Featured Posts

<< >>

block ads in Mac OS X – mountail lion / lion/ snow leopard

no_ads

you can block most of the ads and pop ups from sites by blocking them in local DNS file simply open terminal and edit thisfile   $ sudo vi /private/etc/hosts

mac os x server file sharing not taking parent folder permission

The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even

Mount MAC OS X – HFS plus filesystem in Centos

from-hfs+-partition

However, it was an easy problem to solve #rpm –import http://elrepo.org/RPM-GPG-KEY-elrepo.org before downloading the required RPM file: – #rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm and installing the HFS+ drivers: – # yum install

Traceroute – starwars story

trace

[root@ajay ~]# traceroute 216.81.59.173 traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 38 byte packets 1 196-47-64-59 (196.47.64.59) 0.918 ms 0.948 ms 0.652 ms 2 196-47-64-66 (196.47.64.66) 1.223 ms 2.747 ms

How Do I Parse HTML Pages As PHP?

apache

You can tell apache to treat your .html pages as .php pages by adding the following line of code to your .htaccess file: AddHandler application/x-httpd-php5 .php .htm .html  The above

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

3.2 Million PCs Compromised in a Malware Campaign

 

Security researchers at Nordlocker have discovered that 1.2 terabytes of personal details and information were stolen through a customized malware strain which was largely spread through illegal software, including pirated games and a cracked version of Adobe Photoshop. 

Between 2018 and 2020 the malware had infected 3.2 million PCs and stole over 6 million files from infected Desktop and Downloads folders. The stolen files were mostly made up of three million text files, 900,000 image files, and 600,000+ Word files. Inside the treasure trove of stolen data were 1.1 million unique email addresses and 26 million login credentials, among other things.

“Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam," NordLocker said.

Researchers said cybercriminal gang accidentally revealed the location of the database containing the stolen data, and once NordLocker was privy, it worked with a third-party company that specializes in researching data breaches to evaluate the database's contents. 

Researchers warn that custom malware such as this is particularly dangerous, noting that they are “cheap, customizable, and can be found all over the web.” They note that custom malware can be purchased at very low prices and often include tutorials on how to use stolen data, meaning that individuals should be incredibly careful when accessing files online.

This particular malware campaign does not have a name, in part because it flew under the radar while active, then presumably disappeared. According to NordLocker, nameless (or custom) trojans like this one is hawked on the dark web in forums and private chats, sometimes for no more than $100.

"Their low profile often helps these viruses stay undetected and their creators unpunished...It's a booming market where the creator sells the malware, teaches the buyer how to use it, and even shows how to profit off the stolen data," NordLocker says. 

Nordlocker recommended using a variety of methods to keep yourself and your data safe, including clearing your cookies every month and only installing software from developer websites and well-known sources.

South Korea And Taiwan: McDonald Hit by a Data Breach

 

After unauthenticated activity on their system, the personal data of some consumers in South Korea and Taiwan were disclosed as McDonald's became the latest data breach affected firm. 

The attackers have obtained e-mails, telephone numbers, and delivery details, but consumer payment information was not included in the breach, the company claimed. On Friday, McDonald's also said that the event was swiftly recognized and managed as a comprehensive study was undertaken. 

The investigation discovered that the information from companies was breached in countries namely the U.S., South Korea, and Taiwan. 

McDonald's said the failure revealed certain corporate contact information for the US staff and franchisees and some information about locations such as seating capacity and the square footage of play areas in a message to U.S. employees. No customer information has been infringed in the US and the information regarding the employees in the United States that was exposed was not sensitive. The corporation urged employees and franchisees to keep an eye on phishing e-mails and request information from them. 

McDonald's said attackers obtained emails of consumers in South Korea and Taiwan along with their shipping numbers and addresses. McDonald's reported that hackers also took staff information of customers from Taiwan, particularly their names and contact information.

The F&B chain has indicated that its South Korea and Taiwan businesses have notified Asian regulators of the infringement and would also contact clients and staff. The officials said that its departments would also communicate probable unlawful access to the data to some South African and Russian staff. These countries were also flagged by the investigation. 

McDonald's asserted that the businesses at its restaurants were not impacted by the infringement and that there was no ransomware attack in which hackers asked for ransom to return data and transactions control to enterprises. McDonald's has declared that no ransom has been requested nor have they paid the hackers. 

