Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)
This update provides the corrected microcode updates required for the
corresponding Linux kernel updates.
References:
https://usn.ubuntu.com/usn/usn-3531-3
https://usn.ubuntu.com/usn/usn-3531-1
CVE-2017-5715
2018年3月31日 星期六
TrendLabs: ChessMaster Adds Updated Tools to Its Arsenal
Figure 1. Infection Chain for the current ChessMaster campaign
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/
2018年3月29日 星期四
WordPress plans
Upgrading to a plan unlocks a ton of features that can help you get more visitors to your site and drive business. Plans include a custom domain, customizable CSS, responsive customer service, and additional storage for photos and documents. One of our plans even offers the ability to import any WordPress theme or plugin of your choice. Watch this video to find out more about what features you can add to your site.
REF:
2018年3月28日 星期三
Introducing The New Trello Power-Ups Directory
To access the directory, on your Trello board go to Menu > Power-Ups, and you are instantly taken to a whole new integrated world.
REF: https://blog.trello.com/trello-power-ups-directory
2018年3月27日 星期二
Trendlabs: Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
2018年3月26日 星期一
2018年3月25日 星期日
USN-3596-1: Firefox vulnerabilities
It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133)
It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143)
REF: https://usn.ubuntu.com/3596-1/
2018年3月24日 星期六
TrendLabs: Pop-up Ads and Over a Hundred Sites are Helping Distribute Botnets, Cryptocurrency Miners and Ransomware
Figure 1. Pop-up ad on file-sharing site leads to ICLoader download page (right)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/pop-up-ads-and-over-a-hundred-sites-are-helping-distribute-botnets-cryptocurrency-miners-and-ransomware/
2018年3月22日 星期四
2018年3月21日 星期三
New Check_MK stable release 1.4.0p27
---------- Forwarded message ----------
From: Check_mk Announcements
Date: Wed, Mar 21, 2018 at 3:24 AM
Changes in all Check_MK Editions:
WATO:
* 5719 FIX: The Start URL is now configured optionally for new users
* 5881 FIX: Tag condition editor could show wrong tag selection after submission
* 5886 FIX: Improved performane of "ineffective ruleset" searching
* 5874 FIX: Improved diagnose logging for WATO integrated Git
* 5875 FIX: Git: Fixed error "git add --all ... is outside repository" with older git versions
* 5889 FIX: Fixed visible HTML tag in WATO folder permission error message
* 5905 FIX: Configured "Receive fallback notifications" attribute of users was not displayed correctly
User interface:
* 5879 FIX: Dashboard: View dashlets were not applying row limits
* 5904 FIX: Add view name to view permission help text and mobile prefix for mobile views
HW/SW inventory:
* 5776 FIX: win_reg_uninstall: Fixed transposed month and day fields of dates which caused 'Inventory failed: unconverted data remains'
Event console:
* 5751 FIX: Add contact group contacts of EC rule if host is not a core host
Checks & agents:
* 5910 FIX: ups_cps_outphase: Fixed decimal place in current outphase
* 5749 FIX: tcp_conn_stats: use ss by default if present otherwise fall back to cat /proc/net/tcp
* 5911 FIX: mem.linux: Fixed Perf-O-Meter displaying wrong usage if swap is used
* 5710 FIX: jolokia_generic.string: Fix broken parameter handling
* 5909 FIX: fortigate_sessions, fortigate_cpu: Fixed duplicated discovery if needed information is at two places
* 5876 FIX: fileinfo_groups: Increased size of input fields
* 5711 FIX: cisco_mem_asa64: Fix incorrect labelling of graph
* 5712 FIX: cisco_mem, cisco_mem_asa, cisco_mem_asa64: No longer crash when total memory is reported as 0.
* 5748 FIX: cisco_cpu, cisco_nexus_cpu: improve snmp_scan_functions
NOTE: Please refer to the migration notes!
