According to the Latest reports: Data leak habits have improved dramatically since 2020.
#Leaks #Analytiques

An unforeseen special market for telecommuting and GIGA mobile notebooks, but the reason why manufacturers are still ready.
#International

🔵Unpatched SongCMS has SQL injection vulnerability:

https://dailycve.com/unpatched-songcms-has-sql-injection-vulnerability

🔵Oracle Fusion Middleware Access Control Error Vulnerability:

(Shell Code inside the link)

https://dailycve.com/oracle-fusion-middleware-access-control-error-vulnerability

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What are the uses of a shell code ?

1) Download and execute
Download and execute is a type of remote shellcode that downloads and executes some form of malware on the target system. This type of shellcode does not spawn a shell, but rather instructs the machine to download a certain executable file off the network, save it to disk and execute it. Nowadays, it is commonly used in drive-by download attacks, where a victim visits a malicious webpage that in turn attempts to run such a download and execute shellcode in order to install software on the victim's machine. A variation of this type of shellcode downloads and loads a library.

2) Staged
When the amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages. First, a small piece of shellcode (stage 1) is executed. This code then downloads a larger piece of shellcode (stage 2) into the process's memory and executes it.

3) Egg-hunt
This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it will end up. Small egg-hunt shellcode is injected into the process at a predictable location and executed. This code then searches the process's address space for the larger shellcode (the egg) and executes it

4) Omelette
This type of shellcode is similar to egg-hunt shellcode, but looks for multiple small blocks of data (eggs) and recombines them into one larger block (the omelette) that is subsequently executed. This is used when an attacker can only inject a number of small blocks of data into the process.

5) Shellcode execution strategy
An exploit will commonly inject a shellcode into the target process before or at the same time as it exploits a vulnerability to gain control over the program counter. The program counter is adjusted to point to the shellcode, after which it gets executed and performs its task. Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits.

(a short brief using some wiki references)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Launched "Gov-Cloud", a huge government cloud that swallows local governments and German law, and is confused by local governments.
#Updates

Without their smart speakers Yandex left Russians.
#International

🔵Tufin Securechange cross-site scripting vulnerability:

https://dailycve.com/tufin-securechange-cross-site-scripting-vulnerability

🔵Cisco Data Center Network Manager input validation error vulnerability:
(DC - 237-2021)

https://dailycve.com/cisco-data-center-network-manager-input-validation-error-vulnerability

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Linux commands you should never run on your system :

1- Linux administrator very often uses this command to format and assign the file system to the newly created disk partition.

But if used irresponsibly, this can also format the data drive on it:

$ mkfs.ext4 / dev / sda
Therefore, when using this command, make sure the correct disk partition is selected.
2- Remove directories / etc or / boot
/ etc contains all the system configuration files, and / boot contains all the kernel, InitRD, and GRUB files required to boot the system.

If you delete any of these folders, then your system will not boot:

$ rm -rf / etc
$ rm -rf / boot
Another way to remove your system configuration files and leave it irrecoverable is to use the following command:
$ find / -iname "* .conf" -exec rm -rf {} \;
This will find and remove all files ending in .conf (configuration files).
3- Delete entire filesystem
Most of you may know about this command, and it looks like this:

$ rm -rf /
This will remove the entire filesystem from your server, deleting every byte of data on the disk.

4- Fork bomb
This command creates copies of itself indefinitely, and in no time all the memory of your system will be clogged and therefore it will crash the system,

$ : () {: |: &} ;:
It can also damage the disc.

5- Fill the disk with random data
$ dd if = / dev / urandom of = / dev / sda
This will fill the disk with random data.
Another variation of this command overwrites the disk multiple times over the original data:
$ shred / dev / sda
This command is actually a useful tool, especially when you are throwing away your old drive and you don't want the data from the old drive to fall into the wrong hands (and another way I learned from the movies is you can drill some holes in the drives as well) ...

