News for Admins

Tech News

Article from ADMIN 59/2020
By
In the news:Nextcloud Hub now supports end-to-end encryption, Three major threats to Linux discovered, Linux Kernel 5.8 is now available, BootHole patched for CentOS

Nextcloud Hub Now Supports End-to-End Encryption

The pandemic has caused many admins and users to migrate from public to on-premise, private clouds. And with Nextcloud being one of the most capable and popular solutions, the developers have made it such that it includes support for all the features you need.

One new feature is the production-ready support of end-to-end encryption. This new addition should be considered a must-have for extremely sensitive information (such as social security numbers, medical information, etc.). What the developers have done is create an encryption solution that works with the server never having access to the unencrypted files or keys. Users pick a folder and encrypt that folder locally (via the newly released version of the desktop client). Once a folder is encrypted via the desktop client, any file contained within is no longer available on the server, so it cannot be shared via the standard, built-in tools.

Although the encrypted files are no longer available to the server, they are available to the synced clients. So when users have multiple clients connected to their Nextcloud account, they'll be able to access those encrypted folders from the desktop (or mobile) client (but not from the server).

According to Nextcloud: "Organizations that demand the utmost security need a true enterprise solution that doesn't require users to manually exchange encryption keys and long, complex passwords or share large, encrypted volumes. Nextcloud is first to market with an integrated, secure technology to keep a subset of highly sensitive files cryptographically secure even in the worst case of an undetected, full server breach."

Find out more from Nextcloud's official release statement (https://nextcloud.com/blog/production-ready-end-to-end-encryption-and-new-user-interface-arrive-with-nextcloud-desktop-client-3-0/).

Three Major Threats to Linux Discovered

In less than a week, it has been reported that Linux has been found to be vulnerable to three different attacks. This should come as no surprise, given the steady rise in popularity Linux has enjoyed over the last year.

The first attack is a cryptomining distributed denial of service (DDoS) attack named Lucifer. This hybrid DDoS botnet was first known for infecting Windows machines with Mondero cryptomining bots. That attack is now scanning for and infecting Linux servers and desktops. The Linux version of the Lucifer botnet has the same capabilities as the Windows version, but can also be used in HTTP-based DDoS attacks.

The next attack, dubbed FritzFrog, is another botnet that was discovered breaching SSH servers since January 2020. This bot, written in Golang, has been found to target systems within the government, education, and finance sectors. FritzFrog assembles and executes its payload in-memory. Once on a system, FritzFrog communicates, via an encrypted channel, using over 30 commands. The malware then spawns multiple threads to facilitate replication, deployment, and growth. Guardicore Labs (https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog) has created a script that can detect FritzFrog infections.

Finally, Drovorub is a toolset that creates a backdoor on Linux machines that enables file downloads and uploads, as well as the execution of commands as root, and port forwarding of network traffic. Worst of all, Drovorub implants a kernel rootkit, which is enhanced with additional capabilities. To mitigate Drovorub, admins are warned to upgrade their Linux systems immediately (including the kernel). If your servers and desktops are running any kernel newer than 3.7, you should be safe. Of course, 3.7 is quite an old kernel, so chances are good you are already free from the effects of this malware.

Linux Kernel 5.8 Is Now Available

Linus Torvalds (the creator of Linux) has called the 5.8 kernel (https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.tar.xz) the "Biggest release of all time." That kernel is now available for installation.

The majority of the 5.8 kernel is code cleanup, driver support, security improvements, and low-level optimizations, which translates into not a lot of user-facing features. To put this into perspective, Torvalds said:

"But again, 5.8 is up there with the best, despite not really having any single thing that stands out. Yes, there's a couple of big driver changes (habanalabs and atomisp) that are certainly part of it, but it's not nearly as one-sided as some of the other historical big releases have been."

Some of the new features include support for Qualcomm Adreno 405/640/650, AMDGPU TMZ, Tiger Lake SAGV, POWER10 CPUs, Arm SoC, Tiger Lake Thunderbolt (for Intel's Gateway SoCs), as well as a new AMD Energy Driver.

Although you might be tempted to upgrade to the new 5.8 kernel, remember that your distribution of choice may not include their own supported drivers and patches. Because of this, you might not want to jump right in and install the latest kernel on a production machine. Install 5.8 on a test platform and kick the tires before you decide to go ahead on migrating any mission critical machine.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus