LibreOffice 7.5 Released with New App Icons, Improved Dark Mode Support

LibreOffice, the default office suite in most Linux, announced the new 7.5 feature release today!

The new release has greatly improved the dark mode support. It now has fully dark appearance, instead of leaving the document background white in dark mode.

LibreOffice 7.5 now has new icons for standard app shortcuts, MIME types, and macOS specific app shortcuts. App start center now includes a filter box for Recent Documents.

A better single-toolbar user interface is available under “View -> User Interface” menu, with context-aware controls and their customization support.

The “Writer” app gains new Plain Text content control and Combo Box content control. And, Content Control now supports titles and tags, as well as exporting to PDF.

For “CALC”, data tables are now supported in charts, the Function Wizard allows to search for descriptions. And, Impress & Draw gets a new set of default table styles.

Other changes in LibreOffice 7.5 include:

  • Much more visible bookmarks in writer.
  • Initial machine translation based on DeepL translate APIs
  • Ability to define a custom color for Grammar mistakes in the Application Colors dialog.
  • “Spell out” number formats in CALC.
  • Ability to crop inserted videos in the slide and still play them
  • Run presenter console can run as a normal window.

See short video about new features of LibreOffice 7.5:

How to Install LibreOffice 7.5 in Ubuntu Linux.

LibreOffice is available to install in 4 different package formats: Deb, Flatpak, AppImage, and Snap.

NOTE: User can install all of them side by side in same machine, meaning have duplicated app icons in start menu (‘Activities’ overview search results).

Option 1: Deb package

Libreoffice website offers official .deb packages, which is however built for supporting all Debian based systems.

For better integration, the LibreOffice Fresh PPA is HIGHLY recommended for Ubuntu Linux. User can press Ctrl+Alt+T on keyboard to open terminal and run command to add it:

sudo add-apt-repository ppa:libreoffice/ppa

Then, run regular updates via Software Updater (Update Manager) app will update the pre-installed LibreOffice packages to the latest!

NOTE: A new feature release usually needs several days testing before made into PPA. Meaning the PPA at the moment is not updated for v7.5.

Option 2: Snap package

Snap is an universal package runs in sandbox. Ubuntu 20.04 and higher can easily search for and install LibreOffice as Snap from Ubuntu Software.

As mentioned, install LibreOffice Snap will cause duplicated app icons to the pre-installed package.

Option 3: Flatpak package

Flatpak is another universal package runs in sandbox. It’s a competitor to Snap. Users can run following commands one by one to install LibreOffice as Flatpak.

  • First, press Ctrl+Alt+T on keyboard to open terminal. Then run command to install Flatpak daemon:
    sudo apt install flatpak
  • Next, install the office suite as Flatpak via command:
    flatpak install https://dl.flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref

Option 4: AppImage

AppImage is an non-install package format runs in most Linux. It’s a good choice to try AppImage until the LibreOffice Fresh PPA updated for the new release packages.

Just grab the package from the official website:

Then, right-click and go file “Properties” dialog, add executable as program permission under Permission tab, and finally click run the AppImage to launch the office suite.

Uninstall:

For the LibreOffice PPA package, open terminal and run command:

sudo apt install ppa-purge && sudo ppa-purge ppa:libreoffice/ppa

It will remove the PPA repository and downgrade the office suite to the pre-installed version.

For the Flatpak package, run the command below to remove it:

flatpak uninstall --delete-data org.libreoffice.LibreOffice

For other two, either uninstall via Ubuntu Software or just remove the package file.

New T-Mobile Breach Affects 37 Million Accounts

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Image: customink.com

In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features.

APIs are essentially instructions that allow applications to access data and interact with web databases. But left improperly secured, these APIs can be leveraged by malicious actors to mass-harvest information stored in those databases. In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia.

The company said it first learned of the incident on Jan. 5, 2022, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022.

T-Mobile says it is in the process of notifying affected customers, and that no customer payment card data, passwords, Social Security numbers, driver’s license or other government ID numbers were exposed.

In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company. That breach came to light after a hacker began selling the records on a cybercrime forum.

Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach. The company pledged to spend $150 million of that money toward beefing up its own cybersecurity.

In its filing with the SEC, T-Mobile suggested it was going to take years to fully realize the benefits of those cybersecurity improvements, even as it claimed that protecting customer data remains a top priority.

