Category: Latest

Skimmer card masquerades as favicon-Malwarebytes Labs

Criminals register a fake domain to hide their skimmer as a harmless image file.

The authors of malware are known for their deceptive attempts to stay one step ahead of the defenders. If their plans are discovered, they always have to go back to their tricks to get a new one.

With regard to online credit card collectors, we have already seen a number of fallback methods, some of which are quite simple and others more complex. The goal remains to mislead online shoppers while remaining under the radar of site administrators and security scanners.

In the latter case, we saw an old trick on the server side, combined with the clever use of the symbol file to hide the web skimmer. The threat to the actors has registered a new website that offers thousands of images and icons to download, but actually has only one purpose: It is intended to be used as a front for credit card verification.

Alleged crushing

The latter case started with a file image displayed in a browser tab, often used for website identification, also called favicon.

http://31.220.61.170/wp-content/uploads/2020/05/Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 1 : Some favourites of popular websites

While browsing our logs, we found requests for a domain called myicons[.] net, which contains several icons and especially favorites. Several e-commerce sites have been downloaded from this domain by Magento Favorit.

http://31.220.61.170/wp-content/uploads/2020/05/1588982674_309_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 2: favicon.png for CMS Magento.

That in itself is not particularly suspicious. However, we noticed that myicons […] was registered just a few days ago and is hosted on a server (83 166 244 […] 76) previously identified as malicious. In a blog post, web security company Sucuri described how this web hosting company was part of a web hosting campaign using time-based domain names.

In addition, we discovered that the person who registered myicons[.]net has stolen all content from the legal iconarchive.com website; in the simplest way, by downloading it as an iframe :

http://31.220.61.170/wp-content/uploads/2020/05/1588982674_608_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 3 : Bait point with original side

We suspected favicon.png was malicious and may have used shorthand to hide the JavaScript code. But it wasn’t. The image is correctly formatted, without any additional code.

http://31.220.61.170/wp-content/uploads/2020/05/1588982675_126_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 4 : The file with the suspect’s photo was clean.

Conditional server response

To better understand what was going on before we ruled out the possibility of a false positive, we investigated how this case was handled in an online purchase. Down and now, when you visit the order page of the hacked Magento website, an innocent favicon.png has turned into something completely different.

http://31.220.61.170/wp-content/uploads/2020/05/1588982675_327_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 5 : The same web request of the referee, including the keyword cash.

Instead of delivering a PNG image, the malicious server returns a JavaScript code consisting of a credit card payment form. This content is dynamically loaded into the DOM to replace the PayPal option with a separate drop-down menu for MasterCard, Visa, Discover and American Express.

http://31.220.61.170/wp-content/uploads/2020/05/1588982675_923_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 6 : Malicious content hijacks standard payment method

Skimming ants and cockroaches

This skimmer is known to some as an ant and a cockroach. It is unique that it can be customized in English and Portuguese on the order form.

In addition to JavaScript code, it also contains HTML, which is inserted into the order page of the compromised stores. The idea is to blend in so that customers don’t notice anything suspicious.

http://31.220.61.170/wp-content/uploads/2020/05/1588982675_915_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 7 : Malicious HTML form filled in on the payment page

While web-based collectors focus primarily on credit card information, they also tend to collect additional personal information about victims, including name, address, telephone number, and email address.

http://31.220.61.170/wp-content/uploads/2020/05/1588982676_750_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 8 : The data fields collected by the skimmer

This data is encrypted and then sent back to the criminals. For Skimmer customers, the exfiltration domain may be another hacked website or a malicious website registered exclusively for this purpose.

http://31.220.61.170/wp-content/uploads/2020/05/1588982676_840_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 9 : An exfiltration code that transmits data to criminals.

This is the psas exfiltration domain…pw and is located on a known criminal infrastructure with IP address 83,166,242…105. Last March we described a campaign using the script of the Cloudflare rocket, which we believe is associated with the same group of threats.

One of the manycampaigns of Webskimmer

Considering the date of registration of the domain with the axis symbols, this specific system already exists for about a week, but it is part of a larger number of ongoing ski attacks.

Users using malicious bytes are protected by our real-time web security module, available in both Malware Bytes for Windows and the Browser Guard extension for Google Chrome and Mozilla Firefox.

http://31.220.61.170/wp-content/uploads/2020/05/1588982676_315_Credit-card-skimmer-masquerades-as-favicon-Malwarebytes-Labs.png Figure 10 : Anti-malware browser software blocks data filtering

Compromise figures

Skimmer URL, domain, IP and SHA256

myicons[…net/d/favicon.png
myicons[…net
83,166,244[…] 76
825886fc00bef43b3b3b7552338617697c4e0bab666812c333afdce36536be3b8e

Exfiltration range and PI

psas… pv
83 166 242 … 105

Read More

Monitor and manage Linux servers via web browser

Cockpit is a free and open source server management tool that allows you to easily manage and administer Linux servers via a web browser. It helps system administrators perform simple management tasks such as user management, container launch, memory management, network configuration, log check and much more. Switching between the terminal and the cockpit web interface is no problem at all. You can control the system services both from the cockpit and from the host terminal. The cabin even has an integrated terminal. For example, if you have started a service in the presentation device, you can stop it from the cockpit. In the same way, an error that occurs in the terminal can be displayed in the cockpit protocol interface and vice versa. It is able to control multiple Linux servers at the same time. Just add the systems you want to check and the Cockpit will take care of it.

In this tutorial we will see how to install and configure Cockpit under Linux (RPM and DEB based systems).

Installing the cockpit under Linux

The Cockpit was originally developed for RPM-based systems such as RHEL, CentOS and Fedora. It is currently being ported to other Linux distributions such as Arch Linux, Debian and Ubuntu.

