Taidoor Malware

Taidoor malware was notorious for compromising thousands of systems in 2008, with the bad actors haven deployed it on targeted networks for remote access.

According to the US intelligence agencies, there is a new variant of the 12-year-old computer virus which was employed by Chinese state-sponsored hackers to target other governments, corporations, and high net worth individuals.

The FBI believes that the Chinese government actors are now using the malware variants in conjunction with proxy servers to maintain a stealthy presence on targeted networks and exploitation; with the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) issuing a joint advisory.

How the Taidoor RAT is used to Target governments and corporations

Trend Micro researchers in 2012 analysis, claimed that the actors behind Taidoor leveraged socially engineered emails with malicious PDF attachments to target Taiwanese government.

While Taidoor is installed on targeted system as a service dynamic link library (DLL) with two files, with the first as a loader (ml.dll), which decrypts the second file (svchost.dll) and executes it in memory, serving as the main RAT (Remote Access Trojan).

Another cybersecurity outfit, FireEye also noted significant changes in their tactics in 2013, whereby the malicious email attachments didn't come with the Taidoor malware, but instead dropped a 'downloader' that could grab the malware remotely. Now, the latest advisory has it that the tactics of using decoy documents with malicious attachments is still used by the actors.

How to Mitigate against Taidoor Malware

The US Cybersecurity and Infrastructure Security Agency (CISA) recommends that network administrators should keep their operating system patches up-to-date, disable any file and printer sharing service, and exercise caution on opening email attachments.

Also, CISA encourages users to report on its official site any suspicious activity, including possible malicious activities, security incidents, software vulnerabilities, and phishing-related scams.

Taidoor Malware: US warns of a new strain of the Chinese 'Taidoor' Virus

Linux Kodachi

Linux Kodachi is a secure operating system that promises complete privacy and anonymity, with the latest update, Linux Kodachi 7.2 spotting the popular private messaging system, Session Messenger.

The new point version release, Linux Kodachi 7.2 is code-named ‘Defeat’ and comes with several new security-oriented features, and performance improvements. It is built on the same Xubuntu 18.04 LTS, but with upgraded Linux Kernel from version 5.4.0-33 to 5.4.0-42, with all new components.

While the highlight feature of Linux Kodachi 7.2 remains the addition of one of the most popular private messengers, Session Messenger. Find other new changes and additions below.

What's New in Linux Kodachi 7.2 Release?

Besides the core component of Xubuntu 18.04 LTS, Linux Kodachi 7.2 Release comes with upgraded Linux Kernel from version 5.4.0-33 to 5.4.0-42. Other key changes includes:

  • Updated OnionShare utility
  • Conky system monitor Improvements with reduced refresh timer
  • IP lookup plugin replaced in Kodachi browser
  • pci=noaer added to grup options for error prevention
  • Yandex DNS moved to a lower position

And following the rebranding of Matrix protocol-based messaging client, Riot, Kodachi has replaced it with Element. Furthermore, Kodachi now provides Steghide-GUI for secure communication, which can be used to hide text messages encrypted in jpg, wav, or other file formats. Additionally, there is another end-to-end encrypted instant messaging app, Threema, added to the Kodachi browser bookmarks.

How to Upgrade to Linux Kodachi 7.2 Release

If you’re an existing user of Linux Kodachi, you can easily upgrade your current Linux Kodachi system to the latest version 7.2., by running the following command:

sudo apt update && sudo apt full-upgrade

And for new users, the ISO images of Linux Kodachi 7.2 can be downloaded from here and the installation instructions are available here.

Linux Kodachi 7.2 Release: Messaging with complete Privacy via Session Messenger

Chrome OS

Google's effort to bring Android app support to Chrome OS is still a work-in-progress, and the purported dual-boot capability a mere pipe dream; but now, the company plans to bring Windows 10 app support to Chrome OS.

In partnership with Parallels Desktop, Google wants to bring Windows 10 app support to Chrome OS for enterprise users, while there is also the plan for Windows OS dual-boot within Chrome OS on a virtual machine using Parallels Desktop, including the possibility of a seamless experience.

