KaOS team has announced the last release of 2020 series, KaOS 2020.11, which follows after the normal two months development cycle.

While KaOS is a Linux distribution built with a very specific focus on Qt and KDE, and currently based on the Linux kernel, with the new stable version having upgraded packages, including: KDE Applications 20.08.3, KDE Frameworks 5.76.0, and Plasma 5.20.3.

And the latest KaOS version offers a lot of new functionalities, such as notifications for when system is out of space, grouping behavior for the Task Manager, and highlight changed settings.

What's New in KaOS 2020.11 Release?

Besides the upgraded packages for the KDE Plasma desktop, namely: KDE Applications 20.08.3, KDE Frameworks 5.76.0, and Plasma 5.20.3, KaOS 2020.11 offers a new plasma-disk to see all of HDD or SDD status using new option available in kinfocenter app, and instead of a swap partition in the Calamares installer, you can now use a swap file.

Other updated core tools in KaOS 2020.11 includes:

  • Git 2.29.2
  • Qt 5.15.2
  • Mesa 20.2.2
  • Linux Kernel 5.8.18
  • NetworkManager 1.26.4
  • Cmake 3.19.0
  • Openvpn 2.5.0
  • Binutils 2.35.1
  • Ruby 2.7.2

Additionally, the KaOS team has rewritten some modules like keyboard and Locale module, in prepartion to move the modules to QML, and continuing the shift to QML, developers now use a new module in QML called usersq.

How to Download or Upgrade to KaOS 2020.11

If you’re an existing KaOS user, you can use the following command to upgrade your current system to KaOS 2020.11:

sudo pacman -Syu

And for those who are trying out KaOS for the first time, you can download the ISO image of the latest KaOS 2020.11 from the official download page.

KaOS 2020.11 Release: New Plasma-disk to see all HDD or SDD status

Bandook Trojan was notorious in its 2015/2017 malware campaigns, which operations were dubbed "Operation Manul” and “Dark Caracal“ respectively.

Now, in a new report published by Check Point Research, hackers affiliated with Dark Caracal had deploy "dozens of digitally signed variants" of Bandook Windows Trojan to again target financial, healthcare, education, energy industry, and legal institutions located across Indonesia, Italy, Germany, Singapore, Switzerland, Turkey, and the United States.

The group which is believed to have ties with the Kazakh and Lebanese governments unleashed a new wave of attacks against these multitude of industries with a crafty retooled version of the 13-year-old backdoor Trojan.

How the Bandook Malware Chain has Evolved?

The malware chain used by the attackers has evolved from the early version, with the full infection chain of the attack broken down into three main stages.

While the initial stage kicks off many other infection chains, with a malicious Word document inside a ZIP file. And when the document is opened, it downloads malicious macros using the external template feature. The macros in turn executes the second stage of the attack, which is a PowerShell script encrypted in the original Word document.

The final stage is when the PowerShell script downloads and executes the Bandook backdoor. And the attackers employ a combination of techniques, with encrypted data embedded inside a shape object within the original document, and accessed from the external template using a particular code.

What Hinders Detection and Analysis of Bandook Operations

The operators behind the malicious infrastructures dubbed “Operation Manul” and “Dark Caracal” are very much still operational, and ready to unleash their cyber attacks.

Albeit, the group behind the infrastructure in these attacks seems to have evolved over time, with several layers of security, valid certificates and other techniques, to hinder detection and analysis of its operations.

Bandook Windows Trojan: Digitally Signed Variants again targets Multiple Sectors

Microsoft's latest Edge update, version 87, made debut with the automatic IE-to-Edge redirection for some websites, and the new tab page update with customizable feeds.

While Microsoft updates Edge browser every six weeks, which typically is a day or two after Google's Chrome update for the same version number, the company has also patched about 19 security vulnerabilities, with the most serious marked as "High" and the second level in a four-step ranking system.

Another major feature is the Edge's new tab page, which Microsoft had touted as enterprise-centric, having connections with workers' Office 365 or Microsoft 365 accounts. The company has advanced the tab page emphasis in Edge 87 to fully blend with the 365 elements with personalized, and work-relevant feeds.

Edge 87 New tab page Customizations

Edge 87 now blends the 365 elements with "personalized, work-relevant company and industry feeds" and users can easily customize the "My Feed" display with relevant content from public resources and from selected areas by the IT administrator.

Though users are able to customize the new tab page's content feed by selecting from a number of sources, but the IT admins have much bigger power, as they can lock-in industry-specific news or display the organization's internal news only. The customization by the user is a straight-forward process if the IT personnels did not choose any industry or point to internally-generated news from the company.

And IT admins also have group policies they can assign to configure both the new feed and the auto-redirection of URLs from IE to Edge, which three policies have been outlined by Microsoft in its support document.

How to Download or Upgrade to Edge 87

Although, Microsoft Edge updates automatically in the background, users can also force an upgrade by navigating to the "About Microsoft Edge" page and from the Help and Feedback menu; the resulting tab will show if the browser has been updated or displays the download process before presenting a "Restart" button.

And those who are new to Edge can manually download Edge 87 for Windows or macOS from the official website. With the Linux version available in Dev Channel form from the Insider website, and the iOS and Android versions can be found in the App Store and Google Play, respectively.

What's New Edge Browser Update? Automatic IE-to-Edge website redirection

AV Linux is a special Linux distribution for multimedia content creators, which is available for both the i386 and x86-64 architectures with customized kernel for low-latency and maximum audio production.

