Forwarded from DailyCVE
π΅IBM WebSphere AS security vulnerability:
(DC: 260-2021)
https://dailycve.com/ibm-websphere-security-vulnerability
(DC: 260-2021)
https://dailycve.com/ibm-websphere-security-vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access: (By NSA)
Data fusion across structured and unstructured datasets
Construction and analysis of distributed graphs
Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
> How to install ?
https://code.nsa.gov/datawave/docs/quickstart
2021 version
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access: (By NSA)
Data fusion across structured and unstructured datasets
Construction and analysis of distributed graphs
Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
> How to install ?
https://code.nsa.gov/datawave/docs/quickstart
2021 version
β β β Uππ»βΊπ«Δπ¬πβ β β β
code.nsa.gov
DataWave Docs - Quickstart Installation
This quickstart provides a single-node standalone DataWave instance that you may use to follow along with theguided tour. It is also generally useful as a de...
Forwarded from DailyCVE
π΅ Apache Nutch injection vulnerability :
(DC: 261-2021)
https://dailycve.com/apache-nutch-injection-vulnerability
(DC: 261-2021)
https://dailycve.com/apache-nutch-injection-vulnerability
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Microsoft released its second fiscal quarter financial report for the 2021 fiscal year ending.
#Analytiques
#Analytiques
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right way for a ddos :
How to check subnets ?
The first thing you need to check is the connections from the shared subnets (the most commonly used are / 16 or / 24 masks).
Log in to your Linux server and enter the following command to see what connections are coming from the same subnet (/ 16):
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2 -d '.' | sed 's / $ /. 0.0 /' | sort | uniq -c | sort -nk1 -r
If the netstat command is not found, you need to install it using the command:
sudo apt-get install net-tools -y
You should see a list of all connections from addresses that contain the same first two octets, for example 192.168.xx
To find connections from the / 24 subnet, use the following command:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2,3 -d '.' | sed 's / $ /. 0 /' | sort | uniq -c | sort -nk1 -r
as example
The above command will display all connections from the same subnet, but the first three octets (for example, 192.168.1.x).
If you find a large number of connections from any of these subnets, you've narrowed your search a bit.
Another netstat command will list all the IP addresses connected to the server.
This command:
netstat -anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c
You should see a list of all connected IP addresses and the number of their connections.
We then use netstat to count the number of connections each IP address has to your server.
This command:
sudo netstat -ntu | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c | sort -n
The above command will actually list the IP addresses from all subnets that are sending connection requests to your server.
At this point, you should have a good idea of ββwhere the connections are coming from and what IP addresses are associated with those connections.
You can have a large number of connections from one specific subnet.
If this subnet is not supposed to reach a server with this level of traffic, most likely, this is where the DDoS attack originates.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right way for a ddos :
How to check subnets ?
The first thing you need to check is the connections from the shared subnets (the most commonly used are / 16 or / 24 masks).
Log in to your Linux server and enter the following command to see what connections are coming from the same subnet (/ 16):
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2 -d '.' | sed 's / $ /. 0.0 /' | sort | uniq -c | sort -nk1 -r
If the netstat command is not found, you need to install it using the command:
sudo apt-get install net-tools -y
You should see a list of all connections from addresses that contain the same first two octets, for example 192.168.xx
To find connections from the / 24 subnet, use the following command:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2,3 -d '.' | sed 's / $ /. 0 /' | sort | uniq -c | sort -nk1 -r
as example
The above command will display all connections from the same subnet, but the first three octets (for example, 192.168.1.x).
If you find a large number of connections from any of these subnets, you've narrowed your search a bit.
Another netstat command will list all the IP addresses connected to the server.
This command:
netstat -anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c
You should see a list of all connected IP addresses and the number of their connections.
We then use netstat to count the number of connections each IP address has to your server.
This command:
sudo netstat -ntu | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c | sort -n
The above command will actually list the IP addresses from all subnets that are sending connection requests to your server.
At this point, you should have a good idea of ββwhere the connections are coming from and what IP addresses are associated with those connections.
You can have a large number of connections from one specific subnet.