The move is quite similar to how Microsoft has brought Linux GUI apps to Windows 10 via WSL2, albeit the technicality may differ, and users would have to use the Windows apps side-by-side with Chrome web apps and Android apps without having to run the entire OS.

Google is still found wanting in its own ecosystem

If you are an Apple fan, you should be familiar with the impressive continuity or convergence between their various devices. For instance, if you are watching a movie on your Mac wearing earphones and got a call on your iPhone, you'll be given the option of receiving the call right on your computer without resorting to your phone.

But same can't be said of Android and Chromebook; with such convergence features lacking on Android, it is a huge turn down, especially for those who are switching from iPhone to Android phone.

And Chromebooks running Google's own Chrome OS can't even boast of the level of convergence in Apple products, despite the ploy to tie Chromebooks and Android devices together, which Google had earlier outlined the authentication by a secondary device plan, allowing users to bypass their phone or tablet’s lock screen (though, optional).

The limitation lies in the fact that you can only open your Chromebook with your Android device in your pocket, with the laptop automatically getting unlocked and signing you into your Google account, without requiring a password.

Why the move to incorporate more convergence into Microsoft systems?

Microsoft has been trying hard to take charge of what’s running on Android, with the additions of "Your Phone" app which it released in 2018. And the company since then has added several other useful features such as SMS Organizer to help Android users achieve better cross-device compatibility with Windows 10.

So, Google now wants to give back, or perhaps, take back some charges, even as it has managed to port Android apps to Chrome OS. Therefore, it has sought after the experts, which in this case is Parallels Desktop, with the experience of running Windows apps on Apple’s macOS.

And Google's new thinking in the line of incorporating more of convergence features into Microsoft systems might be the joker to gain more grounds in the Windows ecosystem.

How Google plans to bring Windows Apps to devices running Chrome OS

Nitrux 1.3.1

Nitrux is a Linux desktop distro based on Ubuntu, which uses the Calamares installer and includes NX Desktop and NX Firewall on top of the KDE Plasma 5 desktop environment and MauiKit Applications. The previous version Nitrux 1.3.0 brought several performance improvements; now, Nitrux 1.3.1 comes with updated KDE Plasma desktop, KDE Framework and Applications.

Nitrus remains one of the most unique Linux distributions not only because of the beautiful KDE Plasma desktop, but also for employing a portable universal app format, called AppImage, coupled with package managers like APT and DPKG.

Besides the upgraded Linux Kernel from the previous version of v5.6.0-1017 to the latest version 5.6.0-1020 that offers bug and security fixes, Nitrux 1.3.1 also includes some new enhancements.

What's New in Nitrux 1.3.1 Release?

Nitrux 1.3.1 has updated to KDE Plasma 5.19.4, KDE Framework 5.72.0, and KDE Applications 20.04.03, with further touches to GTK theme to make it look more similar like the Kvantum theme and Plasma color scheme. It also updated Luv icon theme, including all the Wallpapers for more modern appearance.

Nitrux Wallpapers

Just as in the previous release, Nitrux 1.3.1 also added more wallpaper to the default collections, and replaced some files with uncompressed images with better quality.

It has also changed the user interface of Calamares installer with the QML port module, Calamares-QML, and also fixed the problem with the environmental variables resulting issues with changing application styles.

How to Upgrade to Nitrux 1.3.1

The new point version, Nitrux 1.3.1 is now available for download, through the ISO images, if you want to give it a spin. And if you are an exisiting user, you can easily upgrade to Nitrux 1.3.1 from the previous version.

Kindly note that the new ISO now uses the LZ4 lossless data compression algorithm for faster installation.

Nitrux 1.3.1 Release: Updated KDE Plasma desktop environment and Applications

Android Sucks

The rise of Android is phenomenal, after Google acquired Android back in 2005, and from a point of near-obscurity; it achieved over 250 million product activation per year as at 2014. Google had successfully turned a no-name operating system into the world's most popular mobile platform.

