2019年8月27日 星期二

KVM guest I/O tuning..

First is which I/O mechanism to use.
Set either io='native' or io='threads' in your XML to benchmark each of these.
Second is which caching mechanism to use. You can set cache='writeback'cache='writethrough' or you can turn it off with cache='none', which you actually may find works best.
Don't use writeback unless your RAID array is battery-backed, or you risk losing data. (Of course, if losing data is OK, then feel free.)
Third, some other things that may help include turning off barriers, and using the deadline scheduler in the guest.
Finally, do some research. IBM made a very interesting presentation on KVM I/O performance at the 2010 Linux Plumbers Conference. In addition they have an extensive set of best practices on using KVMwhich will certainly be of interest.
P.S. Lengthy sequential reads and writes are rarely representative of a real-world workload. Try doing benchmarks with other types of workloads, ideally the actual application(s) you intend to run in production.
REF: https://serverfault.com/questions/425607/kvm-guest-io-is-much-slower-than-host-io-is-that-normal

TrendLabs: LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks

Figure 1. Screenshot of the actual email sample that contained a LokiBot attachment
Figure 1. Screenshot of the actual email sample that contained a LokiBot attachment
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/lokibot-gains-new-persistence-mechanism-uses-steganography-to-hide-its-tracks/

2019年8月25日 星期日

LM: Knoppix 8.6 Released

Version 8.6 of Knoppix is based on Debian/stable (buster), with some packages from Debian/testing and unstable (sid) for newer graphics drivers or desktop software packages. Knoppix uses Linux kernel 5.2.5 and Xorg 7.7 (core 1.20.4) for supporting current computer hardware.

REF: http://www.linux-magazine.com/Online/News/Knoppix-8.6-Released

TrendLabs: Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

Figure 2. Document asking users to enable macro
Figure 2. Document asking users to enable macro
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/latest-trickbot-campaign-delivered-via-highly-obfuscated-js-file/

Plex: 30-second previews on Android & Web TV

30s Previews on Android & Web TV
30-second previews on Android & Web TV
Joining iOS users, now Android mobile as well as our big screen app users can search, browse and sample 30-second clips from the entire 60-million track TIDAL library for free.

TrendLabs: Keeping a Hidden Identity: Mirai C&Cs in Tor Network

Figure 1. A sample of a Shodan scan search result showing socks proxies.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/

Trello: Try This Popular Japanese Morning Routine For A Better Workday

Chorei Japanese morning routine for teams
Morning routines are great for a lot of reasons: They encourage productive habits, an increased focus on important goals, and motivated people all over the world swear they’re the secret to their success.
REF: https://blog.trello.com/chorei-japanese-team-morning-routine

ADMIN: Fedora Server 30 (x86_64)


REF: http://www.admin-magazine.com/Archive/2019/52/Fedora-Server-30-x86_64

TrendLabs: Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’


Figure 1. The attack’s infection chain
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/

[USN-4099-1] nginx vulnerabilities

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Aug 16, 2019 2:29AM

Jonathan Looney discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service.

References:
  https://usn.ubuntu.com/4099-1
  CVE-2019-9511, CVE-2019-9513, CVE-2019-9516

NDI Community Event IBC 2019

Join Vizrt and NewTek at the 2019 NDI® Community Event at IBC on Sunday, 15 September at 17:15 at Stand 7.B01 and 7.C12. Come hear about the latest NDI developments and network with the global NDI community over cocktails and canapés.

TrendLabs: Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide

Figure 1. Code snippet of the sshd2 Shellbot
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/old-tools-for-new-money-url-spreading-shellbot-and-xmrig-using-17-year-old-xhide/

Introducing Wowza's New Status Page

Status
Wowza is committed to customer success. That's why we are pleased to announce our new and improved status page! When there is a service-impacting issue, this page will provide clear and transparent communication to our customers. Subscribe to status notifications via SMS, email, and RSS. 

Plex: UNO, UNO everywhere

UNO, UNO everywhere
UNO, UNO everywhere
Our new user interface standard – code-named UNO – continues to roll-out across the Plex app landscape. With UNO, you will notice a higher degree of personalization and richer search results. It also provides a stable foundation for the future, where you will be able to turn on (and off!) new services and experiences in the years to come.

TrendLabs: Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

Figure 1. Delivery email
Figure 1. Delivery email
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/

Icinga 2.11 Release Candidate

For months we have been working on one of the biggest and most important releases since the creation of Icinga 2. Icinga 2 version 2.11 includes improvements for performance, stability and scalability. After many changes of lines of code, additions and deletions we believe we’re finally there. But we want to have you on board, so we decided to go with a Release Candidate first. Today we’re happy to announce the general availability of this release!
REF: https://icinga.com/2019/07/25/icinga-2-11-release-candidate/

[USN-4103-2] Docker vulnerability

---------- Forwarded message ---------
From: Mike Salvatore
Date: Aug 20, 2019 1:46AM

Jasiel Spelman discovered that a double free existed in the docker-credential-
helpers dependency of Docker. A local attacker could use this to cause a denial
of service (crash) or possibly execute arbitrary code.

