Microsoft Defender ATP


Microsoft has released the Defender Android app as a preview, and available only to enterprise users with Microsoft 365 E5 license.

While the Defender ATP for Android will focus more on signature-based malware detection, albeit the Defender ATP for Linux and Windows is fully capable of tracking system behaviors and report to the ATP cloud service, which further helps to detect possible threats even before any malware infestation.

The Defender ATP app for Android can also block employees who failed to follow the organization’s security and threat protection policies.

How Microsoft Defender ATP for Android will Function?



The Defender ATP (Advanced Threat Protection) is part of Microsoft Threat Protection (MTP) which offers intelligence, automation, and integration to coordinate the detection, protection, response, and prevention of malware threats by combining into a single solution the capabilities to stop cyber-attacks.

Defender ATP for Android


But Defender ATP for Android mainly targets enterprise users on Android devices, so therefore, there are fewer enterprise security-focused protection capabilities, such as allowing security admins to create custom indicators for web protection, and ability to block users who don’t follow the organization’s security policies.

It also warns about suspicious apps and block malicious web pages opened via WhatsApp, email, and even the web browser; though, it is still a software preview, Microsoft may perhaps have future plans for the non-enterprise users.

How to Download the Defender ATP app for Android



The Microsoft Defender ATP app for Android is now available for download on the Play Store as a software preview, and the app is not a free app, as it is for business/enterprise users who have a valid Microsoft 365 E5 license.

Microsoft also hinted on Defender ATP app for iOS devices, though no specific timeline was mentioned when it would be released.

Microsoft targets Enterprise users on Android with the Defender ATP Application

Nitrux Linux


Nitrus is one of the most unique Linux distributions because of the beautiful KDE Plasma desktop, and that it employs a portable universal app format, called AppImage, with support for package managers like APT and DPKG.

While Nitrux has released a new point version, Nitrux 1.3.2 which succeeds the previous Nitrux 1.3.1 released last month, with several changes and update in many software packages.

The latest version Nitrux 1.3.2 also brings bug fixes, performance improvements, and new hardware supports. And most importantly, Nitrux has finally replaced the default Init System from Systemd to OpenRC init system.

What's New in Nitrux 1.3.2 Release?



Besides the replacement of the default Init System from Systemd to OpenRC, Nitrux 1.3.2 has upgraded the Linux Kernel from version 5.6.0-1020 to the latest 5.6.0-1021.

And it has updated KDE Plasma to the latest version 5.19.4, KDE Applications to version 20.11.70, KDE Frameworks to version 5.74.0, Nvidia driver to version 450.66, LibreOffice to version 7.0.1.1.0+, and Firefox to version 80.

Wayland Session


There is also the addition of a Wayland session in Nitrux 1.3.2, which feature allows you to gain access from the SDDM login manager, albeit, the Wayland session is not turned on by default. And Plasma (Wayland) session works better with Intel and AMD graphics cards, with the session also working on Nvidia graphics cards, but with lower performance.

Additionally, Nitrux 1.3.2 has added new components like Docker for building AppImages via appimage-builder, Nitroshare for sharing files within the same network, and a tree utility that displays the content of a directory in a tree-like format.

How to Upgrade to Nitrux 1.3.2



If you wish to give Nitrux 1.3.2 a spin, the ISO image is now available for download, and it is recommended to reinstall the distribution after performing a backup with Kup.

But note that Nitrux now offers openrc-init directly, rather than as a service manager of another /sbin/init binary, which means you can not be able to install programs with hard dependency on systemd, for instance Snaps.

Nitrux 1.3.2 Release: Finally changed default Init System from Systemd to OpenRC

Microsoft .NET 5


The .NET 5 will serve as a merger of .NET Framework and .NET Core as it is intended to unify the .NET platform and the new .NET 5 is due for general availability on November 10, 2020.

While Microsoft .NET 5 eighth preview has arrived, almost every feature are now in its stable form, with the exception of some bug fixes.

And the goals for .NET 5 include bringing a unified .NET SDK experience, with a single base class library (BCL) across the .NET 5 applications, and support both native and web applications across multiple operating systems, such as Windows, Microsoft Duo (Android), and Apple iOS via native controls.

What’s new in Microsoft .NET 5



Microsoft .NET 5 include support for faster algorithms in the BCL, better support for containers in the runtime, and support for HTTP3 which are essential for building high-performance cloud applications. It also includes support for WebAssembly binary format via the Mono runtime and .NET libraries.

Along with a set of nullable reference type annotations, other improvements noted in the .NET 5 Preview 8 bulletin, includes:

  • Support for Windows ARM64
  • More capable JsonSerializer APIs
  • Performance improvements in the NET libraries, the GC, and the JIT
  • Support for WebAssembly, using the Mono runtime and the .NET Libraries
  • Visual Basic is also included in the .NET 5.0 SDK


Additionally, there is the new foundation of Blazor Web Assembly in .NET 5.0, which is a change from Blazor 3.2, using the Mono runtime and Mono libraries. The advantages of this change are a single development experience for .NET, and much higher compatibility between the various .NET app types.

What are the .NET 5 novel changes?



The .NET and Windows teams have all been working hard to change the way WinRT works, replacing WinRT support for Windows with the C#/WinRT toolchain in .NET 5. And C#/WinRT is a NuGet-packaged toolkit to offer WinRT projection support for C#.

And the removal of the built-in support for WinRT (Windows Runtime), a collection of APIs for building Universal Windows Platform applications, is perhaps a breaking change; whereby .NET Core 3.x apps using WinRT must be recompiled.

Microsoft .NET 5 aims to unify the .NET Framework and .NET Core platforms

ExTiX Linux


ExTiX is an Ubuntu-based and liveDVD Linux distribution that offers a choice of alternative desktop environments, including KDE plasma desktop, with the latest version, ExTiX 20.9, supporting Android apps via Anbox (Android in a box).

While ExTiX 20.9 inclusion of the open-source compatibility layer, Anbox, means that users can now run Android apps on the GNU/Linux distribution.

It features some useful Android apps by default, such as F-Droid and Aptoide App Manager, also allowing users to easily install any other Android app via the Google Play Store, and besides the Play Store, users can download Android APK files and install the apps using ADB tool.

What's New in ExTiX 20.9 Release?



ExTiX 20.09 ships with Refracta Snapshot pre-installed, which application allows you to create an installable Ubuntu/Anbox-based system that runs live on your system or from the hard drive.

ExTiX Refracta


And it comes with the highly configurable KDE Plasma 5.104 desktop environment, replacing the lightweight LXQT desktop that came bundled with the previous version ExTiX 20.8. While ExTiX 20.9 KDE plasma runs on the latest Ubuntu 20.04.1 LTS “Focal Fossa” point version with long-term Linux Kernel 5.4.

Finally, the major new update in ExTiX, support for Anbox has some limitations such as the fact that users won't be able to run Anbox in VirtualBox. And also, it can't play videos directly on YouTube or other apps, albeit sounds-only media works as well.