* 5788 FIX: check_bi_aggr: no longer reports "SubjectAltNameWarning" when initiating connection
* 5919 FIX: Windows agent crashed with a lot of transport protocols available
* 5792 FIX: Agent Encryption: No longer trying to decrypt all incoming tcp data when a "Encryption" rule with an arbitrary value was set
Other components:
* 7516 FIX: diskspace cleanup: now also deletes any connected .info file when removing a rrd file
You can download Check_MK from our download page:
* http://mathias-kettner.de/ check_mk_download.html
From: Check_mk Announcements
Date: Wed, Mar 21, 2018 at 3:24 AM
Changes in all Check_MK Editions:
WATO:
* 5719 FIX: The Start URL is now configured optionally for new users
* 5881 FIX: Tag condition editor could show wrong tag selection after submission
* 5886 FIX: Improved performane of "ineffective ruleset" searching
* 5874 FIX: Improved diagnose logging for WATO integrated Git
* 5875 FIX: Git: Fixed error "git add --all ... is outside repository" with older git versions
* 5889 FIX: Fixed visible HTML tag in WATO folder permission error message
* 5905 FIX: Configured "Receive fallback notifications" attribute of users was not displayed correctly
User interface:
* 5879 FIX: Dashboard: View dashlets were not applying row limits
* 5904 FIX: Add view name to view permission help text and mobile prefix for mobile views
HW/SW inventory:
* 5776 FIX: win_reg_uninstall: Fixed transposed month and day fields of dates which caused 'Inventory failed: unconverted data remains'
Event console:
* 5751 FIX: Add contact group contacts of EC rule if host is not a core host
Checks & agents:
* 5910 FIX: ups_cps_outphase: Fixed decimal place in current outphase
* 5749 FIX: tcp_conn_stats: use ss by default if present otherwise fall back to cat /proc/net/tcp
* 5911 FIX: mem.linux: Fixed Perf-O-Meter displaying wrong usage if swap is used
* 5710 FIX: jolokia_generic.string: Fix broken parameter handling
* 5909 FIX: fortigate_sessions, fortigate_cpu: Fixed duplicated discovery if needed information is at two places
* 5876 FIX: fileinfo_groups: Increased size of input fields
* 5711 FIX: cisco_mem_asa64: Fix incorrect labelling of graph
* 5712 FIX: cisco_mem, cisco_mem_asa, cisco_mem_asa64: No longer crash when total memory is reported as 0.
* 5748 FIX: cisco_cpu, cisco_nexus_cpu: improve snmp_scan_functions
NOTE: Please refer to the migration notes!
* 5788 FIX: check_bi_aggr: no longer reports "SubjectAltNameWarning" when initiating connection
* 5919 FIX: Windows agent crashed with a lot of transport protocols available
* 5792 FIX: Agent Encryption: No longer trying to decrypt all incoming tcp data when a "Encryption" rule with an arbitrary value was set
Other components:
* 7516 FIX: diskspace cleanup: now also deletes any connected .info file when removing a rrd file
You can download Check_MK from our download page:
* http://mathias-kettner.de/
Using FreeBSD as a File Server With ZFS
Module 1: FREEBSD and ZFS
Introduction to ZFS under FREEBSD
- Why ZFS on FREEBSD?
- ZFS features and concepts
Module 1 exercises:
- Execute ZFS commands to check status of pools and metadata
- Create a single disk pool
Module 2 title: ZFS Administration
Module 2 description: Cover the commands and features to administrate ZFS volumes
- Create, destroy, list pools
- Zpools: single, mirrored, raid
- Understand ZFS properties
Module 2 exercises:
- Get and set properties
- Set Disk Quotas
Module 3 title: Putting it all to work: Hosting our files using ZFS
Module 3 description: With the previous acquired knowledge, create a plan on how to organize our files and pools to host our files.
