https://github.com/rakyll/hey

hey is a tiny program that sends some load to a web application.

hey was originally called boom and was influenced from Tarek Ziade's tool at tarekziade/boom. Using the same name was a mistake as it resulted in cases where binary name conflicts created confusion. To preserve the name for its original owner, we renamed this project to hey.

https://mariadb.com/resources/blog/using-json-in-mariadb/

You’re likely familiar with MariaDB as your run-of-the-mill relational database. Heck, you may have even used it to create a database, a couple tables, and even executed a few queries. I mean, why not? After all, MariaDB is a rock solid relational database solution, and has been for some time now. But, diving deeper into its capabilities, you’ll quickly discover that it’s more than that.

Much, much more.

One of those capabilities is its ability to handle JavaScript Object Notation (JSON) formatted data, completely free and out-of-the-box. OK, but why is that important? Well, in the context of databases, JSON has often been thought of as something you’d use with NoSQL solutions. And that makes sense as one of the problems the NoSQL Revolution set out to solve was flexibility, or having the ability to create, update and remove data and the structures they’re housed in without having to modify things like those pesky relational schemas.

...

https://www.cloudbees.com/blog/unleash-the-power-of-storing-json-in-postgres

An article by Sarah Mei titled "Why you should never use MongoDB" discusses the issues you’ll run into if you try to use a NoSQL database when a relational database would be far superior. An example of this is when data that was thought to be in a silo needs to cross boundaries (what relational DBs are great at). Another example is when you store a user’s name in various places for easy access, but when the user updates their name you’re forced to find all of those places to make sure their information is up to date.

My experience making websites has been in line with this sentiment: Unless your data objects live in complete silos from one another (and you're sure they will be that way for the foreseeable future), you'll probably be better off using a relational database like Postgres.

Up until fairly recently, you had to make that difficult decision up-front when modelling your data: document or relational database? Yes, you could use two separate databases, using each tool for what they’re best at. However, you’d be increasing the complexity of your app and also of your development and server environments.

...

https://mindsdb.com/
MindsDB ML-SQL Server enables machine learning workflows for the most powerful databases and data warehouses using SQL.

Developers can quickly add AI capabilities to your applications.
Data Scientists can streamline MLOps by deploying ML models as AI Tables.
Data Analysts can easily make forecasts on complex data (like multivariate time-series with high cardinality) and visualize them in BI tools like Tableau.

Docker: https://hub.docker.com/r/mindsdb/mindsdb
docker pull mindsdb/mindsdb

https://www.kali.org/blog/kali-linux-2023-1-release/

Kali Linux 2023.1 Release (Kali Purple & Python Changes)
Today we are releasing Kali 2023.1 (and on our 10th anniversary)! It will be ready for immediate download or updating by the time you have finished reading this post.

Given its our 10th anniversary, we are delighted to announce there are a few special things lined up to help celebrate. Stay tuned for a blog post coming out Wednesday 15th March 2023 12:00:00 UTC/+0 GMT for more information!

The changelog summary since the 2022.4 release from December:
- Kali Purple - The dawn of a new era. Kali is not only Offense, but starting to be defense
- Python Changes - Python 3.11 & PIP changes going forward
- 2023 Theme - Our once a year theme update! This time, what’s old is new again
- Desktop Updates - Xfce 4.18 & KDE Plasma 5.27
- Default Kernel Settings - What makes the Kali kernel different
- New Tools - As always, various new tools added

https://www.instagram.com/p/Cs7e147BReM/

Berbeda tapi tetap bersatu untuk Indonesia tangguh. Jaga kebhinekaan, jaga kerukunan, saling menghargai dan menghormati. Gotong royong membangun peradaban dan pertumbuhan global.

Selamat Hari Lahir Pancasila, 1 Juni 2023.
Salam Pancasila!

#harlahpancasila2023

Kerentanan Kunci RSA di Perangkat Lunak SSH PuTTY dan FileZilla

https://www.vuxml.org/freebsd/080936ba-fbb7-11ee-abc8-6960f2492b1d.html

Kerentanan baru-baru ini telah ditemukan dalam perangkat lunak PuTTY dan embedders seperti FileZilla, yang memengaruhi keamanan kunci RSA yang digunakan untuk otentikasi dalam protokol Secure Shell (SSH). Kerentanan ini terkait dengan penggunaan Random Number Generator (RNG) yang bias pada tanda tangan ECDSA dengan kunci 521-bit, yang memungkinkan penyerang untuk memulihkan kunci pribadi. Artikel ini mengeksplorasi implikasi kerentanan ini dan memberikan panduan tentang langkah-langkah yang harus diambil untuk melindungi sistem.

Selain dampak langsung terhadap pengguna PuTTY dan FileZilla, kerentanan ini juga dapat memiliki dampak lebih luas jika penyerang adalah operator SSH server yang memanfaatkan informasi untuk mengakses layanan lain yang menggunakan kunci yang sama. Ini menimbulkan potensi risiko supply-chain attack pada perangkat lunak lain yang menggunakan otentikasi SSH.

