Featured Posts

<< >>

block ads in Mac OS X – mountail lion / lion/ snow leopard

no_ads

you can block most of the ads and pop ups from sites by blocking them in local DNS file simply open terminal and edit thisfile   $ sudo vi /private/etc/hosts

mac os x server file sharing not taking parent folder permission

The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even

Mount MAC OS X – HFS plus filesystem in Centos

from-hfs+-partition

However, it was an easy problem to solve #rpm –import http://elrepo.org/RPM-GPG-KEY-elrepo.org before downloading the required RPM file: – #rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm and installing the HFS+ drivers: – # yum install

Traceroute – starwars story

trace

[root@ajay ~]# traceroute 216.81.59.173 traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 38 byte packets 1 196-47-64-59 (196.47.64.59) 0.918 ms 0.948 ms 0.652 ms 2 196-47-64-66 (196.47.64.66) 1.223 ms 2.747 ms

How Do I Parse HTML Pages As PHP?

apache

You can tell apache to treat your .html pages as .php pages by adding the following line of code to your .htaccess file: AddHandler application/x-httpd-php5 .php .htm .html  The above

Experts mentioned main loophole of Russian companies in cyber attacks

 According to experts of the cybersecurity company BI.ZONE (a subsidiary of Sberbank), the main reason for successful cyberattacks on Russian companies is an access control vulnerability that allows attackers to connect to an organization's systems and, as a result, then leads to data leakage.

"The vulnerability of access control was recognized as the main reason for unauthorized access to data of Russian companies. The company for strategic digital risk management BI.ZONE recorded this problem in 61% of organizations where they managed to gain access to confidential data," the company said.

According to BI.ZONE, this number was 67% last year. "A slight improvement may be due to an increase in the quality of creating in-house applications," experts say.

Yevgeny Voloshin, director of the BI.ZONE expert services unit, explained that attackers, having hacked the administrator's account, gain access to the company's systems and use this gap to steal data. At the same time, most often it is possible to crack the account by brute-force passwords.

"This problem lies in the incorrect division of access in internal corporate applications. For example, a regular user can also work with functions that should only be available to the administrator. Attackers, having hacked his account, connect to the internal infrastructure, and then use this gap for data theft and other fraudulent actions," notes Yevgeny Voloshin.

BI.ZONE experts recommend using complex passphrases with punctuation marks and other characters, rather than just a single word. Also, the vulnerability problem may be related to access to certain types of data without additional user authentication.

Earlier, E Hacking news reported that most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

GitHub Releases Key Findings of an Easy-to-Exploit Linux flaw

 

Kevin Backhouse, a researcher at GitHub Security Lab revealed the details of an easy-to-exploit Linux flaw that can be exploited to escalate privileges to root on the targeted system. The vulnerability, classified as highly critical and termed as CVE-2021-3560, affects polkit, a system service installed by default on many Linux distributions.

On Thursday, Kevin published a blog post explaining his findings, as well as a short video detailing the exploit in polkit. A local, unprivileged attacker can use the flaw to escalate privileges to root with only a few commands executed in the terminal. 

Security researchers have admitted the vulnerability termed CVE-2021-3560 impacts some versions of Red Hat Enterprise Linux, Fedora, Debian, and Ubuntu. On June 3, a patch for CVE-2021-3560 was released. 

“The bug I found was quite old. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently,” Backhouse stated.

“The bug has a slightly different history on Debian and its derivatives (such as Ubuntu) because Debian uses a fork of polkit with a different version numbering scheme. In the Debian fork, the bug was introduced in commit f81d021 and first shipped with version 0.105-26. The most recent stable release of Debian, Debian 10 (“buster”), uses version 0.105-25, which means that it isn’t vulnerable, ”Backhouse further added. 

Polkit is a system service developed for controlling system-wide privileges, creating a way for non-privileged processes to communicate with privileged processes. Backhouse described it as a service that plays the role of a judge, determining whether an action initiated by a user — specifically one that requires higher privileges — can be carried out directly or requires additional authorization, such as entering a password.

The vulnerability identified by the researcher is easy to manipulate, with just a few commands in the terminal. However, due to some timing requirements, it normally takes a few attempts for the exploit to be successful.

CVE-2021-3560 allows an unprivileged local hacker to gain root privileges. It’s very simple and quick to exploit, so users must update their installations as quickly as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04.

Objectives for Ransomware Attack Against Nuclear Contractor Sol Oriens Remain Unknown

 

New Mexico-based government contractor Sol Oriens was attacked by the Russian REvil ransomware group that sparked worries in the national security community, because of the company's work with the Department of Energy's National Nuclear Security Administration.

However, the motives for the attack remain unknown. Sol Oriens confirmed it was targeted in May, according to CNBC's Eamon Javers, and the corporation stated no sensitive or important security-related material was compromised. The company's website remained down as of Friday, and Mother Jones reported that it had been down since June 3. Sol Oriens has yet not confirmed if the attack was ransomware. 

According to Michael DeBolt, senior vice president of intelligence at Intel 471, Sol Oriens was targeted by REvil, the same group that was accused of targeting meat manufacturer JBS. 

“From the REvil blog, all indications are that Sol Oriens was a target of opportunity, and not of design tied to some state-sponsored entity,” DeBolt stated. 

