Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Malware on your phone
Most people doubt that mobile devices can get infected with malware.
It's true?
That's 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
Once the malware connects to your phone, it performs several operations.
Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
- Apps take longer to load :
Your battery is draining faster than usual
Apps you haven't downloaded appear as available
How do I know if my phone is infected with a virus?
+ There are two ways to detect and remove malware from your phone.
-Auto
-Manual method on Android phone
Step one: turn off your phone
The moment you spot the classic signs of malware infiltration, the first thing you do, if you can't pinpoint where you entered, is to turn off your phone.
Turning off your phone will stop further damage and the spread of malicious software to other programs.
This is the safest first option.
Step two: activate safe mode
Activating Safe Mode on your Android device is as easy as
Hold the power button for a few seconds.
Then, while your phone is on, hold the power off button.
Click on the reboot option; Most Android phones have this option.
Then click "Restart in Safe Mode".
For devices that do not have this option, turn off the phone by long pressing the power button.
Then press and hold the volume down button, wait until the device turns on.
The Safe Mode option will appear in the lower left corner of your phone.
Step three, part A: phone settings
Some malware is so smart and cunning that when it invades your phone, it finds a way to protect itself.
They go to Phone Administrators settings and then change the configuration.
This way you can try whatever you want, but you won't be able to remove them.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Malware on your phone
Most people doubt that mobile devices can get infected with malware.
It's true?
That's 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
Once the malware connects to your phone, it performs several operations.
Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
- Apps take longer to load :
Your battery is draining faster than usual
Apps you haven't downloaded appear as available
How do I know if my phone is infected with a virus?
+ There are two ways to detect and remove malware from your phone.
-Auto
-Manual method on Android phone
Step one: turn off your phone
The moment you spot the classic signs of malware infiltration, the first thing you do, if you can't pinpoint where you entered, is to turn off your phone.
Turning off your phone will stop further damage and the spread of malicious software to other programs.
This is the safest first option.
Step two: activate safe mode
Activating Safe Mode on your Android device is as easy as
Hold the power button for a few seconds.
Then, while your phone is on, hold the power off button.
Click on the reboot option; Most Android phones have this option.
Then click "Restart in Safe Mode".
For devices that do not have this option, turn off the phone by long pressing the power button.
Then press and hold the volume down button, wait until the device turns on.
The Safe Mode option will appear in the lower left corner of your phone.
Step three, part A: phone settings
Some malware is so smart and cunning that when it invades your phone, it finds a way to protect itself.
They go to Phone Administrators settings and then change the configuration.
This way you can try whatever you want, but you won't be able to remove them.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅IBM WebSphere AS security vulnerability:
(DC: 260-2021)
https://dailycve.com/ibm-websphere-security-vulnerability
(DC: 260-2021)
https://dailycve.com/ibm-websphere-security-vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access: (By NSA)
Data fusion across structured and unstructured datasets
Construction and analysis of distributed graphs
Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
> How to install ?
https://code.nsa.gov/datawave/docs/quickstart
2021 version
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access: (By NSA)
Data fusion across structured and unstructured datasets
Construction and analysis of distributed graphs
Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
> How to install ?
https://code.nsa.gov/datawave/docs/quickstart
2021 version
β β β Uππ»βΊπ«Δπ¬πβ β β β
code.nsa.gov
DataWave Docs - Quickstart Installation
This quickstart provides a single-node standalone DataWave instance that you may use to follow along with theguided tour. It is also generally useful as a de...
Forwarded from DailyCVE
π΅ Apache Nutch injection vulnerability :
(DC: 261-2021)
https://dailycve.com/apache-nutch-injection-vulnerability
(DC: 261-2021)
https://dailycve.com/apache-nutch-injection-vulnerability
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Microsoft released its second fiscal quarter financial report for the 2021 fiscal year ending.
#Analytiques
#Analytiques
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right way for a ddos :
How to check subnets ?
The first thing you need to check is the connections from the shared subnets (the most commonly used are / 16 or / 24 masks).
Log in to your Linux server and enter the following command to see what connections are coming from the same subnet (/ 16):
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2 -d '.' | sed 's / $ /. 0.0 /' | sort | uniq -c | sort -nk1 -r
If the netstat command is not found, you need to install it using the command:
sudo apt-get install net-tools -y
You should see a list of all connections from addresses that contain the same first two octets, for example 192.168.xx
To find connections from the / 24 subnet, use the following command:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2,3 -d '.' | sed 's / $ /. 0 /' | sort | uniq -c | sort -nk1 -r
as example
The above command will display all connections from the same subnet, but the first three octets (for example, 192.168.1.x).
If you find a large number of connections from any of these subnets, you've narrowed your search a bit.