“As we have previously disclosed, in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity,” the filing reads. “We have made substantial progress to date, and protecting our customers’ data remains a top priority.”

Despite this being the second major customer data spill in as many years, T-Mobile told the SEC the company does not expect this latest breach to have a material impact on its operations.

While that may seem like a daring thing to say in a data breach disclosure affecting a significant portion of your active customer base, consider that T-Mobile reported revenues of nearly $20 billion in the third quarter of 2022 alone. In that context, a few hundred million dollars every couple of years to make the class action lawyers go away is a drop in the bucket.

The settlement related to the 2021 breach says T-Mobile will make $350 million available to customers who file a claim. But here’s the catch: If you were affected by that 2021 breach and you haven’t filed a claim yet, please know that you have only three more days to do that.

If you were a T-Mobile customer affected by the 2021 incident, it is likely that T-Mobile has already made several efforts to notify you of your eligibility to file a claim, which includes a payout of at least $25, with the possibility of more for those who can document direct costs associated with the breach. OpenClassActions.com says the filing deadline is Jan. 23, 2023.

“If you opt for a cash payment you will receive an estimated $25.00,” the site explains. “If you reside in California, you will receive an estimated $100.00. Out of pocket losses can be reimbursed for up to $25,000.00. The amount that you claim from T-Mobile will be determined by the class action administrator based on how many people file a legitimate and timely claim form.”

There are currently no signs that hackers are selling this latest data haul from T-Mobile, but if the past is any teacher much of it will wind up posted online soon. It is a safe bet that scammers will use some of this information to target T-Mobile users with phishing messages, account takeovers and harassment.

T-Mobile customers should fully expect to see phishers taking advantage of public concern over the breach to impersonate the company — and possibly even send messages that include the recipient’s compromised account details to make the communications look more legitimate.

Data stolen and exposed in this breach may also be used for identity theft. Credit monitoring and ID theft protection services can help you recover from having your identity stolen, but most will do nothing to stop the ID theft from happening. If you want the maximum control over who should be able to view your credit or grant new lines of credit in your name, then a security freeze is your best option.

Regardless of which mobile provider you patronize, please consider removing your phone number from as many online accounts as you can. Many online services require you to provide a phone number upon registering an account, but in many cases that number can be removed from your profile afterwards.

Why do I suggest this? Many online services allow users to reset their passwords just by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over your phone number thanks to an unauthorized SIM swap or mobile number port-out, divorce, job termination or financial crisis can be devastating.

Try out GNOME’s New Window Focus Animation in Ubuntu 22.10/Fedora 37

Gnome, the default desktop environment in Ubuntu & Fedora Workstation, is going to replace the app menu with a new window animation, for indicating window focus.

Meaning it will remove the app menu for current window, in the top-bar beside ‘Activities’ button. Because, it’s always confusing users who are new to GNOME.

Gnome to remove app menu, instead using a window animation

Instead, when switching workspaces, closing a window, or pressing Super + Tab, it will perform a short animation on newly focused window. As the GIF below shows you, it’s a window animation that scales up the window and then scales back, indicating that the window is on focus.

The downside so far is that it’s missing the behavior to indicate the process of launching a large or slow application …

How to Install the new Window Animation

The new function is available so far as a Gnome Shell extension called “Focus Indicator“, for testing purpose in GNOME 43. Meaning users of Ubuntu 22.10, Fedora 37, Arch and Manjaro, etc., can try it out by following the steps below.

1. For Ubuntu 22.10, firstly search for and install Extension Manager from Ubuntu Software.

Install Extension Manager in Ubuntu 22.04+

2. Then open the tool, and navigate to ‘Browse’ tab to search and install ‘Focus Indicator’:

For other Linux, just use ON/OFF switch in this web page to install the extension.

Configure the Window Focus animation

After installed the extension, use either Extension Manager or Gnome Extensions app to open the configuration dialog. Then, you can set the scale up/down delay, animation duration, scale factor, and so forth.

Linux Mint 21.1 Released! New Cursor Icons & Better Flatpak Support

The first point release of Linux Mint 21 is out! Code-name ‘Vera’, Kernel 5.15, Ubuntu 22.04 package base, and Cinnamon 5.6, MATE 1.26, XFCE 4.16 for each desktop edition.

