2018年5月31日 星期四
TrendLabs: Malicious Edge and Chrome Extension Used to Deliver Backdoor
Figure 2. Screenshots of the malware-embedded documents, posing as an invoice (top) and another with a missive urging would-be victims to “enable editing” (bottom)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-edge-and-chrome-extension-used-to-deliver-backdoor/
Plex: Now featuring Podcasts!
Enjoy the art of storytelling |
We’re thrilled to announce that one of our most-requested features is now available on Plex: Podcasts! With rich metadata and tons of features, like On Deck, personalized recommendations, variable speed playback, a customizable home screen, offline mode (coming soon!), and so much more, now you can enjoy a robust podcast-listening experience on Plex. Available in beta on Android, iOS, Roku, and Web (no Plex Media Server required). Best of all, the Podcasts feature is free for all users. |
2018年5月29日 星期二
TrendLabs: Confucius Update: New Tools and Techniques, Further Connections with Patchwork
Figure 3. Screenshot of the second fake website
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/confucius-update-new-tools-and-techniques-further-connections-with-patchwork/
2018年5月28日 星期一
Mobile Desktop Innovation
Purism, which is developing the free and secure Librem 5 phone, is keeping the product in the public’s awareness by regularly releasing partnership announcements. It’s a shrewd strategy, especially since the Librem 5 is over a year away from production. However, the latest announcement – that Ubuntu Touch will be available on the Librem 5 – is even more significant than earlier announcements. The news means that in addition to its other benefits, the Librem 5 will also offer one of the most innovative desktops for mobile devices available. Together, the Librem 5 and Ubuntu promise to show just how innovative free software can be.
REF: http://www.linux-magazine.com/Online/Features/Librem-5-and-Ubuntu-Touch
REF: http://www.linux-magazine.com/Online/Features/Librem-5-and-Ubuntu-Touch
2018年5月27日 星期日
TrendLabs: GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities
Figure 7. The distribution of HTTP-enabled attacker devices
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/gpon-vulnerabilities-exploited-for-mexico-based-mirai-like-scanning-activities/
2018年5月26日 星期六
GDPR user consent tools for publishers
---------- Forwarded message ---------
From: Google
Date: Fri, May 25, 2018 at 9:42 PM
Subject: Important update about the General Data Protection Regulation (GDPR) user consent tools for publishers
From: Google
Date: Fri, May 25, 2018 at 9:42 PM
Subject: Important update about the General Data Protection Regulation (GDPR) user consent tools for publishers
|
2018年5月25日 星期五
Trello: The 'Coffee Shop Effect'
The 'Coffee Shop Effect': Why Changing Your Location Boosts Your Productivity
2018年5月23日 星期三
Box: Five case studies in Cloud Content Management
2018年5月22日 星期二
Practical Python 3.6
This workshop introduces the Python language, progressing rapidly to the real-world examples spread across 4 modules and with a final test to ensure that you retained the knowledge. We cover all the basis, from working with local files to the usage of external APIs, working with CSV and JSON.
Module 1: How to get started with Python.
What you will learn …
- Python’s philosophy.
- How to install Python
- How to use the python interpreter.
- How Python imports work.
- How to work on a virtual environment.
- How to create and run a Python script.
- Using text editors for coding.
- Standards and PEP8.
- Various modules which Python comes bundled with.
INSIDE
- Why Python?
- Introduction about python programming language
- Learning the strengths of the language and what’s good with python
- Learning where to use Python and why
- Python as an interpreted language
- How to choose correct interpreter, install it, run it
- Python virtual environments
- Text editor (kate, gedit, brackets)
- How to create Hello world, from interpreter and with .py script
- Standards and batteries included
- Standards and PEP8
- Batteries included
Module 2: Python Basics
What you will learn …
- Python flow control statements
- List, dictionaries and advanced operations on them (slicing and iterating)
- The difference between classes and instances of an object
- How Python initialises new objects
- How to override Python’s built-in methods and types
- How to login to Twitter through Python
- How to get an instance’s attributes using the Python shell
INSIDE
- Python data types and flow control statements
- If / elif / else
- For loops
- While loops
- Lists (slices), dictionaries (loop over items), sets
- Lists
- List slices
- Dictionaries
- Python Internals
- Classes and object instances
- Everything is an object (docs strings, getters, setters, override)
- Practical example
Module 3: Files
What you will learn …
- What the concept of duck typing is.
