[USN-3531-3] intel-microcode update

Software Description:
- intel-microcode: Processor microcode for Intel CPUs

Details:
Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

This update provides the corrected microcode updates required for the
corresponding Linux kernel updates.

References:
  https://usn.ubuntu.com/usn/usn-3531-3
  https://usn.ubuntu.com/usn/usn-3531-1
  CVE-2017-5715

TrendLabs: ChessMaster Adds Updated Tools to Its Arsenal

Figure 1. Infection Chain for the current ChessMaster campaign

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/

WordPress plans

Upgrading to a plan unlocks a ton of features that can help you get more visitors to your site and drive business. Plans include a custom domain, customizable CSS, responsive customer service, and additional storage for photos and documents. One of our plans even offers the ability to import any WordPress theme or plugin of your choice. Watch this video to find out more about what features you can add to your site.

REF:

Introducing The New Trello Power-Ups Directory

To access the directory, on your Trello board go to Menu > Power-Ups, and you are instantly taken to a whole new integrated world. 

REF: https://blog.trello.com/trello-power-ups-directory

Trendlabs: Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers

Figure 1. Network intrusion attempts observed from the cryptocurrency-mining campaign
(December 2017 to mid-March 2018)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/

Plex: Chromecast gets a new look

USN-3596-1: Firefox vulnerabilities

It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133)

It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143)

REF: https://usn.ubuntu.com/3596-1/

TrendLabs: Pop-up Ads and Over a Hundred Sites are Helping Distribute Botnets, Cryptocurrency Miners and Ransomware

Figure 1. Pop-up ad on file-sharing site leads to ICLoader download page (right)

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/pop-up-ads-and-over-a-hundred-sites-are-helping-distribute-botnets-cryptocurrency-miners-and-ransomware/

NewTek: Harvard Students Game-Ready for Live Sports Production

NewTek at NAB 2018

See the Future. Take the Lead. Start Now.
REF: newtek.com

New Check_MK stable release 1.4.0p27

---------- Forwarded message ----------
From: Check_mk Announcements 
Date: Wed, Mar 21, 2018 at 3:24 AM

Changes in all Check_MK Editions:

WATO:
* 5719 FIX: The Start URL is now configured optionally for new users
* 5881 FIX: Tag condition editor could show wrong tag selection after submission
* 5886 FIX: Improved performane of "ineffective ruleset" searching
* 5874 FIX: Improved diagnose logging for WATO integrated Git
* 5875 FIX: Git: Fixed error "git add --all ... is outside repository" with older git versions
* 5889 FIX: Fixed visible HTML tag in WATO folder permission error message
* 5905 FIX: Configured "Receive fallback notifications" attribute of users was not displayed correctly

User interface:
* 5879 FIX: Dashboard: View dashlets were not applying row limits
* 5904 FIX: Add view name to view permission help text and mobile prefix for mobile views

HW/SW inventory:
* 5776 FIX: win_reg_uninstall: Fixed transposed month and day fields of dates which caused 'Inventory failed: unconverted data remains'

Event console:
* 5751 FIX: Add contact group contacts of EC rule if host is not a core host

Checks & agents:
* 5910 FIX: ups_cps_outphase: Fixed decimal place in current outphase
* 5749 FIX: tcp_conn_stats: use ss by default if present otherwise fall back to cat /proc/net/tcp
* 5911 FIX: mem.linux: Fixed Perf-O-Meter displaying wrong usage if swap is used
* 5710 FIX: jolokia_generic.string: Fix broken parameter handling
* 5909 FIX: fortigate_sessions, fortigate_cpu: Fixed duplicated discovery if needed information is at two places
* 5876 FIX: fileinfo_groups: Increased size of input fields
* 5711 FIX: cisco_mem_asa64: Fix incorrect labelling of graph
* 5712 FIX: cisco_mem, cisco_mem_asa, cisco_mem_asa64: No longer crash when total memory is reported as 0.
* 5748 FIX: cisco_cpu, cisco_nexus_cpu: improve snmp_scan_functions
NOTE: Please refer to the migration notes!
* 5788 FIX: check_bi_aggr: no longer reports "SubjectAltNameWarning" when initiating connection
* 5919 FIX: Windows agent crashed with a lot of transport protocols available
* 5792 FIX: Agent Encryption: No longer trying to decrypt all incoming tcp data when a "Encryption" rule with an arbitrary value was set

Other components:
* 7516 FIX: diskspace cleanup: now also deletes any connected .info file when removing a rrd file

You can download Check_MK from our download page:
 * http://mathias-kettner.de/check_mk_download.html

