Get in the mood this Valentine’s Day by streaming over 60 million songs from Plex for all your feels: whether you’re in love, nursing a heartache, or just rocking the single life. Plex seamlessly integrates the entire TIDAL streaming library with your own music collection, so kick things off with one of these curated playlists to get the big day started! |
2019年2月28日 星期四
Plex: Music for all the feels
2019年2月27日 星期三
ADMIN: New Zero-day Vulnerability in Windows Systems
The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.
For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.
Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt
For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.
Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt
2019年2月25日 星期一
All Viz Artist courses are now free!
|
2019年2月23日 星期六
[Check_mk Announce] New Check_MK stable release 1.5.0p12
---------- Forwarded message ---------
From: Check_mk Announcements
Date: Mon, Feb 18, 2019 at 2:43 AM
Dear friends of Check_MK,
the new stable release 1.5.0p12 of Check_MK is ready for download.
We are proud to announce the release of Check_MK version 1.5.0p12 also known as
1.5.0+, because it ships with several new features we wanted you to be able to
use as soon as possible.
With the new release, Check_MK provides a connector to Amazon Web Services
(AWS) and a large set of off-the-shelf plug-ins to monitor metrics of some of
the most popular AWS services. These includethe Simple Storage Service (S3),
Elastic Compute Cloud(EC2), Elastic Block Store (EBS), and Elastic Load
Balancing (ELB) and Amazon Relational Database Service (RDS). Furthermore,
users can also monitor the costs of their AWS services.
Check_MK 1.5+ also provides plug-ins for Microsoft Azure services via
a special agent to monitor Azure Virtual Machines, Azure Storage Accounts,
Azure SQL Databases, Azure Webservers and Azure Virtual Network Gateways.
The new release also enhances the monitoring of container environments beyond
the already existing Docker monitoring. With Check_MK 1.5+, users will be able
to monitor Kubernetes, one of the most prominent container orchestration tools,
and see detailed metrics on Kubernetes clusters, nodes and pods.
Another interesting part of this release are the new notification plug-ins that
Check_MK 1.5+ is introducing. We have added plug-ins for the incident
management systems VictorOps and PagerDuty and also for the collaboration and
communication platform Slack.
Have a look at the Check_MK handbook for further information:
https://mathias-kettner.de/cms_monitoring_kubernetes.html
https://mathias-kettner.de/cms_monitoring_aws.html
https://mathias-kettner.de/cms_monitoring_azure.html
Besides these features, this maintenance release ships with 40 changes affecing
all editions of Check_MK, 8 Enterprise Edition specific changes and 0 Managed
Services Edition specific changes.
From: Check_mk Announcements
Date: Mon, Feb 18, 2019 at 2:43 AM
Dear friends of Check_MK,
the new stable release 1.5.0p12 of Check_MK is ready for download.
We are proud to announce the release of Check_MK version 1.5.0p12 also known as
1.5.0+, because it ships with several new features we wanted you to be able to
use as soon as possible.
With the new release, Check_MK provides a connector to Amazon Web Services
(AWS) and a large set of off-the-shelf plug-ins to monitor metrics of some of
the most popular AWS services. These includethe Simple Storage Service (S3),
Elastic Compute Cloud(EC2), Elastic Block Store (EBS), and Elastic Load
Balancing (ELB) and Amazon Relational Database Service (RDS). Furthermore,
users can also monitor the costs of their AWS services.
Check_MK 1.5+ also provides plug-ins for Microsoft Azure services via
a special agent to monitor Azure Virtual Machines, Azure Storage Accounts,
Azure SQL Databases, Azure Webservers and Azure Virtual Network Gateways.
The new release also enhances the monitoring of container environments beyond
the already existing Docker monitoring. With Check_MK 1.5+, users will be able
to monitor Kubernetes, one of the most prominent container orchestration tools,
and see detailed metrics on Kubernetes clusters, nodes and pods.