- How files work.
- The CSV Python module.
- How to use the JSON Python module.
- How to use these modules in a real life example to extract, process and save data.
INSIDE
- Files
- Duck typing
- CSV files and CSVreader
- Read
- Write
- SimpleJSON
- Practical exercise
- Read file with a sentence per line
- Manipulate and gather metrics on each sentence
- Output a file with the metrics obtained
Module 4: Practical Project – Weather forecast!
In this module, you will apply all the knowledge from the previous chapters in order to implement a Python module to read data from an API, process the information and display it, using Python plotting library. You need to do these steps in any development so that you will learn how to define what the module works:
- Read data from an API (http://openweathermap.org)
- Save the raw data in a file for safekeeping
- Transform the data, so that it can be fed to the plot module
- Plot a graph with the weather forecast
You will learn …
- How to get data from an external API
- How to transform data to suit your needs
- How to work with the Python plotting
INSIDE
- Get information from API
- Data transformation
- Plotting the data
Module 5: Final Tests
This test is made up of 20 questions in total. You can take as long as you need to answer each question.
Sample question:
Question 15:
What library can you use to create an object to store content in memory that behave like a file?
A – math
B – json
C – csv
D – StringIO
What library can you use to create an object to store content in memory that behave like a file?
A – math
B – json
C – csv
D – StringIO
Meet the Instructor
Rui Silva is a computer Scientist from Portugal (http://alfasite.org/) He is a Python developer who loves open-source. He started working as a freelancer in 2008, while he finished his graduation in Computer Science in Universidade do Minho. After his graduation, he started pursuing a master’s degree, choosing the field of parallel computation, mobile and ubiquitous computing. He completed the mobile and ubiquitous computing course. In his 3 years of freelancing, he worked mostly with Python, developing Django websites, Drupal websites and some Magento stores. He also had to do some system administration. After that, he started working in Eurotux Informática, S.A. where he developed websites using Plone, Django and Drupal. He is also an IOS developer and sometimes he performs some system administration tasks. Besides his job, he works as a freelancer using mainly Django and other Python frameworks.
Course Format
The course is self-paced – you can visit the training whenever you want and your content will be there. Once you’re in, you keep access forever, even when you finish the course. There are no deadlines, except for the ones you set for yourself. We designed the course so that a diligent student will need about 18 hours of work to complete the training. Your time will be filled with reading, videos, and exercises.
REF: https://bsdmag.org/course/learn-to-program-using-python-practical-python-3-6/
2018年5月21日 星期一
Ubuntu 18.04 Released
Apr 30, 2018
Swapnil Bhartiya
“Bionic Beaver” comes with hardware-focused improvements and Gnome as the default shell.
,,,Ubuntu 18.04 comes with a customized version of Linux kernel 4.15 that adds support for the latest hardware and peripherals. Some of the hardware-focused improvements that this kernel brings to Ubuntu include CPU controller for the cgroup v2 interface, AMD secure memory encryption support, the latest MD driver with software RAID enhancements, and management for systems with SATA Link Power Management.
Java users will continue to use OpenJDK 8, which has moved to universe and will remain available for the life of 18.04...
2018年5月20日 星期日
Proxmox VE 5.2 released
Here are the highlights of the new version 5.2:
and much more...
REF: https://www.proxmox.com/en/news/press-releases
- Based on Debian 9.4 and Linux Kernel 4.15
- You can create clusters easily via the GUI
- New certificate management with Let's Encrypt
- Cloud-Init for VM provisioning
- New Samba/CIFS storage plugin for shared storage
- LXC: move disk and create templates now also possible with containers
- Xterm.js console
- I/O limits for restore
and much more...