The AV Linux team has released a new version, AV Linux 2020.11.23, as a complete new project under AV Linux MX Edition (AVL-MXE), switching its original base from earlier Debian 10 “Buster” to the new MX Linux 19.3 “Patito Feo” release.

AV Linux, being a multimedia-oriented Linux operating system contains a huge collection of graphics, audio and video production software for media creators.

What's New in AV Linux 2020.11.23 Release?

Given the switch from its original base of earlier Debian 10 “Buster” to the new MX Linux 19.3 “Patito Feo” release, means that it's the first build based on MX Linux (AVL-MXE) and it comes in two editions: one for the x86_64 platform with Xfce desktop, Linux Kernel 5.9.1-rt20, and the other for i386 platform with (Xfce plus) Openbox window manager, Kernel 5.9.1-rt19.

AVL-MXE offers selected repositories that are specifically created for users of Debian GNU/Linux, unlike the MX Linux approach that provides only trusted third-party repositories for software packages. With such Debian repositories as follows contained in this new edition:

  • Liquorix Kernel Repository
  • AVL-MXE Kernel Repository
  • Debian Docker Community Edition
  • WineHQ Wine Repositories
  • Cinelerra-GG Repository
  • KXStudio Repositories

Additionally, the AV Linux MX Edition features expanded AVL-MXE Assistant, Custom Realtime Preempt Kernel for optimal low-latency Audio potential, One-click removal of all Demoware and extensive Audio/Video and Administrator-friendly Custom Actions, among other key functionalities.

How to Download or Upgrade to AV Linux 2020.11.23

For new users who want to give this new edition a spin, the ISO image can be downloaded from the links: AVL-MXE 2020.11.23 Openbox (32-bit) and AVL-MXE 2020.11.23 Xfce (64-bit) for the respective architectures.

And for an in-depth guide on the new AV Linux MX Edition, you can check out the AVL-MXE user manual for more information.

AV Linux 2020.11.23 Release: Multimedia-oriented OS for Content Creators

Stantinko botnet is known to target Windows operating systems with earliest campaigns dating as far back as 2012; and the malware mainly consists of coin-miners and adware.

According to researchers at ESET in a 2017 white paper summarizing Stantinko’s operations, the researchers identified a Linux trojan proxy, which until now, was the only known Linux malware belonging to Stantinko.

Now, a new analysis published by Intezer, has identified a new version of this trojan that masquerades as httpd, which is an Apache Hypertext Transfer Protocol Server, commonly used on Linux servers.

Insight into Stantinko Botnet's Linux proxy

Stantinko is traditionally a Windows malware, but the expansion in its toolset to target Linux wasn't unnoticed, as ESET had observed in 2017 analysis of the Linux trojan proxy deployed via malicious binaries on compromised servers.

While Intezer's recent research also provides insight into the Linux proxy, which is specifically a newer version, v2.17 of the same malware with earlier version as v1.2, called "httpd" and a sample of the malware uploaded to VirusTotal validates a configuration file located in "etc/pd.d/proxy.conf" which is delivered with the malware.

The new version of the malware functions only as a proxy, though Intezer researchers also said the new variant shares similar function with the old version and that some of the hardcoded paths equally bears some similarities to previous Stantinko campaigns.

How the Stantinko Botnet targets Linux servers

Stantinko Botnet creates a socket and a listener to accept connections from infected Linux systems. And HTTP requests from infected client paves way for the proxy to pass on the request to an attacker-controlled server, which responds with appropriate payloads forwarded by the proxy to the client.

But if a non-infected client sends an HTTP request to a compromised server, it will get an HTTP 301 redirect to a preconfigured URL specified in the configuration file. As the latest malware targeting Linux servers, alongside other threats such as IPStorm, Doki, and RansomEXX, the Stantinko Botnet remains part of a broader malware campaign.

Stantinko Botnet: Trojan masquerading as HTTPd targets Linux Servers

GitHub Archive Program is a project to preserve open source software for future generations, as the world runs on open source software, ensuring the amazing works of the open source community are preserved.

While the idea behind the project is to go back in history to preserve the work of individual developers, students, and lesser known developers and their open source projects. Now, the project has expanded with donations to the Bodleian Library at Oxford University in England, the Bibliotheca Alexandrina in Egypt, and the Stanford Libraries in California; and also, storing a copy in the library at GitHub’s headquarters in San Francisco.

And GitHub will be preserving its most popular repositories by the “stars” given by the community, which include projects like Ruby and Go programming languages, with Linux and Android operating systems.

Open source Archive beyond the GitHub Arctic Code Vault

The Archive program includes the storage of a code archive in the Arctic World Archive in Svalbard, Norway, about one mile away from the famous Global Seed Vault, by storing 21TB of repository data and 186 reels of piqlFilm in a decommissioned coal mine in the permafrost this summer.

In partnership with the Long Now Foundation, the Software Heritage Foundation, the Internet Archive, Arctic World Archive, and Microsoft Research, the program aims to preserve both “warm” and “cold” versions of code to ensure multiple copies and formats are preserved, also known as the Lots Of Copies Keeps Stuff Safe (LOCKSS) approach by archivists.

And the overriding idea is to preserve a moment in time, where open source will become the premier mode of software development, and chart the cultural significance of the movement.

Whom are the Archive Program meant to serve?

The archive program is being meant for two sets of people, namely: historians and future software developers who are curious about how a software was developed.

And each donation is encased using a combination of AI-generated art and 3D printing, with all the archived code having technical guides to QR decoding, character encodings, file formats, and other critical metadata; so that future developers can easily decode it.