Another interesting part of this release are the new notification plug-ins that
Check_MK 1.5+ is introducing. We have added plug-ins for the incident
management systems VictorOps and PagerDuty and also for the collaboration and
communication platform Slack.
Have a look at the Check_MK handbook for further information:
https://mathias-kettner.de/cms_monitoring_kubernetes.html
https://mathias-kettner.de/cms_monitoring_aws.html
https://mathias-kettner.de/cms_monitoring_azure.html
Besides these features, this maintenance release ships with 40 changes affecing
all editions of Check_MK, 8 Enterprise Edition specific changes and 0 Managed
Services Edition specific changes.
2019年2月22日 星期五
Sophos:Home Premium with AI for Beta Testers
Roku: New! Enjoy free TV & your subscriptions – all in one!
2019年2月20日 星期三
[USN-3891-1] systemd vulnerability
---------- Forwarded message ---------
From: Chris Coulson
Date: Feb 19, 2019 1:01AM
It was discovered that systemd incorrectly handled certain D-Bus messages.
A local unprivileged attacker could exploit this in order to crash the
init process, resulting in a system denial-of-service (kernel panic).
References:
https://usn.ubuntu.com/usn/usn-3891-1
CVE-2019-6454
From: Chris Coulson
Date: Feb 19, 2019 1:01AM
It was discovered that systemd incorrectly handled certain D-Bus messages.
A local unprivileged attacker could exploit this in order to crash the
init process, resulting in a system denial-of-service (kernel panic).
References:
https://usn.ubuntu.com/usn/usn-3891-1
CVE-2019-6454
2019年2月19日 星期二
Plex: Get Cozy with Web Shows!
What do Romance and Horror have in common? Hearts. Lots of bloody, bloody hearts! Curious why Slasher fans love Valentine’s Day so much? Well, check out the hit web show Fandor to figure out which classic terrifying flick will make your loved one squeal with fear and cuddle with delight. Web Shows in Plex are always on and always free! |
2019年2月18日 星期一
Roku: Stream these past award winners and nominees.
2019年2月17日 星期日
Updated Debian 9: 9.8 released
---------- Forwarded message ---------
From: Donald Norwood
Date: Feb 17, 2019 Sun 2:05AM
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.8 released press@debian.org
February 16th, 2019 https://www.debian.org/News/2019/20190216
------------------------------------------------------------------------
The Debian project is pleased to announce the eighth update of its
stable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
From: Donald Norwood
Date: Feb 17, 2019 Sun 2:05AM
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 9: 9.8 released press@debian.org
February 16th, 2019 https://www.debian.org/News/2019/20190216
------------------------------------------------------------------------
The Debian project is pleased to announce the eighth update of its
stable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
2019年2月16日 星期六
TrendLabs: Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
Figure 1. Script downloading from domain, logged from one of our honeypots.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/
2019年2月15日 星期五
Plex: All the podcasts you love
Looking for some actual advice on romance and amore? Check out Loveletters, a podcast hosted by Boston Globe advice columnist Meredith Goldstein, which does a deep dive on a single burning question about love and relationships across every season. Podcasts in Plex are always free and ready to stream on all your favorite devices.
2019年2月14日 星期四
Trello: How To Give Your Brain A Break Without Booking Vacation Days
✔ All to-do’s completed for the week
✔ Dinner plans set for Meatless Monday
✔ Workout and game night scheduled
When you get that ideal routine down, it can feel empowering to be so predictably productive.
REF: https://blog.trello.com/neuroplasticity-tips-for-how-to-give-your-brain-a-break
2019年2月13日 星期三
ADMIN: openSUSE Leap 15.0
Hardware requirements for the DVD in this issue include a 2GHz dual-core processor or better, 2GB of system memory, more than 40GB of free hard drive space, and a DVD drive. Note that this DVD is not Live and will install on bootup.