REF: https://www.proxmox.com/en/news/press-releases
2018年5月19日 星期六
TrendLabs: Operators of Counter Antivirus Service Scan4You Convicted
Comparison of URL scans by Scan4You (S4Y), VirusCheckMate (VCM), and AVDetect (AVD) in 2015; there is no vertical scale as we only have sampled data
(Source: Trend Micro™ Smart Protection Network™).
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/operators-of-counter-antivirus-service-scan4you-convicted/
New Check_MK stable release 1.4.0p33
---------- Forwarded message ----------
From: Check_mk Announcements
Date: Fri, May 18, 2018 at 12:54 AM
Subject: [Check_mk Announce] New Check_MK stable release 1.4.0p33
To: checkmk-announce@lists.mathias-kettner.de
...
Core & setup:
* 6100 FIX: Fixed broken active checks (Regression in 1.4.0p32, werk #6063)
Checks & agents:
* 6080 FIX: fortigate_sessions: Removed useless include statement which cause an OSError
...
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
From: Check_mk Announcements
Date: Fri, May 18, 2018 at 12:54 AM
Subject: [Check_mk Announce] New Check_MK stable release 1.4.0p33
To: checkmk-announce@lists.mathias-kettner.de
...
Core & setup:
* 6100 FIX: Fixed broken active checks (Regression in 1.4.0p32, werk #6063)
Checks & agents:
* 6080 FIX: fortigate_sessions: Removed useless include statement which cause an OSError
...
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
NewTek at NAB 2018
|
2018年5月16日 星期三
Kali Linux Comes to Windows
The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
Kali Linux, a penetration testing distro that you may have seen in Mr. Robot, is now available in Windows Store. The Kali Linux team has been working with the Microsoft WSL team to bring the distro to the platform that still dominates the PC landscape. By doing so, Kali has brought some of the best penetration testing tools to the biggest PC user-base.
“This is especially exciting news for penetration testers and security professionals who have limited toolsets due to enterprise compliance standards,” wrote Mati Aharoni, lead Kali developer, in a blog post.
Google: improvements to our Privacy Policy and Privacy Controls
2018年5月14日 星期一
BackBox Linux for security analysis
Article from Issue 208/2018
Author(s): Erik Bärwaldt
Specializing in security and forensics, BackBox Linux is not only good for a vulnerability assessment, but thanks to its lean substructure, it is also suitable as a desktop distribution.
Many security-related Linux derivatives focus on a specific area of IT security and only take other problems into account marginally, or not at all. In contrast, the Italian Ubuntu derivative BackBox Linux, which has been in continuously development for several years, addresses most of the security-relevant issues faced by administrators of small and medium-sized networks.
2018年5月13日 星期日
TrendLabs: Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability
Figure 1. Malicious traffic on April 27-May 9 was detected from several ports, mostly coming from 7001/TCP.
REF: http://newsroom.trendmicro.com/blog/security-intelligence/malicious-traffic-port-7001-surges-cryptominers-target-patched-2017-oracl
2018年5月12日 星期六
Plex for Sonos is here!
Plex for Sonos is now available to everyone, making it easy to fill every room in your house with your favorite tunes. Even if you are at the office or at a friend’s place, Plex for Sonos makes it faster and easier than ever to access your Plex music library. You can even Direct Play just about any file type (you heard that right, audiophiles!). Plex is the absolute best way to access and play your ENTIRE personal music collection (not just what you can fit on your phone) from any device, anywhere in the world. |
TrendLabs: Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities
For May 2018, Microsoft's monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patch-tuesday-for-may-includes-updates-for-actively-exploited-vulnerabilities-2/
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patch-tuesday-for-may-includes-updates-for-actively-exploited-vulnerabilities-2/
2018年5月10日 星期四
TeamViewer Commitment to Data Privacy
TeamViewer GDPR Readiness programme update for our customers
On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, reflecting the importance of data protection in our increasingly digital world. TeamViewer is a global organisation and for us it is important that the personal information of our customers and our own people is handled in accordance with GDPR. As part of our continuous focus on information security and data privacy we are getting ready for GDPR through a managed programme of activities.