Kerentanan kunci RSA di perangkat lunak SSH seperti PuTTY dan FileZilla menyoroti pentingnya pembaruan keamanan teratur dan respons cepat terhadap kerentanan baru yang ditemukan. Dengan memperbarui kunci dan perangkat lunak yang terpengaruh, pengguna dapat meningkatkan keamanan sistem mereka dan melindungi data sensitif dari ancaman keamanan yang muncul.

NetBSD 9.4 available!

The NetBSD Project is pleased to announce NetBSD 9.4, the fourth
release from the NetBSD 9 stable branch.

It represents a selected subset of fixes deemed important for security
or stability reasons since the release of NetBSD 9.3 in August 2022, as
well some enhancements backported from the development branch. It is
fully compatible with NetBSD 9.0. Users running 9.3 or an earlier
release are strongly recommended to upgrade. Please see the
release announcement[1] for details, especially check the OpenSLL
compatibility note.

The NetBSD release engineering team

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

Included among the tools deployed is a remote access tool that's capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, cloud analytics platform Datadog said in a report published last week.

Analysis of the campaign has uncovered tactical overlaps with a previous activity dubbed Spinning YARN, which was observed targeting misconfigured Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services for cryptojacking purposes.

The attack commences with the threat actors zeroing in on Docker servers with exposed ports (port number 2375) to initiate a series of steps, starting with reconnaissance and privilege escalation before proceeding to the exploitation phase.

Payloads are retrieved from adversary-controlled infrastructure by executing a shell script named "vurl." This includes another shell script called "b.sh" that, in turn, packs a Base64-encoded binary named "vurl" and is also responsible for fetching and launching a third shell script known as "ar.sh" (or "ai.sh").

"The ['b.sh'] script decodes and extracts this binary to /usr/bin/vurl, overwriting the existing shell script version," security researcher Matt Muir said. "This binary differs from the shell script version in its use of hard-coded [command-and-control] domains."

The shell script, "ar.sh," performs a number of actions, including setting up a working directory, installing tools to scan the internet for vulnerable hosts, disabling firewall, and ultimately fetching the next-stage payload, referred to as "chkstart."

A Golang binary like vurl, its main goal is to configure the host for remote access and fetch additional tools, including "m.tar" and "top," from a remote server, the latter of which is an XMRig miner.

"In the original Spinning YARN campaign, much of chkstart's functionality was handled by shell scripts," Muir explained. "Porting this functionality over to Go code could suggest the attacker is attempting to complicate the analysis process, since static analysis of compiled code is significantly more difficult than shell scripts."

Downloading alongside "chkstart" are two other payloads called exeremo, which is utilized to laterally move to more hosts and spread the infection, and fkoths, a Go-based ELF binary to erase traces of the malicious activity and resist analysis efforts.

"Exeremo" is also designed to drop a shell script ("s.sh") that takes care of installing various scanning tools like pnscan, masscan, and a custom Docker scanner ("sd/httpd") to flag susceptible systems.

"This update to the Spinning YARN campaign shows a willingness to continue attacking misconfigured Docker hosts for initial access," Muir said. "The threat actor behind this campaign continues to iterate on deployed payloads by porting functionality to Go, which could indicate an attempt to hinder the analysis process, or point to experimentation with multi-architecture builds."

Source: https://thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html

App: Dbeaver Community Edition
Versi: 24.1.5
Platform: Windows
Url: https://dbeaver.io
Tags: #dbeaver #database #sql #windows

App: Dbeaver Community Edition
Versi: 24.2.0
Platform: Windows
Url: https://dbeaver.io
Tags: #dbeaver #database #sql #windows

GhostStrike: Open-source tool for ethical hacking - Help Net Security
https://www.helpnetsecurity.com/2024/10/17/ghoststrike-open-source-tool-ethical-hacking/

https://www.phoronix.com/review/gcc-15-amd-zen5

With the GCC 15 compiler having progressed to its final stage of development prior to the GCC 15.1 stable release in the likely March~April time frame, I've begun testing the updated GNU Compiler Collection on some test systems. Overall GCC 15 is looking nice and on AMD Zen 5 "znver5" in particular seeing some solid gains over GCC 14. Here are some initial performance benchmarks of the GCC 15 compiler.

https://docs.fossorial.io/overview

The Fossorial system - with Pangolin at its core - is a self-hosted tunneled reverse proxy with identity and access management, designed to securely expose private resources through encrypted WireGuard tunnels running in user space. Think self hosted Cloudflare tunnels.

Pangolin uses Traefik under the hood to do the actual HTTP proxying. A plugin, Badger, provides a way to authenticate every request with Pangolin. A second service, Gerbil, provides a WireGuard management server that Pangolin can use to create peers for connectivity. And finally, there is Newt, a CLI tool and Docker container that connects back to Newt and Gerbil with WireGuard fully in user space and proxies your local resources. This means that you do not need to run a privileged process or container in order to expose your services!