How to Upgrade to ExTiX 20.9



ExTiX 20.9 is based on Ubuntu with LXQt/Deepin/KDE/Anbox and kernel 5.8.0-rc7, and, if you want to give it a spin, you can download ExTiX 20.9 with KDE and Anbox directly from SourceForge.

But note that you can also create your own Ubuntu system while running ExTiX from DVD or a USB stick, with the whole process (creating new ISO with Refracta) taking only 10 – 30 minutes. In VirtualBox/VMware it may take a couple of hours. You can find the ISO in /home/snapshots and the whole process is very simple.

ExTiX 20.9 Release: Ubuntu-based Linux distro with Anbox (Android in a box) support

Qbot Malware


Qbot, also known as QakBot, QuakBot, or Pinkslipbot was first profiled in 2008, but has evolved from an information stealer to a rather kind of "Swiss Army knife" in delivering different variants of malware, including the notorious Prolock ransomware.

While the malware can even remotely control a target's system to carry out nefarious banking transactions using the victim's IP address, and also use a 'third-party' infection infrastructure like Emotet's to further.

The notorious banking Trojan is famous for stealing bank credentials and other confidential financial information, and now, with new tricks to target government institutions, and manufacturing sectors in Europe and the US.

How Qbot Banking Malware targets its Victims



Qbot mainly focused on banks in the United States with a dedicated campaign to hijack users browsers or redirect them, as it attacks and it watches the victim’s web traffic, looking for specific financial services to harvest credentials.

According to Check Point research, Qbot latest wave of activities appears to have curtailed with the re-emergence of Emotet, which is another notorious phishing-based malware that carried out several botnet-driven ransomware attacks and spam campaigns just last month, and capable of secretly gathering email threads from a victim and using them for malspam campaigns.

The earlier campaign shows about 36 U.S. financial institutions targeted and some banks in Canada and the Netherlands; with the rest of the target list containing generic URLs that may be part of a second stage in the fraud transactions.

Formerly, Qbot used worm-like self-replication techniques to duplicate itself on shared drives or removable media, and the malware remains Windows-based, with the latest variant adding new detection and evasion techniques.

How to Secure Your System against Malware Attacks



Qbot, just like other similar malware, have pretty much retained the same functionalities, though the targets may change or some features added, but it will still be primarily based on keylogging, and extracting personal data from victims.

Therefore, it is recommended that online users should ensure they apply critical patches for known vulnerabilities when available, especially against weaponized exploits that target the Internet tools, such as mail clients and browsers. Also, the use of Antivirus software remains a powerful tool for detecting and thwarting malware infections.

But most importantly, organizations and businesses should provide security awareness training for employees, and also make it easy for employees to report suspicious malicious behaviors.

Qbot Banking Trojan returns with some New Tricks to lure victims

Google Container system


Google Java container technology, Jib has become a huge favorite for developers as it can turn just about any Java app into an optimized container image, and allowing developers to fully optimize the creation of Docker containers.

While Jib helps to build container images in a declarative manner, which delivers an impressively short edit-compile-test development cycle, and transparently applies container best practices, that doesn’t require the installation of Docker or writing a script-like Dockerfiles.

Now, Google has extended the containerization technology with the Jib Plugin Extension Framework, thus enabling customization of the Jib plug-ins for both the Maven and Gradle build systems.

About the Jib Plugin Extension Framework



Jib Plugin Extension Framework is meant to allow developers to easily extend and tailor Jib to perform their custom-specific tasks. And they can use the extension and apply it to any project, for instance, if a developer wants to add custom image layers whose contents come from a ZIP file, an extension can be created for it.

It allows you to tweak every aspect of the image you want to build, powered by Container Build Plan Specification, which is a general, tool-agnostic process of describing how to build an image.

The extension framework actually opens up a lot of possibilities for developers, from fine-tuning images to containerizing GraalVM native images or jlink images for small footprint.

How Jib sets a new course for Java containers



Jib made debut in June, and it became generally available, it has cornered a sizable community around it, with the core Jib team haven been working on expanding the ecosystem.

Google has also improved application framework support for Jib, with the recently released Maven and Gradle Jib extensions for Spring Boot, Quarkus and a Maven extension for GraalVM. And the Jib Extensions repository on GitHub is perhaps where you can discover great extensions for your builds, or perhaps, join the core Jib team in creating more useful extensions.

Jib Plugin Extension Framework enables developers to perform custom-specific tasks

TypeScript


Microsoft announced the availability of the latest stable version of its programming  language, TypeScript 4.0 and as the next generation of TypeScript releases, with focus on expressivity, productivity, and scalability.

While TypeScript is an open-source programming language developed by Microsoft, which serves as a strict syntactical superset of JavaScript with optional static typing support.

TypeScript is fundamentally designed for development of applications at scale and transcompiles directly to JavaScript.

What's New in TypeScript 4.0?



TypeScript 4.0 comes as a major milestone in the programming language, with several enhancements and new features, such as Variadic Tuple Types, which function in JavaScript is called concat that takes two array or tuple types and concatenates them together to make a new array.

It brings two fundamental changes, along with inference improvements to make typing easier. The first change is the fact that spreads in tuple type syntax is now generic, which means that users can represent higher-order operations on tuples and arrays even when they don’t know the actual types operating over.

And if generic spreads are instantiated (or, replaced with a real type) in the tuple types, they can produce other sets of array and tuple types. You can find all the major new features and changes in TypeScript 4.0 below:

  • Custom JSX Factories
  • Labeled Tuple Elements
  • Short-Circuiting Assignment Operators
  • Class Property Inference from Constructors
  • Unknown on catch Clauses


Additionally, TypeScript 4.0 changes the outcome of compiling a program after a previous compile with errors under --incremental, which would previously be extremely slow when using the --noEmitOnError flag, because of none of the information from the last compilation would be cached in a .tsbuildinfo file based on the --noEmitOnError flag.

Now, it gives a great speed boost in the above scenarios, improving --build mode scenarios (which imply both --incremental and --noEmitOnError).

Getting started with TypeScript 4.0



If you want to get started in using TypeScript 4.0, you should install it via NuGet or NPM:

npm i typescript


Also, you can test code using the TypeScript playground or any text editor that supports TypeScript, such as Visual Studio Code. And the official instructions for using TypeScript in Visual Studio Code is available here!

TypeScript 4.0: What's New in the latest version of the Programming language?

Apache Server


Apache HTTP Server, which is colloquially referred to as Apache, is an open-source cross-platform web server software developed and maintained by a community of developers under the auspices of Apache Software Foundation.

While Apache flaws, tracked as CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993, were disclosed by a member of Google Project Zero, named Felix Wilhelm, but since have been fixed by the Apache Foundation.

The Apache foundation fixed multiple vulnerabilities in the web server software that could have potentially allowed an attacker to execute arbitrary code, and in some specific cases, could even allow the attackers to cause a denial of service.

What's the nature of the Apache HTTP Server Flaws



The flaw tracked as (CVE-2020-11984) potentially allows an attacker to view, alter, or delete sensitive information depending on privileges associated with the application running on the Apache server.