Using FreeBSD as a File Server With ZFS

Module 1: FREEBSD and ZFS
Introduction to ZFS under FREEBSD

• Why ZFS on FREEBSD?
• ZFS features and concepts

Module 1 exercises:

• Execute ZFS commands to check status of pools and metadata
• Create a single disk pool

Module 2 title:  ZFS Administration
Module 2 description: Cover the commands and features to administrate ZFS volumes

• Create, destroy, list pools
• Zpools: single, mirrored, raid
• Understand ZFS properties

Module 2 exercises:

• Get and set properties
• Set Disk Quotas

Module 3 title: Putting it all to work: Hosting our files using ZFS
Module 3 description: With the previous acquired knowledge, create a plan on how to organize our files and pools to host our files.

• Set ZFS properties based on the content of the files to host
• ZFS tuning
• Create a File Server using our pools

Module 3 exercises:

• Explore ZFS features using hosted content on a pool
• Serving content
• Check ZFS performance

About the Instructor:

Carlos Antonio Neira Bustos has worked about ten years as a software developer, porting and debugging enterprise legacy applications in several languages, like C, C++, Java, Common Lisp, Clojure and Python. He is currently employed as a software developer under Z/OS, debugging and troubleshooting legacy applications for a global financial company. 

 REF: https://bsdmag.org/course/using-freebsd-as-a-file-server-with-zfs-2/

How To Beat Decision Fatigue With Better Brain Habits

You wake up every morning with decisions to make: What to wear, what to eat, and of course the perennially difficult decision of heading to the gym or remaining burrowed in your warm bed. These are all important decisions that set the tone of a productive morning and day. And once you clock into work, the decision flood gates open. By the time you’re winding down for the night, you’ve made an average of 35,000 decisions!

REF: https://blog.trello.com/beat-decision-fatigue-with-better-brain-habits

TrendLabs: March Patch Tuesday Fixes 75 Security Issues

• CVE-2018-0886 — a remote code execution (RCE) vulnerability in Microsoft’s Credential Security Support Provider protocol (CredSSP), a network-level authentication for remote desktop services. Remote desktop protocol (RDP) and Windows Remote Management (WinRM), which allows operating systems to interoperate and enables PowerShell remoting, also use it. Exploiting this flaw can let attackers conduct man-in-the-middle attacks to execute remote code and ultimately gain a foothold in targeted systems and servers in the network. Apart from applying the patch, system administrators are also recommended to adopt best practices for using remote desktop clients (i.e., setting group policies, restricting permissions, etc.).
• CVE-2018-0940 — an elevation-of-privilege flaw in Microsoft Exchange’s Outlook Web Access (OWA), and entails links not being properly sanitized. Attacks that exploit this involve sending phishing emails and superimposing the OWA interface with a fraudulent login page to trick unwitting victims into disclosing credentials or other personal information.
• CVE-2018-0930 — a memory corruption flaw in how the Chakra scripting engine handles objects in memory in Edge. Successfully exploiting the vulnerability will enable the hacker to gain the same rights as the current user. And if the user has administrative privileges, the attacker can hijack the system, install programs, read, modify or delete data, and create accounts. Web-based attacks include creating and hosting or compromising a website exploiting the flaw then enticing victims to visit it.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/march-patch-tuesday-fixes-75-security-issues-drops-registry-key-requirement-in-windows-10/

Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web

The inventor of the world wide web warns over concentration of power among a few companies ‘controlling which ideas are shared’

REF: https://www.theguardian.com/technology/2018/mar/11/tim-berners-lee-tech-companies-regulations

TrendLabs: Tropic Trooper’s New Strategy

Figure 1. Attack chain of Tropic Trooper’s operations
REF:  https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/

[USN-3592-2] ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202)

 Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085)

References:
  https://usn.ubuntu.com/usn/usn-3592-2
  https://usn.ubuntu.com/usn/usn-3592-1
  CVE-2018-0202, CVE-2018-1000085

