Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Operating system. Show all posts

Why Windows 11 Requires a TPM and How It Enhances Security

 

When Microsoft launched Windows 11 in 2021, the new operating system came with a stringent hardware requirement: the presence of a Trusted Platform Module (TPM), specifically one that meets the TPM 2.0 standard. A TPM is a secure cryptoprocessor designed to manage encryption keys and handle security-related tasks, making it a critical component for features such as Secure Boot, BitLocker, and Windows Hello. 

The TPM architecture, defined by the ISO/IEC 11889 standard, was created over 20 years ago by the Trusted Computing Group. The standard outlines how cryptographic operations should be implemented, emphasizing integrity protection, isolation, and confidentiality. A TPM can be implemented as a discrete chip on a motherboard, embedded in the firmware of a PC chipset, or built directly into the CPU, as Intel, AMD, and Qualcomm have done over the past decade. 

Most PCs manufactured since 2016 come with a TPM 2.0, as Microsoft mandated that year that all new computers shipped with Windows must have this technology enabled by default. Even some older devices may have a TPM, though it might be disabled in the BIOS or firmware settings. Intel began incorporating TPM 2.0 into its processors in 2014, but the feature was mainly available on business-oriented models. Devices built before 2014 may have discrete TPMs that conform to the earlier TPM 1.2 standard, which is not officially supported by Windows 11. 

The TPM enhances security by providing a secure environment for processing cryptographic operations and storing sensitive data, like private keys used for encryption. For example, it works with the Secure Boot feature to ensure that only signed, trusted code runs during startup. It also enables biometric authentication via Windows Hello and holds the BitLocker keys that encrypt the contents of a system disk, making unauthorized access nearly impossible. Windows 10 and 11 initialize and take ownership of the TPM during installation, and it’s not just limited to Windows; Linux PCs and IoT devices can also use a TPM. 

Apple devices employ a different design known as the Secure Enclave, which performs similar cryptographic tasks. The added level of security provided by a TPM is crucial in protecting against tampering and unauthorized data access. For those with older PCs, upgrading to Windows 11 may require enabling TPM in the BIOS or using a utility to bypass hardware checks. However, the extra security enforced by TPM in tamper-resistant hardware is an essential advancement in protecting your data and ensuring system integrity.

Here's Why Cybercriminals are Targeting Linux Operating Systems

 

Internal strife is common among ransomware gangs. They argue, they fight, and they establish allies only to rapidly break them. Take, for instance, the leak of malware code from Babuk, which was compromised in 2021 by hackers enraged at being duped by the infamous ransomware gang. 

The outcomes of this intramural warfare are frequently fruitful for cybersecurity experts. Ten other ransomware gangs used the code to attack VMware and ESXI servers after that, and a number of versions were produced that researchers have been busy updating ever since. 

However, what made this particular family of malware noteworthy was that it specifically targeted Linux, which has quickly become a favourite of developers working on creating virtual machines for cloud-based computer systems, hosting for live websites, or IoT devices. With an estimated 14 million internet-facing gadgets, 46.5% of the top million websites by traffic, and an astounding 71.8% of IoT devices using Linux on any one day, its use has increased significantly in recent years. 

That's excellent news for advocates of open-source software development, for whom Linux has always served as an illustration of what can be accomplished when coding communities work together without being constrained by anything as odious as a corporate culture or a profit motivation. 

It's also really alarming for some cybersecurity specialists. Not only is there a significant dearth of ongoing research into the security of Linux-based systems in comparison to those based on more mainstream operating systems, but there is also no official, overarching method for patching the vulnerabilities in this OS. Instead, as befits an open-source product, 'flavours' of Linux are patched on an ad hoc basis by developers with time and intellect to spare - a valuable resource in the face of a real tsunami of cybercrime. Attackers are taking note. AtlasVPN discovered over 1.9 million new malware threats last year, representing a 50% rise year on year.

Shifting trend 

It wasn't always like this. Bharat Mistry recalls a time when hackers were more interested in cracking open old Windows computers. "I believe cybercriminals stayed away because they believed the popularity wasn't there," says Trend Micro's technical director for the UK and Ireland. Linux had a reputation for being secure by design, with reduced default access levels and other characteristics designed to hinder the easy spread of malware. "But over the last six years, certainly with cloud usage, it's [usage has] exponentially grown," says Mistry, increasing the amount of possible vulnerabilities. 