The default theme for mouse pointer in Linux Mint 21.1 now is Bibata-Modern-Classic, a modern black and rounded edge bibata cursors. Though, user can easily choose another one from System Settings -> Themes. For those like it, the cursor theme is available in the github page.

New default Bibata Modern Classic cursor theme

The default icon theme Mint-Y now has always yellow folders with different accent colors. The previous default icons are now Mint-Y-Legacy available in Themes selection page. The accent colors are also revamped in this release, compare to the legacy ones they look more vibrant.

New default Icons

The release also improved the Flatpak package format support. Update Manager utility can now update Flatpak applications as well as the run-time libraries just like classic .deb packages. And, Software Manager now provides an option to choose between Flatpak and Deb if an app is available to install in both formats.

For 3rd repositories, Linux Mint 21.1 now follows Debian’s (rather than Ubuntu’s) new policy! When adding an Ubuntu PPA, it automatically install the key into ‘/etc/apt/keyrings‘ and adds signed-by section in source file, so the GPG key can only be used for that PPA repository.

Other changes in Linux Mint 21.1 include:

  • Hide Home, Computer, Trash and Network icons from desktop by default.
  • New sounds come from Material Design V2
  • New icons pre-installed: Breeze, Papirus, Numix, Yaru
  • Replace ‘Show Desktop’ panel applet with Microsoft Window style button in bottom right corner.
  • Add dummy hardware device, dummy packages in Drive Manager for debugging.
  • Add right-click menu option to verify ISO file checksum (sha256sum).

Get Linux Mint 21.1:

For the release note, as well as download link for the new ISO images, go to Linux Mint website:

For Linux Mint 21 user, it’s possible to upgrade to new 21.1 release via ‘Update Manager’ utility.

MuseScore 4 Released! New Mixer, Accent Colors & Muse Sounds Plugin

Free and open-source music notation software MuseScore 4 is out after more than 2 year since the last major release.

MuseScore 4 now have a modern look UI with both light and dark mode, as well as 7 accent colors. It provides a setup dialog to choose between them on first launch, though user can re-configure them along with fonts, background and paper colors by going to Preferences -> Appearances.

The app window now has a Home tab, for managing account, recent scores, plugins and watching video tutorials. The Mixer has been redesigned. Saving to cloud on MuseScore.com is now working. And, there’s now new online course, and new orchestral plugin: Muse Sounds.

Other changes in MuseScore 4.0 include:

  • Simple toggle for switching between playback profiles
  • New system for horizontal spacing, slurs and ties
  • New system for beaming and cross-staff beaming
  • Customisable ‘Tempo Lines’ that work with playback
  • Scrollbars on the score
  • A new tuplets toggle
  • New articulation buttons
  • New toggle for cross staff beaming

Sadly, there are also features in MuseScore 3 that are not implemented in this release, see HERE for details.

How to Get MuseScore 4.0

MuseScore provides official binary package for downloading at the link below:

For Linux user, just download the AppImage package, right-click and add executable permission in its properties dialog. Finally, run it to launch the music writer software:

There’s also an Ubuntu PPA though NOT update at the moment of writing for the new release, keep an eye on this page.

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Alex Holden is founder of Hold Security, a Milwaukee-based cybersecurity firm. Holden’s team gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “Cl0p” a.k.a. “TA505“), and a newer ransom group known as Venus.

Last month, the U.S. Department of Health and Human Services (HHS) warned that Venus ransomware attacks were targeting a number of U.S. healthcare organizations. First spotted in mid-August 2022, Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices.

Holden said the internal discussions among the Venus group members indicate this gang has no problem gaining access to victim organizations.

“The Venus group has problems getting paid,” Holden said. “They are targeting a lot of U.S. companies, but nobody wants to pay them.”

Which might explain why their latest scheme centers on trying to frame executives at public companies for insider trading charges. Venus indicated it recently had success with a method that involves carefully editing one or more email inbox files at a victim firm — to insert messages discussing plans to trade large volumes of the company’s stock based on non-public information.

“We imitate correspondence of the [CEO] with a certain insider who shares financial reports of his companies through which your victim allegedly trades in the stock market, which naturally is a criminal offense and — according to US federal laws [includes the possibility of up to] 20 years in prison,” one Venus member wrote to an underling.

