NEWS

Canonical Announces Latest Ubuntu Core for IoT

Canonical has announced Ubuntu Core 18, their open source platform for IoT devices. Ubuntu Core 18 is based on the Ubuntu 18.04 LTS codebase and will be supported for 10 years.

At 260MB, Ubuntu Core is one of the smallest IoT platforms. They achieved this size by stripping unnecessary components from the core. However, the overall size of the OS will grow depending on the IoT device.

Reduction in size also improves security. "The attack surface of Ubuntu Core has been minimized, with very few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data," Canonical said in a blog post.

Thanks to the popularity of Ubuntu, Canonical's IoT platform has a wider range of applications at its disposal. "Ubuntu Core enables a new class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model,"continued the post.

Smaller size, combined with a refined app delivery mechanism (Snap), enable Canonical to enhance its security further.

"All snaps distributed to devices are scanned regularly for known weaknesses and devices, enabling enterprises and manufacturers to learn quickly about potential risks in their ecosystem," Canonical said.

Vulnerabilities Found in Cisco Routers

The German security firm, RedTeam Pentesting has found two vulnerabilities in Cisco routers.

The vulnerabilities are found in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers.

The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

According to Cisco, the cause of the vulnerability is due to improper validation of user-supplied input. "An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root," the company said in an advisory.

Cisco has already released a patch to fix these vulnerabilities. If you use either of these two routers, you need to update now.

Two New Malware Campaigns Found

Security researchers at Carbon Black have found two malware campaigns related to the Ursnif malware.

"This attack originally came in via phishing emails that contained an attached Word document with embedded macros; Carbon Black located roughly 180 variants in the wild. The macro would call an encoded PowerShell script and then use a series of techniques to download and execute both a Ursnif and GandCrab variant," wrote Carbon Black in a blog report.

Carbon Black has released a detailed overview of the campaigns.

Researchers at Talos have released a list of indicators of compromise (IOCs) to help users detect and mitigate the spread of the malware.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News