ITbrain Anti-Malware all fully integrated into TeamViewer

Application Debugging and Troubleshooting

Start saving your time today and find out how useful skills you can learn with Carlos. In this workshop you will see real life situations, where debugging skills will save your time, headaches and possibly find a solution with minimal amount of effort. Debugging/Troubleshooting is a really useful skill when you are working in maintaining legacy applications, doing some small incremental changes to an old code base, where the code has been touched by so many hands over the years and it is becoming really a mess. So, management has decided that the code works as it is and you are not allowed to change it all over “the right way ™”. INSIDE Introduction to the GDB debugger Advanced inspection of data structures and variables Introduction to the jdb debugger Working with core dumps in GDB Introduction to Dtrace Course Materials

REF: https://bsdmag.org/course/application-debugging-and-troubleshooting-2/

TrendLabs: Update on Pawn Storm

Figure 1. A sample of a credential phishing email Pawn Storm sent in October and November 2017

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/

Drivers for BSD

REF: https://bsdmag.org/device-driver-development-bsd/

Plex news on all of your devices

Your news on all of your devices

Plex News gives you a consistent experience on every screen — watch your morning headlines on the TV then continue catching up on your phone during your commute. This feature is currently available on Android TV, NVIDIA SHIELD, Amazon Fire TV, Apple TV, Roku, Plex Web, Android Mobile, and iOS, with other platforms to follow. Plex News is ad-supported, which means that it comes at no additional cost to you, allowing everyone to enjoy high quality news content.

TriCaster and NDI in campus

Neumann University Connects Its Campus With TriCaster® and NDI®

REF: newtek.com

TrendLabs: Deciphering Confucius’ Cyberespionage Operations

Figure 1: Tweety Chat’s interface (top), and code snippets showing the file types it steals (bottom)

REF:

Using OpenBSD on a thinkpad

---------- Forwarded message ----------
From: Peter N. M. Hansteen 
Date: Mon, Feb 19, 2018 at 8:05 PM
Subject: Re: Using OpenBSD on a thinkpad?
To: misc@openbsd.org

On Mon, Feb 19, 2018 at 08:00:30PM +1100, crimeangothic@nigge.rs wrote:
>
> Hey everyone, I am pretty stupid when it comes to less user friendly operating systems. I currently use slackware/windows and am thinking of using OpenBSD on either my thinkpad e420 or my libreboot t400. Are either supported(or at least possible to install on?
Thinkpads in general are well supported. Part of the reason is that quite a few
of the developes have a strong preference for the machines.

That said, the is always a non-zero risk of some variant being odder than others,
but a brief glance on the specifications for the models you mention do not raise
any obvious red flags here.

BSD patches for Spectre/Meltdown

The OpenIndiana project is still alive and well with a recent announcement of migrating the project to GCC 6.4. Unfortunately, this version does not cover the Spectre/Meltdown vulnerabilities, although the next version planned is 7.3 which will cover these hot issues.
While on the topic, the FreeBSD Unix distribution finally patched and fixed their operating environment for both Spectre and Meltdown in revision 329462.

The NetBSD team has been working to improve the security of their highly portable operating system. Several of the enhancements coming to NetBSD's stable branch involve the removal of legacy code and patches to work around the Meltdown and Spectre CPU bugs: "Ilja Van Sprundel presented at Defcon 25 (July 2017) and 34c3 (December 2017) the results of his audit of the BSD kernels. The issues affecting NetBSD were fixed overnight in the NetBSD-current branch, and were propagated to the stable branches within a month. Kernels from NetBSD-6 and NetBSD-7 built after August 23rd 2017 had all the necessary fixes. Some reports published recently suggest that the stable branches remained vulnerable for months, and that NetBSD was lagging behind; that is simply not true. In Ilja Van Sprundel's report, NetBSD was criticized for having too much legacy and buggy code. Several proactive measures were taken, within a month again, to clean up the system." Further details can be found in a blog post on the NetBSD website. http://blog.netbsd.org/tnf/entry/recent_security_affairs

REF: http://www.linuxjournal.com/content/kernel-patch-releases-winehq-openindiana-project-freebsd-unix-distribution-xubuntu-community

Trello: Emoji Reactions!

Adding an emoji reaction to a comment

Open the card in question and scroll down to the comments. You'll see the option to add an emoji reaction:

REF: https://help.trello.com/article/1115-using-emoji-reactions-in-trello

TrendLabs: Vulnerabilities in Apache CouchDB Open the Door to Monero Miners

Figure 1: Chart showing the detection of potential attacks; early February was when the peaks occurred

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/

New Check_MK stable release 1.2.8p27

This maintenance release of the current "old stable" version ships with 19
changes affecing all editions of Check_MK, 1 Enterprise Edition specific
change and 0 Managed Services Edition specific changes.

    Checks & Agents:
    * 5302 FIX: oracle_instance: Fixed crash if output contains more than 12 columns
    * 5316 FIX: cmciii.access: Fixed error state handling...
    * 5518 FIX: win.mem: Fix incorrect representation of absolute memory levels in graphs...
    * 5548 FIX: zpool_status: Fixed crash if pool has been deleted or vanished...
    * 5549 FIX: mk_oracle.ps1: Fixed scattered information for configuration...
    * 5550 FIX: mk_oracle.ps1: Fixed exceptions because of useless backslashes...
    * 5451 FIX: logwatch: Fixed reclassifying mechanism: Patterns did not apply correctly if they have changed
    * 5417 FIX: Windows: allow whitespace in eventlog event source...
    * 5608 FIX: temperature.include: Fixed device levels handling
    * 5557 FIX: check_mk_agent.aix: Fixed bug in uptime because AIX is not able to interpret ? and + in regexes

    Multisite:
    * 4757 SEC: Fixed possible reflected XSS in webapi.py...