GitHub expanding its Archive Program into three Historic World Libraries

EasyOS is an experimental Linux distribution based on Debian GNU/Linux, which uses several of the technologies and package formats pioneered by Puppy Linux.

And following EasyOS 2.4 release, the EasyOS team has announced a new point version EasyOS 2.5 under the current EasyOS 2.0 “buster” series, with this latest release built on top of the Debian GNU/Linux 10.6, and includes the long-term Linux kernel 5.4.78 and updated Debian packages like SeaMonkey 2.53.5.

The creator of EasyOS, Barry Kauler, is the former project lead of Puppy Linux and the erstwhile Quirky Linux, which is more reason it inherits features such as frugal mode, menu-hierarchy, and SFS layered filesystem from both Puppy and Quirky Linux, coupled with custom container technology called Easy Containers.

What’s New in EasyOS 2.5 Release?

EasyOS 2.5 has Blueman replaced with a new BluePup Bluetooth manager, albeit users can still install Blueman from the repository, but BluePup is now the default Bluetooth manager with integrated multiple sound card wizard.

Also, EasyOS 2.5 brings a lightweight game called XLennart, which is a fork of Xbill arcade game built using GTK2 toolkit. Other new changes in EasyOS 2.5 includes:

  • Support for PulseAudio
  • French and German language packs updated
  • CUPS setup added to Erase Exceptions app
  • Internationalized bluetoothctl utility
  • Added xf86-input-wacom

Additionally, there is the hardware profiling feature for Pmcputemp CPU temperature monitor, with the Easy Containers, which can run applications or even the entire desktop environment within a container.

How to Download or Upgrade to EasyOS 2.5?

For existing EasyOS users, you can easily upgrade your current system to EasyOS 2.5 by clicking the “update” icon on the desktop, with the upgrade instructions available here.

And if you're a new user and want to give EasyOS 2.5 a spin, you can download the image, and write it to a USB stick, before installing it to a hard drive.

EasyOS 2.5 Release: A Debian GNU/Linux With custom Container technology

Google's Project Zero bug-hunting team member, Natalie Silvanovich, discovered a bug in Facebook Messenger that could have allowed remote attackers to intercept the voice calls of unsuspecting targets and listen to them even before they picked up the call.

While the flaw was reported to Facebook on October 6 and having fulfilled the mandatory 90-day deadline, is now made public as it impacts Messenger version (and later) for Android.

The Messenger bug could have allowed an attacker to simultaneously initiate a call and send a maliciously crafted message to a target who is signed-in to both the app and other Messenger client such as the web browser.

How the Messenger Bug could allow Hackers intercept Voice Calls before Pick Up?

The Messenger bug resides in WebRTC's Session Description Protocol (SDP), which is a standardized format for the exchange of streaming media between two endpoints, thus allowing an attacker to send a specially crafted message known as "SdpUpdate" that could cause the voice call to connect to the called user's device before being answered.

It would then trigger a scenario where, as the device is ringing, the caller would begin to get the audio until the person called answers or the call eventually times out.

As audio and video calls through WebRTC are typically not transmitted with audio until the recipient clicks the accept button, but if the "SdpUpdate" message is sent to the device on the other end while it is ringing, it will result to transmitting audio immediately, and could allow an attacker to spy the called user's environment.

It is quite similar to the Apple's FaceTime bug that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by simply adding their number as a third person in a group chat before even the person on the other end has accepted the incoming call.

Albeit, in the case of the Messenger bug, the caller would need to already have the permissions to call the specific person, that is, the caller and the called would have to be friends on Facebook to pull it off.

How to Mitigate against the Messenger Bug?

The Messenger bug was promptly reported to Facebook and Facebook has subsequently patched the bug, awarding to Silvanovich a $60,000 bug bounty for reporting the issue, which amount is among Facebook's three highest bug bounties to date, and the Google researcher pledges to donate the bounty to a non-profit named GiveWell.

Therefore, it is highly recommended that all Facebook Messenger users should update their Messenger app installed on Android to the latest version to mitigate the flaws.

Messenger Bug could allow Hackers intercept Voice Calls before Pick Up

Kali Linux 2020.4 has been released by Offensive Security, as the final release of 2020 series, with some exciting new penetration testing improvements and tools.

While the latest release follows after Kali Linux 2020.3, that brough the addition of ZSH shell, as formerly, BASH (Bourne Again Shell) was used by default. It also added updates to its ARM Images for ARM-based devices, such as Raspberry Pi and Pinebook Pro, with the changes including the kali-linux-default metapackages and the size reduction for all new ARM images.

Albeit, Bash remains a default shell for other platform images such as NetHunter, ARM, containers, and WSL, but it is expected to be replaced with ZSH in the upcoming release.

What's New in Kali Linux 2020.4 Release?

Besides the replacement of ZSH shell (or Z Shell) with BASH (Bourne Again Shell) as the default command-line shell in the new Kali Linux 2020.4 for desktop and cloud, Kali Linux 2020.4 also brought uniformity in the cross-shell theme.

As a part of Amazon GovCloud, Kali Linux 2020.4 has a new marketplace entry, with the latest Kali version, users can use the latest instance on their old entry, or switch to a new entry. It has also introduced a new metapackage called kali-linux-headless for AWS Cloud image.

Kali has also officially partnered with byt3bl33d3r, the author of CrackMapExec (CME) tool, which means that Kali Linux users will get access to newest changes in CME even before it is made public as the Kali package of CME will directly pull updates from its private codebase.

