecting users into downloading the apps.

The old technique was referred to as versioning that involves initially uploading a clean version of the app, and then later, loading malicious code via app updates.

Joker using Android Manifest to hide Malicious DEX File



The lastest trick by Joker involves using Android Manifest to hide its Malicious DEX File, while the goal remains the same, it leverages the Android app's manifest file, which it uses to load a Base64 encoded DEX file or a similar technique of hiding the .dex file as Base64 strings.

And for subscribing Android users to premium services without their knowledge or consent, the new Joker utilizes two components, namely: the Notification Listener and a dynamic dex file loaded from the C&C server to perform the fraudulent registration.

Therefore, it's recommended that Android users should check their mobile and transaction history to see if there are suspicious payments that they don't recognize. Additionally, they should scrutinize the permissions granted to every app installed on their Android device.

Joker Malware: Notorious for Billing fraud returns bypassing Google's Play Store

Btrfs Filesystem

Fedora Linux release of the latest version 32, means that the development of the next stable Fedora 33 release has started; and with the development cycle of 33 still underway, new proposal has been sent for changes to Fedora desktop variants.

While the proposal is majorly about the transitioning from ext4 to Btrfs filesystem by default for laptop and workstation installs of Fedora, and across x86_64 and ARM architectures; Fedora team has also organized a test day to experiment with the Btrfs filesystem features.

And if the proposed change passes all tests, then it should be expected that the change to Btrfs filesystem by default would arrive for the next Fedora 33.

Why the Switch from EXT4 To Btrfs Filesystem?



Btrfs Filesystem brings a lot of benefits, ranging from resolution of several problems like running out of space, data storage corruption, filesystem resize, and other complex storage setup; also the primary goal of Btrfs Filesystem is for operations that are largely transparent to users.

And the number of modern features that Btrfs support are all marked as stable, which features can be checked out from the wiki list of Btrfs status.

Asides from Fedora Linux, Btrfs filesystem is used by default by openSUSE and Kaisen Linux; and since Fedora is a community distro and an upstream of Red Hat Enterprise Linux (RHEL), it is expected that RHEL may also switch to Btrfs once Fedora adopts it.

What's the Way Forward for Fedora?



Fedora desktop edition/spin variants will switch to using Btrfs as the filesystem by default for new installs. While Labs derived from these variants will also inherit this change, and other editions may opt-in as well.

The change is based on the installer's custom partitioning Btrfs preset, which has been well tested for about 7 years.

Fedora 33 System-Wide Change proposal for Switching EXT4 To Btrfs Filesystem

Firefox ESR


Firefox ESR is the release channel crafted for enterprises, owing to their inability to upgrade browsers for workers every four weeks; but instead, Mozilla issues ESR that is supported until approximately once a year, and its replacement appears with several-week overlap.

Mozilla adopted the concept nearly a decade ago, from concerns by large organizations over the supposedly fast release schedule of Firefox browser, and IT admins balked at testing and switching to a new release every few weeks.

Therefore, ESR tends to address that by allowing only the separate security updates Mozilla releases (and distributed in every-four-week schedule as used by the standard browser channel). While other new features are not introduced to ESR version during its year-long duration.

Enterprise users, however would always "catch up" on feature and functionality changes when next ESR is released.

How Firefox ESR next transition works



Mozilla now uses an eight-week overlap during which it would release both the previous ESR (designated "n") and replacement ("n+1"), in order to give enterprises time to test and roll out the next ERS.

And enterprises that have been using Firefox ESR 68 since the summer of 2019, which end is near, as the next ESR is v. 78; Mozilla will refresh both ESRs starting from July 28 and August 25, to ESRs 68.11 and 78.1 appearing on the first date, and ESRs 68.12 and 78.2 on the second.

The next release cycle, which is slated for September 22, will see only ESR 78.3, while ESR 68's support will come to an end on that same day.

What's next for Firefox 79?



As expected, during an ESR transition, Mozilla usually issues two builds on a three-release cycle to give IT admins ample time to test and deploy the next static-for-a-year browser.

And Firefox 78 also began the culling of OS X 10.9 (Mavericks), 10.10 (Yosemite) and 10.11 (El Capitan) from support, which automatically shift users of those outdated operating systems to the Extended Support Release (ESR). Meanwhile, the next Mozilla upgrade, Firefox 79, will be released on July 28, 2020.

Firefox ESR starts next transition for Enterprises with version 78