Deploying an Office/Workgroup Server on FreeBSD

Using FreeBSD as a server for common office task is easy and an approachable task even for users without extensive knowledge of its internals. In this workshop, you will learn: how to bring up a functioning server for a small office or workgroup, which includes a small web server, e-mail with Postfix for SMTP, Dovecot for IMAP and RoundCube for the “webmail” user interface, Samba for local file sharing (CIFS / Windows Networking / Network neighbourhood) and Pydio for remote file access over the web. The requirements for this workshop are a basic knowledge of Unix or Linux systems, a basic familiarity with command-line operations, and a system (possibly a virtual machine) on which you will perform the required tasks. INSIDE Module 1 (W02M01) Module 1 – Introduction and server setup – Part 1 (W02M02) Module 1 – Introduction and server setup – Part 2 (W02M03) Module 1 – Introduction and server setup – Part 3 Module 2 (W02M04) Module 2 – Installing a web server and a file sharing web application – Part 1 (W02M05) Module 2 – Installing a web server and a file sharing web application – Part 2 (W02M06) Module 2 – Installing a web server and a file sharing web application – Part 3 Module 3 (W02M07) Module 3 – Installing the e-mail servers and the webmail interface – Part 1 (W02M08) Module 3 – Installing the e-mail servers and the webmail interface – Part 2 (W02M09) Module 3 – Installing the e-mail servers and the webmail interface – Part 3 Module 4 (W02M10) Module 4 – Local file sharing and firewall – Part 1 (W02M11) Module 4 – Local file sharing and firewall – Part 2 (W02M12) Module 4 – Local file sharing and firewall – Part 3 (W02M13) Course Materials

REF: https://bsdmag.org/course/deploying-on-office-workgroup-servers-on-freebsd-2/

NewTek: IP Ubers to Remote Video Production

IP Ubers to Remote Video Production A costly aspect of sports production is the need to cover so many venues in so many locations. Until very recently, the necessary solution was to create production studios on wheels. Sizes range from vans with modest production systems for schools, colleges and local channels, to massive trucks or trailers housing network broadcast-level equipment and large crews of specialist-operators. Read more

Debian won Linux Journal's Readers' Choice Award for Best Linux Distribution!

REF: https://bits.debian.org/2018/02/debian-linuxjournal-readers-choice-award.html

OpenVPN 2.4.5 released

---------- Forwarded message ----------
From: Samuli Seppänen
Date: Thu, Mar 1, 2018 at 10:59 PM
Subject: [Openvpn-announce] OpenVPN 2.4.5 released
To: "openvpn-devel@lists.sourceforge.net" , "openvpn-users@lists.sourceforge.net" , openvpn-announce@lists.sourceforge.net

The OpenVPN community project team is proud to release OpenVPN 2.4.5. It
can be downloaded from here:



This release includes a large number of fixes and enhancements. One of
the biggest changes is that 2.4.5 Windows installers bundle OpenSSL
1.1.0 instead of OpenSSL 1.0.2 by default. The Windows installer also
comes with OpenVPN GUI (11.10.0.0) that has a large number of fixes and
improvements. Some easy-rsa 2 fixes are also included.

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:



Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

A summary of all included changes is available here:



A full list of changes is available here:



Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:



The new OpenVPN GUI features are documented here:



Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:

Wiki:
Forums:
User mailing list:
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki:
Developer mailing list:
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce

Check_MK: Docker Monitoring

Package	docker
Version	1.2.4
Author	lars.getwan@metrosystems.net
Uploaded	2017-10-24 13:31:01
Description	Contains plugins and checks to monitor Docker Service, Containers and Images. Prerequisite: pip install docker (Version 2.5.1 or newer) 1.2.1: The package is now compatible with CMK 1.4.0, too. 1.2.2: The plugin can now handle images without RepoTags (which were used as item name before) 1.2.3: Now compatible with CRE versions & more fault tolerant, esp. on heavily loaded machines 1.2.4: Bugfixes
Website	https://www.metroag.de/marken/servicegesellschaften/metro-systems
Minimal Version	1.2.8
Packet with	1.2.8p22
Filesize	6.61k
Content	agents/bakery/check_docker agents/plugins/check_docker checkman/docker_containers checkman/docker_images checkman/docker_info checks/docker_containers checks/docker_images checks/docker_info web/plugins/metrics/docker_containers.py web/plugins/metrics/docker_images.py web/plugins/wato/agent_bakery_docker.py
Checksum (MD5)	790bd8571b0eedd4ddc97bbf6393b3c5
Downloads	845

REF: https://mathias-kettner.com/check_mk_exchange_file.php?HTML=yes&file=docker-1.2.4.mkp

NewTek 3Play 3P1

REF: https://www.newtek.com/store/

5 things to look for when buying DAM software

REF: https://www.resourcespace.com/download?wp=6

TrendLabs: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters

Figure 1. Components of a modern CPU, showing the cores and L3 cache
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/detecting-attacks-that-exploit-meltdown-and-spectre-with-performance-counters/

Firefox 57 “Quantum”, Faster and Higher

The new Firefox is described as twice as fast as the version released a year ago, with a 30 percent savings in memory usage. In addition, Firefox 57 is supposed to be as fast as Google Chrome.

