Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Facebook, Twitter profiles slurped by mobile apps using malicious SDKs"
"On Monday, Twitter and Facebook both claimed that bad apples in the
app stores had been slurping hundreds of users’ profile data without
permission ..."
VG
Bernd
[0]
https://nakedsecurity.sophos.com/2019/11/27/facebook-twitter-profiles-slurp…
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"New Hot Spot 2.0 Wifi Evil Twin Attack"
"... Hot Spot 2.0 misuse can guise a user to
think a network is more secure when indeed
it is a rogue access point ... "
VG
Bernd
[0]
https://medium.com/@adam.toscher/new-hot-spot-2-0-wifi-evil-twin-attack-2d6…
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Timestamp recognition of dates with two-digit years fails beginning January 1, 2020"
"The issue that this page addresses is developing rapidly.
Expect frequent near-term updates as more information
becomes available. Consider bookmarking the page and
checking back frequently to ensure that you have the
latest updates ..."
VG
Bernd
[0]
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetime…
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"RIPlace – A new Evasion Technique that Let Ransomware to Encrypt Files Undetected"
--> Research Paper [1]
--> "... all antivirus products including Endpoint Detection and Response
tested so far were completely blind to file operations using this
technique, including encryption ..."
VG
Bernd
[0]
https://gbhackers.com/riplace-evasion-technique/
[1]
https://www.nyotron.com/collateral/RIPlace-report_compressed-3.pdf
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de
Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] bzw. [1] FYI
"flan"
01. der Docker daemon sollte schon laufen
(sofern der aktuelle Benutzer nicht in der Gruppe docker ist, alle relevanten Befehle mit sudo)
systemctl status docker.service
docker run hello-world
02. die Quellen beziehen
git clone https://github.com/cloudflare/flan.git cloudfare_flan_vuln_scanner
cd cloudfare_flan_vuln_scanner
03. die zu testende IP (aus dem LAN!) festlegen (es gehen auch mehrere)
echo "$(dig -t a ${HOST_FQDN} +short)" > ./shared/ips.txt && cat ./shared/ips.txt
04. Bauen und schauen
make build
docker image ls | fgrep flan
docker image inspect flan_scan
05. die Prüfung durchführen
(empfohlene Anpassnung des Makefile unter Linux um die lokale Zeit in den Reports zu haben - genauer die "start:" Direktive
"docker run --name $(container_name) -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v $(shell pwd)/shared:/shared flan_scan" )
make start
06. jetzt noch den schönen PDF-Report erstellen
sudo apt install texlive-latex-extra texlive-fonts-extra
cd ./shared/report
pdflatex report_...text
VG
Bernd
[0]
https://github.com/cloudflare/flan
--
Bernd Kohler
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler(a)itc.rwth-aachen.de
https://www.itc.rwth-aachen.de