“You need to create this file and inject into the machine(s) like this so that metadata would say that they were created on his computer,” they continued. “One of my clients did it, I don’t know how. In addition to pst, you need to decompose several files into different places, so that metadata says the files are native from a certain date and time rather than created yesterday on an unknown machine.”

Holden said it’s not easy to plant emails into an inbox, but it can be done with Microsoft Outlook .pst files, which the attackers may also have access to if they’d already compromised a victim network.

“It’s not going to be forensically solid, but that’s not what they care about,” he said. “It still has the potential to be a huge scandal — at least for a while — when a victim is being threatened with the publication or release of these records.”

The Venus ransom group’s extortion note. Image: Tripwire.com

Holden said the CLOP ransomware gang has a different problem of late: Not enough victims. The intercepted CLOP communication seen by KrebsOnSecurity shows the group bragged about twice having success infiltrating new victims in the healthcare industry by sending them infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation.

The CLOP members said one tried-and-true method of infecting healthcare providers involved gathering healthcare insurance and payment data to use in submitting requests for a remote consultation on a patient who has cirrhosis of the liver.

“Basically, they’re counting on doctors or nurses reviewing the patient’s chart and scans just before the appointment,” Holden said. “They initially discussed going in with cardiovascular issues, but decided cirrhosis or fibrosis of the liver would be more likely to be diagnosable remotely from existing test results and scans.”

While CLOP as a money making collective is a fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “TA505,” which MITRE’s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014. “This group is known for frequently changing malware and driving global trends in criminal malware distribution,” MITRE assessed.

In April, 2021, KrebsOnSecurity detailed how CLOP helped pioneer another innovation aimed at pushing more victims into paying an extortion demand: Emailing the ransomware victim’s customers and partners directly and warning that their data would be leaked to the dark web unless they can convince the victim firm to pay up.

Security firm Tripwire points out that the HHS advisory on Venus says multiple threat actor groups are likely distributing the Venus ransomware. Tripwire’s tips for all organizations on avoiding ransomware attacks include:

  • Making secure offsite backups.
  • Running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities.
  • Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication.
  • Encrypting sensitive data wherever possible.
  • Continuously educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data.

While the above tips are important and useful, one critical area of ransomware preparedness overlooked by too many organizations is the need to develop — and then periodically rehearse — a plan for how everyone in the organization should respond in the event of a ransomware or data ransom incident. Drilling this breach response plan is key because it helps expose weaknesses in those plans that could be exploited by the intruders.

As noted in last year’s story Don’t Wanna Pay Ransom Gangs? Test Your Backups, experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups of their systems and data is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.

“Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files,” said Fabian Wosar, chief technology officer at Emsisoft. “A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”

KnowBe4 and Netskope Collaborate for New SecurityCoach Integration

KnowBe4 has announced that its new SecurityCoach product now integrates with Netskope. The two security organisations have collaborated together to help reduce risky behaviour with product integration to support real-time security coaching of users.

SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation’s existing security stack, security teams and administrators can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their users related to a detected event via Slack, Microsoft Teams or email. 

“Netskope joins our ecosystem of technology partners, which is growing rapidly, to enrich the support we provide to our customers and to fortify their organisation’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with Netskope to provide a seamless integration with our new SecurityCoach product, which aims to deliver real-time security coaching and advice to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture. KnowBe4 is actively working with Netskope to coach users in real time around their activities online or in the cloud. For example, when a user goes to a risky website, KnowBe4 can in real time integrate with Netskope and send the user a targeted coaching module.”

“Netskope provides targeted insights to KnowBe4 that can be used to give actionable coaching to end users,” Andrew Horwitz, VP of Technology Alliances at Netskope. “KnowBe4’s large library of curated coaching modules together with Netskope’s actionable user specific insight on their activity in the cloud can build a real time zero trust system for our shared clients.”

KnowBe4 will provide step-by-step instructions and recommendations to help IT/security professionals achieve quick and pain-free integration and data syncing during the implementation process.

KnowBe4 now integrates or partners with over 20 of the world’s top cybersecurity platforms across Endpoint, Network, Identity, Cloud and Data Security https://www.knowbe4.com/integrations.

