🔵File upload vulnerability exists in CatfishCMS:

https://dailycve.com/file-upload-vulnerability-exists-catfishcms

🔵Mblog open source Java blog system has logic flaws:

https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack with ss7 :

Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw

We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.

For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.

Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

You can view how researchers managed to hack WhatsApp and Telegram using the SS7 flaw below:

WhatsApp Hack:
https://youtu.be/fDJ-88e_06A

Telegram Hack:
https://youtu.be/dkvQqatURdM

Both the hacks exploit the SS7 vulnerability by tricking the telecom network into believing the attacker’s phone has the same number as the victim’s phone. Once the network has been fooled, anybody, even a newbie can spy on the legitimate WhatsApp and Telegram user by creating a new WhatsApp or Telegram account using the secret code.

Once complete, the attacker now controls the account, including the ability to send and receive messages. Even more horrific is the fact that the hacker can also send messages on behalf of the victim, and read confidential messages intended for the victim without ever having to try to break strong encryption protocols.

See how easily you can hack WhatsApp and Telegram by fooling the network into believing your are the victim.

git source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Vientiane webmaster 2008 enhanced version has dll hijacking vulnerability:

https://dailycve.com/vientiane-webmaster-2008-enhanced-version-has-dll-hijacking-vulnerability

🔵PDF cat split and merge software has dll hijacking vulnerability:

https://dailycve.com/pdf-cat-split-and-merge-software-has-dll-hijacking-vulnerability

BlackBerry sold 90 primary patents to Huawei for smartphones.
#International

The $2.1 billion purchase of Fitbit by Google is eventually complete: set sail again.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 How to monitor packets passing through the firewall?

1) Configure rsyslog to use the log file /var/log/firewall_trace.log for firewall tracing.

$ cat << EOF | sudo tee /etc/rsyslog.d/01-firewall_trace.conf
# Log messages generated by iptables firewall to file
if \ $ syslogfacility-text == 'kern' and \ $ msg contains 'TRACE' then /var/log/firewall_trace.log
# stop processing it further
& stop
EOF

2) Apply rsyslog configuration.

$ sudo systemctl restart rsyslog
Rotate the log file to save disk space.
$ cat << EOF | sudo tee /etc/logrotate.d/firewall_trace.conf
/var/log/firewall_trace.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog rotate> / dev / null
endscript
}
EOF

3) You should be sure to rate these logs hourly by size, or transfer them to an external logging service, which I highly recommend.
How to track incoming packages
Use raw and PREROUTING to monitor packets coming in on any network interface.

$ sudo iptables -t raw -A PREROUTING -p tcp --destination 1.2.3.4 --dport 443 -j TRACE
Let's see the raw table
$ sudo iptables -t raw -L -v -n --line-numbers
Chain PREROUTING (policy ACCEPT 3501 packets, 946K bytes)
num pkts bytes target prot opt ​​in out source destination
1 468 28159 TRACE tcp - * * 0.0.0.0/0 1.2.3.4 tcp dpt: 443
Chain OUTPUT (policy ACCEPT 885 packets, 695K bytes)
num pkts bytes target prot opt ​​in out source destination
The trail to the internal network will look like this.

[...]
Jul 18 18:33:27 cerberus kernel: [68907.892027] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892093] TRACE: mangle: INPUT: policy: 1 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892113] TRACE: filter: INPUT: rule: 6 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892150] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64784 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477569 WINDOW = 82 RES = 0x00 ACK RST URGP = 0
[...]
Display the filyer table, INPUT chain, rule number 6, which will accept bound and established connections.

$ sudo iptables -t filter -L INPUT 6 -v -n --line-numbers
6 979K 851M ACCEPT all - * * 0.0.0.0/0 0.0.0.0/0
Remove the first rule in the raw table, the PREROUTING chain.
$ sudo iptables -t raw -D PREROUTING 1
How to track outgoing packets
Use raw table and OUTPUT to keep track of locally generated packets.

$ sudo iptables -t raw -A OUTPUT -p tcp --destination 8.8.8.8 --dport 53 -j TRACE
$ sudo iptables -t raw -A OUTPUT -p udp --destination 8.8.8.8 --dport 53 -j TRACE
Let's see the raw table

$ sudo iptables -t raw -L -v -n --line-numbers
Chain PREROUTING (policy ACCEPT 1281 packets, 422K bytes)
num pkts bytes target prot opt ​​in out source destination
Chain OUTPUT (policy ACCEPT 379 packets, 324K bytes)
num pkts bytes target prot opt ​​in out source destination
1 0 0 TRACE tcp - * * 0.0.0.0/0 8.8.8.8 tcp dpt: 53
2 0 0 TRACE udp - * * 0.0.0.0/0 8.8.8.8 udp d

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

A alert will show on iPhones that use non-original cameras, beginning with iOS 14.4.
#Updates

The macOS beta edition of Apple started abandoning its own components to circumvent the whitelist of the firewall by default.
#Vulnerabilities

🔵Vulnerabilities in input validation errors in many Cisco products:

https://dailycve.com/vulnerabilities-input-validation-errors-many-cisco-products

🔵Cisco Small Business Routers input validation error vulnerability:

https://dailycve.com/cisco-small-business-routers-input-validation-error-vulnerability

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑why you need ssh for github ?

Connecting to GitHub with SSH
You can connect to GitHub using SSH.

About SSH→
Using the SSH protocol, you can connect and authenticate to remote servers and services. With SSH keys, you can connect to GitHub without supplying your username and personal access token at each visit.

Checking for existing SSH keys→
Before you generate an SSH key, you can check to see if you have any existing SSH keys.

Generating a new SSH key and adding it to the ssh-agent→
After you've checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent.

Adding a new SSH key to your GitHub account→
To configure your GitHub account to use your new (or existing) SSH key, you'll also need to add it to your GitHub account.

Testing your SSH connection→
After you've set up your SSH key and added it to your GitHub account, you can test your connection.

Working with SSH key passphrases→
You can secure your SSH keys and configure an authentication agent so that you won't have to reenter your passphrase every time you use your SSH keys.

github
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵unpatched SQL injection vulnerability exists in EQ enterprise management system:

https://dailycve.com/unpatched-sql-injection-vulnerability-exists-eq-enterprise-management-system

🔵Cscms has command execution vulnerability:

https://dailycve.com/cscms-has-command-execution-vulnerability

🔵YKBuilder V5.1 has a binary vulnerability:

https://dailycve.com/ykbuilder-v51-has-binary-vulnerability

Amazon is facing a hard situation for complaints to revoke, consumers ask regulators to investigate.
#International

In 2021, where unseen individuals will change the world, I realized the difficulty of talking about the Internet.
#Analytiques

Phison launches today a bridge U17/U18 and entry-level NVMe SSD master E21T.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Practical PHP: Master the Basics and Code Dynamic Websites :

4.6 rating !

By the end of this course, you will have a thorough understanding of the PHP fundamentals


Upon completion, you will have coded a handful of useful dynamic PHP examples


In the last section of this course, you focus on building a dynamic website for a restaurant


By the end of this course, you will be so excited about your newly acquired PHP skills and want to start converting all your websites to PHP!

free
https://www.udemy.com/course/code-dynamic-websites/


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