Additionally, Kali Linux 2020.4 has its Linux kernel upgraded to the latest stable version 5.9, with GNOME and KDE desktop also upgraded to 3.38, and 5.19 respectively.

How to Upgrade to Kali Linux 2020.4

If you’re an existing Kali Linux user running the previous version, you can upgrade your system by using the following commands:

$ sudo apt update && sudo apt -y full-upgrade

Also, you'll need to set the default shell to ZSH using the following commands:

$ cp -i /etc/skel/.zshrc ~/ $ chsh -s /bin/zsh $ zsh

And for those who are new to Kali Linux and want to give the new release a spin, you can download Kali 2020.4 images available for several platforms from the official page.

Kali Linux 2020.4 Release: ZSH replaced by BASH as default Command-line Shell

Servo is an experimental web engine developed by Mozilla taking advantage of the concurrency features and memory safety properties of the Rust programming language.

While the Servo CSS style engine, was incorporated into Mozilla's open-source web browser, Firefox, giving the browser some advantages in memory safety, speed and parallelism over other web browsers.

Now, the popular and lightning-fast web engine will be hosted by the Linux Foundation, which move to the Linux Foundation is believed will enable Servo continue to thrive and power web-based innovations.

Why Servo Web Engine will be Hosted at Linux Foundation?

Servo Web Engine which made debut in 2012 at Firefox-maker, Mozilla research, but the recent happenings at the company has made significant headcount reductions inevitable, affecting mostly developers working on Servo.

Mozilla announced that it was laying off approximately 250 staff members in a move that will shore up the organization's financial future. And the layoffs which were publicly announced, was intended to strengthen the company's ability to build and invest in products and services that will give people alternatives to conventional technologies.

With Linux Foundation’s track record for hosting and supporting some of the world’s most ubiquitous open source technologies, it became the natural choice of host to grow the Servo community and increase the platform's support, and this cross-industry open source collaboration will enable the acceleration of the highest priorities for web developers.

Mozilla as a champion of the open source movement, has worked tiredlessly to unite passionate communities in building software that have kept the internet open and accessible for all, with the move of Servo on to the Linux Foundation this technology will continue to thrive and power web-based innovations in the future.

Mozilla's Open-source Web Engine, Servo now to be Hosted by Linux Foundation

Ubuntu Web Remix is an open source alternative to Chrome OS that's highly privacy-focused, employing Firefox browser instead of Google Chrome.

While the Ubuntu-based Linux distribution, Ubuntu Web Remix has long been in the works as a potential Chrome OS replacement, and the first stable release has now been announced, Ubuntu Web Remix 20.04.1.

Ubuntu Web Remix is an unofficial Ubuntu remix distro developed by Rudra Saraswat, who is also behind Ubuntu Unity and UbuntuEd; but unlike the two earlier distros, Ubuntu Web Remix is a more web-centric operating system that serves as an alternative to Google’s Chrome OS.

What are the Main features in Ubuntu Web Remix 20.04.1?

Ubuntu Web Remix uses the free and open-source Firefox browser instead of Google’s proprietary browser, Chrome. And it employs an easy wapp (web-app) format to create and package web-apps using wadk tool for desktop and install them using winst tool. It also allows users to create your own web apps and package them for solely for the remix distro.

For the installation of apps, Ubuntu Web offers an Open Web Store to download packaged web applications, though still experimental; it allows users to download packages in original a script, and install it by running the command: sudo sh ./install-instagram for instance, installing Instagram app.

It currently support tons of packaged web applications such as Facebook, Instagram, Twitter, YouTube, SoundCloud, Mastodon, Google drive, Google Classroom, and Opendesktop. And you can also install other Linux applications using apt command line tool. Additionally, Ubuntu Web offers Anbox tool by default for installing Android apps and PlayOnLinux to install Windows apps.

How to Download and Install Ubuntu Web Remix 20.04.1

If you want to give Ubuntu Web Remix a spin, you can download the ISO image or the torrent file, which is available as amd64, the architecture that defines a 64-bit virtual address format.

You can also use /e/ Foundation’s Cloud Services, as Ubuntu Web offers out-of-the-box support for the integration. And Ubuntu Web will have higher integration with the /e/ App Store too with the coming update.

Ubuntu Web Remix 20.04.1: Privacy-focused Linux Alternative to Chrome OS

The Warp update, also known as WarpBuilder, improves the responsiveness and memory usage of the browser by speeding up page loads through changes to JiT (just-in-time) compilers.

Starting with Firefox 83, Firefox users will experience improved JavaScript performance in the browser, with the Warp update to the SpiderMonkey JavaScript engine enabled by default, optimizing JiT to rely solely on the CacheIR simple linear bytecode format.

It specifically rely on the CacheIR data collected by the baseline tiers, with the new architecture also described as being more maintainable and unlocks additional SpiderMonkey improvements.

How the Warp update in Firefox 83 boosts JavaScript performance?

Firefox 83 made debut on November 17, with Warp as shown to be faster than Ion, the SpiderMonkey’s previous optimizing JiT, boasting of a 20 percent improvement on load time.

Although both IonBuilder and WarpBuilder produce Ion MIR, which is an intermediate representation used by the optimizing JiT backend, IonBuilder offered a lot of complex code that are unnecessary in WarpBuilder. And Warp can also do more work off-thread and requires fewer recompilations.

As Warp is based on CacheIR enabled removal of code through the engine that was needed to track globaltype inference data used by IonBuilder, it results in speed boosts for the browser's performance.