Installing the Cockpit on Arch Linux

The Cockpit is available in the official Arch-Linux depots. To install Cockpit on Arch Linux and its derivatives like Manjaro Linux, run it:

$ sudo pacman – Cockpit

After installation, start and switch on the cockpit service with the control unit.

$ sudo systemctl enable –now cockpit.socket

Installing thecockpit on CentOS

The Cockpit is available in standard CentOS 7 depots. So you can install it with a single command:

$ ship’s yum cockpit interior

After installation, start the cockpit service with the command

$ sudo systemctl enable –now cockpit.socket

To access the Cockpit control panel from other remote systems, you must allow the Cockpit service through the firewall. Start walking:

$ sudo firewall-cmd –permanent –zone=public –add-service=cockpit

$ ship firewall-cmd – reboot

Put the cockpit on Fedora

The Cockpit is pre-installed on the Fedora server. If it was not installed accidentally, install Cockpit on Fedora with the command

Ship crew cabin

After installation, start the cockpit service with the command

$ sudo systemctl enable –now cockpit.socket

To access the Cockpit Web Control Panel, you must allow the cockpit service through the firewall. Start walking:

sudo firewall-cmd –permanent –zone=public –add-service=cockpit
$ sudo firewall-cmd –recharged

Placement of the cockpit on the wing

On Red Hat Enterprise Linux (RHEL) systems, make sure you have enabled the [Tools] repository:

repository of subscription manager sudo – enableable rhel-7 server extensions rpms

Then set the cockpit with the controls:

$ ship’s yum cockpit interior

After installation, start the cockpit service with the command

$ sudo systemctl enable –now cockpit.socket

To access the Cockpit Web Control Panel, you must allow the cockpit service through the firewall. Start walking:

sudo firewall-cmd –permanent –zone=public –add-service=cockpit
$ sudo firewall-cmd –recharged

Installing the Cockpit in Debian

The cockpit is available in unstable mode and on backends for Debian 8 (Jessie) and Debian 9 (Stretch).

For Debian 9, enable the [backports] repository as root, as shown below:

# echo ‘deb http://deb.debian.org/debian stretch-backports main’ > /etc/apt/sources.list.d/backports.list

For Debian 8, record the backports sloppy:

# echo ‘deb http://deb.debian.org/debian jessie-backports-sloppy main’ > /etc/apt/sources.list.d/backports.list

Finally, define the cockpit with the team:

# apt-get update
apt-get install cockpit

Installing thecockpit on Ubuntu

The cockpit is available from Ubuntu version 17.04, so you can install it with the command

$ sudo apt install a cockpit

The cockpit is available as an official home port for 16.04 LTS and later. Backports are enabled by default, but if you have configured the apt sources, you may need to enable them manually.

After activating the backports, execute the following command to install Cockpit on Ubuntu 16.04:

$ sudo apt install a cockpit

There is also a power purchase agreement for the cockpit. Add a PPA and install the Cockpit as shown below.

sudo add-apt-repository ppa: cockpit project/cockpit
$ sudo apt-get update
$ sudo apt-get install cockpit

Monitoring and management of Linux servers with a cockpit via web browser

After installation, open a web browser and go to https://localhost:9090 (or) https://IP-address:9090. You will be satisfied with the first cockpit screen.

Cockpit access interface on the Ubuntu 20.04 LTS server:

Interface connection in the cockpit on Ubuntu 20.04 LTS

Use one of your system’s user IDs to log in.

Make sure you check the Reuse my privilege password box to perform administrative tasks directly from the cockpit dashboard. If you do not select this option, you may need to enter the password each time you perform administrative tasks.

Cockpit input interface on the CentOS 8 server:

Cockpit input interface on the CentOS 8 server

This is what the dashboard of my car looks like on a CentOS 8 server:

Cockpit dashboard on the CentOS 8 server

As you can see in the screenshot above, the Cockpit System Information screen shows data on your server, as well as images for CPU, memory, disk and network traffic. This section allows you to monitor your server CPU usage, memory usage and swap, disk usage, and live network traffic. From there you can even update or restart the server.

This is what the dashboard of the cockpit looks like in Ubuntu 20.04 LTS:

Cockpit dashboard in Ubuntu Server 20.04

Magazine section

The Logs section shows a list of errors, warnings and other important data about your Linux server.

Section Logs

Warehouse

This section shows you unavailable hard disks, file system information, storage logs, and how to use the disk for reading and writing.

Storage space in the cockpit

Network part

This section displays a list of available network interfaces and the IP address of each card. Here we configure the network parameters such as creating a Vlan, a network connection and a network bridge, and so on. In this section we also see the network protocols, the incoming and outgoing traffic on the network card and the visual graphics of sending and receiving.

Network area in the cockpit

Accounts

In this section you can create new users, delete existing users, change user passwords, and so on.

Accounts in the Cockpit section

We can also terminate all SSH sessions from here.

Services Section

This section displays a list of active and inactive services.

Cockpit Section Services

Cockpit terminal

Another noteworthy feature of the Cockpit web console is the integrated terminal that allows all kinds of operations to be performed from the command line. You do not need SSH on your server, nor do you need to install external communication tools. With Terminal Cockpit we can perform all command line operations on the host as in a normal terminal.

Cockpit terminal

How to add new hosts in the cockpit control panel

The cockpit can manage multiple servers at the same time.

Log in to the Web Cockpit toolbar.

If you work in Ubuntu, you must check the Reuse my password for privileged tasks box below the password field. This allows you to perform all administrative operations via the cockpit. If you do not check this option, you will not be able to add remote systems to the cockpit instrument panel or perform administrative operations. On RHEL, CentOS systems, you can login directly as root, so you don’t have to check this option.

Login as user administrator in the Ubuntu Cockpit

Click the Dashboard button in the left pane to display the list of servers managed by Cockpit. In the Server tab you can see all servers.

