Security | EBUT Laboratory

2020 CWE Top 25 Most Dangerous Software Weaknesses

The 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses…

You need a password manager. Here are the best ones, 1password

Keep your logins under lock and key. We picked our favorites for PC, Mac, Android, iPhone, and web browsers.

Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

With more of us now working from home, outside the office intranet, the number of passwords you need may have significantly increased. If you can memorise strong passwords for every website you visit and every app you use, by all means do it. Assuming you’re using secure passwords—which is, first and foremost, shorthand for long passwords—this is the most secure, if slightly insane, way to store passwords. It might work for Memory Grand Master Ed Cooke, but most of us are not ready for such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.

FRITZFROG: A NEW GENERATION OF PEER-TO-PEER BOTNETS

Executive Summary

Guardicore has discovered FritzFrog, a sophisticated peer-to-peer (P2P) botnet which has been actively breaching SSH servers since January 2020.
Golang-Based Malware: FritzFrog executes a worm malware which is written in Golang, and is modular, multi-threaded and fileless, leaving no trace on the infected machine’s disk.
Actively Targeting Government, Education, Finance and more: FritzFrog has attempted to brute force and propagate to tens of millions of IP addresses of governmental offices, educational institutions, medical centers, banks and numerous telecom companies. Among those, it has successfully breached more than 500 servers, infecting well-known universities in the U.S. and Europe, and a railway company.
Sophistication: FritzFrog is completely …

1Password finally comes to Linux — Ubuntu, Debian, Fedora, and more!

If you aren’t using a password manager to both create and store your various online passwords, you are doing yourself a great disservice. True, storing your passwords in the cloud seems counter-intuitive, but in reality, it is far more secure than re-using passwords or writing them down. Make sure you are also using Two-Factor Authentication (2FA) whenever possible too.

On the desktop, there are many password managers for Windows and Mac, but on Linux, things are far more limited. For instance, 1Password is arguably the best password manager in the world, yet despite a decade of requests for it to come to Linux, it never did. Sure, Linux users could use the 1Password X browser plugin, but there was no native Linux version. Well, folks, this is no longer true — as of this month, developer Agilebits has finally brought 1Password to Linux as a development preview! …

Earthquake detection and early alerts, now on your Android phone @google

Earthquakes happen daily around the world, with hundreds of millions of people living in earthquake prone regions. An early warning can help people prepare for shaking, but the public infrastructure to detect and alert everyone about an earthquake is costly to build and deploy. We saw an opportunity to use Android to provide people with timely, helpful earthquake information when they search, as well as a few seconds warning to get themselves and their loved ones to safety if needed.

Sending earthquake alerts to Android devices in California
First, we collaborated with the United States Geological Survey (USGS) and California Governor’s Office of Emergency Services (Cal OES) to send earthquake alerts, powered by ShakeAlert®, directly to Android devices in California.

Developed by the nation’s leading seismologists, the ShakeAlert system uses signals from more than 700 seismometers installed across the state by USGS, Cal OES, University of California Berkeley, and the California Institute of Technology. A few seconds of warning can make a difference in giving you time to drop, cover, and hold on before the shaking arrives.