What's Next in the Warp update for Firefox?

Warp replacing the front end MIR building phase of the IonMonkey JiT, also means the removing of the old code and architecture, which will most likely happen in Firefox 85.

Therefore, it will result to additional performance and memory usage improvements, which Mozilla also will continue to optimize incrementally via the backend of the IonMonkey JiT, as there is still room for improvement on the JavaScript-intensive workloads. And Mozilla is also building a new tool for developers to explore CacheIR data for JavaScript function.

Mozilla boosts Firefox browser's JavaScript performance with the Warp update

PrimTux is a Debian and Ubuntu-based Linux distribution developed by a team of academia and computer enthusiasts for use in educational environments.

While the PrimTux team has announced the sixth version of the educational Linux operating system, PrimTux 6, and made available in two versions, namely: Ubuntu-based (Ubuntu 18.04.5 or 20.04.1) and the Debian-based (Debian 10), with the later versions for older computers (32-bit).

Albeit, PrimTux is a French-oriented Linux distribution and it is not intended to replace the main operating system of a modern computer, but to serve as an upgrade for obsolete equipment to benefit schools or educational environment as it runs on all types of PC, including the older PCs.

What's New in PrimTux 6 Release?

PrimTux 6 continues to empahsis on the core functionality of PrimTux, which is to cater for students, by using CTParental to ensure that young students are safe while surfing the internet through the provision of search engine with filters like Qwant junior.

It offers multiple configurable settings for different offices, namely: mini, maxi, super, and administrator, which is adaptable to the cycles of primary schooling to protect the systems. PrimTux 6 also introduces a new connection manager with the three student sessions at start-up return.

Additionally, PrimTux menu, which is inspired by the handymenu, is still under development, and the menu will allow users to manage all applications in central location.

How to Download or Upgrade to PrimTux 6

If you're a new user and want to try out PrimTux 6, you can download the ISO image from the official page, which is available for both versions i386 and amd64.

And for installation of PrimTux, you can burn the ISO to a DVD and boot the computer to DVD. To transfer PrimTux to a usb key, it is recommended that you use Ventoy, which allows you to transfer the 3 versions of PrimTux 6 for PC to a USB key and install them. For more information about PrimTux, see the wiki page with guides ranging from installing the OS and software to upgrading the different versions.

PrimTux 6 Release: A Debian and Ubuntu-based Linux distro for Students

Microsoft's CBL-Mariner is an internal Linux distribution used for Azure first-party services and edge appliances, developed by the Linux Systems Group at Microsoft.

While the Linux Systems Group at Microsoft has developed a number of other products, with some meant for customers and partners and others strictly for internal use, such as its work building an optimized Linux kernel for the Windows Subsystem for Linux (WSL). And recently, Microsoft has made CBL-Mariner available on GitHub.

Microsoft initially released CBL-Mariner commit on GitHub four months ago, even though CBL-Mariner remains a public release, it's meant strictly for Microsoft's own use and available under an MIT License.

CBL-Mariner serves as base Linux for Microsoft’s Azure container host

The term "CBL" stands for "Common Base Linux" which meaning underlies Microsoft's use of CBL-Mariner as the base Linux for containers in the Azure Stack HCI implementation of its Kubernetes Service.

It is a lightweight Linux distribution which serves as part of Microsoft's evolving 5G/edge networking services in its Azure for Operators unit, even as Red Hat's CoreOS was formerly used as the preferred host for Linux containers, but recently, has been deprecated, thereby necessitating an alternative service.

Also, Microsoft provides the Flatcar Linux CoreOS-fork for Azure customers as part of a partnership with the developers, Kinvolk, but with its own distribution for own services, CBL-Mariner will ensure that it can update and manage its host and container instances on its own schedule.

Some other projects by Microsoft’s Linux Systems Group

The Linux Systems Group handles much of the Microsoft’s Linux works, which includes the Azure-tuned kernel that is available as patches for many common Linux distributions, helping to optimize them for use with Microsoft’s Hyper-V hypervisor, and a set of other tools to deliver policy-based enforcement of system integrity.

Also, its work building an optimized Linux kernel for the Windows Subsystem for Linux (WSL), which was pushed out through Windows 10 update, is very significant. And some of the other works include the secure Linux for Azure Sphere, the SONiC networking distribution designed for use with the Open Compute Project hardware and many public clouds and online services.

And lastly, CBL-Mariner release as part of the Azure infrastructure, used for Microsoft's edge network services and as part of its cloud infrastructure will ensure a low-overhead, and tightly focused distribution.

CBL-Mariner: Base Linux for Containers in Azure Stack HCI implementation

MX Linux team has released the new third point version in its MX Linux 19 “Patito Feo” series, MX Linux 19.3, as a Debian and antiX Linux distros spinoff, with several bug fixes and updates to the latest applications for all editions, including: Xfce or KDE Plasma.

While the previous version, MX Linux 19.2 brought support for 64-bit KDE edition with Advanced Hardware Support (AHS) enabled, MX Linux 19.3 KDE includes the updated KDE Plasma desktop 5.15 and Linux kernel 5.8.

Albeit, the standard 32-bit and 64-bit editions of MX Linux 19.3 had its Debian kernel updated to version 4.19, which means that the kernel will auto-update by default along with the Debian package sources.

What's New MX Linux 19.3 Release?

MX Linux 19.3 brings the latest updates from upstream Debian Buster 10.6 and the core MX repository and software packages.