And the second flaw (CVE-2020-11993) steps from debugging which is enabled in the "mod_http2" module, thus causing the logging statements to be made on wrong connection and thereby resulting to memory corruption due to concurrent log pool. While the flaw marked as CVE-2020-9490 is the most severe and resides in the HTTP/2 module using a specially crafted 'Cache-Digest' header to cause memory corruption leading to a denial of service.

If a specially crafted code is injected into the 'Cache-Digest' header in HTTP/2 request, it could potentially crash the server by sending a PUSH packet using the header, but this issue can be resolved by simply turning off the HTTP/2 server push feature.

How to Mitigate against the Apache HTTP Server Flaws



These vulnerabilities are not yet been exploited in the wild, but it is essential that users should carry out due testing and make sure that applications running on the server are configured with the required permissions to help mitigate further security impact.

And the latest version of the Apache software v2.4.46, should immediately be installed on the server application to prevent attackers from taking unauthorized control of the server.

Apache HTTP Server Flaws allowing Attackers access to sensitive data

Google Drive


There is a security flaw in Google Drive which could allow attackers to spread malicious files as legitimate documents, and also, perform phishing attacks with comparatively higher rate of success.

While the security flaw is known to Google, but still no patch has been released of which Google is hopefully working to contain the vulnerability which resides in the "manage versions" feature in Google Drive that allow users to manage different versions of a file.

The manage versions allow Google Drive users to update an older version of a file, as well as change the way its interface provides a new version of the files having the same file extension; but it turns out that's not actually the case.

How Attackers Could Trick Users Into Installing Malware



According to A. Nikoci, a cyber-security professional who reported the flaw to Google, the affected functionally in Google Drive allows the upload of new version of file with any extension on the cloud storage, even malicious executable.

The legitimate version of the file that is been shared among a group of users can be easily replaced by a malicious file, and when previewed online it won't indicate any newly made changes, but if downloaded can be exploited to infect a targeted system.

And the flaw subsequently leaves the door open for other highly effective spear-phishing campaigns which can take advantage of the widespread use of cloud services like Google Drive to spread malware.

How to Mitigate against any such Malware Threats



Google had recently fixed a security flaw in its Gmail service that could have allowed an attacker to send spoofed emails that mimic Gmail or G Suite users, even with strict DMARC/SPF security policies enabled.

And since cyber-criminals are getting more sophisticated in their crafts to conceal their malicious intentions, it's now more essential that users should keep close watch on suspicious emails, including files on Google Drive; and exercise caution in opening such files to mitigate any possible security risk.

Google Drive security flaw could be Exploited to spread malicious files

Armbian


Armbian is a Debian and Ubuntu Linux-based operating system that is exclusive for ARM development boards, with the latest release, Armbian 20.08 ‘Caple’ bringing major kernel upgrades, improvements and several bug fixes.

While Armbian supports a wide variety of single-board computer (SBC), such as Odroid, Orange Pi, Banana Pi, PINE64 with SoCs of Allwinner, Rockchip, and many more.

Armbian 20.08 continues the improvements to the login security, which now includes a more user-friendly login screen that requires that users login and change the your root password on first login. Armbian 20.08 also offers an option for automatic login which you can enable by simply filling out some information fields like root password, user creation, and timezone.

What's new in Armbian 20.08 Release?



Armbian 20.08 includes a new powerful ARM board Helios64 which is powered by Rockchip RK3399 SoC, designed for Network Attached Storage (NAS).

With the introduction of support for Rockchip RK3328-based Rock Pi E, Rockchip RK322X SoC, and NanoPi NEO3 single-board computer, including support for older Allwinner chips A10, A20, and A31; also added HDMI sound support. And there is the addition of kernel boot splash as an option, which is a graphical replacement for quiet boot option, displaying the logo and spinner animation on system startup.

Armbian 20.08 includes the following bug fixes:

  • Armbian config failed to switch kernels
  • Support for EDID Firmware by users
  • Rock PI 4B 1Gb doesn’t boot modern kernel / u-boot
  • Banana PI R2 does not boot at all
  • Fix for Random MAC on H3 boards
  • Fix for WiFi on Nanopi M4V2


Additionally, there is an increase in the address room for initial ramdisk, and the missing default SElinux policy has also been fixed in Armbian 20.08 release.

How to get Started with Armbian 20.08 Release



Armbian 20.08 is available for download with the image now on the official page for all the supported systems.

The download process includes finding your board and downloading any of the available images. With the Archives which can be uncompressed with 7-Zip on Windows, Keka on OS X and 7z on Linux (apt-get install p7zip-full) and RAW images can be written with Etcher (all OS). Full download and installation instructions are available here.

Armbian 20.08 Release: Debian and Ubuntu based Distro for ARM development boards

WSL2


Microsoft released the Windows 10 May 2020 Update (Windows 10 20H1 Build 19041), with new feature known as Windows Subsystem for Linux 2 (WSL2), which includes support for the Linux Graphical User Interface (GUI) Apps on the Windows platform.

Now, the company has sort of backported the support for WSL2 (as WSL2 support was initially exclusive to Windows 10 2004 or higher) by extending it to Windows 10 1903 and 1909, which were released in May and November 2019 respectively.

Albeit, the WSL2 backport to Windows 10 1903 and 1909 applies only to x64 systems, which means that if you're using ARM64 version, you'll need to upgrade your system to Windows 10 version 2004 before gaining the support for WSL2.

Linux GUI-based apps running directly via WSL



Microsoft had earlier demonstrated samples of Linux GUI-based apps running directly on Windows via WSL and using WSL to run Linux GUI app don’t require third-party X server.

It also brings about the custom Linux kernel and Linux file integration in the File Explorer app, which are all great features for Linux distros via WSL2.

And the latest WSL2 update brings Linux GUI apps integration with Windows 10 using Wayland display server protocol which runs within WSL; it also communicates with an RDP (Remote Desktop Protocol) client on the Windows host in order to run the GUI app.

Why the Backport of WSL2 to Windows 10 1903 and 1909?



Microsoft claims that it received great feedback for WSL2 and the decision to backport the feature to older versions of Windows was to make the experience available to users on more older Windows versions.

Therefore, users of older Windows 10 1903 and 1909 can now fully enjoy the features of WSL2 without having to upgrade their machine to the Windows 10 2004, with full custom Linux kernel and Linux file integration right in the File Explorer app. But you'll need to check for the WSL2 update via Windows Update, to get WSL2 on Windows 10 1903 and 1909.

Microsoft extends support for WSL2 to older Windows 10 1903 and 1909

Remote Access Service


Microsoft issued an out-of-band software update for Windows 8.1 and Windows Server 2012 R2 systems to patch security vulnerabilities, which flaws are tracked as CVE-2020-1530 and CVE-2020-1537, residing in the Remote Access Service (RAS) memory and file managements.

While the Remote Access Service (RAS) provides remote access capabilities to applications on systems running Microsoft Windows to connect to the server and access internal resources via the Internet.