To add a new server, click on the + (plus) sign on the Servers tab.

Search all Linux systems managed by Cockpit

Type the IP address of the remote server you want to monitor and click Add.

Adding a new machine to the cockpit dashboard

You see a key warning from an unknown host. Click Connect to add the device anyway.

Connecting external Linux computers to the cockpit

Enter your external system username and password.

Enter the remote system registration data to add it to the cockpit.

Congratulations! We have successfully added a new remote Linux system to the Cockpit control panel. You can see the newly added systems in the Server tab on the dashboard.

A new Linux host has been added to the Cockpit

Click on the name of the remote system to start monitoring from the cockpit control panel.

Remote monitoring of a Linux system from the cockpit

Here I am the CentOS 8 server of Ubuntu 20.04 LTS with Cockpit.

You can also add as many systems as you want to control and manage. As soon as you can operate the system remotely, you can manage it completely from the local system via the cockpit. You can add, delete and manage users, remotely add, delete, configure, restart or shut down systems, and much more with Terminal Cockpit.

We recommend you read it:

Cockpit selects novice and experienced Linux administrators. The installation and use of the cockpit is quite simple and understandable. If you have a network full of remote-controlled systems, add them all to the control panel and manage them like a pro.

Means :

Thank you so much for coming!

Help us to help you:

Have a nice day!cockpit vs webmin,cockpit project,linux cockpit plugins,linux file server with web interface,linux web-based system monitor,cockpit docker,server dashboard linux,cockpit setup

Read More

Linux-driven modules illuminate I MX8X and I MX8 M Mini and Nano.

http://31.220.61.170/wp-content/uploads/2020/05/Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg TQ-Embedded launches the TQMa8Xxx and SMARC TQMa8XxS form factor module, which runs under Linux on the NXP i.MX8X platform. TQ also uses the TQMa8MxML LGA module, which is based on i.MX8M Mini/Nano.

TQ-Embedded, an integrated module of the German company TQ-Systems, has released several modules that run Linux on NXP i.MX8 processors. The company has just announced two new modules – TQMa8Xxx and SMARC 2.1 that are compatible with TQMa8XxS – that will run on the low power i.MX8X. In March, TQ announced the release of the TQMa8MxML module, which supports the i.MX8M Mini or Nano. All three modules will be completed on the 15th. May, which according to TQ is the official starting date for mass deliveries of i.MX8X.

http://31.220.61.170/wp-content/uploads/2020/05/1588843847_352_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg http://31.220.61.170/wp-content/uploads/2020/05/1588843847_973_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg
TQMa8Xx (left) and TQMa8XxS
(click to enlarge)

Also in March, TQ announced the release of a module based on NXP’s Layerscape LX2160A, following the January announcement of SBC based on the Layerscape LS1028A. We’ll tell them both in a separate story. The SBC is based on the TQMLS1028A
module, reported in March 2019, and modules based on Intel Whiskey Lake and NXP T1022. At about the same time, Macnica Americas announced the start of distribution of TQ tables in North America.

TQMa8Xxx and TQMa8XxxS

Form Factor TQMa8Xxx 55 x 44 mm, SMARC 2.1 form factor TQMa8XxS is designed for medical equipment, HMIs, industrial controllers, IoT gateways, building automation systems, transportation and robotics. The two modules we read about on the EENews Embedded support Linux, with Android and QNX on request.

The NXP is energy efficient, up to the four-core i.MX8X based on the Cortex-A35, and has a clock frequency of 1.2 GHz. TQ supports Dual, Dual Plus and Quad Plus (also known as DualX, DualXPlus and QuadXPlus) models. Plus models are equipped with a Live GT7000Lite 4-shader GPU and Dual with a GT7000UltraLite 2-shader GPU. All three processors contain the 266 MHz Cortex M4 chip and Tensilica HiFi 4 DSP.

Both TQMa8Xxx and TQMa8XxS support up to 2GB DDR3L with optional ECC support, as well as up to 256MB NOR QSPI flash memory and up to 64GB eMMC. Both have a double GbE controller, an RTC and a temperature sensor.

The modules are available in models with temperatures ranging from -25 to 85°C or -40 to 85°C. They work with 3.3 V DC inputs and the TQMa8XxS also has an optional 3.3-5.25 V input. Typical power consumption is specified as 4 W.

http://31.220.61.170/wp-content/uploads/2020/05/1588843848_543_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg http://31.220.61.170/wp-content/uploads/2020/05/1588843848_749_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg
Block diagrams TQMa8Xx (left) and TQMa8XxS
(click on images to enlarge)

The main difference between the modules is that the TQMa8XxS SMARC module has a computer interface with 4K support, while the TQMa8Xxx module offers MIPI-DSI with HD support. Both offer 2x LVDS and MIPI-CSI.

Almost all other interfaces are listed in the same way. While the TQMa8XxS focuses on the display, the TQMa8X performs better on the audio side with 2x SPDIF and 4x ESAI. The SMARC module does not have these signals, but offers an I2S interface.

Both offer a USB 3.0 OTG interface and the TQMa8XxS offers 5x USB 2.0, while the TQMa8Xxx has 2x USB 2.0 OTG. TQMa8X has more serial interfaces with 4x UART and 3x CAN FD. It also has more SPI (4x), I2C (8x) and GPIO (32x) connectors. Both devices have the same SDIO and PCIe interfaces and an optional JTAG.

Each module has its own evaluation kit – STKa8Xxx or STKa8XxS – loaded with 1 GB DDR3L and 8 GB eMMC modules. The cards are equipped with a 4GB SD card, dual GbE, PCIe and dual LVDS. The other I/O’s are different, with different serial, CAN FD, USB and other numbers. A power supply unit and cables are also available. In Starter versions, a TQ display set is added. A Wiki program and full documentation are also available.