According to Mistry, this is largely due to the fact that it offers a cheap and cheerful alternative to the dominant OS brands, with many different flavours of unlicensed Linux accessible. "When you look at things like web servers that are hosted in the cloud, [why] should I pay for a Windows licence?" Mistry asks, speaking from the perspective of a savvy, money-conscious company. A Linux alternative is "as cheap as chips and does exactly what I need it to do." I can install Apache on it... and have the performance I want without the extra cost." 

Unfortunately, if an operating system is designed and maintained according to open source principles, hackers looking to exploit it can simply source it on GitHub and other software forums. Ensar Seker, for one, is concerned about the consequences for the use of virtual machines (VMs) in the cloud. "Virtual machines often lack the same level of security monitoring as physical systems, making it easier for attackers to go undetected for a longer period of time," says the chief information security officer at digital risk protection platform SOCRadar. 

The fact that the vast majority of software on IoT devices is based on Linux should also be cause for concern, according to the researcher, especially considering the rate of development expected for the smart device market over the next decade. More concerningly, Mistry continues, "we're seeing Linux being used more and more in critical systems," owing to how easy it is to branch and customise variants of the OS to suit particular jobs compared to its mainstream counterparts.

Given hackers' access to the source code of the operating system, malware designed to break open-source versions of these systems is frequently created to a higher standard than its Windows-targeting counterparts. It's also popular among a wide range of cybercriminal gangs. Tilted Temple, a Chinese cyber group, has utilised Linux-based malware to infiltrate important national infrastructure on three continents. 

Major players in the cybercriminal underworld, such as Black Basta, Lockbit, and Hive, have all been identified as deploying targeted Linux-chomping malware to breach online infrastructure. Another such gang, RTM, has been found on dark web forums as trading in harmful, Linux-targeting software. 

It's unclear how prepared cybersecurity providers are for this new threat. After all, until recently, these companies spent far more time fixing vulnerabilities in more widespread operating systems. Far fewer have investigated how vulnerable Linux systems can be to hacking - a squandered opportunity, according to Mistry. "Everyone's been so focused on Windows over the last few years because it's been the predominant operating system that all enterprises use," he explains. "But, in the background, Linux has always been there." 

Future threats 

Mistry does not believe the current wave of Linux attacks will abate anytime soon. He feels it will be some time before consumers and developers become aware of the risks and alter their behaviours. "The vulnerabilities in Linux platforms are massive," Mistry adds. "No one is actively controlling the vulnerabilities and patching them on a daily basis." 

Does this imply that its open-source framework contributes directly to Linux's lack of security? Certainly less, says Mistry. "You've got the openness, you've got the mass flexibility - the problem is when it comes to support," explains Mistry. 

Organisations developing new software on Linux should educate themselves on the trade-offs involved in adopting the operating system. The communities of developers modifying and patching this or that variant of Linux have "got people who will do things, but there's no kind of set body to say, 'This is the kind of direction we're going [in.]," adds Mistry, let alone any built-in regime mandating security standards. As a result, firms would be advised, according to the TrendMicro researcher, to install their own regime or create a viable audit trail for products built on some of the more unusual varieties of Linux. 

So, are the days of Linux as a popular OS alternative numbered? Probably not in the short term, and many cybersecurity vendors are becoming aware of the threat posed by Linux-based systems, according to Mistry. Nonetheless, according to Seker, each new security event involving Linux-targeting malware only serves to erode its reputation as an economical, secure, and open-source alternative to the monolithic Windows and iOS. "Even a single high-profile incident can quickly change a perception if the security community does not respond to threats promptly and effectively," he says.

Linux Malware Records a New High in 2022


While more and more devices are adopting Linux as their operating system, the popularity of the software has nonetheless attracted cyber-criminals. According to recent reports, the number of malware aimed at the software increased dramatically in 2022. 

As per the reports from observations made by Atlas VPN based on data from threat intelligence platform AV-ATLAS, as many as 1.9 million Linux malware threats were observed in 2022, bringing the figure up 50% year-on-year. 

The reports further claimed that most of the Linux malware samples were discovered in the first three months of the year. 

