▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔐 How to add and remove GPG key on Ubuntu:

A) )What is a GPG key?
The G) is free software that provides cryptographic protecGPG key (which stands for Gnu Privacy Guard, aka GnuPtion of sensitive data and authentication.

It allows users to communicate securely using public key cryptography.

B ) ) How does a GPG key work in a repository?
All packages are signed with an accompanying private / public key pair.

The user's private key is kept secret and the public key can be shared with anyone the user wants to communicate with.

Each time you add a new repository to your system, you must also add the repository key so that the APT Package Manager trusts the newly added repository.

Once you've added the repository keys, you can ensure that you get the packages from a trusted source.

C ) ) How do I list the keys of a repository?
apt-key is used to manage the list of keys used by apt to authenticate packages.

Trusted keys are stored in the following locations:

/etc/apt/trusted.gpg - a bunch of local trusted keys, new keys will be added here.
/etc/apt/trusted.gpg.d/ - File fragments for trusted keys, additional keychains can be stored in this location.
Use the following command to list the trusted keys with figprints:

$ sudo apt-key list


/etc/apt/trusted.gpg

D ) ) How do I delete repository keys?
You can delete the repository key if it is no longer needed or the repository has already been removed from the system.

It can be removed by entering the fully quoted key as shown below (which has a hexadecimal value of 40 characters).

$ sudo apt-key del "D320 D0C3 0B02 E64C 5B2B B274 3766 2239 8999 3A70"
OK
Alternatively, you can remove the key by entering only the last 8 characters.

$ sudo apt-key del 89993A70
OK
After removing the repository key, run the apt command to update the repository index.

$ sudo apt update
You can verify that the above GPG key has been removed by running the following command.

$ sudo apt-key list

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

HACK/CVE/NEWS... AND MORE

🔵Unpatched !! Buns injection vulnerability:

https://dailycve.com/unpatched-buns-injection-vulnerability

🔵Open-Xchang OX App Suite and OX Documents cross-site request forgery vulnerability:

https://dailycve.com/open-xchang-ox-app-suite-and-ox-documents-cross-site-request-forgery-vulnerability

The attack mechanism becomes more nuanced and delicate with Rockybot upgraded.
#Malwares

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔍 Windows security tips for people who use multiple devices at the same time:

1) Safe Wi-Fi in your home. This may seem like an easy task to some, but insecure or simple passwords in your home are a major problem that you can face day after day. The defaults are a bad idea in any advanced community. So make sure you change the default settings or ask your local professional to help you with this. When this is done, make sure the invited expert does not know your WPA2 password, so cover your keyboard while you set it. Remember that you are only responsible for providing the password to those you choose to trust.

2) Consider a VPN. Once you implement a virtual private network (VPN), your work from home is likely much safer. Identity thieves and hackers are more likely to extract your identity from outgoing traffic, so filtering is a good idea. Do not connect your devices to a VPN, as this makes your settings vulnerable and easier to hack.

3) Keep your devices locked. Data is largely stolen and re-hashed via insecure devices that are used without any passwords or security software. Any security, such as passwords, fingerprints, templates, or graphical passes, reduces the risk of data disclosure. However, be careful with facial recognition software as you can likely run into problems in financial operating systems when your face is imprinted on the system. Remember, your devices know what you look like, so use fingerprints.

4) Protect your smart TVs and smartphones with additional software. They are the most insecure and can reveal your personal information. This approach is absolutely unacceptable. However, you cannot let others spy on you through their devices. Look out for sophisticated antivirus software that allows you to use browser extensions, smartphone apps, and security gateways for your IoT environment.

5) Enhance your knowledge. Explore as many options as possible of how the Internet of Things is attacked daily by hackers and identity thieves. Improve your information security competencies. Be knowledgeable about internet security and remember that your interconnected gadgets are your weakness. As Machine Learning (ML) and Artificial Intelligence (AI) become more advanced, consider them as your key weapons against cyber attacks.

6) Don't jailbreak iOS! The latter can be borderline illegal, but be aware. If the system has vulnerabilities, your antivirus software is unlikely to help you. Buy licensed security software if you really want your system to be protected and up to date. Why is the focus on your phone? Because nowadays, you can practically control your entire IoT with it. Therefore, they should be prioritized in your intellectual environment.

7) Choose the best and most comprehensive protection from a trusted antivirus vendor. If you are not sure what features one antivirus has over another, check the comparison of the most important factors. Remember that your antivirus shouldn't be too expensive as there are price reduction options, but at the same time it should have options for all your devices, so if only computer security is offered, this is not enough.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Is personal details been leaked to 1.3 million Hyundai Motor Corporation Russia customers? The Deep Web Post Sales Posts.
#DataBreaches

🔵Security Announcement Regarding the Remote Command Execution Vulnerability in Sangfor's Terminal Detection Platform (EDR)

https://dailycve.com/security-announcement-regarding-remote-command-execution-vulnerability-sangfors-terminal-detection

🔵Patch for Jiransecurity Spamsniper buffer overflow vulnerability:

https://dailycve.com/patch-jiransecurity-spamsniper-buffer-overflow-vulnerability

If leaks of sensitive knowledge happen... After a business, five steps to take.
#CyberAttacks

AI chatbot'Achieved ', the cornerstone of several scandals, is increasing questions regarding the disclosure of personal knowledge.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔍 Monitoring Linux system resources with SAR (System Activity Report) ::

🔍 Installing Bashtop - Monitoring Resources From Terminal For Linux | macOS | FreeBSD

SAR or System Activity Report is used to monitor Linux system resources.