Other modules based on i.MX8X that will also be delivered in the coming weeks are Advantech’s ROM-5620 SMARC module and Compulab’s CL-SOM-iMX8X, Kontron’s SMARC-sAMX8X, Kontron’s Qseven based Conga-QMX8X, F&S’ efus MX8X, Phytec’s phyCORE-iMX8X module.MX 8X, Variscite’s VAR-SOM-MX8X, and Toradex Colibri iMX8X and Digi ConnectCore 8X.

TQMa8MxML

TQMa8MxML has an LGA form factor of 38 x 38 mm. The module supports both i.MX8M Mini and i.MX8M Nano (see details below), as well as up to the A53 quadrupole, albeit slightly lowered. The other computer modules that both support the SoC are Variscite VAR-SOM-MX8M-MINI and Toradex Verdin.

http://31.220.61.170/wp-content/uploads/2020/05/1588843848_736_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg http://31.220.61.170/wp-content/uploads/2020/05/1588843848_588_Linux-driven-modules-light-up-i.MX8X-and-i.MX8M-Mini-and-Nano.jpg
TQMa8MxML and block diagram
(click on the images to enlarge).

The TQMa8MxML supports all mini- and nano-kernel configurations and comes with Linux and, if desired, Android. You can download up to 4 GB LPDDR4 on the i.MX8M Mini version and 2 GB on the Nano version. You also get up to 64 GB eMMC and 256 Mb NOR Flash QSPI.

The TQMa8MxML is equipped with an optional GbE controller, temperature sensor, RTC and JTAG. The 5V module has a typical power consumption of 4W and supports the same temperature ranges as the TQMa8Xxx and TQMa8XxS.

Media features include 4-band DSI and CSI MIPI, as well as a variety of audio functions, including SPDIF, up to 20x I2S and up to 8x PDM microphones. With the exception of a USB 2.0 host interface, all of the following inputs/outputs are listed as above. This includes 1x or 3x USB 2.0 OTG links, depending on the conflict list, as well as 4x UART, 4x I2C, 3x SPI, 3x SDIO/eMMC and a single QSPI and PCIe 2.0.

The additional evaluation kit STKa8MxML makes it possible to load 2 GB LPDDR4 and 8 GB eMMC module. The carrier card comes with a 4 GB SD card and a 2x USB 2.0 host and a Micro-USB OTG 2.0 and GbE port. Media ports include eDP, LVDS, MIPI-CSI and audio. There is a mini-PCIe lock with a SIM card slot and a power supply and cables. The starter kit version adds a screen.

The NXP i.MX8M Mini and i.MX8M Nano SoC use a more advanced 14LPC FinFET process than the i.MX8M. For Mini this translates into lower power consumption and a higher clock frequency for the 1, 2 or 4x Cortex-A53 (1.8 GHz) and Cortex-M4 (400 MHz) cores. The Mini also features GCNanoUltra (3D) and GC320 (2D) graphics cores with 1080p60 video acceleration instead of 4K for the i.MX8M.

The new, smaller i.MX8M Nano also offers up to 4x-A53 cores, but reaches a maximum of 1.5 GHz. Nano, which is compatible with Mini, has a Live 3D/2D GPU GC7000UL, but no VPU. However, it contains a more powerful 600 MHz Cortex-M7 chip and has a PET of less than 2W.

Additional information

TQMa8Xxx, TQMa8XxS and TQMa8MxML must be published on the 15th. They may expire and their prizes will not be announced. More information can be found on the TQMa8Xxx and TQMa8XxS screens of TQ-Embedded and on the product pages of TQMa8Xxx and TQMa8XxS.

More information about TQMa8MxMLmay can be found on the announcements and products page.

Read More

Critical WordPress plugin bug enables automated takeovers.

A critical error in the WordPress plugin makes it possible to automatically record

Attackers can exploit the critical vulnerability of the WP Product Review Lite plug-in, installed on more than 40,000 WordPress sites, to inject malicious code and capture potentially compromised sites.

WP Product Review Lite helps website owners quickly create customized review articles using predefined templates.

The plugin supports activating affiliate links, rich snippets, displaying widgets and buying buttons for additional monetization feeds.

Persistent XSS leading to zone control

The bug in WP Product Review Lite discovered by Sucuri Labs’ research team can be used by non-authenticated attackers.

They can bypass the WordPress user input security feature to launch the Stored cross-site scripting (Stored XSS) attack, which, if successful, allows them to inject malicious scripts into all products stored in the target site’s database.

Fortunately, the Sucuri Labs team is not aware of the current exploits aimed at this vulnerability.

Attacks without authentication are very serious because they can be automated, making it easier for hackers to launch successful and widespread attacks against vulnerable sites, said vulnerability researcher John Castro of Sucuri Labs.

The number of active installations, the ease of use and the consequences of a successful attack make this vulnerability particularly dangerous.

Sensitive function Figure : Sukuri Laboratory Technicians

If attackers are able to trick a site administrator into accessing compromised products, they can redirect the administrator to a malicious site or steal session cookies to authenticate on the administrator’s behalf.

This allows attackers to add new admin accounts to gain full control over the compromised WordPress site.

Website visitors are also attacked because a malicious script running in their browser can be used by attackers to redirect these visitors to malicious websites.

Thousands of objects still under attack

The developer of WP Product Review Lite, ThemeIle, fixed the vulnerability in version 3.7.6, which was released on May 14. was released on May 1, the day after Sucuri Labs’ report.

Users are strongly advised to update their plugin to the latest version as soon as possible to prevent possible attacks aimed at capturing their sites or redirecting visitors and administrators to malicious sites.