The patches for both vulnerabilities were released on August 11 with another batch on Patch Tuesday updates, which later update was for Windows 7, 10, and Windows Server 2008/2012/2016/2019, and Windows Server versions 1903/1909/2004 systems.

How the Remote Access Elevation of Privilege Vulnerability affect Windows Systems



The Remote Access Elevation of Privilege Vulnerability exists when Windows Remote Access improperly handles memory, and the flaws could be exploited by an attacker to run a maliciously crafted application to elevate privileges, which the attacker must first gain execution on the victim system.

Microsoft promptly issued a security update to address the vulnerability by correcting how Windows Remote Access handles memory managements.

And the vulnerability is awarded a CVSS score of 7.8 out of 10 and 'important' in severity, and it's highly recommended for Windows users to install the newly released security patches as soon as possible to protect their systems from potential attacks.

How to Mitigate against the Remote Access Elevation of Privilege Vulnerability



Microsoft has also made available standalone packages (KB4578013) for affected users on Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 to download and install from the Microsoft Update Catalogue.

The Patch Tuesday updates also addressed about 120 other newly discovered software vulnerabilities, 17 of which were rated as critical, and 2 as being actively exploited in the wild.

Flaws in Windows Remote Access Service (RAS) memory and file managements

CAELinux 2020


CAELinux is a LiveDVD Linux distribution dedicated to computer aided engineering, scientific simulation, and finite element analysis, which is bootable directly from DVD or USB flash drive without installation.

While the latest release, CAELinux 2020 is based on the long-term Xubuntu 18.04, and comes with several new tools focusing on computer-aided design (CAD), with the updated CAELinux core packages.

CAELinux 2020 brings new update on the ISO image to resolve the issue with the installer and LiveDVD boot, now you can only run CAELinux from USB flash disk, simply by inserting the CAELinux LiveUSB into your computer. You can also turn CAELinux 2020 into a free and open engineering workstation.

What's new in CAELinux 2020 Release?



CAELinux 2020 brings tons of open source CAD/CAM/CAE applications for engineering design, mechanical processes, stress analysis, flow simulation, and 3D printing/CNC manufacturing such as OpenSCAD, Freecad, LibreCad, and Cura.

It also contains other range of electronic design tools like Flatcam, KiCad, Arduino, and dxf2gcode/cadpy for PCB isolation milling. And for scientific computing, it offers the latest version of mathematical modeling tools such as GNU Octave, R, Java, Perl, Python 3 with Spyder, and a full suite of GNU compilers.

Additionally, the issues related to CAELinux 2018 installer and LiveDVD boot, caused by the large size of the ISO image which could not be properly handled by the boot codes, have been resolved. From now, CAELinux will only be able to boot from a USB flash disk an dbooting a greater than 4GB ISO requires that you follow the instructions provided in the Getting Started guide.

How to Get Started with CAELinux 2020 Release



If you want to give CAELinux a spin right now, you can download each of the three parts of the 7z archive and uncompress the ISO Image using 7zip to create a bootable USB flash disk via a multi-iso bootloader, like Ventoy.

Then, after the successful creation of a bootable USB, you'll need to plug it in your computer and boot the new CAELinux 2020.

CAELinux 2020 Release: LiveDVD Linux distro bootable directly from DVD or USB flash

P2P Network


There is a new highly sophisticated peer-to-peer (P2P) botnet, called FritzFrog discovered by cloud security company, Guardicore, which has been actively breaching SSH servers worldwide since January 2020.

FritzFrog’s P2P protocol is uniquely proprietary and it's not based on existing implementation. While the modular, multi-threaded and fileless botnet, has breached over 500 servers to date, affecting well-known universities in the United States and Europe, according to a report released by Guardicore Labs.

Unlike other similar P2P botnets, FritzFrog have some unique properties: the fact that it is fileless, and as it assembles and executes payloads in-memory. It is rather more aggressive in its brute-force attempts, and yet, efficient in distributing targets evenly within the network.

What's A Fileless P2P Botnet?



As P2P communication happens over an encrypted channel, using AES for symmetric encryption and Diffie-Hellman protocol for key exchange, FritzFrog creates a backdoor in the form of an SSH public key, thus enabling the attackers access to victim machines.

FritzFrog executes a worm which is written in Golang, and it's modular, multi-threaded and fileless, with no trace on the infected machine’s disk. Albeit, FritzFrog appears to share similarities with Rakos, another Golang-based Linux backdoor that previously infiltrate target systems via brute force attempts at SSH logins.

The malware performs a series of tasks involving brute-force once a target is identified, infecting the machine with payloads upon a successful breach, with the victim added to the P2P network.

SSH malware


And the authors employed a creative technique to evade detection, instead of sending commands directly over port 1234, the commands are sent to the victim in this manner: attacker connects to the victim over SSH and runs a netcat client on the victim’s machine, and in turn connects to the malware’s server.

How to Detect FritzFrog Infection and Mitigate against it



Guardicore Labs has developed a client program in Golang which is fully capable of intercepting FritzFrog’s P2P communication, as well as joining as a network peer.

It is recommended that strong passwords and public key authentication should be used on SSH servers, which is much more secure and safer. And routers and IoT devices that often expose SSH are vulnerable to FritzFrog, therefore users should consider changing their SSH port or disabling SSH access completely if the service is not in use.

Highly Sophisticated peer-to-peer (P2P) Botnet, FritzFrog targets SSH Server

Kali Linux


The third point version of Kali Linux 2020 series, Kali Linux 2020.3 has been released by Offensive Security, with a number of exciting new penetration testing tools and improvements.

While the second update for 2020, Kali Linux 2020.2 came with major features like non-root user policy and Nexmon support, also bringing WiFi monitor and frame injection to wlan on mobile devices.

The major new update to the Kali Linux 2020.3 is perhaps the addition of Z Shell (ZSH shell), as formerly, Kali Linux uses Bourne Again Shell (BASH) by default; but with the introduction of Z Shell, Kali will be switching from default BASH to ZSH shell.

What's new in Kali Linux 2020.3 Release?



Kali Linux 2020.3 Release brings ZSH, which is an extended version of BASH with several improvements. Albeit, BASH remains the default shell in 2020.3 release, but ZSH now comes pre-installed and will be replacing BASH in the next update, Kali Linux 2020.4.

The new Kali has also introduced a “kali-hidpi-mode” to automatically switch between HiDPI displays, and instead of using manual settings, Kali users can now simply type in kali-hidpi-mode or select it from the menu to automatically switch. As most of the popular Linux distros are already supporting HiDPI (High Dots Per Inch) displays like Linux Mint 20 and Ubuntu 20.04.

Also, Offensive Security has added updates to its ARM Images for ARM-based devices, such as Raspberry Pi and Pinebook Pro, with the changes including the kali-linux-default metapackages and the size reduction for all new ARM images.

Additionally, the mobile penetration testing platform based on Kali Linux for Android devices, Kali NetHunter has been further extended with support for Nokia 3.1 and Nokia 6.1 smartphones.