6- File Violation
All of the above commands are for deleting or overwriting data.
But there are ways to disable your system using file permissions.
First command:

$ chmod -Rv 000 /
This command will remove all file permissions for all files and folders on the system, and since no one will have permissions on files and folders, no one will be able to access them.
$ chown -R nobody: nobody /

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Multiple vulnerabilities in Dnsmasq (DNSpooq):

https://dailycve.com/multiple-vulnerabilities-dnsmasq-dnspooq

🔵Keymaker path traversal vulnerability:

https://dailycve.com/keymaker-path-traversal-vulnerability

Ho.mobile reported to AGCOM:''The portability is slowing down!''
#International

“Insufficient settings” of Rakuten and PayPay sales force goods are the harm just the tip of the iceberg?
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to install GNS3 on Kali Linux Rolling ?

WHY & FOR WHAT ??

-Completely free and open source - no monthly or annual license fees

-No limit on the number of devices supported - your only limit is the CPU and RAM hardware
... GNS3 supports all VIRL images (IOSv, IOSvL2, IOS-XRv, CSR1000v, NX-OSv, ASAv)

-GNS3 can work with or without hypervisors in multi-vendor environments.

-It supports several switching options (ESW16 Etherswitch, IOU / IOL Layer 2 images, VIRL IOSvL2) GNS3 supports both free and paid hypervisors - Virtualbox, VMware Workstation, VMware Player, ESXi, Fusion.

-GNS3 has native Linux support without the need for additional virtualization software.



Step 1. Update the system
Start the installation by updating your system and all installed packages to the latest versions.

sudo apt update
sudo apt upgrade
Since the update may contain kernel updates, let's reboot our system.
sudo reboot


Step 2. Install the required dependencies
Make sure your Kali Linux has the correct repositories set up.

$ sudo apt update
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Get:2 http://kali.download/kali kali-rolling/contrib Sources [63.7 kB]
Get:4 http://kali.download/kali kali-rolling/main Sources [13.8 MB]
Get:8 http://kali.download/kali kali-rolling/non-free Sources [127 kB]
Get:9 http://kali.download/kali kali-rolling/main amd64 Packages [17.5 MB]
Get:10 http://kali.download/kali kali-rolling/non-free amd64 Packages [202 kB]
Get:11 http://kali.download/kali kali-rolling/contrib amd64 Packages [106 kB]
Fetched 28.2 MB in 16s (1,769 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
Install the following software dependencies
sudo apt install -y python3-pip python3-pyqt5 python3-pyqt5.qtsvg python3-pyqt5.qtwebsockets qemu qemu-kvm qemu-utils libvirt-clients libvirt-daemon-system virtinst wireshark xtightvncviewer apt-transport-https ca-certificates curl gnupg2 software-properties-common
Step 3. Install GNS3 on Kali Linux Rolling

Finally, do the GNS3 installation in Kali Linux Rolling release.

Install GNS3 Server component

$ sudo pip3 install gns3-server

Step 4. Configuring Docker Support

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F88F6D313016330404F710FC9A2FD067A2E3EF7B

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.WQqu0nldXm/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys F88F6D313016330404F710FC9A2FD067A2E3EF7B
gpg: key 9A2FD067A2E3EF7B: public key "Launchpad PPA for GNS3" imported
gpg: Total number processed: 1
gpg: imported: 1
Update the APT package index:
sudo apt update


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Russia aims to send into space five Glonass navigation satellites this year.
#Technologies

The new CEO of Intel keeps on making chips in the U.S. Customers look down on: too slow.
#International

🔵New directory access bug in conquer of completion platform:|


(DC: 240-2021)

https://dailycve.com/new-directory-access-bug-conquer-completion-platform

🔵output channel blocking logic in forward AVX2 convolution that could lead to incorrect result or segfault in Oneddn platform:

(DC: 241-2021)

https://dailycve.com/output-channel-blocking-logic-forward-avx2-convolution-could-lead-incorrect-result-or-segfault