#WordPress vulnerability alert! # # During a recent scan, we discovered in WP Product Review an un-authenticated memory vulnerability #XSS #. User plug-ins : Please update as soon as possible! https://t.co/zilzFThs0o # Website security #

– Sukuri (@Sucurisecurity) 14. May 2020

Nearly 7000 users have adopted the fixed version of WP Product Review Lite since its release, and more than 33000 sites with vulnerable versions of the plug-in are still under attack.

Over the past 30 days, researchers have discovered cross-site scripting (stored XSS) vulnerabilities preserved in a number of other plug-ins, including Ninja Forms, Real-Time Find and Replace and Contact Form 7 Datepicker, with over 1,200,000 active installations.

Read More

How to install CentOS 8 to VPS in VNC mode

This tutorial shows you how to install CentOS 8 on a VPS (Virtual Private Server) in VNC mode. This is useful if your hosting provider does not offer a one-click installation of CentOS 8 or if you want to configure the installation, for example B. the encryption of the player.

VNC (Virtual Network Computing) allows you to control the VPS as if you were sitting in front of the screen and keyboard. You can insert a custom ISO image into the virtual optical drive and install a custom operating system.

Step 1: Determine the IP address of Gateway.

In VNC mode, you must manually configure Internet access for your VPS so that you know the IP address of the gateway. The gateway is on the same logical network as your VPS, and the IP address usually ends in 1, such as 192.168.0.1. For example, if the IP address of my VPS is 23.254.225.226, the IP address of the gateway is almost always 23.254.225.1.

If you want to be sure, you can first install Ubuntu or Debian on your VPS using the one-click installation function in the VPS control panel, then download it and enter the following command:

show routing ip

A way out:

standard in 23.254.225.1 dev ens3 prototype static metric 100
23.254.225.0/24 dev ens3 prototype core reference range src 23.254.225.226 metric 100

The default IP address after the via is the IP address of your gateway.

Step 2: Download your VPS from CentOS 8 ISO

Locate the Virtual Optical Drive in the VPS control panel and connect the CentOS 8 ISO. Sometimes you have to give your webhost a direct link to download the CentOS-8 ISO file and ask them to mount it for you. Links to download ISO in CentOS 8 can be found here. Note that I recommend using a network installation ISO image (534 MB) instead of a DVD-ISO image because your web host may not be able to import a 7G-ISO image.

download centos 8 iso

Then make a VNC connection to your VPS. You can obtain the VNC login and password from your hosting provider. Normally, you can use the VNC Web client in the VPS control panel.

Then define the startup order of your VPS. Install it first to boot from the optical disc. Then click on the Download button in the Control Panel to download the VPS.

Step 3: Installing CentOS 8

You should now see the following screen in the VNC client. Press the Enter key to install CentOS Linux 8.

setting the centrifuges 8 to vps in vnc mode

Then choose your language. I chose English.

how to install centrifuges 8

On the next screen you have to fill in 4 points:

  • Installing a hard disk partition
  • Introduction of Internet access
  • Implementation of the software archive
  • Select the software to be installed on your server

centros 8 net installation

First click on Installation Area to configure the hard disk partition. By default, automatic marking is selected, so click Done. If you want to encrypt the drive, you can do so in this step.

Centrifugal installation

Then click Network and Host Name to configure Internet access. Turn on Ethernet and press the configuration button. Go to the IPv4 settings tab and change the DHCP method from automatic to manual. Then click on the Add button. Enter the IP address of your VPS, the Netmask and the IP address of the gateway.

Centrifuge 8 Network configuration

Click the Save button to save your network settings. Then press Done.

Then click on the installation source to configure the software memory. By default, the nearest mirror is selected, but it does not work. Instead, you can use the following settings.

  • URL: http://mirror.centos.org/centos-8/8/BaseOS/x86_64/os/.
  • The type of URL is the repository URL.

Centrifugal error 8 Placing the basic deposit

Click the Finish button and wait until the archive is configured.

Finally, click on the software selection button to select the software to be installed on your server. By default the GUI server is selected, but I choose the minimum installation for my VPS.

centrex 8 minimum setting

After filling in 4 points, click on the Start installation button. Set a password for the root user when installing the operating system.

Once the installation is complete, return to the VPS control panel and install the VPS to boot from the hard drive. Then restart your VPS. You should now be able to manage the social sciences and humanities in your CentOS 8 VPS.

Packaging

I hope this manual has helped you install CentOS 8 on your VPS in VNC mode. As always, if you find this message useful, subscribe to our free newsletter for more tips and tricks. Take care of yourself.

Evaluate this training manual.

On second thought: 1 Average : 4]

Read More

Regular expressions for grep (regex) with examples

http://31.220.61.170/wp-content/uploads/2020/05/Linux-shell-script-add-a-user-with-a-password.png

How to use the grep command with regular expressions on Linux and Unix-like operating systems? How do you use grep and regular expressions (regex) to search for text/words under Linux?

Linux comes with GNU grep, which supports extensive regular expressions. GNU grep is the standard on all Linux systems. The grep command is used to find information stored somewhere on your server or workstation. Let’s look at the basics of regex and the use of regular expressions in Linux and Unix-like systems.

 

Expression in bold

Regular expressions are only a template for each entry line. A pattern is a sequence of symbols. Here are some examples:
^w1
w1|w2
[^ ] foo
bar
[0-9].

