Dumping Linuxfx customers - A Windows-like distro including the spyware and activation
https://kernal.eu/posts/linuxfx/
https://kernal.eu/posts/linuxfx/
/ High-severity vulnerabilities in a mobile framework owned by mce Systems
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
mce Systems used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks..:
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
Firewall Evasion Techniques using Nmap
https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c
https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c
Medium
Firewall Evasion Techniques using Nmap
Introduction
Как быстро установить и настроить Redis кластер
В данном случае подразумевается схема master > slave, как итог реализация позволяет восстанавливать ключи-значения, а с реплики читать точно такие-же данные, как на master:
https://sys-adm.in/systadm/980-kak-bystro-ustanovit-i-nastroit-redis-klaster.html
* How to install and configure Redis cluster
В данном случае подразумевается схема master > slave, как итог реализация позволяет восстанавливать ключи-значения, а с реплики читать точно такие-же данные, как на master:
https://sys-adm.in/systadm/980-kak-bystro-ustanovit-i-nastroit-redis-klaster.html
* How to install and configure Redis cluster
sys-adm.in
Как быстро установить и настроить Redis кластер - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
[RU] - Мониторинг сервисов при помощи Monit с алертингом в телеграм
Суть статьи: Установка и настройка monit на предмет мониторинга локального REDIS сервера и удаленных HTTPS серверов с отсылкой алертов в телеграм:
* Детали Здесь
[EN] - How to monitor services with Monit with Teleram alerting
Суть статьи: Установка и настройка monit на предмет мониторинга локального REDIS сервера и удаленных HTTPS серверов с отсылкой алертов в телеграм:
* Детали Здесь
[EN] - How to monitor services with Monit with Teleram alerting
sys-adm.in
Мониторинг сервисов при помощи Monit с алертингом в телеграм - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
Sys-Admin Up
v86 emulates an x86-compatible CPU and hardware. Machine code is translated to WebAssembly modules at runtime in order to achieve decent performance. https://github.com/copy/v86
Linux and Tiny C Compiler in the browser
https://ja.nsommer.dk/articles/linux-and-tiny-c-compiler-in-the-browser-part-one.html
https://ja.nsommer.dk/articles/linux-and-tiny-c-compiler-in-the-browser-part-one.html
ja.nsommer.dk
Linux and Tiny C Compiler in the browser, part one
Linux and Tiny C Compiler in the browser via v86
THIS CRAFTY TOOL CAN EAVESDROP ON 6G WIRELESS SIGNALS
https://www.futurity.org/metasurface-in-the-middle-6g-wireless-signals-2741042-2/
https://www.futurity.org/metasurface-in-the-middle-6g-wireless-signals-2741042-2/
Futurity
This crafty tool can eavesdrop on 6G wireless signals
Thanks to new findings, 6G wireless networks could be designed with built-in defenses against "metasurface in the middle" attacks.
Beware, here is how WhatsApp accounts are getting hacked..
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf
Linkedin
Beware, here is how WhatsApp accounts are getting hacked. First, you receive a call from the attacker who will convince you to…
Beware, here is how WhatsApp accounts are getting hacked. First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>. Within a few minutes, your WhatsApp would…
R4IoT: When Ransomware Meets IoT and OT
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Forwarded from Sys-Admin InfoSec
Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
Sys-Admin Up pinned «Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure I'm happy to present BLD DNS pre-release services already in production. What's new: 🚀 Speedup: • Cache and updating process of additional blocking lists, was improved…»
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Forwarded from Sys-Admin InfoSec
2022-MS-Vulnerability-Report.pdf
1.3 MB
/ Microsoft Vulnerabilities Report 2022
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
NodeJS Security Recommendation Links
- ESLint Plugin Security - https://github.com/nodesecurity/eslint-plugin-security
- Express App Secure with Helmet - https://www.npmjs.com/package/helmet
- 6 Tools for checking vulnerabilitues in Node - https://www.freecodecamp.org/news/6-tools-you-can-use-to-check-for-vulnerabilities-in-node-js/
- Secure coding practices for NodeJS Web Applications - https://auto1.tech/securing-nodejs-applications/
- Top 11 Node.js security best practices - https://blog.sqreen.com/nodejs-security-best-practices/
#node
- ESLint Plugin Security - https://github.com/nodesecurity/eslint-plugin-security
- Express App Secure with Helmet - https://www.npmjs.com/package/helmet
- 6 Tools for checking vulnerabilitues in Node - https://www.freecodecamp.org/news/6-tools-you-can-use-to-check-for-vulnerabilities-in-node-js/
- Secure coding practices for NodeJS Web Applications - https://auto1.tech/securing-nodejs-applications/
- Top 11 Node.js security best practices - https://blog.sqreen.com/nodejs-security-best-practices/
#node
GitHub
GitHub - eslint-community/eslint-plugin-security: ESLint rules for Node Security
ESLint rules for Node Security. Contribute to eslint-community/eslint-plugin-security development by creating an account on GitHub.
API Gateway in NodeJS
- Create an API Gateway Using NodeJS and Express - https://medium.com/geekculture/create-an-api-gateway-using-nodejs-and-express-933d1ca23322
- How to build your first RESTful API in Node.js - https://medium.com/@jlrosenberg/how-to-build-a-node-rest-service-a3f280b99c7d
#node
- Create an API Gateway Using NodeJS and Express - https://medium.com/geekculture/create-an-api-gateway-using-nodejs-and-express-933d1ca23322
- How to build your first RESTful API in Node.js - https://medium.com/@jlrosenberg/how-to-build-a-node-rest-service-a3f280b99c7d
#node
Medium
Create an API Gateway Using NodeJS and Express
Let's say that you have a bunch of API endpoints that you are currently managing, such as a large collection of micro services. Maybe at…
⚙️ Monitor.sh - Script for checking systemd unit status
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
or
or just:
add this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
./monitor.sh -u sshd -a "/path/to/action-noscript/action.sh"or
./monitor.sh -u multipathd -r -a "/usr/local/sbin/test.sh"or just:
./monitor.sh -u multipathd -radd this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
GitHub
GitHub - m0zgen/monitor: ⚙️ Monitor.sh - Script for checking systemd unit status
⚙️ Monitor.sh - Script for checking systemd unit status - m0zgen/monitor
knot-resolver-readthedocs-io-en-stable.pdf
918.1 KB
Knot Resolver - Official Manual (Mar 15, 2022)
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. Modular architecture keeps the core tiny and efficient, and it provides a state-machine like API for extensions
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. Modular architecture keeps the core tiny and efficient, and it provides a state-machine like API for extensions