How to Upgrade to Kali Linux 2020.3?



For existing users who are using the previous version of Kali Linux, they can simply run the following command to upgrade their system to the latest Kali Linux 2020.3:

sudo apt update && sudo apt -y full-upgrade


If you are using any of the above named Nokia phones, you can download the images available here and also install all the default tools using the following command:

sudo apt install -y kali-linux-default


And for a fresh installation from scratch, you can download the ISO image from the official page for the different supported versions and systems.

Kali Linux 2020.3 Release: New Pen Testing tools for Ethical Hackers

Base Station


ReVoLTE is a new attack that could allow remote attackers to break the encryption used by VoLTE voice calls, and spy on targeted phone calls.

While ReVoLTE attack was uncovered by a team of academics from Ruhr University Bochum who posited that the attack doesn't actually exploit any known flaw in the Voice over LTE (VoLTE) protocol; rather, ReVoLTE leverages on weak implementation of the LTE mobile network by most providers, allowing an attacker to eavesdrop on the encrypted phone calls.

Voice over LTE (VoLTE) is a packet-based telephony service that is seamlessly integrated into the Long Term Evolution (LTE) standard deployed by most telecommunication providers.

How ReVoLTE attack exploits vulnerable base stations?



The issue with these base stations is that mobile operators most often use the same keystream for subsequent calls within a radio connection to encrypt the voice data from the phone to the mobile phone tower (base station).

ReVoLTE Attack


ReVoLTE attack exploits this reuse of the same keystream, thus allowing attackers to decrypt the contents of VoLTE powered voice calls.

However, for this to be possibe, the attacker must be connected to the same base station as the victim with a downlink sniffer placed to monitor and record a 'targeted call' made by the victim in order to be decrypted later, as part of the initial phase of the attack.

Additionally, the attacker will be required to call the victim within 10 seconds immediately, to enforce the vulnerable base station into initializing a new call between the victim and attacker on the same connection as used by the previous targeted call.

How to Detect the ReVoLTE Attack



The researchers tested a number of randomly selected radio cells across Germany to determine the scope of the issue and discovered that 12 out of 15 base stations in Germany are affected.

And they promptly notified the affected base station operators about the ReVoLTE attack via the GSMA Coordinated Vulnerability Disclosure Programme in December 2019, and the operators have all managed to deploy the patches by the time of the publication.

But since the issue may also affect a large number of providers worldwide, the researchers went ahead to release an app, called 'Mobile Sentinel,' that could be used to detect whether a 4G network and base stations are vulnerable to the ReVoLTE attack.

ReVoLTE Attack: Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

GNOME 3.38


GNOME has released version 3.37.90 which serves as the first beta version towards the upcoming stable release GNOME 3.38, which is code-named “Orbis” in recognition of the most recent GUADEC, held online due to the COVID-19 pandemic.

While GNOME remains one of the most popular desktop environments used by major Linux-based operating systems like Ubuntu and Fedora, with GNOME 3.36 “Gresik” as the current stable release, which made debut on March 11, 2020.

The first beta, GNOME 3.37.90 marks the start of new UI, and API freezes in preparations for the stable release v3.38 scheduled for September 16, 2020 release.

What’s New in GNOME 3.38 Orbis?



The first beta version has a lot of core packages updated and new GNOME apps to add new enhancements and fix bugs, such as the gsettings-desktop-schemas 3.37.2 which enabled USB protection by default, gnome-calendar 3.36.2 moved calendar events out of the notifications list.

Also, GNOME shell 3.37.90 has added a number of new features, for instance, not installing updates on low battery as default, “Boot Options” support in restart dialog, and the moving of the “Restart” option to a separate menu dialog. With the upgraded GNOME intial setup module now including a revamped welcome screen and adapted language page.

Additionally, the Epiphany (GNOME Web) web browser will now allow self-hosted sync servers and also, stores HTTP auth passwords in a password manager, and GNOME Maps has an improved keyboard navigation for routing entries and adaptive UI for the routing sidebar. You can check out this page for all the new features and improvements on all packages for GNOME 3.37.90.

How to Get Started with GNOME 3.38?



If you wish to give GNOME 3.38 a spin before its official release, you can get the beta version GNOME 3.37.90, with the virtual machine image now available for download.

You can also compile to GNOME 3.37.90 using its BuildStream project snapshot or the source package.

GNOME 3.38 Orbis: Features and Release date for the next Stable Release

Microsoft Edge


Microsoft released the stable version of Chromium-based Edge browser on January 15, 2020, after nearly two years of working to ensure world-class compatibility, including legacy app support, security, and productivity, as part of Windows 10 update.

Now, the new Microsoft Edge built on the Chromium open source engine and running the latest Microsoft enterprise capabilities, is set for prime time. Since its release in January, there has been millions of upgrades by users from their home and work browsers to the new Microsoft Edge.

Additionally, all the new devices and future Windows updates starting with Windows 10, version 20H2 now come bundled with the new Microsoft Edge.

Timeline for Edge Legacy to make way for the new Microsoft Edge



Microsoft have upgraded almost all of Windows 10 customers to the new browser, and so, will be ending support for the Microsoft Edge Legacy desktop app on March 9, 2021.

Microsoft Edge Timeline


After March 9, 2021, the Microsoft Edge Legacy desktop app will no longer receive new security updates. And the new Microsoft Edge will serve as a modern browser, with apps and websites created for Microsoft Edge Legacy still continuing to work in the new Edge, albeit, there could arise compatibility issues.

Microsoft, however, is assuring to provide additional support through the App Assure Promise to cover such issues.

What's Next? Higher performance, secure and simpler browser



At a critical time like this, when IT professionals are tasked to do more with less on an unprecedented level, there is need to make it simple to balance productivity, security, privacy, and cost.

The new Microsoft Edge is offering to help in this regard, as Microsoft is inviting customers to check out their website and the How to Get Started with the End User Guide.

Finally, it's natural for customers to be concerned about compatibility when it comes to business-critical apps and websites. Therefore, Microsoft is offering compatibility “peace of mind” with App Assure. The App Assure promise is this: if customers’ web apps and sites work on IE 11, supported versions of Google Chrome, or any version of Microsoft Edge (including Microsoft Edge Legacy), those web apps and sites should work on the new Microsoft Edge.

Microsoft's timeline for Legacy Edge to give way for the Chromium-based Edge

Parrot OS


Parrot OS, the Debian based GNU/Linux distribution developed by Parrot Security with a focus on security and ethical hacking, has released Parrot OS 4.10 with the much-awaited support for Xfce Desktop Environment.

While the previous release Parrot 4.9 came with several bug fixes and notable enhancements, Parrot OS 4.10 includes the latest updates from upstream sources and bug fixes like the BootHole Vulnerability, affecting almost all Linux distributions via GRUB2 bootloader.

Also, Parrot OS 4.10 has updated development tools to newest version, including Python 3.8, Golang 1.14, VSCodium 1.47.3, and GCC 10.1, with improved development meta-packages.