If this subnet is not supposed to reach a server with this level of traffic, most likely, this is where the DDoS attack originates.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅ Tp-link TL-WR841N injection vulnerability :
(DC: 262-2021)
https://dailycve.com/tp-link-tl-wr841n-injection-vulnerability
(DC: 262-2021)
https://dailycve.com/tp-link-tl-wr841n-injection-vulnerability
Dailycve
Tp-link TL-WR841N injection vulnerability | CVE
Details:
The Tp-link TL-WR841N is a wireless router developed by Tp-link in China. The command injection flaw of TP-Link TL-WR841N enables remote, authenticated malicious users to execute arbitrary commands on the device. This vulnerability can be usedβ¦
Forwarded from DailyCVE
π΅Apache Servicecomb Java Chassis input validation error vulnerability:
(DC: 263-2021)
https://dailycve.com/apache-servicecomb-java-chassis-input-validation-error-vulnerability
(DC: 263-2021)
https://dailycve.com/apache-servicecomb-java-chassis-input-validation-error-vulnerability
Dailycve
Apache Servicecomb Java Chassis input validation error vulnerability | CVE
Details:
Apache Servicecomb Java Chassis is a programming library that is based on the Apache Foundation's Java language to offer a full microservice building solution. Versions previous to 2.1.5 of Apache ServiceComb-Java-Chassis have a security flawβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
WindTre, January record deal of EUR 500 discount and free tablet.
#International
#International
Forwarded from DailyCVE
π΅net-snmp: Root compromise - Existing account :
(DC: 264-2021)
https://dailycve.com/net-snmp-root-compromise-existing-account
(DC: 264-2021)
https://dailycve.com/net-snmp-root-compromise-existing-account
Dailycve
net-snmp: Root compromise - Existing account | CVE
1. Details:
An update for net-snmp is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.
Red Hat Productβ¦
Forwarded from DailyCVE
π΅WebSphere Application Server: Denial of service - Remote/unauthenticated
(DC: 265-2021)
https://dailycve.com/websphere-application-server-denial-service-remoteunauthenticated
(DC: 265-2021)
https://dailycve.com/websphere-application-server-denial-service-remoteunauthenticated
Dailycve
WebSphere Application Server: Denial of service - Remote/unauthenticated | CVE
Details:
Security Bulletin: WebSphere Application Server is vulnerable to an XML
External Entity (XXE) Injection Vulnerability (CVE-2020-4949)
Document Information
More support for: WebSphere Application Server
Software version: 7.0, 8.0, 8.5, 9.0β¦
Forwarded from UNDERCODE NEWS
IPA declares β10 major threatsβ to information security, which suddenly leads to an attack.
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
Apple was once again the subject of a "iPhone speed-down door" class action suit in Europe.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦γIntroduction to discovering and attacking IoT devices based on web attacks :
1. Discovery phase: Identify IoT devices
γγUse WebRTC to obtain a local IP address.
γγSend requests to all IP addresses in the IP range through port 81. Since port 81 is usually not occupied, the active device will immediately respond to a TCP RST packet. For inactive devices in the IP range, the request packet will time out.
γγEach active IP address received the initial request collected using HTML5 for 35 GET endpoints. Based on the returned error message information, the attack script will identify whether the IP address matches any of the seven devices.
γγThe research project uses three different operating systems (Windows 10, MacOS and Ubuntu) and four different browsers (Chrome, Firefox, Safari, MicrosoftEdge). However, only two browsers, Chrome and Firefox, are suitable for this study. Therefore, Safari and Edge browsers are not used, because according to (Web-based attacks on the discovery and control of local IoT devices):
γγOn Safari, all FETCH requests timed out, causing the attack script to identify all IP addresses as inactive. On the Edge browser, the script can use the FETCH request to correctly identify the active IP address, but Edge did not disclose the detailed HTML5 error message, so the attack script could not identify any devices on Edge.
γγ2. Access phase: control IoT devices
γγThe victim visits the domain name (domain.tld) ββcontrolled by the attacker, and the browser executes the malicious JavaScript code found on the attacker's site. The domain name still resolves to the attacker's server IP.
γγThe malicious script requests another resource on domain.tld, which only exists on the attacker's server.
γγIf the victim's local DNS cache still resolves to the attacker's remote IP, the request to /hello.php will return the string "hello" and repeat step 2.
γγBut if the domain.tld in the victim's cache expires, a new DNS query will be sent to the attacker.
γγFinally, the local IP obtained from the discovery phase will be returned instead of the remote IP of the attacker. /hello.php will not respond with the string "hello", but with different content, such as a 404 error, which tells the malicious script The DNS rebinding attack has been successful.
γγThrough this attack, the malicious script bypassed the browser Same-Origin Policy and gained access to the web application running on the device. Attackers can now perform restarts or start video/audio files on Google Chromecast, Google Home, smart TVs, and smart switch devices.
γγHow to prevent DNS rebinding attacks against IoT devices
γγResearchers say that users, browser vendors, IoT vendors, and DNS providers need to take preventive measures to avoid DNS rebinding attacks. The following are some of the measures given by the study:
γγUsers can disable WebRTC on the browser and prevent the disclosure of private IP. The attacker will be able to discover the user's private IP by sending a request to all *.1 addresses (router addresses) in the private IP range.