    WATO:
    * 4222 FIX: Services of host page: Fixed encoding issue for hosts with umlauts in alias

REF: http://mathias-kettner.de/check_mk_download.html

TrendLabs: February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities

Of note are three vulnerabilities:

• CVE-2018-0852: A memory corruption vulnerability in Microsoft Outlook that, when exploited successfully, can let attackers run arbitrary code. What’s notable with this flaw is that Outlook’s Preview Pane can become an attack vector — the would-be victim need only receive a preconfigured message for malicious code to run. If logged on with administrative rights, it can enable hackers to hijack the system, such as installing programs, viewing, altering or deleting data, or creating privileged user accounts. The malicious file can also be hosted on an attacker-owned or compromised website, in which case the hacker would have to trick users into clicking a link that will divert victims to the site.
• CVE-2018-0850: A privilege escalation flaw in Microsoft Outlook. The vulnerability can be exploited through an especially crafted email designed to force Outlook to load local or remote messages over Server Message Block (SMB).
• CVE-2018-0771: A security feature bypass vulnerability in Microsoft Edge. When exploited successfully, Microsoft Edge will be able to circumvent Same-Origin Policy (SOP) restrictions, which prevent a website’s scripts (i.e., JavaScript, Ajax) from accessing sensitive data from and interacting with other scripts used on other websites.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/february-patch-tuesday-bouquet-fixes-privilege-escalation-vulnerabilities/

Plex: News on your terms

Real news, personalized by you

Personalize your news feed with over 190 global publisher partners (and growing!), including international sources, like Associated Press (AP), Reuters, Financial Times, Euronews, and top local news sources for over 80% of markets in the US.

Adding NewTek Native File Codecs to Your System by Chuck Baker Earlier this year in the v3.3 FFmpeg update, support was added for NewTek’s SpeedHQ native video file format, making it available in the many applications using the FFmpeg libraries. (Read the details here: NewTek’s Native Video File Format Goes Global.) Many applications, however, require codecs to be separately installed on an operating system in order to make them available in an application. For those applications, NewTek provides codec installers for Windows and Mac on our Downloads Page.

TrendLabs: Detecting New Threats via Contextual Information and Reputation

Figure 1. Overview of detection method

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/xgen-detection-new-threats/

NewBlue Titler Live 3 Broadcast with NDI

REF: newtek.com

Six Trello boards to stay on track

Track progress as cards move across lists from To Do to Done. Invite friends, family, and colleagues to collaborate and help cheer you on!


Dream. Plan. Do. With Trello!
REF: https://trello.com/dreambig

TrendLabs: Attack Using Windows Installer msiexec.exe leads to LokiBot

Figure 1: Infection Chain for the attack

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe-leads-lokibot/

TriCaster Mini Advanced – Now NDI-Enabled

lavfi-generated streams with ffmpeg

Figure 1: You can combine lavfi-generated streams to achieve all sorts of interesting effects.
REF: http://www.linux-magazine.com/Issues/2018/207/Tutorials-FFmpeg-Devices

TrendLabs: New Mobile Malware Uses Layered Obfuscation

Figure 1. Top countries where samples were detected; there were detections in other countries but they totaled less than 1%

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-mobile-malware-uses-layered-obfuscation-targets-russian-banks/

Implementing Digital Rights Management In-Kernel

...Pavel Machek specifically said that he couldn't see any case where a user would set the feature to anything other than "off." He also asked, "If kernel implements this, will it mean hardware vendors will have to prevent user[s] from updating the kernel on machines they own?" And wondered, "If this is merged, does it open kernel developers to DMCA threats if they try to change it?"

REF: http://www.linux-magazine.com/Issues/2018/208/Kernel-News

TrendLabs: Hacking Group Spies on Android Users in India

Figure 10. The chart above shows the connections between the C&C servers of PoriewSpy and DroidJack-built apps, and the suspected cyberespionage group. The green dots represent the current malicious samples. IPs colored in yellow are the ones used by the group in their previous campaign, while the ones in red are presumably the extension to the mobile platform.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-group-spies-android-users-india-using-poriewspy/

OpenBSD Errata: February 2nd, 2018 (kernel)

From: T.J. Townsend
Date: Sat, Feb 3, 2018 at 7:02 AM
Subject: OpenBSD Errata: February 2nd, 2018 (kernel)
To: announce@openbsd.org

Errata patches for a number of kernel issues have been released for
OpenBSD 6.2 and 6.1.

Specially crafted IPsec AH packets with IP options or IPv6 extension
headers could cause a crash or hang.

Processing IPv6 fragments could incorrectly access memory of an mbuf
chain that is not within an mbuf, which may cause a crash.

If the EtherIP tunnel protocol was disabled, IPv6 packets were not
discarded properly, which causes a double free.

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata pages:

  https://www.openbsd.org/errata61.html
  https://www.openbsd.org/errata62.html

As these affect the kernel, a reboot will be needed after patching.

Live Production, Camera and Broadcast Update of BlackMagic

New ATEM 4 M/E Broadcast Studio 4K

Proxmox virtualization manager / Cloudless

Figure 5: Proxmox 5.0 also includes a new replication stack based on ZFS but that only works asynchronously.
REF: http://www.admin-magazine.com/Archive/2017/42/Proxmox-virtualization-manager

TrendLabs: Malicious Chrome Extensions Found

Figure 1. Droidclub Infection Flow

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/