Featured Posts

<< >>

block ads in Mac OS X – mountail lion / lion/ snow leopard

no_ads

you can block most of the ads and pop ups from sites by blocking them in local DNS file simply open terminal and edit thisfile   $ sudo vi /private/etc/hosts

mac os x server file sharing not taking parent folder permission

The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even

Mount MAC OS X – HFS plus filesystem in Centos

from-hfs+-partition

However, it was an easy problem to solve #rpm –import http://elrepo.org/RPM-GPG-KEY-elrepo.org before downloading the required RPM file: – #rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm and installing the HFS+ drivers: – # yum install

Traceroute – starwars story

trace

[root@ajay ~]# traceroute 216.81.59.173 traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 38 byte packets 1 196-47-64-59 (196.47.64.59) 0.918 ms 0.948 ms 0.652 ms 2 196-47-64-66 (196.47.64.66) 1.223 ms 2.747 ms

How Do I Parse HTML Pages As PHP?

apache

You can tell apache to treat your .html pages as .php pages by adding the following line of code to your .htaccess file: AddHandler application/x-httpd-php5 .php .htm .html  The above

Cloud-Delivered Malware Increased 68% in Q2, Netskope Reports

 

Cybersecurity firm Netskope published the fifth edition of its Cloud and Threat Report that covers the cloud data risks, menaces, and trends they see throughout the quarter. According to the security firm report, malware delivered over the cloud increased 68% in the second quarter.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

“Collaboration apps and development tools account for the next largest percentage, as attackers abuse popular chat apps and code repositories to deliver malware. In total, Netskope detected and blocked malware downloads originating from 290 distinct cloud apps in the first half of 2021." 

Cybersecurity researchers explained that threat actors deliver malware via cloud applications “to bypass blocklists and take advantage of any app-specific allow lists.” Cloud service providers usually eliminate most malware instantly, but some attackers have discovered methods to do significant damage in the short time they spend in a system without being noticed.

According to the company's researchers, cloud storage apps account for more than 66% of cloud malware distribution. Approximately 35% of all workloads are also susceptible to the public internet within AWS, Azure, and GCP, with public IP addresses that are accessible from anywhere on the internet.

“A popular infiltration vector for attackers” are RDP servers which were exposed in 8.3% of workloads. Today, the average company with 500-2,000 employees uses 805 individual apps and cloud services, 97% of which are unmanaged and often free by business units and users.

According to Netskope's findings, employees leaving the organization upload three times more data to their personal apps in the last 30 days of employment. The uploads are leaving company data exposed because much of it is uploaded to personal Google Drive and Microsoft OneDrive, which are popular targets for cybercriminals. 

As stated by chief security scientist and advisory CISO at ThycoticCentrify Joseph Carson, last year’s change to a hybrid work environment requires cybersecurity to evolve from perimeter and network-based to cloud, identity, and privileged access management. 

Organizations must continue to adapt and prioritize managing and securing access to the business applications and data, such as that similar to the BYOD types of devices, and that means further segregation networks for untrusted devices but secured with strong privileged access security controls to enable productivity and access,” Carson said.

GitHub Brings Suite of Supply Chain Security Features to Go

 

GitHub has released a number of supply chain security updates for Go programming language modules.

In a blog post published on July 22, GitHub staff product manager William Bartholomew stated that Go — also known as Golang is now firmly ingrained in the top 15 programming languages on the platform and that as the most famous host for Go modules, GitHub intends to assist the community in discovering, reporting, and preventing security vulnerabilities. 

Go modules were launched in 2019 to help with dependency management. As per the Go Developer Survey 2020, Go is now utilized in the workplace in some form by 76 percent of respondents. 

Furthermore, Go modules are becoming more popular, with 96 percent of those polled indicating they use them for package management, up 7% from 2019, and 87 percent saying they use exclusively Go modules for this reason. 

According to the results of the survey, the usage of other package management solutions is declining. As per GitHub, four major aspects of supply chain security enhancement are now available for Go modules. 

The first is GitHub's Advisory Database, an open-source repository of vulnerability information that presently has over 150 Go advisories at the time of publication. Developers can also use the database to get CVE IDs for newly identified security flaws. 

"This number is growing every day as we curate existing vulnerabilities and triage newly discovered ones," Bartholomew added. 

GitHub has also released its dependency graph, which can be used to track and evaluate project dependencies using go.mod, as well as warn users when risky dependencies are discovered. In this version, GitHub has also introduced Dependabot, which will notify developers when new security flaws in Go modules are identified.

To fix vulnerable Go modules, automatic pull requests can be enabled, and notification settings have been enhanced for fine-tuning. According to Bartholomew, repositories are enabled to automatically create pull requests for security updates, dependencies patch up to 40% faster than those that do not.

Misconfigured Argo Workflows Instances Employed for Attacking Kubernetes Clusters

 

Intezer has discovered new Kubernetes cluster attack vectors using misconfigured instances of Argo Workflows. Threat actors have already been benefitted from this vector as researchers have noticed the use of such a wild way for the operators dropping crypto miners. 

Argo Workflows is an open-source workflow system that can be used for coordinating parallel operations at the Kubernetes region, which enables computer-intensive activities such as machine education and big data processing to accelerate processing time. It is also used in general to facilitate the installation of containers. 

Meanwhile, Kubernetes is a popular cloud engine for container orchestration. It is an open-source framework that enables automated containerized workloads, services, and applications deployed, scale and managed over hosts clusters. 

According to the investigation by Intezer, malware controllers drop encryption devices through Argo into the cloud, because certain instances are publicly visible through dashboards that require no authentication from outside users. Through these malfunctioning permissions, actors at risk can run unauthorized code within the environment of the target. 