What's new in Parrot OS 4.10 Release?



As stated before, Parrot 4.10 includes all the latest updates from the upstream sources, and among the new packages are Greenbone Security Manager 11 and a vulnerability scanner, OpenVAS 7 in addition to the new Debian packaging style.

Alongside the MATE and KDE Desktop Environments already supported, Parrot OS 4.10 now officially supports the lightweight Xfce Desktop Environment. And coming to the core components, Parrot 4.10 has upgraded its Linux Kernel from v5.5 to v5.7, which brings the latest processor and hardware supports, such as new ARM Features and device Support, new exFAT Filesystem Driver, zoned Block Device Support in Btrfs, and Apple USB Fast Charge Support For iOS devices.

Additionally, the AnonSurf 3.0 anonymity tool is now available for Parrot OS 4.10, with a new graphical user interface alongside the CLI interface. Also, the GTK app now supports several features like monitoring the status of Tor, the traffic, logs, and to perform certain actions such as start, stop, and reload.

How to Upgrade to Parrot 4.10 release?



Given that Parrot OS is a rolling release distro, new updates are available in the repo as soon as it is stable. Therefore, if you’re an existing user, either using the immediate previous version of Parrot OS, or older versions, you can simply update your package to the new stable version with the following commands.

sudo parrot-upgrade


Or

sudo apt update && sudo apt full-upgrade


And for a fresh installation, you can download the ISO images of Parrot OS 4.10, which is available in multiple editions, namely: Mate, KDE, Xfce, Netinstall, Security, Virtual, and Home.

Parrot OS 4.10 Release: Brings support for Xfce Desktop Environment

Emotet Malware


Emotet malware is a notorious botnet-driven spam campaign and ransomware attack, which was discovered in 2014.

While security researchers at Binary Defense discovered a flaw in Emotet itself, that allowed the researchers to activate a kill-switch which prevented the malware from infecting systems for about six months.

The kill-switch was operational between February 6 to August 6, 2020, which is approximately 182 days, before the malware authors issued a fix that closed the exploited vulnerability.

How the Emotet Malware has evolved since 2014



Emotet, since its discover in 2014, has evolved from a banking malware to a rather "Swiss Army knife" that could serve as both a downloader and spambot, which is capable of stealing information, depending on how it is deployed.

It added a new feature this February, that leverage on already infected devices to compromise fresh victims' devices that are connected to nearby Wi-Fi networks, coupled with a persistence mechanism which generated a filename to save the malware on the victim system, using a randomly generated exe or dll system filename from the system32 directory.

The new capability in itself help to encrypt the filename with an XOR key which then is saved to the Windows registry value assigned to the victim's volume serial number.

Similar to Emotet, TrickBot also has been mostly distributed via spam campaigns, but it is seen mostly in cahoots with other malware. And those distributed by the Emotet spam-sending botnet to deliver Ryuk ransomware, which the operators have extended its capabilities to a more advanced malware delivery vehicle.

How the kill-switch developed by Binary Defense worked



The kill-switch initial version developed by Binary Defense went live about 37 hours after the new Emotet changes was discovered, employing a PowerShell script that generate the registry key value for each victim and setting the data for each value back to null.

And when the malware checked at the registry for the filename, with this move, it ends up loading an empty exe ".exe" which then stops the malware from running on the victims system. The attempts by the malware to execute '.exe' would be unable to run because '.' translates to the current working directory for several perating systems.

Additionally, there is an improvised version of the kill-switch, called EmoCrash, which according to the researchers was able to exploit a buffer overflow vulnerability discovered in the malware's installation routine, that could crash Emotet during the installation process, and effectively prevent the systems from getting infected.

Emotet Malware halted by Researchers temporarily to Stop the Spread

MX Linux


The MX Linux team has released its much-awaited Debian-based GNU/Linux family distribution that features KDE Plasma 5.14.5, which follows after the initial release of the first Beta of MX Linux 19.2 KDE Plasma Desktop Edition.

While MX Linux is a lightweight, stable, and fast GNU/Linux distro, with Xfce desktop and Debian upstream; albeit in comparison to popular desktop environment like GNOME or KDE, Xfce edition isn't as customizable and visually appealing.

But now, with the new MX Linux 19.2 KDE which runs the current Debian buster version that includes the Debian (AHS) 5.6 kernel, antiX-live-usb-system, snapshot technology and the usual MX tools, there is better visual appeal and customization.

What's new in MX Linux 19.2 KDE Release?



MX-19.2 KDE is an Advanced Hardware Support (AHS) enabled 64-bit only version of MX Linux, featuring the KDE/plasma desktop; and apps utilizing Qt library frameworks are given a preference. It is the first officially supported MX/antiX family iso utilizing the KDE/plasma desktop.

Find the other major features of MX-19.2 KDE below:

  • GIMP 2.10.12
  • Debian (AHS) 5.6 kernel
  • MX AHS firmware package
  • MESA 20.0.7 (AHS)
  • KDE/plasma 5.14.5 (current Debian buster version)
  • LibreOffice 6.1.5 (plus security fixes) (debian-backports version available in MX-Packageinstaller->Popular Apps)
  • Thunderbird 68.11
  • Firefox 79


Additionally, there are VLC 3.0.11 (video player) and Clementine 1.3.1 (Music Manager/Player), and many other new features in the MX repositories.

How to Download and Install MX Linux 19.2 KDE



For those who are part of the early testers using beta version of MX-19.2 KDE, they can upgrade to the final version through the regular update process.

MX Linux 19.2 KDE is available for the first time, so there is no direct path of upgrade from the previous versions or the current MX-19.2. Therefore, it will need a fresh installation from scratch, and the new ISO of MX-19.2 KDE plasma edition is available as direct download, Mirrors and Torrent files.

The installation instructions are available here, if you need some guidance for the installation of MX Linux 19.2 KDE.

MX Linux 19.2 KDE Release: Featuring KDE Plasma Desktop Environment

Alexa Bug


Amazon's voice assistant, Alexa is reportedly having a bug that allows hackers to install malicious skills and spy on users' activities remotely.

According to Dikla Barda, Roman Zaikin and Yaara Shriki, all researchers at Check Point who disclosed the severe vulnerabilities in Amazon's Alexa virtual assistant, the "exploits could have allowed an attacker to remove/install skills on the targeted victim's Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill."

Amazon's Alexa Brain initiative, which is a program that tends to make the virtual assistant smarter was announced earlier, and focuses on enhancing Alexa's tracking of context with memory update; Alexa is now capable of remembering any information you demand of her, by storing and retrieving it later.

Such capabilities makes the virtual assistant a big risk when compromised, as it could end up giving out sensitive information to hackers and given that smart speakers are now so commonplace, it's hard to overlook just how much personal data they hold, and their role in controlling other smart devices.

How XSS Flaw in Amazon's Subdomains led to the Alexa Bug



The Alexa Bug stemmed from a misconfigured CORS policy in Amazon's Alexa mobile application, which potentially allowed adversaries with code-injection capabilities on Amazon subdomain to perform a cross-domain attack on any other Amazon subdomain.

And if successful exploited, it would have required only a click on an Amazon link specially crafted by the attacker to direct Alexa users to an Amazon subdomain that's vulnerable to the XSS attacks. The researchers discovered that a request to retrieve list of all the installed skills on Alexa also returns a CSRF token.

While the purpose of a CSRF token is to prevent Cross-Site Request Forgery such as used in the attacks in which a malicious link or program could cause an authenticated user's web browser to perform unwanted action on a legitimate site.

The attackers employs it to trigger a request on "skillsstore.amazon.com" subdomain with the victim's credentials to get list of all installed skills on the Alexa account and the CSRF token, eventually.

How big a risk is the Alexa Bug?



Though, Amazon doesn't record Alexa users banking login credentials, but their interactions are all recorded, and since the attackers can have access to the chat history, they can access the victim’s interaction with the bank skill and get their data history.

Also, an attacker can get usernames and phone numbers, depending on the skills installed on the user’s Alexa account.

The research is perhaps another reason why security should be crucial in the IoT space, even as virtual assistants are becoming more pervasive, and increasingly turning out to be very lucrative targets for attackers looking to steal sensitive information and who seeks to disrupt the smart home systems.

Alexa Bug Allows Hackers to remotely Install Malicious Skills to Spy on Users

Ubuntu


The Ubuntu team has announced new point releases for Ubuntu 16.04 LTS and 18.04 LTS series, with Ubuntu 16.04.7 and Ubuntu 18.04.5 as the latest point versions with long-term support.

While Ubuntu 18.04.5 is available for all Ubuntu variants, like Desktop, Server, and Cloud; including for the other flavors. And Ubuntu 16.04.7 is only available for Desktop, Server and the Ubuntu Kylin flavor as a result of the end-of-life of the other community flavors.

The previous version, Ubuntu 16.04.6 included patches for various security flaws, with v16.04.7 having updated installation media to mitigate the BootHole vulnerability in the GRUB bootloader. Similarly, the successor to Ubuntu 18.04.4, v18.04.5 also includes bug fixes for stability and compatibility to Ubuntu 18.04 LTS.

What's new in Ubuntu 16.04.7 LTS And 18.04.5 LTS Point Version Releases



Ubuntu 20.04.1 LTS mainly includes security and hardware updates, like the recent BootHole bug that affected most of the Linux distributions via GRUB2 bootloader with Secure Boot. And Ubuntu 18.04.5 also includes bug fixes for stability and compatibility to Ubuntu 18.04 LTS.

The first point releases also include all security updates from the Ubuntu Security Notice list affecting Ubuntu 18.04 LTS. Also, Ubuntu 18.04.5 LTS brings the much awaited new Hardware Enablement Stack (HWE), which often comes with first point releases.

The enablement stacks comes by installing the latest Ubuntu LTS point release media; and for other Ubuntu flavors, such as Kubuntu 18.04.5 LTS, Ubuntu MATE 18.04.5 LTS, Ubuntu Budgie 18.04.5 LTS, Lubuntu 18.04.5 LTS, Xubuntu 18.04.5 LTS, and Ubuntu Kylin 18.04.5 LTS, all now have HWE.

How to Upgrade to Ubuntu 16.04.7 LTS And 18.04.5 LTS Point Version Releases



The ISO image of Ubuntu 16.04.7 and Ubuntu 18.04.5 are now available for download on the official website. And for existing users of Ubuntu 14.04 LTS or 16.04 LTS point versions, you'll get the option of automatic upgrade to 16.04.7 or 18.04.5 via the Update Manager.

Canonical will offer a 5-year support for Ubuntu 18.04.5 on Desktop, Server, Cloud, and Base until 2023, while for Ubuntu 16.04.7. until 2021. But, all the other Ubuntu flavors will be supported for only 3 years.

Ubuntu 16.04.7 LTS And 18.04.5 LTS Point Version Releases with long-term support

Find My Mobile


There is a severe security flaws in the 'Find My Mobile'app that comes pre-installed on Samsung Android phones which could allow remote attackers to track users' real-time location, and monitor phone calls, messages, or even delete stored data on the phone.

While the flaw can be exploited easily with severe implications for the user and could lead to permanent denial of service via phone lock, and serious privacy implication through IMEI, according to Pedro Umbelino, security researcher at Char49.

It currently affects unpatched Samsung Galaxy S7, S8, and S9+ devices, though the patch has been pushed out by Samsung after flagging the exploit as a "high impact vulnerability" to the devices; albeit most of these devices do not receive timely updates, which is perhaps another reason why Android sucks.

How the Find My Mobile app allows Remote Attackers to track users?



The "Find My Mobile" service allows users of Samsung devices to remotely locate or back up data stored on the devices to Samsung Cloud, lock their devices, wipe local data, and block access to Samsung Pay, especially when they lost their devices.

However, due to four different vulnerabilities in the app, it could have been exploited by any malicious app installed on the device, by creating a man-in-the-disk attack to snoop on the victim by hijacking communication from the backend servers. As the app frequently checks for the presence of a specific file on the device's SD card ("/mnt/sdcard/fmm.prop") to load a URL ("mg.URL"), allowing any rogue app to create this file to potentially hijack the communications with the server.

The malicious app installed on the device can make use of an exploit chain leveraging two different unprotected broadcast receivers to redirect commands to Samsung's servers from the Mobile app to server that's under their control to execute the malicious commands.

And the malicious server will also forward the request back to the legitimate server to retrieve the response, but after injecting its commands in the server responses.

How to Mitigate against the 'Find My Mobile' app Flaws



The researchers promptly reported the flaws to Samsung, and they were addressed by Samsung after flagging it as a "high impact vulnerability." Therefore, it is recommended that all users of the above mentioned Samsung devices should apply the most recent security patches sent to their phones.

While the Find My Mobile app shouldn't have arbitrary components that are publicly available and in an exported state, which if absolutely necessary, should have been protected with proper permissions and testing code that relies on public files should be eliminated altogether.

Flaws in the 'Find My Mobile' app pre-installed on Samsung Android phones

Chrome Bug


There is a zero-day flaw in Chromium-based browsers that could have allowed attackers to bypass the Content Security Policy (CSP) rules, which bug was disclosed by security researchers at PerimeterX.

While CSP is an extra layer of security to help in detecting certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. And the CSP rules enable a website to mandate the browsers to perform certain client-side checks to block specific scripts that can exploit the browser's trust of the content received from the server.

According to the security researchers, some of the most popular websites, such as Facebook, Gmail, Zoom, TikTok, Instagram, Blogger, and Quora, are susceptible to the CSP bypass flaw. Starting from Chrome 73, the flaw marked as CVE-2020-6519 and rated 6.5 on the CVSS scale, stems from CSP bypass that leads to arbitrary execution of malicious code on target websites.

How the Bug circumvents the CSP Rules?