Three types of Regex

grep includes three different types of regular expression syntax as follows:

  1. Core (BRE)
  2. advanced EDS
  3. Pearl (PCRE)

handle Regular expressions Examples

Look for vivek in the file /etc/passswd
grep vivek /etc/passwd
sample output :

vivek:x:1000:1000:Vivek Gite,,,,:/home/gitevivek:/bin/bash
vivekgite:x:1001:1001::/home/vivekgite:/bin/sh
gitevivek:x:1002:1002::/home/gitevivek:/bin/sh

Search in vivek (i.e. search without money)
grep -i -w ‘vivek’ /etc/passwd
Search in vivek or raj
grep -E -i -w ‘vivek|raj’ /etc/passwd
DATCHIC in the last example, used as an extended regular expression The following corresponds to the word Linux or UNIX:
egrep -i ‘^(linux|unix)’ filename

How do the different characters fit together

Symbol. (dot or dot) coincides with any symbol. Let’s have a look at the following demo.txt file:
$ cat demo.txt
Output of :

foo.txt
bar.txt
foo1.txt
bar1.doc
foobar.txt
foo.doc
bar.doc
dataset.txt
buy.db
buy1.db
buy2.db
buy3.db
buy.idx
foo2.txt
bar.txt

Let’s find all filenames that start with the purchase:
grep ‘Buy’ demo.txt
Next I have to find all filenames that start with the purchase and then another character:
grep ‘Buy’.db’ demo.txt
Our last example finds all filenames that start with the purchase but end with db:
grep ‘Purchase…db’ demo.txt
Regular expressions for Linux and Unix In grep

How to compare only point (.)

A point (…) has a special meaning in Regex, i.e. it corresponds to each character. But what if you only have one point…? I want to tell my grep team that I want the point symbol (.), not a special regex. (point). You can avoid a point (.) by anticipating with (backslash):
grep Buy … demo.txt
Buy grep … demo.txt
Regular expressions in grep

Anchors

You can use ^ and $ to have the regex only match at the beginning and end of the line. The following example shows lines starting with vivek only:
grep ^vivek /etc/passwd
sample output

vivek: x:1000:1000:Vivek Gait,,,, /home/vivek: /bin/bash
vivekgite: x:1001:1001::/home/vivekgite: /bin/sh

You can only display lines beginning with the word vivek, not vivekgite, vivekg, etc. display:
grep -w ^vivek /etc/passwd
Search for lines ending with the word foo:
grep ‘foo$$’ filename
Name of a file containing only foo:
grep ‘^foo$$’ filename
You can search for empty lines using the following examples:
grep ‘^$$$’ filename
Matching character sets

How can I register character sets with grep?

The period (…) corresponds to each character. The […] syntax allows you to assign certain characters and character strings. Suppose you want to combine Vivek and Vivek: File name
grep ‘[vV]ivek’
or
grep ‘[vV][iI] [Vv][Ee][kK]’. File name
Let’s compare the case of numbers and symbols. For example, try to calculate words like vivek1, Vivek2, etc. For example, try to calculate words like vivek1, Vivek2, etc.:
grep -w ‘[vV]ivek[0-9] filename
In this example, the two numbers match Other words, pas foo11, foo12, foo22, etc. type:
grep ‘foo[0-9][0-9]’ filename
You are not limited to numbers, you can assign at least one letter:
grep ‘[A-Za-z] filename
Displays all lines containing a character w or n:
grep [wn] filename
Between brackets, the name of a character class included in [:. and:] means a list of all the characters belonging to that class. Class names with standard letters :

  • …… – Alphanumeric characters.
  • …alpha… – Alphabetical characters
  • Empty. – Empty symbols: Spaces and tabulation.
  • [Number:] – Numbers: ‘0 1 2 3 4 5 6 7 8 9’.
  • …downstairs… – Lower case: a b c c d e f i n a n c e m n o p q r s t u v w x y z.
  • [:space :] – The symbols of space: Tabulator, line feed, vertical tab, page breakage, sled transport and spaces.
  • [Up:] – In capital letters: A B C C D E F G I C A L M A N A G E M E N T O F Q R S T U V W X Y Z.

In this example, all uppercase letters are the same:
grep ‘[:above:]’ File name

As rejected Correspondence in registers

^ Denies all ranges in the set:
grep ‘[vV]ivek[^0-9] test
Use regular expressions grep to find text patterns Use regular expressions grep to find text patterns

Distributor

You can use it for a character. In this example, compare all three-digit words beginning with b and ending with t :

True,

  • > Compare a blank line at the end of the word.

Print all lines with exactly two characters:
grep ‘^…$’ filename
List all lines beginning with a point and a number:
grep ‘^…[0-9]’ filename

ItemEscape

Suppose you only want to map the IP address 192.168.2.254 and nothing else. The following regex to find the IP address 192.168.1.254 will not work (remember that the dot matches a single character ?):
grep ‘192.168.1.254’ host
sample output :

192.168.2.18 centos7
192x168y2z18 centos7

These three points should be avoided:

192,168,2.18 cents7

grep ‘192.168.1.254’ hosts
The following example is for the IP address only:
egrep ‘[[:Number:]]{1,3}.[[[:Number:]]{1,3}.[[[:Number:]]{1,3}.

How do I search for a pattern whose main value is a character?

Search for all strings that match -test- using the -e option Without -e, grep will try to scan -test- as a list of options:
grep -e –test– grep File name

How to make an O.R. with Grep?

Use the following syntax:
grep -E file name Word1|Word2
####### OR #######
egrep Word1|Word2 file name

OR
grep Word1|Word2 file name

How do I get along with Grep?

Use the following syntax to display all lines containing the filenames Word1 and Word2
grep Word1 | grep Word2
OR
grep foo.*bar|word3.*word4 filename

How can I check the order?

You can use the following syntax to check how many times a character must be repeated in a row:

{N,}
{min,max}

The words col and cool correspond to the words col and cool: filename aggreg ‘co{1,2}l’ The following example corresponds to a random sequence of at least three letters ‘c’. In this example, I am mapping the mobile phone number that is 91-1234567890 (i.e. two – ten digits) [[:digit:]]{2}[ -]? is [[:digit:]]. {10} File name

How to mark the fence?