For more information on SecurityCoach, visit www.knowbe4.com/securitycoach

The post KnowBe4 and Netskope Collaborate for New SecurityCoach Integration appeared first on IT Security Guru.

GIMP 2.99.14 Adds Apple Silicon Support, New ‘Gray’ Theme, Text Outline option

GIMP image editor got a new update for its 2.99 development release this Friday. Here’s the new features as well as how to install guide for Ubuntu users.

GIMP 2.99.14 is the 7th development release for the next major 3.0 release. It reworked the Align and Distribute tool to make it easy to use. Target items to align or distribute are now the selected layers and/or paths. For layers in particular, a new option “Use extents of layer contents” is available to align or distribute target layers based on their pixel contents.

The Text tool now has new “outline” and “fill” options, to insert text in different styles. For me, it’s no longer required to use ‘Grow…’ and then ‘Stroke Selection’ to do similar job.

This release also introduced a new ‘Gray‘ theme, as well as “Override icon sizes set by the theme” option to resize icons among small, medium, large and huge.

XCF file support is greatly improved with multi-threading support. Saving with default RLE and zlib is now much faster! And, this release introduced initial Apple Silicon package support for macOS users.

Other changes in GIMP 2.99.14 include:

  • Transform tools activated automatically
  • New “Paste as Single Layer” and “Paste as Single Layer in Place” options in the Edit > Paste as submenu.
  • Moving to GApplication and GtkApplication
  • Add ‘Root layers only’ option on PDF export.
  • export PSD images as CMYK(A) support.
  • Metadata import and export for JPEG-XL support.
  • Initial support for Apple’s ICNS files.
  • Add “Show reduced images” option when importing TIFF.

How to Install GIMP 2.99.14:

The image editor has an official download page for the development releases. It offers the official package for Linux as Flatpak, though there’s also an unofficial PPA for Ubuntu users.

Option 1: Install GIMP 2.99.14 as Flatpak

Ubuntu and most other Linux can install the editor as Flatpak that runs in sandbox. For Ubuntu users, they are generally 3 commands for installing it:

  1. Press Ctrl+Alt+T on keyboard to open terminal. Run command to install the daemon package in case you don’t have it.
    sudo apt install flatpak
  2. Then, add the flathub beta repository by running command:flatpak remote-add –user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
  3. Finally, install GIMP beta release via command:
    flatpak install --user flathub-beta org.gimp.GIMP

If you already installed the previous GIMP 2.99.12, use flatpak update --user org.gimp.GIMP beta command to update it.

And, if you also have GIMP 2.10 stable release installed as Flatpak, only one of them can be visible in system app launcher. Use either command below to switch between them:

flatpak make-current --user org.gimp.GIMP beta
flatpak make-current --user org.gimp.GIMP stable

NOTE: skip --user flag if you installed the package system wide without this parameter.

Option 2: install GIMP 2.99.14 from PPA

For those who prefer the classic .deb package format, there’s an unofficial PPA contains the package for Ubuntu 20.04, Ubuntu 22.04, and Ubuntu 22.10.

Simply, open terminal from start menu or by pressing Ctrl+Alt+T on keyboard, then run the commands below one by one to add the PPA, update, and install GIMP 2.99.x:

sudo add-apt-repository ppa:mati75/gimp30
sudo apt update
sudo apt install gimp

NOTE: If you have GIMP 2.10 stable installed as .deb package, the commands above will upgrade it to the latest development release.

To restore the stock GIMP package in system repository, run command to purge the Ubuntu PPA which also downgrade all installed packages:

sudo apt install ppa-purge & sudo ppa-purge ppa:mati75/gimp30

KeePassXC 2.7.3 Adds Export XML Option, Save Searches, New Commands

The popular KeePassXC password manager got its 3rd update for the 2.7 release series with new features and various bug-fixes.

The new release now has a graphical way to export XML via menu ‘Database -> Export -> XML file‘, via the same logic as the corresponding CLI export option.

When searching in KeePassXC 2.7.3, a little save icon will appear in the right end of the search-box, allowing to save searches and access easily from the bottom-left panel.