REF: http://www.admin-magazine.com/Archive/2019/49/openSUSE-Leap-15.0-direct-install-not-Live
[USN-3885-1] OpenSSH vulnerabilities
---------- Forwarded message ---------
From: Marc Deslauriers
Date: Feb 8, 2019 Friday 3:01AM
Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a
user or automated system were tricked into connecting to an untrusted
server, a remote attacker could possibly use these issues to write to
arbitrary files, change directory permissions, and spoof client output.
References:
https://usn.ubuntu.com/usn/usn-3885-1
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
From: Marc Deslauriers
Date: Feb 8, 2019 Friday 3:01AM
Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a
user or automated system were tricked into connecting to an untrusted
server, a remote attacker could possibly use these issues to write to
arbitrary files, change directory permissions, and spoof client output.
References:
https://usn.ubuntu.com/usn/usn-3885-1
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
TrendLabs: Windows App Runs on Mac, Downloads Info Stealer and Adware
Figure 5. One of the adwares downloaded posing as a popular app.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/
Plan A Vacation With Trello: All "A Board!"
Planning a vacation is exciting: researching what you’ll see, where you’ll stay, what you’ll eat. The entire process can overwhelm you with the feeling of boundless potential. A cheap airfare quote pops up in your inbox and suddenly the world is your oyster—where eating oysters in another part of the world is no longer a fantasy.
REF: https://blog.trello.com/all-a-board-plan-a-vacation-with-trello
ADMIN: Into the Cloud for Security
Just put your paws on the keyboard and type S-E-C-A-A-S. Security as a Service (SECaaS) is an actual thing. Companies are heading to the cloud for security in huge numbers. Whether you call it SECaaS or Software as a Service (SaaS) security, the result is the same: Real-time data analytics finding and blocking threats from your very vulnerable network has made traditional perimeter-based security and signature-based
REF: http://www.admin-magazine.com/Archive/2019/49/Into-the-Cloud-for-Security
REF: http://www.admin-magazine.com/Archive/2019/49/Into-the-Cloud-for-Security
TrendLabs: Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
Trello: Why Taking Breaks Is The Key To Productivity
It’s only natural to think you need to be chained to your desk for hours at a time in order to get things done. Workaholics are oft celebrated; they even have their own national holiday. If you aren't taking breaks, however, you're probably decreasing your productivity rather than improving it.
REF: https://blog.trello.com/taking-breaks-key-productivity
2019年2月6日 星期三
[USN-3880-1] Linux kernel vulnerabilities
---------- Forwarded message ---------
From: Steve Beattie
Date: Feb 5 2019, Tuesday 9:55 AM
It was discovered that the CIFS client implementation in the Linux kernel
did not properly handle setup negotiation during session recovery, leading
to a NULL pointer exception. An attacker could use this to create a
malicious CIFS server that caused a denial of service (client system
crash). (CVE-2018-1066)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
It was discovered that the socket implementation in the Linux kernel
contained a type confusion error that could lead to memory corruption. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2018-9568)
References:
https://usn.ubuntu.com/usn/usn-3880-1
CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
From: Steve Beattie
Date: Feb 5 2019, Tuesday 9:55 AM
It was discovered that the CIFS client implementation in the Linux kernel
did not properly handle setup negotiation during session recovery, leading
to a NULL pointer exception. An attacker could use this to create a
malicious CIFS server that caused a denial of service (client system
crash). (CVE-2018-1066)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
It was discovered that the socket implementation in the Linux kernel
contained a type confusion error that could lead to memory corruption. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2018-9568)
References:
https://usn.ubuntu.com/usn/usn-3880-1
CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
2019年2月5日 星期二
Trello: 7 Weird Ways To Help Combat 'Hermit' Habits As A Remote Worker
It happens to even the most experienced remote workers. Actually, it happens especially to those who have worked from home for a while. You land an amazing remote job, set up your home office with a customized desk setup, and get settled with ease. Over time, however, you become a little too settled. It’s been three days since you left your house and the fridge is empty—not that you’ve noticed, because you haven’t taken a proper lunch break in months. And when was the last time that you wore anything other than that same hoodie?