It can be used to generate reports related to system performance, i.e. CPU reports, memory reports, disk reports, etc.

🔍 Installing Sensu Go Monitoring Tool on CentOS 8 / RHEL 8

It stores reports as logs on your system.

In this guide, we will learn about system resource monitoring with SAR with some examples, but first, we will install SAR on our system.

🔍 Installing and Configuring Checkmk on CentOS 8 and Monitoring Linux Hosts with Checkmk Agent

Installation
The SYSSTAT package is required to install the SAR utility on a system.
To install sysstat, run:
$ yum install sysstat
Now start and enable the sysstat service to start using SAR,
$ systemctl start sysstat
$ systemctl enable sysstat
After activating the service, log files for the current day will be created in the “/ var / log / sa” folder in the “sa15” file, where 15 is the current date.

Older files will be archived.

We can also change the number of days for which we keep our log files by changing the "HISTORY" parameter in the sysstat configuration file, for example, "/ etc / sysconfig / sysstat".

SAR utility syntax
The syntax for using sar is:

$ sar option interval (in seconds) number of records
An example would be:
$ sar 2 5
In this example, sar will provide a report generated at 2 second intervals with a total of 5 records.
Examples of SAR use
Generating a CPU report
Sar command to generate CPU report:

$ sar -u 2 5
Generating a memory report
The parameter used with sar to generate a memory report is "-r"
$ sar -r 2 5
Generating device statistics
The device report generation option is "-d" and it is used with "-p" to make the report in a readable format,

$ sar -d -p 2 5
Generating a SWAP Usage Report
Ability to generate a SWAp memory report for the system - "-S",

$ sar S 2 5

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Patch for FFmpeg 4.3.1 buffer overflow vulnerability :

https://dailycve.com/patch-ffmpeg-431-buffer-overflow-vulnerability

🔵Lianyi Technology Co., Ltd. identity authentication management system account complaint function has logic flaws and loopholes :

https://dailycve.com/lianyi-technology-co-ltd-identity-authentication-management-system-account-complaint-function-has

we respect whatsapp.com rules,about privacy and more...

(their app,their rules) we start some groups with signals & some new whatsapp groups some links


https://signal.group/#CjQKIEVV_LbRFyu3heIcYY_Phu4vjucrk7Hs7KvuAm4t_dkUEhBYgipLGas0IDTViu8syG8E


https://signal.group/#CjQKIJ7UR76KOv9WEwS1XZUn3X3e1DW43NVh313UnNhPYkB4EhBp5RVr-tK8UTxH-_ZMCOCV

https://signal.group/#CjQKIGVy0pCubRyrW4jjrEXdF9PZazKNAc5DV_CRy36dM30xEhDl5WNlUHsE9RZ7ZH9TaHaX


https://chat.whatsapp.com/L6LCpMg25yy9YBM5k1ZN2g

To save device power, Android 12 or let unused apps sleep.
#Updates

Twitter and Facebook blocked by a U.S. Internet service provider.
#Ban

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Hack with android malwares tutorials :

» Android-Reports-and-Resources(https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md)

>> android-security-awesome(https://github.com/ashishb/android-security-awesome)

>> Android Penetration Testing Courses(https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed)

>> Lesser-known Tools for Android Application PenTesting(https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-
android-pentest.html)

>> android-device-check - a set of scripts to check Android device security configuration(https://github.com/nelenkov/android-device-check)

>> apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection(https://github.com/shroudedcode/apk-mitm)

>> Andriller - is software utility with a collection of forensic tools for smartphones(https://github.com/den4uk/andriller)

>> Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper(https://www.virusbulletin.com/virusbulletin/2019/11/dexofuzzy-android-malware-similarity-clustering-method-using-opcode-sequence/)

>> Chasing the Joker(https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1)

>> Side Channel Attacks in 4G and 5G Cellular Networks-Slides(https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf)

>> Shodan.io-mobile-app for Android(https://github.com/PaulSec/Shodan.io-mobile-app)

>> Popular Android Malware 2018(https://github.com/sk3ptre/AndroidMalware_2018)

>> Popular Android Malware 2019(https://github.com/sk3ptre/AndroidMalware_2019)


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Multiple vulnerabilities in OMRON CX-One:

https://dailycve.com/multiple-vulnerabilities-omron-cx-one

🔵DLL loading vulnerability in SKYSEA Client View installer:

https://dailycve.com/dll-loading-vulnerability-skysea-client-view-installer

He mistakenly regained 127 bitcoins lost 8 years ago and wanted to make 4 million US dollars to invest in US stocks.
#International