Intezer security researchers, Ryan Robinson and Nicole Fishbein wrote a report documenting the intrusion and noted they had already detected infected nodes. Both indicated the attacks were serious, considering hundreds of misconfigured deployments had occurred and crypto miners like the Kannix/Monero miner were discovered by this attack vector. 

"We have detected exposed instances of Argo Workflows that belong to companies from different sectors including technology, finance, and logistics. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. Argo Workflows instances with misconfigured permissions allow threat actors to run unauthorized code on the victim's environment," Robinson and Fishbein said. 

Confidential information such as code, credentials, and picture names in private containers may be included in the exposed instances. Researchers also noticed that permissions that allow visitors to deploy workflows in several instances are configured. They have also discovered that threat actors target some nodes that are wrongly installed.

According to researchers, the "Kannix/ Monero-miner," demands very little skill to use, and further this study indicates that other security teams have identified major crypto-currency mining operations against the clusters of the Kubernetes. 

"In Docker Hub, there are still several options for Monero mining that attackers can use. A simple search shows that there are at least 45 other containers with millions of downloads," the study said. 

Fishbein and Robinson recommend users browse the Argo Workflows dashboard using an unauthenticated incognito browser outside corporate situations to check for misplacements. Executives can also request the API for an instance and inspect the status code.

Misconfigured Argo Workflows Instances Employed for Attacking Kubernetes Clusters

 

Intezer has discovered new Kubernetes cluster attack vectors using misconfigured instances of Argo Workflows. Threat actors have already been benefitted from this vector as researchers have noticed the use of such a wild way for the operators dropping crypto miners. 

Argo Workflows is an open-source workflow system that can be used for coordinating parallel operations at the Kubernetes region, which enables computer-intensive activities such as machine education and big data processing to accelerate processing time. It is also used in general to facilitate the installation of containers. 

Meanwhile, Kubernetes is a popular cloud engine for container orchestration. It is an open-source framework that enables automated containerized workloads, services, and applications deployed, scale and managed over hosts clusters. 

According to the investigation by Intezer, malware controllers drop encryption devices through Argo into the cloud, because certain instances are publicly visible through dashboards that require no authentication from outside users. Through these malfunctioning permissions, actors at risk can run unauthorized code within the environment of the target. 

Intezer security researchers, Ryan Robinson and Nicole Fishbein wrote a report documenting the intrusion and noted they had already detected infected nodes. Both indicated the attacks were serious, considering hundreds of misconfigured deployments had occurred and crypto miners like the Kannix/Monero miner were discovered by this attack vector. 

"We have detected exposed instances of Argo Workflows that belong to companies from different sectors including technology, finance, and logistics. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. Argo Workflows instances with misconfigured permissions allow threat actors to run unauthorized code on the victim's environment," Robinson and Fishbein said. 

Confidential information such as code, credentials, and picture names in private containers may be included in the exposed instances. Researchers also noticed that permissions that allow visitors to deploy workflows in several instances are configured. They have also discovered that threat actors target some nodes that are wrongly installed.

According to researchers, the "Kannix/ Monero-miner," demands very little skill to use, and further this study indicates that other security teams have identified major crypto-currency mining operations against the clusters of the Kubernetes. 

"In Docker Hub, there are still several options for Monero mining that attackers can use. A simple search shows that there are at least 45 other containers with millions of downloads," the study said. 

Fishbein and Robinson recommend users browse the Argo Workflows dashboard using an unauthenticated incognito browser outside corporate situations to check for misplacements. Executives can also request the API for an instance and inspect the status code.

1.2 Million Aussies Suffered when Uber was Breached in 2016

 

Uber infringed on the privacy of more than 1 million Australians in 2016, according to the Office of the Australian Information Commissioner (OAIC). Personal data of an estimated 1.2 million Australian customers and drivers was accessed from a breach in October and November 2016, Australia's Information Commissioner and Privacy Commissioner Angelene Falk said on Friday that US-based Uber Technologies Inc and Dutch-based Uber B.V. failed to adequately protect it.

In late 2017, it was revealed that hackers had stolen data on 57 million Uber users throughout the world, as well as data on over 600,000 Uber drivers. Uber hid the breach for over a year and paid the hacker to keep it hidden instead of notifying individuals affected. OAIC said its investigation focused on whether Uber had preventative measures in place to secure Australians' data, even though Uber compelled the attackers to destroy the data so that there was no evidence of future exploitation. 

The Uber company, according to Falk, violated the Privacy Act 1988 by failing to take reasonable precautions to protect Australians' personal information from unauthorized access and destroy or de-identify the data as required. She also claimed that the tech giant failed to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the Australian Privacy Principles (APP). 

"Rather than disclosing the breach responsibly, Uber paid the attackers a reward through a bug bounty program for identifying a security vulnerability," the determination says. "Uber did not conduct a full assessment of the personal information that may have been accessed until almost a year after the data breach and did not publicly disclose the data breach until November 2017." 

Falk said the case presented complicated questions about how the Privacy Act applies to firms situated overseas that outsource the handling of Australians' personal information to other companies within their corporate group. "Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred overseas within the corporate group," she added. 

Uber agreed to pay $148 million in a US settlement over the incident in September 2018 and was fined over £900,000 by the UK and Dutch regulators a few months later for the 2016 data breach. In October 2019, two men pled guilty to the hack, and US authorities accused Uber's former chief security officer in August 2020 of the cover-up. "We learn from our mistakes and reiterate our commitment to continue to earn the trust of users," an Uber spokesperson said.