REF: https://blog.trello.com/hermit-habits-remote-work
2019年2月4日 星期一
Charly's Column – DNSDiag
dnsping
lives up to its name, repeatedly querying a DNS server and displaying the response times. The hostname to be resolved is a mandatory parameter. dnsping
prompts you for the system's default name server, which can be changed using -s
. After typingsudo dnsping.py -v -s 8.8.8.8 linux-magazine.comREF: http://www.linux-magazine.com/Issues/2019/220/The-sys-admin-s-daily-grind-DNSDiag
2019年2月3日 星期日
TrendLabs: Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures
Figure 1. Screenshots of the malicious beauty camera apps on Google Play
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
[Check_mk Announce] New Check_MK stable release 1.4.0p38
---------- Forwarded message ---------
From: Check_mk Announcements
Date: Wed, Jan 30, 2019 at 8:09 PM
Changes in all Check_MK Editions:
Checks & agents:
* 6995 FIX: oracle_undostat: Fixed crash if state in case of positive space error count is set to OK
* 6994 FIX: oracle_tablespaces: ignore warn/crit for read only Tablespaces
* 6818 FIX: netapp_api_volumes: Added forgotten 'operations/s' metrics
* 6826 FIX: kemp_loadmaster_services: Do not discover disabled services
* 6999 FIX: ipmi_sensors: Treat "S0/G0" as "System full operational, working" state
* 6754 FIX: if_lancom: Fixed correct interface discovery for newer lancom router
NOTE: Please refer to the migration notes!
* 6814 FIX: hp_msa_if: Do not crash if no speed information is available
* 6991 FIX: genua_carp, genua_fan, genua_pfstate, genua_state_correlation, genua_vpn: Also discover Genubox and Genuscript devices
* 7003 FIX: f5_bigip_pool: Fixed crash if no SNMP info
* 6893 FIX: diskstat: Make check compatible with addional kernel versions
* 6873 FIX: df: made rule being found when searching for "inodes"
* 7009 FIX: cpu.threads: On Solaris the number of threads was calculated incorrectly
* 6997 FIX: check_mk_agent.linux: Decryption of agent output fails if passphrase contains '&'. This may also occur in case of other special chars.
* 6809 FIX: aix_if: Transmit/Receive errors are no longer ignored
* 6961 FIX: Unbreak check_mkevents active check.
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
From: Check_mk Announcements
Date: Wed, Jan 30, 2019 at 8:09 PM
Changes in all Check_MK Editions:
Checks & agents:
* 6995 FIX: oracle_undostat: Fixed crash if state in case of positive space error count is set to OK
* 6994 FIX: oracle_tablespaces: ignore warn/crit for read only Tablespaces
* 6818 FIX: netapp_api_volumes: Added forgotten 'operations/s' metrics
* 6826 FIX: kemp_loadmaster_services: Do not discover disabled services
* 6999 FIX: ipmi_sensors: Treat "S0/G0" as "System full operational, working" state
* 6754 FIX: if_lancom: Fixed correct interface discovery for newer lancom router
NOTE: Please refer to the migration notes!
* 6814 FIX: hp_msa_if: Do not crash if no speed information is available
* 6991 FIX: genua_carp, genua_fan, genua_pfstate, genua_state_correlation, genua_vpn: Also discover Genubox and Genuscript devices
* 7003 FIX: f5_bigip_pool: Fixed crash if no SNMP info
* 6893 FIX: diskstat: Make check compatible with addional kernel versions
* 6873 FIX: df: made rule being found when searching for "inodes"
* 7009 FIX: cpu.threads: On Solaris the number of threads was calculated incorrectly
* 6997 FIX: check_mk_agent.linux: Decryption of agent output fails if passphrase contains '&'. This may also occur in case of other special chars.
* 6809 FIX: aix_if: Transmit/Receive errors are no longer ignored
* 6961 FIX: Unbreak check_mkevents active check.
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
2019年2月1日 星期五
Sophos Home Premium with AI
|
訂閱:
文章 (Atom)