References:
  https://usn.ubuntu.com/4103-2
  https://usn.ubuntu.com/4103-1
  CVE-2019-1020014

2019年8月11日 星期日

TrendLabs: Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

Figure 1. Jenkins’ matrix-based security model
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/jenkins-admins-relying-on-default-settings-could-put-master-at-risk-of-remote-code-execution-attacks/

2019年8月10日 星期六

Trello: Break It Down Now: How To Delegate Complex Tasks To Your Team

Delegation tips and techniques
Learning to delegate is an essential skill for many different situations, both personally and professionally. 
REF: https://blog.trello.com/how-to-delegate-tasks

TrendLabs: SLUB Gets Rid of GitHub, Intensifies Slack Use

Figure. 3
Figure 3. Traffic Pattern of SLUB malware infection chain
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/

$200 Linux Laptop Pinebook Pro is Available for Pre-order

Pinebook Pro
REF: https://itsfoss.com/pinebook-pro/

Trello: How To Overcome Pack Mentality In The Workplace By Fostering Psychological Safety

Pack-Mentality-final
In the ‘90s, a young researcher named Amy Edmondson was tasked with assessing the rate of human-related drug errorsin a particular group of hospitals. She wondered: Do better hospital patient care teams make fewer mistakes? When the data came in, the results astounded her—it appeared that better teams made more mistakes, not fewer.
REF: https://blog.trello.com/fostering-psychological-safety

2019年8月6日 星期二

TrendLabs: iOS URL Scheme Susceptible to Hijacking

Figure.1
Figure 1. Suning app login with WeChat account associated with WeChat app
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/

2019年8月5日 星期一

LM: openSUSE Leap 15.1


REF: http://www.linux-magazine.com/Issues/2019/225/This-Month-s-DVD

[Checkmk Announce] New Checkmk stable release 1.5.0p21

---------- Forwarded message ---------
From: Checkmk Announcements
Date: Wed, Jul 31, 2019 at 7:11 PM

Notifications:
* 8784 FIX: bulk notifications were sent multiple times

HW/SW inventory:
* 8820 FIX: lnx_packages: Do not crash if agent sends incomplete output

Checks & agents:
* 8823 FIX: stormshield_cluster, stormshield_cluster_node: Do not discover services if cluster info is missing
* 7957 FIX: msexchange: ignore invalid data in agent output
* 8821 FIX: emc_datadomain_temps: Do not discover missing temperature sensors
* 7270 FIX: Timespecific parameters: Some checks no longer loose discovered check parameters

You can download Checkmk from our download page:
 * https://checkmk.com/download.php

Trello: How To Be The Remote Employee That Proves The Stereotypes Aren’t True

remote work stereotypes
The verdict’s in: Your boss approved your request to work remotely full-time. Congratulations! 🎉You’re no longer tied to the geographical location of your office. 
REF: https://blog.trello.com/remote-work-stereotypes?utm_source=newsletter&utm_medium=email

TrendLabs: Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi


Figure 1. A sample spam email delivered to TA505’s targets in the Middle East
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/

[USN-4080-1] OpenJDK 8 vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Jul 31, 2019 10:05AM

Keegan Ryan discovered that the ECC implementation in OpenJDK was not
sufficiently resilient to side-channel attacks. An attacker could possibly
use this to expose sensitive information. (CVE-2019-2745)

It was discovered that OpenJDK did not sufficiently validate serial streams
before deserializing suppressed exceptions in some situations. An attacker
could use this to specially craft an object that, when deserialized, would
cause a denial of service. (CVE-2019-2762)

It was discovered that in some situations OpenJDK did not properly bound
the amount of memory allocated during object deserialization. An attacker
could use this to specially craft an object that, when deserialized, would
cause a denial of service (excessive memory consumption). (CVE-2019-2769)

It was discovered that OpenJDK did not properly restrict privileges in
certain situations. An attacker could use this to specially construct an
untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2019-2786)

Jonathan Birch discovered that the Networking component of OpenJDK did not
properly validate URLs in some situations. An attacker could use this to
bypass restrictions on characters in URLs. (CVE-2019-2816)

Nati Nimni discovered that the Java Cryptography Extension component in
OpenJDK did not properly perform array bounds checking in some situations.
An attacker could use this to cause a denial of service. (CVE-2019-2842)

It was discovered that OpenJDK incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted PNG file, a remote attacker could use this issue to
cause OpenJDK to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-7317)

References:
  https://usn.ubuntu.com/4080-1
  CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786,
  CVE-2019-2816, CVE-2019-2842, CVE-2019-7317