But, Android has its woes, as the dominant mobile platform at the moment, there are definitely lots of malicious actors targeting the mobile OS; with over 1.4 billion people using Android smartphone or tablet per day, and the fact that it’s open source, therefore free for manufacturers to use makes it a big deal.

Though, the openness is partly a reason for the dominance, on the other hand, it has led to fragmentation, a situation where most Android phones are not able to get regular update for the latest security patches.

5 Reasons Why Android Operating System Sucks

1. Increase in Android Malware

Google had been serious with the business of keeping Android secure over the years, with security updates being pushed out monthly, but not every smartphone and tablet receives these monthly security updates.

Even Android security team had at one time admitted that roughly half of the devices in use as at the end of 2016 did not receive any update for at least 12 months.

Although the potential risks could be frightening, as the Android fragmentation issue isn't easily solved, which may mean that the question of Android security now comes down to the device.

2. Buggy Apps

The fact that just anyone can submit an app to the Play store, is another ugly side of Android which has led to increase in the amount of crappy apps on the platform.

Also, the Play Store until recently has been poorly regulated leading to truck-loads of buggy apps that could even steal your personal data on your devices.

3. Battery Drain Issues

With the increase in buggy apps, means that there are many apps that can cause Android battery to drain. Particularly some apps downloaded to your phone in a few cases, could be causing unnecessary battery drain without you even knowing about it.

Most of these apps start to cause surprising battery drain after an update and the only solution is to wait for the fix from the developer through another cycle of update.

4. Not All Devices get Software Updates

This is another issue of Android fragmentation, with numerous OEMs saddled with the churning out of devices; for new Android versions, the phone makers had to wait for the chipset vendors to provide the update to processors to update the part of the code related to the hardware.

Although now, with Project Treble, the hardware-specific elements are just a crust, which remains in place for device's lifespan.

5. Lots of Fake Devices

While it is very easy to identify genuine Apple device, but same cannot be said of Android with several fake products bearing the name of popular OEMs that are hard to detect.

The biggest issue with Android is fragmentation, with these numerous OEMs saddled with the churning out of devices, therefore the possibility of getting fake devices is higher with Android.

Why Android Sucks? 5 Reasons Why Android Operating System Sucks

Linux Malware

TrickBot Malware made headlines in 2019 by infecting nearly 250 million Google accounts, stealing credentials and personal information, and it's fully capable of disabling the Windows inbuilt antivirus software altogether.

Now, the notorious malware makes a come-back with new module framework dubbed “Anchor_DNS” that can infect Linux device. According to IntezerLabs, the Anchor_DNS is ported to a Linux version called ‘Anchor_Linux’ with the Linux version of the malware targeting VPN and NAS devices running on Linux.

The module not only act as a backdoor to infect Linux systems, but it also contains an embedded Windows TrickBot executable.

How Anchor_Linux TrickBot Malware targets Linux Systems

Anchor_Linux TrickBot Malware is a “Lightweight backdoor with the ability to spread to neighboring Windows boxes using svcctl via SMB” as reported by IntezerLabs.

It acts as covert backdoor tool persistence in UNIX environment which is used as a pivot for Windows exploitation, and also used as an unorthodox attack vector outside of phishing attacks. Anchor_Linux allows the group to target servers in UNIX environment, including VPN and NAS devices and use it to infect corporate networks.

The bad actors can even target non-Windows environments and later pivot to Windows devices on same network.

How to Mitigate against Anchor_Linux malware

Linux users can check for the Anchor_linux infestation by searching for the “/tmp/Anchor.log” file on their system. If there is any such file, it means the system is compromised.

Therefore, it is recommended that the Linux user should scan the system and delete all traces of the malware. Albeit, Anchor_Linux is still in its initial stages, and will continue to evolve, which makes it more dangerous for Linux systems.

Anchor_Linux TrickBot Malware targets VPN and NAS running on Linux

Soccer Jersey

Are you searching for a way to get your favorite football club's jerseys online? UUSoccer.ru is a great online resource that spots all your favorite soccer teams jerseys at low price.