The MX-apps and MX PackageInstaller has the kernel entries updated, with MX Installer issue with autoinstall and ESP flat setting on UEFI setups fixed, and MX Snapshot has now received miscellaneous enhancements such as a reset network connection function. Other major changes in MX Linux 19.3 include:

  • GIMP 2.10.12
  • MESA 18.3.6 (20.1.8 for AHS)
  • Debian kernel 4.19 (5.8 for AHS)
  • LibreOffice 6.1.5
  • Thunderbird 68.12.0

Additionally, the antiX live system has been improved, such as the live system will no longer set alt+shift by default for the switching of keyboard.

How to Upgrade to MX Linux 19.3

If you need a fresh installation of MX Linux 19.3 from scratch, you can get the ISO images of all editions from here and the torrent files are available here.

And for those already using the previous MX Linux 19.2, they can easily upgrade to MX-19.3 by manually updating their packages using the MX Updater tool, but if you are using older versions, you can follow the official migration guide.

MX Linux 19.3 Release: A Debian and antiX Linux distros Spinoff

BlackBerry Research and Intelligence team have discovered a cyber-espionage campaign that's targeted at financial firms, dubbed CostaRicto, which appears to be operated by a group of APT “hackers-for-hire” mercenaries.

The hackers-for-hire operation was discovered using a strain of previously undocumented malware that targets South Asian financial institutions and entertainment companies globally; albeit mercenary groups that offers APT-style cyberattacks are becoming more and more popular.

The tactics, techniques, and procedures (TTPs) employed by these APT “hackers-for-hire” mercenaries often mimics highly sophisticated state-sponsored campaigns, though the profiles of their victims are far too more diverse to be aligned to a single bad actor’s interests.

The Modus Operandi of APT Hackers For Hire

The APT Hackers For Hire modus operandi is quite straight-forward, with the initial foothold in the target's environment through stolen credentials, the hackers set up an SSH tunnel to download a backdoor and payload loader dubbed CostaBricks which implements a C++ virtual machine mechanism that decode and inject bytecode payload into the victim's device memory.

And the command-and-control (C2) servers are managed via DNS tunneling, with the backdoor delivered by the CostaBricks loaders as a C++ compiled executable called SombRAT, named after a Mexican hacker, known as Sombra and an infiltrator from Overwatch, the popular multiplayer game.

The biggest concentration of targets appear to be in South Asia, mostly: Singapore, India, Bangladesh and China, which suggests that the threat actor themselves could be based in these regions, but working for a more wider range of commissions from diverse clients around the world.

Albeit, the identities of the bad actors behind the operation remains unknown, but one of the IP addresses on which the backdoor domains were registered has been linked to an earlier phishing campaign attributed to Russia-backed APT28 hacking group, hinting at a possible link that the phishing campaigns could have been outsourced on behalf of the actual mercenaries.

About The BlackBerry Research and Intelligence Unit

The BlackBerry Research and Intelligence unit examines emerging and persistent threats, in order to provide intelligence analysis for the benefit of organizations they serve.

And this isn't the first hackers-for-hire operation uncovered by the BlackBerry Research and Intelligence team, the first was a series of campaigns by a group called Bahamut that exploited zero-day flaws, malicious and disinformation operations to target victims in the Middle East and South Asia.

CostaRicto Campaign: APT 'Hackers For Hire' Operation targets financial firms

OAuth 2.0 swept the web in 2012, as the authentication upgrade that allow users to securely log in to websites and many sign-on systems, ranging from AWS’s Cognito to Okta, implemented OAuth.

While OAuth enables you to “authenticate with Google” and other providers with a completely different website or application, but OAuth was designed around browsers, and assumes that the originator making the request can handle an HTTP redirect.

The browser focus is rather a stumbling block for apps or the “Internet of Things”, coupled with the fact that OAuth requires that you post form parameters instead of JSON. Hence, there is a new proposal to replace OAuth with GNAP, though the specification is still in its early stages, its features goes further than even OAuth 2.1.

How GNAP addresses some limitations of OAuth with new features

GNAP is intended to further the idea that security is a really exciting field, and it addresses some limitations of OAuth and spices it with some new features.

Instead of relying on HTTP parameters, GNAP allows you to use JSON, and application endpoints are quite discoverable. You don't have to support redirects or use any of the various hacks around it. And GNAP proposes to support new security features as follows:

  • Multi-Access Tokens: Allows clients to authenticate to several resources at once, as both user and administrator.
  • Asynchronous & Application URL Launch: Are different authentication paths that allow authentication without a redirect. GNAP enables applications to also authenticate to third-party resources with no direct access.
  • Request Continuations: Allow clients to negotiate stuff like redirects or other details during the authentication process and a client is also allowed to negotiate for additional privileges or access tokens.

Additionally, there is the Sender Constraint Tokens which are add-ons to OAuth 2 for functionality called DPOP and MTLS, as GNAP build this directly into the protocol. For instance, if a token was dropped (or intercepted), it would not matter because the bearer would not have the password.

How to get Started with Using GNAP

If you want to start using GNAP right away, or you're interested in collaborating with other users, you can fork one of the prototypes from the existing proposal on GitHub.

Albeit, the authors aim to release GNAP in 2022, which is still a long way off. But, the GNAP working group is actively looking for collaborators, which you can join via the mail list and offer your expertise.

OAuth Replacement: GNAP addresses some limitations of OAuth with new features

Endless OS is a Linux-based operating system with a simplified and streamlined experience running its own customized desktop environment forked from GNOME 3.