Another netstat command will list all the IP addresses connected to the server.
This command:
netstat -anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c
You should see a list of all connected IP addresses and the number of their connections.
We then use netstat to count the number of connections each IP address has to your server.
This command:
sudo netstat -ntu | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c | sort -n
The above command will actually list the IP addresses from all subnets that are sending connection requests to your server.
At this point, you should have a good idea of ββwhere the connections are coming from and what IP addresses are associated with those connections.
You can have a large number of connections from one specific subnet.
If this subnet is not supposed to reach a server with this level of traffic, most likely, this is where the DDoS attack originates.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right way for a ddos :
How to check subnets ?
The first thing you need to check is the connections from the shared subnets (the most commonly used are / 16 or / 24 masks).
Log in to your Linux server and enter the following command to see what connections are coming from the same subnet (/ 16):
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2 -d '.' | sed 's / $ /. 0.0 /' | sort | uniq -c | sort -nk1 -r
If the netstat command is not found, you need to install it using the command:
sudo apt-get install net-tools -y
You should see a list of all connections from addresses that contain the same first two octets, for example 192.168.xx
To find connections from the / 24 subnet, use the following command:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | cut -f1,2,3 -d '.' | sed 's / $ /. 0 /' | sort | uniq -c | sort -nk1 -r
as example
The above command will display all connections from the same subnet, but the first three octets (for example, 192.168.1.x).
If you find a large number of connections from any of these subnets, you've narrowed your search a bit.
Another netstat command will list all the IP addresses connected to the server.
This command:
netstat -anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c
You should see a list of all connected IP addresses and the number of their connections.
We then use netstat to count the number of connections each IP address has to your server.
This command:
sudo netstat -ntu | awk '{print $ 5}' | cut -d: -f1 | sort | uniq -c | sort -n
The above command will actually list the IP addresses from all subnets that are sending connection requests to your server.
At this point, you should have a good idea of ββwhere the connections are coming from and what IP addresses are associated with those connections.
You can have a large number of connections from one specific subnet.
If this subnet is not supposed to reach a server with this level of traffic, most likely, this is where the DDoS attack originates.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅ Tp-link TL-WR841N injection vulnerability :
(DC: 262-2021)
https://dailycve.com/tp-link-tl-wr841n-injection-vulnerability
(DC: 262-2021)
https://dailycve.com/tp-link-tl-wr841n-injection-vulnerability
Dailycve
Tp-link TL-WR841N injection vulnerability | CVE
Details:
The Tp-link TL-WR841N is a wireless router developed by Tp-link in China. The command injection flaw of TP-Link TL-WR841N enables remote, authenticated malicious users to execute arbitrary commands on the device. This vulnerability can be usedβ¦
Forwarded from DailyCVE
π΅Apache Servicecomb Java Chassis input validation error vulnerability:
(DC: 263-2021)
https://dailycve.com/apache-servicecomb-java-chassis-input-validation-error-vulnerability
(DC: 263-2021)
https://dailycve.com/apache-servicecomb-java-chassis-input-validation-error-vulnerability
Dailycve
Apache Servicecomb Java Chassis input validation error vulnerability | CVE
Details:
Apache Servicecomb Java Chassis is a programming library that is based on the Apache Foundation's Java language to offer a full microservice building solution. Versions previous to 2.1.5 of Apache ServiceComb-Java-Chassis have a security flawβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
WindTre, January record deal of EUR 500 discount and free tablet.
#International
#International
Forwarded from DailyCVE
π΅net-snmp: Root compromise - Existing account :
(DC: 264-2021)
https://dailycve.com/net-snmp-root-compromise-existing-account
(DC: 264-2021)
https://dailycve.com/net-snmp-root-compromise-existing-account
Dailycve
net-snmp: Root compromise - Existing account | CVE
1. Details:
An update for net-snmp is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.
Red Hat Productβ¦
Forwarded from DailyCVE
π΅WebSphere Application Server: Denial of service - Remote/unauthenticated
(DC: 265-2021)
https://dailycve.com/websphere-application-server-denial-service-remoteunauthenticated
(DC: 265-2021)
https://dailycve.com/websphere-application-server-denial-service-remoteunauthenticated
Dailycve
WebSphere Application Server: Denial of service - Remote/unauthenticated | CVE
Details:
Security Bulletin: WebSphere Application Server is vulnerable to an XML
External Entity (XXE) Injection Vulnerability (CVE-2020-4949)
Document Information
More support for: WebSphere Application Server
Software version: 7.0, 8.0, 8.5, 9.0β¦
Forwarded from UNDERCODE NEWS
IPA declares β10 major threatsβ to information security, which suddenly leads to an attack.
#CyberAttacks
#CyberAttacks