At UUSoccer, you’ll not only find a large selection of soccer jerseys from a wide range of international and national clubs, but also, the jerseys are available at a relatively cheap price and can be shipped to anywhere. UUSoccer is the perhaps best place for you to buy that Arsenal soccer jersey, Manchester United jersey, Barcelona jersey and many other popular clubs jerseys cheap.

They offer discounted soccer jerseys for both children, youths and adults, which are top-of-the-line and made from pretty comfortable, moisture-wicked materials, to ensure that you feel relaxed whether you're on the field or on the stand cheering your favorite team from the sidelines.

Why Choose UUSoccer.ru for your Soccer Jerseys?

While there are lots of places online that claim to sell jerseys at cheap prices, without guarantee of the authenticity of what you are buying, many of these knock-off jersey stores often end up with crooked lettering, or worse, jerseys of the wrong club.

Soccer Jerseys

UUSoccer guarantees the best quality jerseys, the authentic kind you can ever get. Surely, it might cost a little more, but the cost of having a quality jersey from your favorite team to last you for many, many seasons is worth the price. So that you'll stay confident that you're getting a quality piece of soccer jersey at a fraction of the price.

Our Recommendations

On UUSoccer, you'll find a number of different club jerseys with several colors options and players for every single soccer team. And there are some higher-priced jerseys that feature stitched tackle with name and numbers, and others that have embroidered accents.

Additionally, you can also get Rugby Jerseys, NBA Jerseys, Mask Covers, Sport Hats, NHL & NFL Jerseys and many more. And these jerseys are as authentic as they come. Best of all, the online shop offers an option to customize the number and name on your jersey.

UUSoccer.ru - The Best place to Get Your Favorite Sports Jerseys Online Cheaply

BootHole Vulnerability

BootHole vulnerability resides in the GRUB2 bootloader, and if exploited, could potentially allow attackers to bypass the Secure Boot to gain high-privileged persistent access to the targeted systems.

According to security researchers at Eclypsium, the BootHole vulnerability affects almost all Linux distributions and Windows systems using GRUB2 bootloader with Secure Boot.

And the Unified Extensible Firmware Interface (UEFI) also uses a bootloader to load critical components, and the operating system to ensure that only cryptographically signed code executes during the boot process.

How GRUB2 Bootloader Vulnerability affects Linux Systems

BootHole is a buffer overflow vulnerability affecting all versions of GRUB2, and it parses content from the config file, which are typically not signed like other files and executables, allowing attackers to break the trust mechanism.

While GRUB2 is the most popular bootloader in Linux distros, making all such systems vulnerable to attacks. An attacker can gain arbitrary code execution within the UEFI execution environment through the buffer overflow, which could be leveraged to run malware, change the boot process, or execute any other malicious codes.

The grub.cfg file which is located in the EFI system partition could also be used to modify the file, as an attacker will still require initial foothold on the targeted system with admin privileges to eventually enable additional escalation of privilege and persistence on the device.

How the Linux Distros are Responding To BootHole

Eclypsium has responsibly coordinated with the major Linux developers in response to BootHole, with the security teams haven released security fixes for their various affected products and some are still working on the fixes as well.

Debian developers have acknowledged the BootHole vulnerability and are currently doing an in-depth audit of GRUB2’s source code, with Debian 10 “buster” as the first Debian release to include support for UEFI Secure Boot, the Debian security team have scheduled the fixes in the upcoming version 10.5 point release on August 1, 2020.

The most popular Linux distros, Ubuntu have also released updates for GRUB2 bootloader with Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, and 20.04 LTS in 2.06 from the Canonical security team.

BootHole Vulnerability: Affecting both Linux and Windows via GRUB2 bootloader

Industrial VPN

Cybersecurity researchers at Claroty have disclosed remote code execution vulnerabilities that's affecting VPN implementations used to provide remote access to operational technology (OT) networks.