While the Endless team has announced a new stable version, Endless OS 3.9.0 with tons of improvements, new features, and core component updates. Endless OS uniqueness stems from the use of a read-only root file system managed by OSTree with application bundles overlaid on top, instead of using a traditional Linux package management system.

And based on its users feedback, Endless OS 3.9.0 has the concept of Hack mode removed from its first class learning environment.

What's New in Endless OS 3.9.0 Release?

Endless OS 3.9.0 features Linux kernel 5.8, bringing with it support for latest hardware, GPU drivers, file system, and improved security.

And coupled with the latest GNOME 3.38 desktop environment, users can now apply parental control to all the installed applications and also use drag-and-drop icons on desktops. Now, once you switch Hack mode on, Endless OS will transform your computer into a fun learning environment to explore all learning fields such as Operating System, Art, Maker, Web, and Games.

Additional new changes in Endless OS 3.9.0 includes: NVIDIA driver 450.66 with support for the new NVIDIA graphics cards, along with the updated low-level userspace components such as Xorg 1.20.8, Systemd 246, Dracut 050, and Mesa 20.1.1.

How to Upgrade to Endless OS 3.9.0

Endless OS 3.9.0 is now available for download with the images for Desktop, Virtual Machine, and Raspberry Pi 4 downloadable from the official website.

Kindly note that the hacking affordances by default are available without a specific mode, and you can still enjoy the Sidetrack quests or use the Hacking Toolbox on the flip side of the app to solve riddles.

Endless OS 3.9.0 Release: Hack Mode removed from the learning environment

Ghimob is a full-fledged spyware which is tied to the Brazil-based threat group Guildma, allowing the hackers to access infected Android devices remotely, to complete fraudulent transactions using the victim's smartphone.

According to Kaspersky's Global Research and Analysis Team (GReAT), Ghimob is among a "Tetrade" of four banking Trojans that targets financial institutions in Latin America, including Brazil, and Europe, with that the criminals behind the operation haven expanded their tactics to infect new mobile devices with spyware.

Also, the Android banking Trojan targets financial apps from fintech companies, exchanges, banks, and cryptocurrencies in Paraguay, Portugal, Peru, Germany, Angola, and Mozambique.

How Ghimob Banking Trojan targets fintech apps

As Ghimob shares the same infrastructure used by Guildma, its modus operandi of using phishing emails as a mechanism to distribute the malware is also evidence, which lures unsuspecting users into clicking on malicious URLs that then downloads the Ghimob APK installer on their Android devices.

And once the Trojan gets installed on the device, it functions in a similar way to other mobile RATs that masks its presence by hiding from the app drawer and by abusing Android's accessibility features, it gain persistence, disabling manual uninstall and allowing the banking Trojan to manipulate screen content, capture keystrokes, and thereby providing full remote access to the hackers.

Ghimob is fully able to record screen lock pattern and to later replay it to unlock the device. It targets as many as 153 mobile apps, with 112 of them belonging to financial institutions based in Brazil, cryptocurrency and banking apps accounting for the rest.

How to Mitigate against Ghimob Banking Trojan

It is recommended that Android users should always scrutinize the permissions granted to apps installed on their device.

And if perhaps you notice any unusual notifications and screen activites on your Android device, or suspect any malware-infected apps, quickly uninstall the app from your device, and also make sure the operating system and apps are up to date.

Ghimob Banking Trojan targeting fintech apps on Android devices

Tianfu Cup Competition is the biggest hacking contest in China, which in its third rendition took place in Chengdu, China, with about 15 participating hacker teams.

The hackathon is China's version of Pwn2Own, and showed off hacking attempts against a number of popular platforms, including Windows 10, Linux and popular browsers such as Chrome and Safari, with the hackers partaking in the Tianfu Cup 2020 successfully hacked several such popular software programs.

In fact, there are multiple software from Microsoft, Adobe, Apple, Google, Mozilla, and Samsung that were successfully pwned with previously unknown exploits in Tianfu Cup 2020.

Major Exploits recorded at Tianfu Cup 2020 Competition

The Tianfu Cup 2020 recorded many hard targets in this year’s contest, which out of the programs, the following were confirmed as successfully hacked:

  • Windows 10 2004
  • Ubuntu 20/CentOS 8
  • Windows 10 2004
  • iOS 14 (iPhone 11 Pro)
  • QEMU emulator & virtualizer
  • Adobe PDF Reader
  • Google Chrome browser
  • Apple Safari browser
  • Mozilla Firefox browser
  • Samsung Galaxy S20

Additionally, the hacking competition showed off successful hacking attempts against: TP-Link WDR-7660, VMWare ESXi, Docker-CE and ASUS Router AX86U, among others.

The winning team, Qihoo 360's Enterprise Security and Government (ESG) Vulnerability Research Institute, took home a total of $744,500, which is around two-thirds of the total prize pool for its exploits. And the runner-up, Ant-financial Light-year Security Lab and third-place runner-up, Pang pocketed $258,000 and $99,500 respectively.

The two-day hacking event, had the overriding idea of using various web browsers to navigate a remote URL or use a flaw in the software to control the browser or any of the underlying operating systems.

China’s Hackathon ended with Windows 10, iOS, and Chrome browser pwned

DahliaOS is a Zircon Kernel-based operating system, forked from Google's Fuchsia OS that also serves as a Linux variant, by combining the best of GNU/Linux and Fuchsia OS.

While Zircon as the core platform that powers the Fuchsia OS, is composed of a microkernel as well as a small set of userspace services, drivers, and libraries necessary for the system to load userspace processes and boot, among other processes. Fuchsia OS also supports Flutter apps and it's written in C, C++, Go, Dart, Python, and Rust programming languages.