REF: https://content.teamviewer.com/en/GDPR/
On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, reflecting the importance of data protection in our increasingly digital world. TeamViewer is a global organisation and for us it is important that the personal information of our customers and our own people is handled in accordance with GDPR. As part of our continuous focus on information security and data privacy we are getting ready for GDPR through a managed programme of activities.
REF: https://content.teamviewer.com/en/GDPR/
2018年5月9日 星期三
Sysdig, the system diagnostic tool
Charly’s Column – Sysdig
Article from Issue 209/2018
Author(s): Charly Kühnast
In this issue, sys admin columnist and tool veterinarian Charly Kühnast invites Sysdig, the jack-of-all-trades among system diagnostic tools, into his surgery for a quick checkup. The project promises to unite the functionality of lsof, iftop, netstat, tcpdump, and others.
2018年5月8日 星期二
TrendLabs: Cryptocurrency-Mining Malware: 2018’s New Menace?
BSD Magazine: Shadowsocks Proxy Server On FreeBSD
TABLE OF CONTENTS
In Brief
Ewa & The BSD Team
Ewa & The BSD Team
Quickstart with Kubernetes and GKE (Part 2/2)
Leonardo Neves
Leonardo Neves
Shadowsocks Proxy Server On FreeBSD
Abdorrahman Homaei
Abdorrahman Homaei
Introduction to MDB
Carlos Neira
Carlos Neira
OpenBSD 6.3
Albert Hui
Albert Hui
Interview with Sanel Zukan, Founder & CEO of Hedron
The BSD Team
The BSD Team
Expert Speak by E.G.Nadhan
5 Imperatives for Catalysts of Change
E.G. Nadhan
5 Imperatives for Catalysts of Change
E.G. Nadhan
Column
The doves and the hawks are gathering for a showdown, be it in geopolitics or the Internet. Facebook and Cambridge Analytica, the West, and Russia are all walking on a tightrope. Brinkmanship is the current name of the game. Who is going to come out on top?
Rob Somerville
The doves and the hawks are gathering for a showdown, be it in geopolitics or the Internet. Facebook and Cambridge Analytica, the West, and Russia are all walking on a tightrope. Brinkmanship is the current name of the game. Who is going to come out on top?
Rob Somerville
TrendLabs: Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More
Figure 1. IoT device life cycle
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/device-vulnerabilities-connected-home-remote-code-execution-and-more/
2018年5月5日 星期六
Ad Technology Provider Controls launching ahead of the GDPR
---------- Forwarded message ----------
From: Google
Date: 2018-05-05 7:35 GMT+08:00
Subject: Updates about the Ad Technology Provider Controls launching ahead of the GDPR
Within these controls, you will also have the ability to:
Finally, to further clarify requirements under our updated EU Consent policy, as well as Google’s controller position, we have published additional information on our Help Center to fully address your questions (DFP/AdX, AdSense, AdMob).
If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center.
Sincerely,
The Google Team
From: Google
Date: 2018-05-05 7:35 GMT+08:00
Subject: Updates about the Ad Technology Provider Controls launching ahead of the GDPR
Within these controls, you will also have the ability to:
- Present users a choice between personalized and non-personalized ads. We have already made documentation (DFP, AdSense) available for you to pass a non-personalized signal in our tags. App developer guides are available for passing this signal (DFP Android, DFP iOS, AdMob Android, AdMob iOS).
- Select to serve only non-personalized ads to all users in the EEA, if you wish.
- Choose which reservation line items are eligible to serve in personalized and non-personalized mode.
Finally, to further clarify requirements under our updated EU Consent policy, as well as Google’s controller position, we have published additional information on our Help Center to fully address your questions (DFP/AdX, AdSense, AdMob).
If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center.
Sincerely,
The Google Team
2018年5月4日 星期五
TrendLabs: FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
2018年5月3日 星期四
TrendLabs: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground
Figure 1. Posting for silent Monero miner for smartphones
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-targeting-iot-being-offered-in-the-underground/
2018年5月1日 星期二
Azure DDoS Protection generally available
REF: https://azure.microsoft.com/en-us/services/ddos-protection/
訂閱:
文章 (Atom)