REF: http://www.linux-magazine.com/Issues/2018/209/Web-Performance

Learn How to Develop Applications in Python

Why Python and why Python 3 Python has been around for quite some time now. It has become a widely used programming language very popular with machine learning for example. In this course, we will teach you to start using the language, but jump really fast to more complex examples. Hence, if you are not familiar with Python, maybe you should consider looking into Practical Python 3.6 - Learn to Program using Python. INSIDE Module 1 (Module 1 will be available online on Monday, the last changes are incorporated) Why Python and why Python 3 Introduction to Python programming language Python 3 and why you should use it Why Python is widely used (machine learning, etc.) Hands On Install python 3 Install and use virtualenv Right tools for development Editors PEP8 Pylint Testing and TDD Skills acquired after module 1: A better understanding of the language, including how to install it. Creating virtualenvs Creating a python file and tests Module 2 Starting a new app Defining the app Using version control: creating a repo in github Structure your python package (http://docs.python-guide.org/en/latest/writing/structure/) Explain the several config parameters of the setup.py Config file Parsing Skills acquired after module 2: Knowing what you are doing before doing it Creating a repository and commit to your code Starting a python package with the needed structure for packaging it later Understanding the package components Module 3 App Development Command line argument parsing Config file Exporting data (csv, text) Accessing an external REST api Skills acquired after module 3: Creating a binary that can parse command line arguments Using a config file with the app Saving files in csv Reading data from an REST api Module 4 Testing the App Create tests for the app Skill acquired after module 4: Testing the app to guarantee that it works as intended Module 5 Final Exam This test is made up of 20 questions in total. You can take as long as you need to answer each question.

Plex Live TV & DVR for sports!

You don’t have to miss out on any of your highly-anticipated matches or games when you cut the cord. With Plex Live TV & DVR, all you need is a supported antenna and tuner to watch any of the games broadcasted free over-the-air. Our easy-to-use program guide and powerful search help you easily find matches you want—to watch live on any device, or record for later—AND time shift, or get rid of commercials. All of this in HD glory (where available)! Don’t miss out!

REF: https://www.plex.tv/ad/sports/

Azure offers for SUSE Linux Enterprise Server (SLES)

Microsoft and SUSE are implementing a few changes to SUSE Linux Enterprise Server (SLES) virtual machine (VM) offers on Azure. These changes improve the clarity of the different SLES offers in respect to the support provided, and will be effective on April 2, 2018. 
 

✓	Basic VM Support Hours for SLES are available on Azure at no extra charge for all VM families.
✓	The Premium VM Support Hours for SLES will be renamed “Priority VM Support Hours” to improve the clarity of the support offer.
✓	The SLES offerings for SAP will also be renamed to Priority, with no changes in pricing.
✓	The legacy SLES offers named XS, M, L, XL, and A9 will be renamed to reflect the actual number of cores: 1, 2, 4, 8, and 16 cores, respectively.

For more detailed information, learn more on the SUSE Linux Enterprise Server (SLES) Name Change webpage. 

TrendLabs: Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia

Figure 12. When the threat actor discovers the researcher via an improper request

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/

DebConf18 in Hsinshu

The organisation of DebConf18 (Hsinshu, Taiwan, 29 July–5 August 2018)
is going on. DebConf18 will be preceded by one week of DebCamp,
Saturday, July 21 through Friday, July 27. The Call for Proposals [39]
was published on 7 February 2018. You can now sign into the website [40]
and submit an event, or write to the content team at
<content@debconf.org> [41] to suggest an invited speaker. Talk proposals
must be submitted by Sunday 17 June 2018 at the latest. Registration
will open soon and you can subscribe to debconf-announce [42] to be
notified when registration opens. Bursary applications will be available
together with registration and must be submitted by 13 April. As of now,
eleven companies or organisations have decided to support the event, and
DebConf18 is still accepting [43] sponsors; visit its website [44] for
more details.

   39: https://bits.debian.org/2018/02/debconf18-cfp.html
   40: https://debconf18.debconf.org/
   41: content@debconf.org
   42: https://debconf18.debconf.org/about/registration/
   43: https://bits.debian.org/tag/debconf18.html
   44: https://debconf18.debconf.org

NIST Cybersecurity framework

• identify  protect detect respond recover
• exploit code determines effectness
• E-mail, web isolation -> docker as rendering proxy
• SOC vs CISRT (CERT)
• Indicator of Compromise (IOC, pattern, hash based)
• Indicator of Attack (IOA, malicious behavior checks)