 Secure Operating System

In Q1 2022, researchers identified 854,690 new strains. The number later dropped by 3% in Q2, detecting 833,065 new strains. 

The number of new detections fell 91% to 75,841 in the third quarter of the year, indicating that Linux malware developers may have taken their time off. The numbers increased once more in the fourth quarter of the year, rising by 117% to 164,697. 

Despite the researcher’s observations, Linux remains one of the “highly secure operating systems.” 

“The open-source nature of Linux allows for constant review by the tech community, leading to fewer exploitable security vulnerabilities. Additionally, Linux limits administrative privileges for users and compared to more widely used operating systems like Windows, it still has less malware targeting it,” the researchers added. 

While threat actors will not stop chasing flaws in the world’s fifth most popular operating systems, businesses and consumers alike must also be on the lookout, the researchers concluded. 

Although Linux is not as popular as Windows or macOS, it is still a widely used operating system. From Android devices (which are built on Linux) to Chromebooks, video cameras, and wearable devices, to all kinds of servers (web servers, database servers, email servers, etc.) there are more than 32 million endpoints operating on Linux.  

Thousands of Organizations Targeted Via 'Operation Chimaera'

 

TeamTNT hacking group has enhanced its abilities by adding a set of tools that allow it to target multiple operating systems. 

Earlier this week, cybersecurity experts from AT&T Alien Labs published a report on a new campaign, tracked as Chimaera. According to AT&T researchers, infection statistics on the command-and-control (C2) server used in Chimaera suggests that the campaign began on July 25,2021. 

TeamTNT was first discovered last year and was related to the installation of cryptocurrency mining malware on susceptible Docker containers. The operations of the TeamTNT hacking group have been closely monitored by security firm Trend Micro, but in August 2020 experts from Cado Security contributed the more recent discovery of TeamTNT targeting Kubernetes installations. 

Now, the researchers at Alien Labs believe the hacking group is targeting Windows, AWS, Docker, Kubernetes, and various Linux installations, including Alpine. Despite the short time period, the latest campaign is responsible for "thousands of infections globally," the researchers say. 

In its latest campaign, TeamTNT is using open-source tools like the port scanner Masscan, libprocesshider software for executing the TeamTNT bot from memory, 7z for file decompression, the b374k shell php panel for system control, and Lazagne. 

Lazagne is an open-source application for multiple web operating systems that are stored on local devices including Chrome, Firefox, Wi-Fi, OpenSSH, and various database programs. According to Palo Alto Networks, the group has also added Peirates, a cloud penetration testing toolset in its armory to target cloud-based apps. 

“With these techniques available, TeamTNT actors are increasingly more capable of gathering enough information in target AWS and Google Cloud environments to perform additional post-exploitation operations. This could lead to more cases of lateral movement and potential privilege-escalation attacks that could ultimately allow TeamTNT actors to acquire administrative access to an organization’s entire cloud environment,” according to Palo Alto’s June report.

While now self-armed with the kit necessary to target a wide range of operating systems, TeamTNT still focuses on cryptocurrency mining. For example, Windows systems are targeted with the Xmrig miner. A service is created and a batch file is added to the startup folder to maintain persistence -- whereas a root payload component is used on vulnerable Kubernetes systems.

A2 Hosting finds 'restore' the hardest word as Windows outage slips into May

The great A2 Hosting Windows TITSUP has entered its second week as the company continues to struggle to recover from a security breach that forced its System Operations team to shut down all its Windows services.

To recap, things went south on 23 April as malware spread over the company's Windows operation, causing a problem so severe that the A2 Hosting team decided the only way to recover was to restore data from backups. The company told furious customers last week that "Restores continue to progress at a steady pace".

Except, alas, things have not gone smoothly.

As some services gradually tottered into life, users made the horrifying discovery that the backups being restored from were less than minty fresh.

A "day or two" is bad enough for an ecommerce site, but the loss of several months' worth of data is an altogether angrier bag of monkeys. To make matters worse, the company has left it to users to work out just how whiffy those backups are.

Register reader David Sapery, who was lucky enough to see his services stagger back to life after a five-day liedown, was then somewhat embarrassed when his customers, finally able to access his sites, told him things looked a tad outdated.

Sapery told us: "Anything on any of my websites that was updated over the past 2+ months is gone."

