Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain… and don’t steal my data and then pretend you’re sorry.
Linux
New shc Linux Malware used to deploy CoinMiner
Researchers discovered a new Linux malware developed with the shell script compiler (shc) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler (shc) that threat actors used to install a CoinMiner. The experts believe attackers initially compromised targeted devices through a […]
The post New shc Linux Malware used to deploy CoinMiner appeared first on Security Affairs.
30+ Frequently Asked Linux Interview Questions and Answers [2023]
Want to ace your interview and uplift your skills in Linux operating system? Let’s check out the frequently asked Linux interview questions and answers.
The post 30+ Frequently Asked Linux Interview Questions and Answers [2023] appeared first on Geekfl…
Kali Linux: What’s next for the popular pentesting distro?
If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and Strategy Off…
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
The bad news: the crooks have your SSH private keys. The good news: only users of thhe “nightly” build were affected.
modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update]
As a fast workaround, a friend of mine made a modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell, which he allowed me to share with you. SecRule \ ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING “jndi:ldap:” \ “phase:1, \ id:751001, \ t:none, \ deny, \ status:403, \ log, \ auditlog, \ msg:’Block: CVE-2021-44228 – deny pattern \”jndi:ldap:\”‘, \ severity:’5’, \ rev:1, \ tag:’no_ar'” New […]
The post modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update] first appeared on Robert Penz Blog.
Jitsi Workaround for CVE-2021-44228/LogJam/Log4Shell
You surely heard of the LogJam / Log4Shell / CVE-2021-44228 – if not, take a look at this blog post. If you’re running Jitsi is most likely vulnerable and as there is no fix currently, you need a workaround which I provide here for you. You need to add -Dlog4j2.formatMsgNoLookups=True at the correct places in […]
The post Jitsi Workaround for CVE-2021-44228/LogJam/Log4Shell first appeared on Robert Penz Blog.
Proxmox Container with Debian 10 does not work after upgrade
I just did an apt update / upgrade of a Debian 10 container and restarted it afterwards and got following: # pct start 105 Job for pve-container@105.service failed because the control process exited with error code. See “systemctl status pve-container@105.service” and “journalctl -xe” for details. command ‘systemctl start pve-container@105’ failed: exit code 1 with a […]
The post Proxmox Container with Debian 10 does not work after upgrade first appeared on Robert Penz Blog.
Slurp- To Security Audits of S3 Buckets Enumerator
Slurp- Blackbox/Whitebox S3 Bucket Enumerator
To Evaluate the security of S3 buckets
Overview
Credit to all the vendor packages to develop Slurp possible.
Slurp is for pen-testers and security professionals to perform audits of s3 bucke…
The Ultimate WinRM Shell For Penetration Testing
This shell is the ultimate WinRM shell for hacking/pentesting.
WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol.
A standard SOAP based protocol that allows hardware and operating systems from d…