γγThe attacker assumes that the IP range of all IoT devices has the same IP range as the victim's PC. The user can configure the router's DHCP server to assign an IP address on another subnet (such as /16).
γγUsers can install dnsmasq to prevent DNS rebinding attacks by removing the RFC 1918 address from the DNS response. Users can also use dnsmasq's OpenWRT router.
γγIoT vendors can control the Host header in requests sent to the web interface. If there is no private IP that complies with RFC 1918, access can be blocked.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦γIntroduction to discovering and attacking IoT devices based on web attacks :
1. Discovery phase: Identify IoT devices
γγUse WebRTC to obtain a local IP address.
γγSend requests to all IP addresses in the IP range through port 81. Since port 81 is usually not occupied, the active device will immediately respond to a TCP RST packet. For inactive devices in the IP range, the request packet will time out.
γγEach active IP address received the initial request collected using HTML5 for 35 GET endpoints. Based on the returned error message information, the attack script will identify whether the IP address matches any of the seven devices.
γγThe research project uses three different operating systems (Windows 10, MacOS and Ubuntu) and four different browsers (Chrome, Firefox, Safari, MicrosoftEdge). However, only two browsers, Chrome and Firefox, are suitable for this study. Therefore, Safari and Edge browsers are not used, because according to (Web-based attacks on the discovery and control of local IoT devices):
γγOn Safari, all FETCH requests timed out, causing the attack script to identify all IP addresses as inactive. On the Edge browser, the script can use the FETCH request to correctly identify the active IP address, but Edge did not disclose the detailed HTML5 error message, so the attack script could not identify any devices on Edge.
γγ2. Access phase: control IoT devices
γγThe victim visits the domain name (domain.tld) ββcontrolled by the attacker, and the browser executes the malicious JavaScript code found on the attacker's site. The domain name still resolves to the attacker's server IP.
γγThe malicious script requests another resource on domain.tld, which only exists on the attacker's server.
γγIf the victim's local DNS cache still resolves to the attacker's remote IP, the request to /hello.php will return the string "hello" and repeat step 2.
γγBut if the domain.tld in the victim's cache expires, a new DNS query will be sent to the attacker.
γγFinally, the local IP obtained from the discovery phase will be returned instead of the remote IP of the attacker. /hello.php will not respond with the string "hello", but with different content, such as a 404 error, which tells the malicious script The DNS rebinding attack has been successful.
γγThrough this attack, the malicious script bypassed the browser Same-Origin Policy and gained access to the web application running on the device. Attackers can now perform restarts or start video/audio files on Google Chromecast, Google Home, smart TVs, and smart switch devices.
γγHow to prevent DNS rebinding attacks against IoT devices
γγResearchers say that users, browser vendors, IoT vendors, and DNS providers need to take preventive measures to avoid DNS rebinding attacks. The following are some of the measures given by the study:
γγUsers can disable WebRTC on the browser and prevent the disclosure of private IP. The attacker will be able to discover the user's private IP by sending a request to all *.1 addresses (router addresses) in the private IP range.
γγThe attacker assumes that the IP range of all IoT devices has the same IP range as the victim's PC. The user can configure the router's DHCP server to assign an IP address on another subnet (such as /16).
γγUsers can install dnsmasq to prevent DNS rebinding attacks by removing the RFC 1918 address from the DNS response. Users can also use dnsmasq's OpenWRT router.
γγIoT vendors can control the Host header in requests sent to the web interface. If there is no private IP that complies with RFC 1918, access can be blocked.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The first discrete graphics card was launched by Intel in several years, with a high incompatibility issues.
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
In searches relating to the Jewish genocide, Facebook will display "authoritative sources"
#International
#International
Forwarded from DailyCVE
π΅New termux bug in any services scripts using svlogger:
(DC: 266-2021)
https://dailycve.com/new-termux-bug-any-services-scripts-using-svlogger
(DC: 266-2021)
https://dailycve.com/new-termux-bug-any-services-scripts-using-svlogger
β β β Uππ»βΊπ«Δπ¬πβ β β β
New release for The Universal Radio Hacker (URH)
is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
and windows compatibility improuvements
> checkout: https://github.com/jopohl/urh
β β β Uππ»βΊπ«Δπ¬πβ β β β
New release for The Universal Radio Hacker (URH)
is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
and windows compatibility improuvements
> checkout: https://github.com/jopohl/urh
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - jopohl/urh: Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss - jopohl/urh