Still, Sapery was at least able to recover. Another reader was not so lucky, describing his experience as "an unmitigated disaster."

Having spent eight months and "thousands of dollars", the unfortunate A2 Hosting customer told us that "my business and all my hard work has been gutted within seven days by a hosting company that clearly did not have robust security in place."

A2 Hosting will, of course, point to its Terms of Service where it makes it quite clear that it is not responsible for any data loss and that users are responsible for their own backups.

New OS takes on Apple, Android

Firefox, a web browser made by the non-profit Mozilla Foundation, was born as “Phoenix”. It rose from the ashes of Netscape Navigator, slain by Microsoft’s Internet Explorer. In 2012 Mozilla created Firefox os, to rival Apple’s ios and Google’s Android mobile operating systems. Unable to compete with the duopoly, Mozilla killed the project.

Another phoenix has arisen from it. Kaios, an operating system conjured from the defunct software, powered 30m devices in 2017 and another 50m in 2018. Most were simple flip-phones sold in the West for about $80 apiece, or even simpler ones which Indians and Indonesians can have for as little as $20 or $7, respectively. Smartphones start at about $100. The company behind the software, also called Kaios and based in Hong Kong, designed it for smart-ish phones—with an old-fashioned number pad and long battery life, plus 4g connectivity, popular apps such as Facebook and modern features like contactless payments, but not snazzy touchscreens.

With millions of Indians still using feature phones, it’s no surprise that this brainchild of San Diego startup KaiOS Technologies is already the second most popular mobile operating system in Indiaafter Android, capturing over 16% market share. iOS is second with 10%share, as per an August 2018 analysis by tech consulting firm Device Atlas.

The new category of handsets powered by KaiOS, which has partnered with Reliance Jio, require limited memory while still offering a rich user experience through services like Google Assistant, Google Maps, YouTube, and Facebook, among others.

Faisal Kawoosa, founder, techARC, credits KaiOS with bringing about a paradigm shift in infotainment in India. “This (the feature phone platform) becomes the first exposure of mobile users to a digital platform. It is also helping the ecosystem and new users to digital services without much increase to the cost of the device,” he said.

NHS to migrate to Windows 10 to upgrade cybersecurity defences

Microsoft on Saturday announced that The UK Department of Health and Social Care will transition all National Health Service (NHS) computer systems to Windows 10 to better protect against future cyber attacks. 

The Department has made a security deal with Microsoft regarding the same.

According to officials, the operating system’s more advanced security features are the primary reason for the transition, such as the SmartScreen technology equipped with Microsoft Edge and Windows Defender.

One of the other reasons for upgrading their security systems was the damages caused by the WannaCry ransomware attack last year, when NHS was one of the first victims.

“More than a third of trusts in the UK were disrupted by the WannaCry ransomware attack last year, according to the National Audit Office, which led to the cancellation of 6,900 appointments. WannaCry was an international attack on an unprecedented scale that affected organisations across the globe. While it did not specifically target the NHS, the impact on health organisations was significant,” read the announcement by Microsoft.

According to Kaspersky and Microsoft telemetry, over 98 percent of all WannaCry victims were Windows 7 users.

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat,” said Jeremy Hunt, the Health and Social Care Secretary. “This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”


Now Upgrade to Backtrack 5 R2 ~ BT5 R2 will be Released On March

The long awaited release of the BackTrack 5 R2 kernel has arrived, and it’s now available in Backtrack repositories. With a spanking brand new 3.2.6 kernel, a huge array of new and updated tools and security fixes, BT5 R2 will provide a more stable and complete penetration testing environment than ever before.

Backtrack will start a series of blog posts on how to upgrade, deal with VMWare, and even build your own updated BT5 R2 by yourself. Backtrack explained how to upgrade to BT5 R2 here


"March 1st! The BackTrack 5 R2 ISOS will we available for download from our site on March 1st via Torrent only. HTTP links will be added a few days later." promised in the Backtrack-linux.

Fedora 16 Linux Released (Codename "Verne")



Today , Fedora 16(codename "verne") Linux Released, powered by the newly released Linux kernel 3.1, it features the GNOME 3.2.1 desktop environment with the GNOME Shell interface and the KDE Software Compilation 4.7.2 environment. Fedora 16 includes OpenStack, lots of SELinux enhancements, updated Haskell, Perl and Ada environments, Blender 2.5, Boost 1.47, TigerVNC 1.1, and much more.