- Set ZFS properties based on the content of the files to host
- ZFS tuning
- Create a File Server using our pools
Module 3 exercises:
- Explore ZFS features using hosted content on a pool
- Serving content
- Check ZFS performance
About the Instructor:
Carlos Antonio Neira Bustos has worked about ten years as a software developer, porting and debugging enterprise legacy applications in several languages, like C, C++, Java, Common Lisp, Clojure and Python. He is currently employed as a software developer under Z/OS, debugging and troubleshooting legacy applications for a global financial company.
REF: https://bsdmag.org/course/using-freebsd-as-a-file-server-with-zfs-2/
2018年3月19日 星期一
How To Beat Decision Fatigue With Better Brain Habits
You wake up every morning with decisions to make: What to wear, what to eat, and of course the perennially difficult decision of heading to the gym or remaining burrowed in your warm bed. These are all important decisions that set the tone of a productive morning and day. And once you clock into work, the decision flood gates open. By the time you’re winding down for the night, you’ve made an average of 35,000 decisions!
REF: https://blog.trello.com/beat-decision-fatigue-with-better-brain-habits
2018年3月18日 星期日
TrendLabs: March Patch Tuesday Fixes 75 Security Issues
- CVE-2018-0886 — a remote code execution (RCE) vulnerability in Microsoft’s Credential Security Support Provider protocol (CredSSP), a network-level authentication for remote desktop services. Remote desktop protocol (RDP) and Windows Remote Management (WinRM), which allows operating systems to interoperate and enables PowerShell remoting, also use it. Exploiting this flaw can let attackers conduct man-in-the-middle attacks to execute remote code and ultimately gain a foothold in targeted systems and servers in the network. Apart from applying the patch, system administrators are also recommended to adopt best practices for using remote desktop clients (i.e., setting group policies, restricting permissions, etc.).
- CVE-2018-0940 — an elevation-of-privilege flaw in Microsoft Exchange’s Outlook Web Access (OWA), and entails links not being properly sanitized. Attacks that exploit this involve sending phishing emails and superimposing the OWA interface with a fraudulent login page to trick unwitting victims into disclosing credentials or other personal information.
- CVE-2018-0930 — a memory corruption flaw in how the Chakra scripting engine handles objects in memory in Edge. Successfully exploiting the vulnerability will enable the hacker to gain the same rights as the current user. And if the user has administrative privileges, the attacker can hijack the system, install programs, read, modify or delete data, and create accounts. Web-based attacks include creating and hosting or compromising a website exploiting the flaw then enticing victims to visit it.
2018年3月17日 星期六
Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web
2018年3月16日 星期五
TrendLabs: Tropic Trooper’s New Strategy
2018年3月15日 星期四
[USN-3592-2] ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202)
Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085)
References:
https://usn.ubuntu.com/usn/usn-3592-2
https://usn.ubuntu.com/usn/usn-3592-1
CVE-2018-0202, CVE-2018-1000085
Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085)
References:
https://usn.ubuntu.com/usn/usn-3592-2
https://usn.ubuntu.com/usn/usn-3592-1
CVE-2018-0202, CVE-2018-1000085
2018年3月14日 星期三
Deploying an Office/Workgroup Server on FreeBSD
NewTek: IP Ubers to Remote Video Production
IP Ubers to Remote Video Production
A costly aspect of sports production is the need to cover so many venues in so many locations. Until very recently, the necessary solution was to create production studios on wheels. Sizes range from vans with modest production systems for schools, colleges and local channels, to massive trucks or trailers housing network broadcast-level equipment and large crews of specialist-operators.
|
Debian won Linux Journal's Readers' Choice Award for Best Linux Distribution!