Albeit, DahliaOS is still in its alpha stages of development, and can’t be used as a daily driver as the Wi-Fi and Bluetooth features don’t yet work.

Is DahliaOS another New Contender In The Linux Distro Market?

DahliaOS uses Pangolin-Desktop which feels rather like those of Phoenix OS and Remix OS, and it offers data Recovery as built-in capability, allowing users to download and boot from the image if anything goes wrong with the system to help you get back up and running.

It also has a marketplace for third-party apps, like Flutter apps and can run applications from other operating systems using its container application. And the OS is lighweight, requiring only a 160 MB image file, and it uses only 199 MB of RAM when idle, which is quite impressive.

But the Zircon variant of DahliaOS requires a minimum of 512MB RAM and dual-core 64-bit processor with Intel HD Graphics to run.

How to get Started with DahliaOS

If you wish to give it a spin right away, you can try out DahliaOS in your browser by visiting https://web.dahliaos.io/#/.

And you can download DahliaOS by heading over to this link and download the “dahliaOS-201004-efi.zip” file, which can be flashed on a USB drive using Rufus and boot directly into the OS using the boot options menu.

For additional information about the supported hardware, kindly see the DahliaOS documentation on Github.

Zircon Kernel-based dahliaOS promises a Secure and Modern operating system

After the release of Ubuntu 20.10 “Groovy Gorilla”, the Ubuntu dev team has started the development of the next version, Ubuntu 21.04.

While Ubuntu is a Linux distribution based on Debian, which is released in three editions, namely: Server, Desktop, and Core, with all editions capable of running on PC, or via a virtual machine.

Now, the traditional Ubuntu versions codename scheme normally takes the form “Adjective Animal” and this time for Ubuntu 21.04, it is “HH” series succeeding the “GG” series with “Groovy Gorilla” codename. And the codename for Ubuntu 21.04 has been revealed as “Hirsute Hippo“ - a rather humungous name at that.

Albeit, Ubuntu 21.04 is the third version to receive a codename with the letter “H”, with the earlier version, Ubuntu 5.04 which was released in 2005 codenamed “Hoary Hedgehog”, and followed by Ubuntu 8.04 LTS “Hardy Heron” in 2008.

Updates & Release schedule for Ubuntu 21.04

The development cycle for Ubuntu 21.04 Hirsute Hippo, continues for up to 26 weeks, and starts with the addition of Python 3.9 as a supported Python3 version.

Also, Ubuntu 21.04 will feature the next version of GNOME desktop environment, which is GNOME 40 and will be arriving a month before launch in March 2021.

And the Beta version of Hirsute Hippo will arrive on April 1, 2021, which after reaching the final freeze milestone on April 15, will hit the final stable version on April 22, 2021. Find the major changes planned for this cycle below, or check out the official Ubuntu 21.04 release schedule.

Ubuntu 21.04 Release Schedule

After the Feature Freeze, all members of the release team are expected to participate in Feature Freeze Exception reviews in their particular area of expertise. And the Final Beta 2, is when all members of the release team are expected to participate in the Bug fixes reviews in their particular area of expertise.

Upcoming Features, Codename and Release Date for Ubuntu 21.04

The next TV trend that has stuck around is 4K, with the first 4K TVs hitting the market around mid 2012.

While HD TV was awesome, the enhanced resolution is what actually paved the way for bigger screens, with DVD players and endless crystal-clear contents made possible. But, Spectrum TV and online streaming providers have only started ramping up their programming and content to 4K within the past few years.

Besides the obvious lack of 4K content on many streaming services, the limitations associated with the Internet made 4K streaming a little punky. For instance, all stream-able 4K content are compressed to reduce file size, with some Blu-Ray discs able to transfer 4K content at 80 Mbps, and streaming platforms such as Netflix compressing content to the point that it can only seamlessly transfer at about 25 Mbps.

Nothing actually bogs down the Internet user's online experience like a lagging download and data-transfer speed, which makes slow and interrupted connections definitely not compatible with the growing digital needs of the modern world.

How to Start Watching 4K Video Content At Home

Since slow and interrupted connections are simply not compatible with the demands of the modern digital world, just imagine watching all the new blockbuster movies over a poor internet connection, how awful it will be.

Spectrum Internet plans offer the much-needed solutions to the problem of lack of 4K content and slow internet connection, by ensuring that your connection is not only smooth, but that the speed is also fast. All Spectrum Internet deals come equipped with over 60 Mbps of data-transfer speeds, which could even reach a whopping 100 Mbps of download speed at times. Such high speed means that performing online tasks becomes as smooth as a ‘walk in the park’.

It employs state-of-the-art transmission technology, and secure browsing with FREE $60 Value Security Suite Included, ensuring robust security for your online presence at every level. You can also subscribe to the basic Spectrum internet deals and still get the best protection.

Spectrum aims to bolster security to every user with a powerful software defense system from the server-end, and an around the clock antivirus, anti-hacking and anti-spamming protection that are available for all the connected devices.


As Spectrum Internet plans do not suffer from sudden network disconnects, with the Spectrum Internet prices also affordable, you can remain assured of a consistently high-speed internet service at a cheap rate.

And Spectrum Internet services offer subscriptions in most of the territories of the country. You can call Spectrum Customer Support to get help in making your choice for standalone or a bundle deal. Spectrum plans come in various packages and standalone deals to facilitate all your needs.

What You Need to Know about Watching 4K Video Content At Home