The release also enhanced tabs support, improved the entry preview panel, and added CLI changes including:

  • db-edit command to change/remove key file or password.
  • Add option to display all attributes with show command
  • Show UUID and tags with show and clip commands

Other changes in KeePassXC 2.7.3 include:

  • Indicate password strength to all password fields
  • Limit password length to 128 characters.
  • Add shortcut to copy password with TOTP appended
  • Ctrl+Tab shortcut to cycle databases in unlock dialog
  • Allow built without X11.
  • Config variable to specify default database name.
  • Fix dark mode detection in Linux.

How to Install KeePassXC 2.7.3 in Ubuntu Linux

Ubuntu user can directly search for and install the latest version of KeePassXC from Ubuntu Software app, though it’s Snap package run in sandbox.

KeePassXC Snap package in Ubuntu Software

For those prefer the native .deb package format, it has an official PPA contains the latest packages for Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, and Ubuntu 22.10.

1. First, press Ctrl+Alt+T on keyboard to open terminal and run command to add the PPA:

sudo add-apt-repository ppa:phoerious/keepassxc

Type user password when it asks (no asterisk feedback) and hit Enter to continue.

2. If you have an old version of KeePassXC installed as .deb package, simply launch “Software Updater” or Update Manager to update it to the latest.

Or, run the apt command below in terminal to install the password manager:

sudo apt install keepassxc

NOTE: Linux Mint has to run sudo apt update first to update cache.

After installation, search for and open the tool either from ‘Activities’ overview or system start menu depends on your desktop environment.

Uninstall KeePassXC

To uninstall the password manager installed as native .deb package, either use Ubuntu Software app or open terminal and run command:

sudo apt remove --autoremove keepassxc

And remove the PPA repository either via ‘Software & Updates‘ tool under ‘Other Software‘ tab, or command below in terminal:

sudo add-apt-repository --remove ppa:phoerious/keepassxc

That’s all. Enjoy!

Microsoft Latest Patch Fixes New Windows Zero-Day With No Patch for Exchange Server Bugs

Recent news reports show that Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild.

It appears that out of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server.

Notably, the patches come alongside updates to resolve 12 other flaws in the Chromium-based Edge browser that have been released since the beginning of the month.

Microsoft’s latest patch has topped the list of this month’s patches is CVE-2022-41033 (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company said in an advisory, cautioning that the shortcoming is being actively weaponized in real-world attacks.

Observations show the nature of the flaw also means that the issue is likely chained with other flaws to escalate privilege and carry out malicious actions on the infected host.

“This specific vulnerability is a local privilege escalation, which means that an attacker would already need to have code execution on a host to use this exploit,” Kev Breen, director of cyber threat research at Immersive Labs, said.

In addition, three other elevation of privilege vulnerabilities of note relate to Windows Hyper-V (CVE-2022-37979, CVSS score: 7.8), Active Directory Certificate Services (CVE-2022-37976, CVSS score: 8.8), and Azure Arc-enabled Kubernetes cluster Connect (CVE-2022-37968, CVSS score: 10.0).

Even with the “Exploitation Less Likely” tag for CVE-2022-37968, Microsoft noted that a successful exploitation of the flaw could permit an “unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster.”

Patch update CVE-2022-41043 (CVSS score: 3.3) – an information disclosure vulnerability in Microsoft Office – is listed as publicly known at the time of release. It could be exploited to leak user tokens and other potentially sensitive information, Microsoft said.

Additionally fixed by Redmond are eight privilege escalation flaws in Windows Kernel, 11 remote code execution bugs in Windows Point-to-Point Tunneling Protocol and SharePoint Server, and yet another elevation of privilege vulnerability in the Print Spooler module (CVE-2022-38028, CVSS score: 7.8).

In conclusion, the Patch Tuesday update further addresses two more privilege escalation flaws in Windows Workstation Service (CVE-2022-38034, CVSS score: 4.3) and Server Service Remote Protocol (CVE-2022-38045, CVSS score: 8.8).

Lastly, web security company Akamai, which discovered the two shortcomings, said they “take advantage of a design flaw that allows the bypass of [Microsoft Remote Procedure Call] security callbacks through caching.”

Software Patches from Other Vendors

As well as Microsoft, security updates have also been released by several vendors to rectify dozens of vulnerabilities, including —

The post Microsoft Latest Patch Fixes New Windows Zero-Day With No Patch for Exchange Server Bugs appeared first on IT Security Guru.