Transfer the colour as follows:
grey – colour regex File name

How can I display only the matches and not the rules?

Use the following syntax:
grep -o regex filename

Fat Regular Expression Operator

We hope the following table will help you to quickly understand the regular expressions of grep when used on Linux or Unix-like systems:

Regression operator Value Example
. Suitable for all characters. fence… File
grep ‘foo’.
? The above paragraph is optional and will be respected at most once. grep ‘vivek? /etc/passwd
* The previous material is compared with zero or more times. grep ‘vivek*’ /etc/passwd
+ The previous point will be compared one or more times. ls /var/log/ | grep -E ^[a-z]+.log
{N} The previous point corresponds exactly to the N-times. erep [0-9]{2} Input
{N,} The preceding point corresponds to N-times or more. for example: 0-9]{2,} Input
NO, NO. The previous point corresponds to at least N times, but not more than M times. for example [0-9]{2,4} Access
Represents a range if it is not the first or last in the list or the end point of the range in the list. grep ‘:/bin/[a-z]* /etc/passwd
^ Corresponds to a blank line at the beginning of the line; also stands for characters that are not in the list box. grep ‘^vivek’ /etc/passwd
grep ‘[^0-9]* /etc/passwd
$ Corresponds to the white line at the end of the line. grep ‘^$’ /etc/passwd
b Corresponds to the white line at the edge of the word. vivek ‘bvivek’ /etc/passwd
B It’s a blank line to the edge of the word. grep ‘B/bin/bash /etc/passwd
< Compare the white line at the beginning of the word. Lubrication
> Compare the white line at the end of the word. grep ‘bash>’ /etc/passwd
grep ” /etc/passwd

Linux grep vs. egrep command

The game corresponds to the grep -E team. It interprets PATTERN as an extensive regular expression. Extract from the homepage of the site :

In the main regular expressions, the metacharithures ?, +, {, |, (, and ) lose their special meaning, and instead reverse scarves ?, +, {,
|, (, and ) are used.

Traditional erep does not support [meta characters, and some egrep implementations support { instead, so portable scripts { in the
handle should avoid the -E templates and use [{] to match the letter {.

GNU grep -E tries to support traditional usage, assuming that { is not special if it is the beginning of an invalid interval specification.
For example, the command grep -E ‘{1′ searches for a two-character string {1’ instead of reporting a syntax error in a regular expression.
POSIX.2 allows such behavior as an extension, but portable scripts should avoid this.

Conclusion

You have learned to use regular expressions (regex) in grep under Linux or Unix with several examples. View the GNU/grep network manual page here or refer to the following resources:

  • grep and regex manual page(7)
  • Information page Lubrication

RECOMMENDATIONS

Published: Vivek gears

The author is the creator of nixCraft and an experienced system administrator, DevOps engineer and Linux/Unix shell script trainer. Receive the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly by email.grep regular expression,in the expression grep a 'stop,grep regex group,grep regex cheat sheet,grep regex number,grep regex tester,grep regex whitespace,the regular expression that matches any one of the following

Read More

Set up your own BIND9 DNS Resolver to CentOS 8 / RHEL 8

This guide explains how to set up a local DNS resolver on the CentOS 8/RHEL 8 using the widely used BIND9 DNS software. There are many synonyms for the DNS resolver, some of which are listed below. They all refer to the same thing.

  • Full resolver (as opposed to loop resolver)
  • DNS Retriever
  • recursive DNS server
  • recursive solver

Don’t forget that a DNS server can also be called a nameserver. Examples of DNS resolvers are 8.8.8 (Google’s public DNS server) and 1.1.1.1 (CloudFlare public DNS server). The operating system on your PC also has a resolver, but this is called a plug-in resolver because of its limited capabilities. Loopback Converter is a small DNS client on the end user’s computer that receives DNS queries from applications such as Firefox and forwards them to a recursive converter. Almost all converters can cache the DNS response for better performance, which is why they are also called cached DNS servers.

Why use your ownDNS resolver?

Usually your computer or router uses your Internet Service Provider’s DNS resolver to look up domain names to obtain an IP address. Using your own local DNS resolver can speed up DNS queries because

  1. The local DNS resolver only listens to your DNS queries and does not respond to other people’s DNS queries, so you have a much better chance of getting a DNS response directly from the resolver’s cache.
  2. The network delay between your computer and the DNS resolver has been eliminated (close to zero), allowing DNS queries to be sent to the root DNS servers faster.

If you run a mail server and use DNS blacklists (DNSBLs) to block spam, it is recommended that you use a local DNS resolver to speed up DNS queries. If you use your own VPN server on a VPS (Virtual Private Server), it is also advisable to install a DNS resolver on the same VPS.

You can also use your own DNS resolver if you don’t like your Internet browsing history being stored on a third party server.

If you have a website and you want your own DNS server to handle the resolution of your domain name instead of your registrar’s DNS server, you need to set up a reputable DNS server that is different from the DNS resolver. BIND can act as an authoritative DNS server as well as a DNS resolver, but it is a good idea to separate the two roles into different blocks. This manual shows you how to configure a local DNS resolver, and since it is used on the local host/local network, no encryption (DNS over TLS or DNS over HTTPS) is required. The configuration of a DoT or DoH server will be discussed in a future article.

Note that you must have root privileges when installing software on CentOS/RHEL. You can put sudo at the beginning of the command or use su to switch to the root user.

Set BIND9 to CentOS 8/RHEL 8

BIND (Berkeley Internet Name Domain) is an open source software for DNS servers that is widely used under Unix/Linux because of its stability and high quality. Originally developed by UC Berkeley, it was transferred to the Internet Systems Consortium, Inc (ISC) in 1994.