The following are major features for Fedora 16:

  • Enhanced cloud support including Aeolus Conductor, Condor Cloud, HekaFS, OpenStack and pacemaker-cloud
  • KDE Plasma workspaces 4.7
  • GNOME 3.2
  • A number of core system improvements including GRUB 2 and the removal of HAL.
  • An updated libvirtd, trusted boot, guest inspection, virtual lock manager and a pvops based kernel for Xen all improve virtualization support.
Full feature list here

Fedora 16:

Ubuntu 11.10(Oneiric Ocelot) is Released ~ Upgrade Now


Recently, Ubuntu released Ubuntu 11.10.  If you interested to know how it will look like or how it works, you can take this tour. It is available in 38 language.  Ubuntu is free to use. if you haven't use ubuntu yet, then give a try now with Ubuntu
11.10.

You can download the full operating system from here:
http://www.ubuntu.com/download
or
if you have installed ubuntu 11.04 , you will be asked to upgrade to Ubuntu 11.10(that's how i come to know about it).
  
Ubuntu 11.10: Open for business
Make your IT budget go further with Ubuntu! The latest release of Ubuntu includes everything you need for your business desktop, server and cloud.

The user Interface looks good. I am curious to use it now itself but my net connection.

Few Screenshots:

BackBox Linux 2 Released~ Penetration Testing Distribution


Backbox Linux is One of Linux(ubuntu 11.04) based Penetration Testing Distribution(just like Backtrack), developed for Security Professionals. They released Backbox Linux 2 .

Backbox Linux 2 is developed from Ubuntu 11.04(latest ubuntu version) and Kernel 2.6.38.

What's new
  • System upgrade
  • Performance boost
  • New look and feel
  • Improved start menu
  • Bug fixing
  • Hacking tools new or updated
  • Three new section: Vulnerabilty Assessment, Forensic Analysis and VoIP Analysis
  • Much, much more!

System requirements
  • 32-bit or 64-bit processor
  • 256 MB of system memory (RAM)
  • 2 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port

Screenshots of BackBox Linux 2 :





Download it from here:

http://www.backbox.org/content/download

Qubes ~ An Open source OS Designed to Provide Strong Security


Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps

Qubes lets the user define many security domains implemented aslightweight Virtual Machines (VMs), or “AppVMs”. E.g. user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs, of course.

Key architecture features:
  • BulletBased on a secure bare-metal hypervisor (Xen)
  • BulletNetworking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
  • BulletNo networking code in the privileged domain (dom0)
  • BulletAll user applications run in “AppVMs”, lightweight VMs based on Linux
  • BulletCentralized updates of all AppVMs based on the same template
  • BulletQubes GUI virtualization presents applications like if they were running locally
  • BulletQubes GUI provides isolation between apps sharing the same desktop
  • BulletStorage drivers and backends sand-boxed in an unprivileged virtual machine(*)
  • BulletSecure system boot based on Intel TXT(*)
(*) Indicates feature that is planned for future releases, currently not implemented.


Qubes OS is available for Download Here.

Minimum Requirments:

  • 4GB of RAM
  • 64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64)
  • Intel GPU strongly preferred (if you have Nvidia GPU, prepare for some troubleshooting; we haven't tested ATI hardware)
  • 10GB of disk (Note that it is possible to install Qubes on an external USB disk, so that you can try it without sacrificing your current system. Mind, however, that USB disks are usually SLOW!)


Additional requirements:

Intel VT-d or AMD IOMMU technology (this is needed for effective isolation of your network VMs)

If you don't meet the additional criteria, you can still install and use Qubes. It still offers significant security improvement over traditional OSes, because things such as GUI isolation, or kernel protection do not require special hardware.

Note: They don't recommend installing Qubes in a virtual machine!

Let us See how much secure it is.

Top 10 Reasons Why Linux is better than Windows

1. It Doesn''t Crash

Linux has been time-proven to be a reliable operating system. Although the desktop is not a new place for Linux, most Linux-based systems have been used as servers and embedded systems. High-visibility Web sites such as Google use Linux-based systems, but you also can find Linux inside the TiVo set-top box in many livingrooms.