The flaw circumvents the configured CSP by passing a malicious JavaScript code in the "src" property of the HTML iframe element. As the CSP is used by website to enforce data security policies and prevent the execution of malicious scripts, thus a CSP bypass can effectively put all the users data at risk.

It specifies the domains that the browser should consider as valid sources of executable scripts, given that a CSP-compatible browser only executes the scripts received from those allow-listed domains, and ignore all others.

However, it is interesting to note that websites like Github, LinkedIn, Twitter, Google Play Store, Yahoo's Login Page, PayPal, and Yandex were not affected by this vulnerability since the CSP policies were implemented via a hash to allow the execution of inline scripts.

How to Mitigate against the circumvention of the CSP Rules



The researcher promptly disclosed the flaw to Google, and the Chrome team have issued a fix for the vulnerability in Chrome version 84.0.4147.89 that started rolling out on July 14.

Though there is no severe implications of the vulnerability, but users are advised to update their browsers to the latest version to protect against any such malicious code execution. And as a precautionary measure, Website owners are recommended to use nonce and hash capabilities in the CSP for added security.

Critical Bug in Chromium-based browsers allow Attackers bypass CSP rules

UbuntuDDE


Ubuntu Remix Linux distro, UbuntuDDE is an unofficial flavor of Ubuntu, a blend of Ubuntu Linux and the most beautiful Deepin desktop, which launched first-ever long-term version 20.04 in April, 2020.

While the first point release of the upstream Ubuntu 20.04.1 LTS made debut on 23 April 2020 with a number of enhancements, UbuntuDDE lead developer Arun Kumar Pariyar has also announced UbuntuDDE Remix 20.04.1 as the point release follow-up to that update.

UbuntuDDE Remix 20.04.1 as latest first point version includes all updates and bug fixes from the new Ubuntu upstream release Ubuntu 20.04.1 LTS.

What's new in UbuntuDDE Remix 20.04.1 Release?



UbuntuDDE Remix 20.04.1 ships with fixes for BootHole Vulnerability, which affects most of the Linux distributions via GRUB2 bootloader with Secure Boot.

It includes all update in upstream Ubuntu Linux, with some added specific changes via OTA (Over-The-Air) updates like the new packages in the UbuntuDDE repository such as deepin-screen-recorder and deepin-topbar. Along with patches for Deepin Desktop Environment (DDE) and resolved issues in UbuntuDDE 20.04, such as the time format issues and automatic disabling of Wi-Fi when the system wakes up from sleep.

Also, UbuntuDDE Remix 20.04.1 has fixed issues with OS installation in enabled UEFI Secure Boot, which means that users can now install UbuntuDDE Focal Fossa without having to disable Secure Boot.

How to Upgrade to UbuntuDDE Remix 20.04.1 Release



UbuntuDDE offers the easiest way to install a mix of Ubuntu and Deepin using GUI installer. For existing users running UbuntuDDE Remix 20.04, it can easily be upgraded to UbuntuDDE Remix 20.04.1.

However, if you're new to UbuntuDDE or want a fresh installation from scratch, you can download the ISO images available here, and you can find the official installation instructions here.

UbuntuDDE Remix 20.04.1 Release: Updates from the new Ubuntu upstream and bug fixes

TeamViewer


TeamViewer is a popular proprietary application for web conferencing and file transfer between computers, which is fully capable of remote control, and desktop sharing, among other collaborative capabilities.

While the TeamViewer team had recently issued a patch for a severe vulnerability marked as CVE 2020-13699, which if exploited, could allow remote attackers to compromise a system and steal password. And the attack can be executed even without requiring much interaction with the victims, simply by convincing them to visit a malicious website.

The flaw was discovered by Jeffrey Hofmann of Praetorian, and resides in the way TeamViewer quotes its custom URI handlers, which attackers could use to force the software to relay an NTLM authentication request to their controlled system.

How attackers could leverage TeamViewer's URI scheme



Attackers can leverage TeamViewer's URI scheme from a website to trick the app installed on a victim's system into initiating a connection to the attackers-owned remote SMB share.

However, the attackers need to embed a malicious iframe on the website and trick the victim into visiting the maliciously crafted website to successfully exploit the vulnerability, and once visited by the victim, the TeamViewer app will launch its Windows desktop client and open a remote SMB share automatically.

In turn, it triggers the SMB authentication attack, thereby leaking the system's username, and the password (NTLMv2 hashed version) to the attackers, allowing them to authenticate the victims' computer or network resources.

How to Mitigate against the TeamViewer Attack Risks



The TeamViewer project had promptly issued a patch for the vulnerability by quoting the parameters used by the affected URI handlers e.g., URL:teamviewer10 Protocol "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" "%1"!

Therefore, it is recommended that users should update the application to the latest version of TeamViewer, which is version 15.8.3, though the vulnerability is currently not being exploited in the wild, but considering the popularity of the application among millions worldwide, it had always been a target for attackers.

TeamViewer Attack Risks: How Flaw Could allow attackers Steal Password Remotely

Porteus Linux


Porteus Linux is based on Slackware, which is perhaps one of the oldest Linux distros, formerly known as Slax remix as a community remix of Slax OS.

While Porteus Linux boasts of providing a portable and light operating system that can boot in less than 15 seconds with regards to LXDE desktop, and from CD, hard drive, USB flash drive, or other bootable storage media. Now, the Dev team at Porteus Linux has announced the second release candidate (RC-2), after nearly 14 months and a lot of developments (circumstantial and technical), for its upcoming version 5.0.

Albeit, the RC releases will only be provided for x86_64 architecture, with the language tool not functional in the RC releases.

What’s New in Porteus 5.0-rc2 Release?



The notable changes include, the gtk+2 widget toolkit removed in Porteus 5.0-rc2, now including gtk+3 in its 002-xorg base modules, though some desktop environments still have gtk+2, such as LXDE, Openbox, and Xfce.

And it has ported the gtkdialog scripts to pygoobject3, with the porting process still in progress; therefore, gtkdialog will remain available for some unported scripts. Other highlighted changes are as follows:

  • Support for RAID arrays
  • New base module: 002-xtra which contains custom multimedia packages
  • initrd.xz rebuilt with new busybox and improved linuxrc
  • Porteus-installer-for-Linux.com rebuilt with new syslinux


Additionally, the long-term Linux Kernel 5.4.57 brings such features as kernel lockdown, support for Microsoft’s exFAT file system, and support for other hardware like AMD Radeon Navi 12 and 14 GPUs, AMD Dali APU and AMD Radeon Arcturus GPUs.

How to Get Started with Porteus 5.0-rc2 Release



Porteus 5.0-rc2 is available in seven desktop variants, namely: Cinnamon, KDE, LXQT, LXDE, MATE, Openbox, and Xfce; but only for x86_64 architecture.

If you want to give the new Porteus 5.0-rc2 Release a spin right now, you can download the ISO images available here, which are mostly less than 400MB in sizes.

Porteus 5.0-rc2 Release: Slackware-based portable and light operating system