REF: https://bits.debian.org/2018/02/debian-linuxjournal-readers-choice-award.html
OpenVPN 2.4.5 released
---------- Forwarded message ----------
From: Samuli Seppänen
Date: Thu, Mar 1, 2018 at 10:59 PM
Subject: [Openvpn-announce] OpenVPN 2.4.5 released
To: "openvpn-devel@lists.sourceforge.net", "openvpn-users@lists.sourceforge.net" , openvpn-announce@lists.sourceforge.net
The OpenVPN community project team is proud to release OpenVPN 2.4.5. It
can be downloaded from here:
This release includes a large number of fixes and enhancements. One of
the biggest changes is that 2.4.5 Windows installers bundle OpenSSL
1.1.0 instead of OpenSSL 1.0.2 by default. The Windows installer also
comes with OpenVPN GUI (11.10.0.0) that has a large number of fixes and
improvements. Some easy-rsa 2 fixes are also included.
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.
Also note that Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:
Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.
A summary of all included changes is available here:
A full list of changes is available here:
Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.
OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.
For full details, look here:
The new OpenVPN GUI features are documented here:
Please note that OpenVPN 2.4 installers will not work on Windows XP.
For generic help use these support channels:
Official documentation:
Wiki:
Forums:
User mailing list:
User IRC channel: #openvpn at irc.freenode.net
Please report bugs and ask development questions here:
Bug tracker and wiki:
Developer mailing list:
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
From: Samuli Seppänen
Date: Thu, Mar 1, 2018 at 10:59 PM
Subject: [Openvpn-announce] OpenVPN 2.4.5 released
To: "openvpn-devel@lists.sourceforge.net"
The OpenVPN community project team is proud to release OpenVPN 2.4.5. It
can be downloaded from here:
This release includes a large number of fixes and enhancements. One of
the biggest changes is that 2.4.5 Windows installers bundle OpenSSL
1.1.0 instead of OpenSSL 1.0.2 by default. The Windows installer also
comes with OpenVPN GUI (11.10.0.0) that has a large number of fixes and
improvements. Some easy-rsa 2 fixes are also included.
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.
Also note that Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:
Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.
A summary of all included changes is available here:
A full list of changes is available here:
Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.
OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.
For full details, look here:
The new OpenVPN GUI features are documented here:
Please note that OpenVPN 2.4 installers will not work on Windows XP.
For generic help use these support channels:
Official documentation:
Wiki:
Forums:
User mailing list:
User IRC channel: #openvpn at irc.freenode.net
Please report bugs and ask development questions here:
Bug tracker and wiki:
Developer mailing list:
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
Check_MK: Docker Monitoring
Package | docker |
---|---|
Version | 1.2.4 |
Author | lars.getwan@metrosystems.net |
Uploaded | 2017-10-24 13:31:01 |
Description | Contains plugins and checks to monitor Docker Service, Containers and Images. Prerequisite: pip install docker (Version 2.5.1 or newer) 1.2.1: The package is now compatible with CMK 1.4.0, too. 1.2.2: The plugin can now handle images without RepoTags (which were used as item name before) 1.2.3: Now compatible with CRE versions & more fault tolerant, esp. on heavily loaded machines 1.2.4: Bugfixes |
Website | https://www.metroag.de/marken/servicegesellschaften/metro-systems |
Minimal Version | 1.2.8 |
Packet with | 1.2.8p22 |
Filesize | 6.61k |
Content | agents/bakery/check_docker agents/plugins/check_docker checkman/docker_containers checkman/docker_images checkman/docker_info checks/docker_containers checks/docker_images checks/docker_info web/plugins/metrics/docker_containers.py web/plugins/metrics/docker_images.py web/plugins/wato/agent_bakery_docker.py |
Checksum (MD5) | 790bd8571b0eedd4ddc97bbf6393b3c5 |
Downloads | 845 |
TrendLabs: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
2018年3月13日 星期二
Firefox 57 “Quantum”, Faster and Higher
The new Firefox is described as twice as fast as the version released a year ago, with a 30 percent savings in memory usage. In addition, Firefox 57 is supposed to be as fast as Google Chrome.
REF: http://www.linux-magazine.com/Issues/2018/209/Web-Performance
REF: http://www.linux-magazine.com/Issues/2018/209/Web-Performance
Learn How to Develop Applications in Python
|
Plex Live TV & DVR for sports!