And the dedicated remote access solutions are focused on the industrial control system (ICS) industry, which serves mainly maintenance and monitoring for field controllers and devices such as programmable logic controllers (PLCs) and input/output (IO) devices.

These solutions are deployed at the outer layer boundaries of the network and provide access to the field controllers and devices.

How the VPN Flaws Could allow Attackers Target Critical Infrastructures

The researchers discovered multiple security flaws in Secomean's GateManager, including a critical vulnerability marked as CVE-2020-14500 that could allow overwriting of arbitrary data, executing the code or causing a DoS condition, and running commands as root to obtain user passwords.

With the virtual private network (VPN) typically deployed at level 5 of the Purdue model to provide access to the field controllers located at level 1/0 (see image below), exploiting the vulnerabilities can give attackers direct access to the field devices and cause some security damages.

VPN Flaws

The successful exploitation of the vulnerabilities can give an attacker direct access to the ICS devices and potentially cause damages to organization's infrastructures.

Other vulnerable VPN servers include the Moxa EDR-G902 and EDR-G903 industrial VPN servers was discovered with a stack-based buffer overflow bug (CVE-2020-14511) in the system web server that could be triggered by sending a specially crafted HTTP request, allowing attackers to carry out remote code execution without requiring any credentials.

Also, a proprietary VPN client known as HMS Networks' eCatcher that connects to the company's eWon VPN device was found to be vulnerable to a critical stack-based buffer overflow (CVE-2020-14498) that could be exploited to achieve remote code execution.

How to Mitigate against the VPN Flaws

The various vendors have been duly notified of the vulnerabilities and they responded quickly to release fixes to patch their respective products.

Therefore, it is recommended that users of the products should update to the newly released versions, as for GateManager version 9.2c / 9.2i, Moxa EDR-G902/3 to version v5.5 with firmware updates available for EDR-G902 series and EDR-G903 series, and HMS Networks users should update eCatcher to Version 6.5.5 or later.

VPN Flaws pose security risks to Critical Organization Infrastructures

Red Hat

Red Hat Enterprise Linux (RHEL) 8.3 Beta is finally out after a six-month development cycle, and succeeds the current RHEL 8.2 release, with promise to deliver more stability and production innovation to the enterprise.

While RHEL 8.3 beta has a number of new changes, including system roles for logging, storage, system metrics, disk encryption, kernel, and bootloader, with the new role aimed at helping users to manage large installations through consistent and repeatable configurations at scale.

The Red Hat owned Enterprise Linux (RHEL) platform is targeted at the commercial market, as it restricts the free re-distribution of officially supported versions, albeit it still freely provides the source code.

What's new in Red Hat Enterprise Linux (RHEL) 8.3 Beta?

Red Hat Enterprise Linux (RHEL) 8.3 Beta includes pre-configured Ansible playbooks that simplifies the automation and configuration of common admin tasks like the allocation of storage resources.

It also brings updated Application Streams (AppStream) repository with new languages and tools. Other notable packages in AppStream with their new version are as follows:

  • Ruby 2.7
  • Perl 5.30
  • Nginx 1.18
  • Node.js v14
  • PHP 7.4
  • Git 2.26

Additionally, RHEL 8.3 beta includes the Health Insurance Portability and Accountability Act (HIPAA), with security profiles for the Center for Internet Security (CIS) benchmark. And system administrators can now use the new SCAP (Security Content Automation Protocol) profiles to configure their systems based on the best security practices.

How to Download Red Hat Enterprise Linux (RHEL) 8.3 Beta

For existing users with an active subscription for RHEL, RHEL 8.3 beta can be downloaded directly from Red Hat’s Portal. And if you are a new user who wants to try out RHEL 8.3 beta, you can download it from developer.redhat.com as part of the no-cost Red Hat Enterprise Linux Developer Subscription.

You can check out the release notes for full list of new features, improvements, and security fixes that are available on the RHEL 8.3 beta release.

Red Hat Enterprise Linux (RHEL) 8.3 Beta: Brings Updated AppStream repository