“However the sensitive nature of this particular victim did not elude the REvil operators and affiliates responsible for the attack. In fact, they explicitly threatened to reveal ‘documentation and data to military agencies of our choice [sic]’ and shared proof by way of screenshots on their name and shame blog. Even so, these actors primarily remain financially motivated.” 

According to Gary Kinghorn, senior director of marketing and alliances at Tempered Networks, the vulnerability of the information in this breach appears to be less than catastrophic if it was restricted to personal information and contacts, but there's no way of knowing if it went further than that. The goals of this attack, according to Kinghorn, are clearly useful to geopolitical opponents, and enterprises must be aware of the immense sophistication and resources behind these operations, regardless of purpose. 

Kinghorn added, “Organizations, particularly those holding DoE-class information and secrets, have to realize that yesterday’s security tools are no longer enough and are too error-prone to justify.” 

“The National Security Agency has already strongly suggested that government agencies move to zero trusts and even ensure encryption of all data in motion. These advanced steps can effectively make networks unhackable. However, right now, organizations are still weighing the costs and ROI until they get exposed like this to make changes.”

CD Projekt Red Confirmed that its Data is Disseminated Online

 

The company alleges the hacked information stolen from the CD project is being distributed online. The company behind Cyberpunk 2077 and The Witcher 3 claim that they cannot verify the actual details of the information shared but they believe that the stolen data relates to their games, contractors, and both current and past employees. 

Earlier in this year, it faced a ransomware attack, which “gained access to our internal network, collected certain data belonging to CD PROJEKT Capital Group and left a ransom note,” by a threat group (which was considered to be the HelloKitty Gang), the company said. 

The ransomware encrypted the system for the organization too, but CD Projekt Red managed to restore all the data from the backup — making stolen data the actual problem. 

The threat of "double extortion" has been increased by Ransomware groups, with a warning that if the victims do not pay, they will Auction stolen data. Many also maintain sites with "name and shame" title that operators use to publish leaked victims' information who was not able to pay the ransom. 

And the cybercriminals stated that they had "dumped full copies" of Cyberpunk 2077's, Gwent's, Witcher 3's and Witcher's "unreleased version;" and acquired the sensitive company information about bookkeeping, administration, HR, investor relations, law, and more. 

“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” according to a note. 

In a late Thursday statement, CD Projekt Red stated that its security staff “now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet.” 

The report further states, “though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.” 

This incidence is not different after updated ransomware playbook 'breach, extract, encrypt, offer,' "Dirk Schrader, global security research Vice President at New Net Technologies (NNT), has remarked. However, he added, “It was some sort of luck on CD Projekt Red’s side that – as far as we know – no customer data was involved, because if so the story would have evolved in very different ways. ”

It is worth noting that ransomware gang has fulfilled its pledge to auction off the company's data beforehand, where in February on the well-known Russian-language underground forum 'Exploit' the source code for Cyberpunk 2077 and its previously unreleased version of Witcher 3 were allegedly on sale. 

The lot was sold one day later, and though cyber investigators established the presence of the auction, they could not check for the quantity or veracity of what was sold. The auction demanded an opening offer of $1 million.

Lately, threat actors posted approximately 300GB of data that reportedly belongs to the CD Projekt Red on the Payload.bin data leak site. 

“Digital Shadows has seen several attempts to either sell or expose data related to CD Projekt Red since February, with unconfirmed actors first trying to auction game and other internal company data on a well-known Russian language forum,” Sean Nikkel, senior cyber-threat intel analyst at Digital Shadows said. 

The company added, “regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”

Emails and Passwords of Government Officials Exposed due to Data Breaches

 

Hundreds of Union government officials' emails and passwords have been exposed to hackers as a result of recent data breaches of Air India, Domino's, and Big Basket, according to the government. The Hindu obtained a copy of an internal document that stated that compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats because they are being exploited by "adversaries" to send malicious emails to all government users. 

A malicious web link provided on WhatsApp and SMS days after the alert was sent on June 10 targeted many government offices, including Defence Ministry officials, requesting them to update their vaccination status. The message directed officials to https://covid19india.in to generate a digital certificate of COVID-19 inoculation, forwarding them to a page called "@gov.in," which looks similar to the government website mygov.in, and asking for their official e-mail and password. 

According to cyber expert Rajshekhar Rajaharia, the website was hosted in Pakistan in June. “The page mentioned @nic.in email IDs to make the official believe it is a government page. The purpose seemed to be getting the e-mails and passwords of only government officials and get unauthorised access to government systems, the page does not accept any other domain such as gmail.com,” said Mr. Rajaharia. 

On May 15, Air India informed passengers that its passenger service system, which is provided by multi-national IT company SITA, was the target of a sophisticated cyber-attack in the last week of February that affected nearly 45 lakh “data subjects” worldwide who registered between August 26, 2011 and February 3, 2021. Officials from the government are frequent travellers on Air India. 

The alert sent to officials said, “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious mails to all gov email users. It may please be noted that largely these are name based email IDs which are available with the malicious actors.” 

On March 1, the Union Power Ministry announced that multiple Indian power centres had been targeted by “state-sponsored” Chinese cyber gangs. Recorded Future, a cyber security and intelligence organization based in the United States, determined that Chinese state-sponsored actors may have infiltrated Indian power grids and seaports with malware.