McDonald's noted that its cybersecurity defense investment has expanded in recent years and that these mechanisms have helped them respond to the recent incident. Shortly after the breach was detected, the corporation announced it would shut hackers' access to data off. 

“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.

Iranian Hackers Attacked Websites of an African Bank and US Federal Library

 

According to Iran Briefing, hackers posing as Iranians targeted the websites of the Sierra Leone Commercial African Bank and the United States Federal Depository Library Program, by posting pro-Iranian remarks and graphics. 

The website of Sierra Leone Commercial Bank was found to be "H4ck3D IRANIAN HACKER" in Google search results. 

The words "hacked by Iranian hacker, hacked by shield Iran" were written in Twitter screenshots on a drawing of former IRGC Quds Force commander Qasem Soleimani, who was killed in a US airstrike. 

According to CBC News, the library program's website was updated with a bloodied picture of US President Donald Trump being punched in the face, as well as a message is written in Farsi and English that read "martyrdom was Soleimani's... reward for years of implacable efforts," and another caption that read "this is only a small part of Iran's cyber ability!" 

A spokesman from the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency verified the incident. Though the hack has still proven to be the activity of Iranian state-sponsored actors. 

The representative stated, “We are aware the website of the Federal Depository Library Program [FDLP] was defaced with pro-Iranian, anti-US messaging”. 

“At this time, there is no confirmation that this was the action of Iranian state-sponsored actors”. 

The website has been removed from the internet and is no longer accessible. In coordination with the FDLP and other government partners, the Cybersecurity and Infrastructure Security Agency (CISA) is keeping an eye on the situation. 

According to another senior US official, the defacement was a minor event carried out by Iranian sympathizers. Former US Secretary of State Mike Pompeo indicated at the time that a cyberattack by Iran against the US could be a possible retaliation. 

It's unclear whether the hackers had a government position or had any connection to Iran. The hack occurs at a time when tensions between the US and Iran are still high following the assassination of Qasem Soleimani, the chief of Iran's Revolutionary Guards Corps Quds Force, by a US strike in Baghdad on Jan. 2. 

Iran has already threatened retaliation for the assassination, implying that US assets and interests in the Middle East, as well as US allies, may be targeted.

Linux System Service Bug Allows You to Gain Root Access

 

An authentication bypass vulnerability in the polkit auth system service, which is installed by default on many recent Linux distributions, allows unprivileged attackers to gain a root shell. On June 3, 2021, the polkit local privilege escalation flaw (CVE-2021-3560) was officially identified, and a fix was released. Polkit is used by systemd, hence it's included in any Linux distribution that uses systemd. 

Kevin Backhouse, a GitHub security researcher, detailed how he discovered the bug (CVE-2021-3560) in a systemd service called polkit in a blog post on Thursday. The problem, which was first introduced in commit bfa5036 seven years ago and first shipped in polkit version 0.113, took various pathways in different Linux distributions. Despite the fact that many Linux distributions did not ship with the vulnerable polkit version until recently, any Linux machine with polkit 0.113 or later installed is vulnerable to attacks. 

Polkit, formerly known as PolicyKit, is a service that determines whether certain Linux tasks require more privileges than there are currently available. It comes into play when you want to establish a new user account, for example. According to Backhouse, exploiting the issue is shockingly simple, needing only a few commands utilizing common terminal tools such as bash, kill, and dbus-send. 

"The vulnerability is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request," explained Backhouse. Polkit asks for the UID of a connection that no longer exists, therefore killing dbus-send — an interprocess communication command – in the middle of an authentication request creates an error (because the connection was killed). 

"In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0," explains Backhouse. "In other words, it immediately authorizes the request because it thinks the request has come from a root process."

Because polkit's UID query to the dbus-daemon occurs numerous times throughout different code paths, this doesn't happen all of the time. According to Backhouse, those code pathways usually handle the error correctly, but one is vulnerable, and if the disconnection occurs while that code path is running, privilege escalation occurs. It's all about timing, which varies in unanticipated ways due to the involvement of various processes. Backhouse believes the bug's intermittent nature is why it went unnoticed for seven years.