You don’t have to miss out on any of your highly-anticipated matches or games when you cut the cord. With Plex Live TV & DVR, all you need is a supported antenna and tuner to watch any of the games broadcasted free over-the-air. Our easy-to-use program guide and powerful search help you easily find matches you want—to watch live on any device, or record for later—AND time shift, or get rid of commercials. All of this in HD glory (where available)! Don’t miss out! |
Azure offers for SUSE Linux Enterprise Server (SLES)
Microsoft and SUSE are implementing a few changes to SUSE Linux Enterprise Server (SLES) virtual machine (VM) offers on Azure. These changes improve the clarity of the different SLES offers in respect to the support provided, and will be effective on April 2, 2018.
For more detailed information, learn more on the SUSE Linux Enterprise Server (SLES) Name Change webpage.
✓ | Basic VM Support Hours for SLES are available on Azure at no extra charge for all VM families. |
✓ | The Premium VM Support Hours for SLES will be renamed “Priority VM Support Hours” to improve the clarity of the support offer. |
✓ | The SLES offerings for SAP will also be renamed to Priority, with no changes in pricing. |
✓ | The legacy SLES offers named XS, M, L, XL, and A9 will be renamed to reflect the actual number of cores: 1, 2, 4, 8, and 16 cores, respectively. |
For more detailed information, learn more on the SUSE Linux Enterprise Server (SLES) Name Change webpage.
TrendLabs: Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
Figure 12. When the threat actor discovers the researcher via an improper request
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/
2018年3月2日 星期五
DebConf18 in Hsinshu
The organisation of DebConf18 (Hsinshu, Taiwan, 29 July–5 August 2018)
is going on. DebConf18 will be preceded by one week of DebCamp,
Saturday, July 21 through Friday, July 27. The Call for Proposals [39]
was published on 7 February 2018. You can now sign into the website [40]
and submit an event, or write to the content team at
<content@debconf.org> [41] to suggest an invited speaker. Talk proposals
must be submitted by Sunday 17 June 2018 at the latest. Registration
will open soon and you can subscribe to debconf-announce [42] to be
notified when registration opens. Bursary applications will be available
together with registration and must be submitted by 13 April. As of now,
eleven companies or organisations have decided to support the event, and
DebConf18 is still accepting [43] sponsors; visit its website [44] for
more details.
39: https://bits.debian.org/2018/ 02/debconf18-cfp.html
40: https://debconf18.debconf.org/
41: content@debconf.org
42: https://debconf18.debconf.org/ about/registration/
43: https://bits.debian.org/tag/ debconf18.html
44: https://debconf18.debconf.org
is going on. DebConf18 will be preceded by one week of DebCamp,
Saturday, July 21 through Friday, July 27. The Call for Proposals [39]
was published on 7 February 2018. You can now sign into the website [40]
and submit an event, or write to the content team at
<content@debconf.org> [41] to suggest an invited speaker. Talk proposals
must be submitted by Sunday 17 June 2018 at the latest. Registration
will open soon and you can subscribe to debconf-announce [42] to be
notified when registration opens. Bursary applications will be available
together with registration and must be submitted by 13 April. As of now,
eleven companies or organisations have decided to support the event, and
DebConf18 is still accepting [43] sponsors; visit its website [44] for
more details.
39: https://bits.debian.org/2018/
40: https://debconf18.debconf.org/
41: content@debconf.org
42: https://debconf18.debconf.org/
43: https://bits.debian.org/tag/
44: https://debconf18.debconf.org
NIST Cybersecurity framework
- identify protect detect respond recover
- exploit code determines effectness
- E-mail, web isolation -> docker as rendering proxy
- SOC vs CISRT (CERT)
- Indicator of Compromise (IOC, pattern, hash based)
- Indicator of Attack (IOA, malicious behavior checks)
訂閱:
文章 (Atom)