VPNFilter Malware Attacks Routers, Mitigations for Spectre Variant 4, OnePlus 6 Phone and More

News briefs for May 23, 2018.

There's a new type of malware called VPNFilter, which has "has infected at least half a million home and small business routers including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices". This code is intended to "serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities". See the story on Wired for all the details.

Canonical released an update to address 13 security vulnerabilities, including the new Spectre Variant 4, for Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. Canonical notes that "to fully mitigate Spectre Variant 4, users must also update the processor microcode firmware". See the security announcement for more info, and update now.

Also yesterday, Greg Kroah-Hartman released updates for the Linux 4.9.102, 4.14.43, and 4.16.11 kernels for Spectre Variant 4 mitigation. Update now. (Source: Phoronix.)

Mark Shuttleworth created a stir this week with his keynote at the OpenStack Summit in Vancouver due to his competitive comments about VMware and Red Hat. See the ServerWatch story for details.

The OnePlus 6 unlocked phone is now available for $529. See Android Central for specification and a review of the new phone.