To install BIND 9 on CentOS 8/RHEL 8 from the default repository, run the following command from BIND 9 is the current version and BIND 10 is a dead project.

sudo dnf update
sudo dnf install bind

Check the version information.

named -v

Taking samples:

BIND 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 (version with extended support)

To check the version number and mounting options

named -V

Centrose 8 Roll 8 Ligament9

We can now start with BIND 9:

sudo systemctl first name

And enable automatic start during download:

sudo systemctl enable with a name

You can check its status:

System status by name

Here’s a hint: If the above command is not executed immediately, press Q.

The BIND server acts as the named user created during installation and listens on TCP and UDP port 53, as you can see in the following command

sudo dnf install netols
sudo netstat -lnptu | grep are called

centros 8 reel 8 bond dns resolver

Normally DNS queries are sent to UDP port 53. TCP Port 53 is designed for responses larger than 512 bytes.

The BIND demon is called by name. (A daemon is software running in the background). A named binary is installed by the bind package, and there is another important binary: rndc, the remote name daemon controller. The rndc binary is used to restart/stop the BIND daemon and check other aspects of the BIND daemon. Communication is via TCP port 953.

For example, we can check the status of the BIND name server.

sudo rndc status

centros 8 dns caching server

Configurations for the local DNS resolver

The daemon named on CentOS 8/RHEL 8 uses a root index file under /var/name/name.ca. The root index file is used by DNS resolvers to query the root DNS servers. There are 13 groups of root DNS servers, from a.root-servers.net to m.root-servers.net.

Out of the box, the BIND9 server on CentOS/RHEL only provides recursive services for local hosts. External requests are rejected. Edit the main configuration file BIND /etc/named.conf.

sudo nano /etc/named.conf

In the Options section you will find the following two lines.

Monitor port 53 { 127.0.0.1; } ;
Monitor-v6 Port 53 { ::1; } ;

It allows the nominal listeners to listen only to the rooms. If you want to allow customers in the same network to query domain names, please comment on these two lines. (add double slashes at the beginning of each line).

// listen to port 53 { 127.0.0.1; } ;
// listen to port 53 { ::1; } ;

Find the next line.

… . . . . .a request for an assignment. . . ;

Add a network zone from which customers can request domain names, as shown below.

allow-query { localhost; 192.168.0.0/24; 10.10.10.0.0/24; } ;

The following line contains the recursive maintenance function, which is normal.

Recursion, yes;

I also recommend adding the following guidelines to the Options section.

// Hide the version number from customers for security reasons. Version
is currently not available;

// Enable request log
Yes ;

8-bond centrifuge enables recursive maintenance

Save the file and close it. Then check the syntax of the configuration file.

Check the name of the ship

If the test was successful (as evidenced by the silent output), restart it with the name.

sudo systemctl Reboot with the name

If you have a firewall running on a BIND server, you must open port 53 so that clients on the local network can send DNS queries.

sudo firewall-cmd –zone=public –permanent –add-rich-rule=’line family=ipv4-source address=192.168.0.0/24 port protocol=udp port=53 accept”.

Restart the firewall to allow the change to take effect.

Restart sudo systemctl firewall

This opens UDP port 53 for the private network 192.168.0.0/24. We can then run the following command from another computer on the same local network to request an A google.com entry. Replace 192.168.0.101 with the IP address of your BIND resolver.

dig A google.com @192.168.0.101

Pay attention: On CentOS/RHEL you need to install the bind-utils package to use the dig command.

sudo dnf installation bind-utils

Now check the request log on the BIND resolver with the following command.

sudo journalctl -eu name

The last log message of the named service module is displayed. I can find the following line in the log indicating that the DNS request for the google.com A-record was received from IP address 192.168.0.103 on port 57806.

name [1162] : Customer @0x7f4d2406f0f0f0 192.168.0.103#57806 (google.com) : Question: google.com IN A +E(0)K (192.168.0.101)

Set the default DNS resolver on the CentOS 8/RHEL 8 server

On the BIND server we need to install 127.0.0.1 as the default DNS resolver. You can check the current DNS resolver on CentOS 8/RHEL 8 with the following command.

cat /etc/resolv.conf

Taking samples:

# Created by the NetworkManager
name server 192.168.0.1
name server 8.8.8

When you execute the following command on the BIND server,

digging up facebook.com

This DNS query cannot be found in the BIND protocol. Instead, you have to explicitly say dig to use BIND.

dig A facebook.com @127.0.0.1

To set BIND as the default resolver, you must first determine the name of your primary network interface using the following command.

IP address

Company 3 of mine. Then execute the following command to change the configuration file of the network interface. Replace ens3 with your own interface name. If the BIND resolver is running on a laptop connected via Wi-Fi, the file named ifcfg wireless network must be edited.

sudo nano /etc/sysconfig/network scripts/ifcfg-ens3

Find the DNS1 parameter and change it to 127.0.0.1. Note that if the values of other parameters in this file are in double quotes, you must also put 127.0.0.1 between double quotes.

DNS1=127.0.0.0.1

If you cannot find the DNS1, add the line at the top and bottom. Save the file and close it. Then restart NetworkManager to make the changes take effect.

Restart sudo systemctl NetworkManager

You can now check the content of /etc/resolv.conf again. As you can see, 127.0.0.1 (BIND) is now the default DNS resolver on CentOS 8/RHEL 8.

Name change server on Centos 8

Configuring the standard DNS resolver on client computers

You can now configure other LAN calculations to use a BIND server as a DNS resolver. For Windows and MacOS computers, you can search Google for information about setting the default DNS resolvers. Here I show you how to install a DNS resolver on Linux desktops. The following method works on any Linux distribution using NetworkManager.

Click on the Network Manager icon on the Linux desktop to find the connection change. (For some Linux distributions you have to right click on Network Manager).

Network Management Changing the DNS Server .

Then select the current connection and click on the tooth icon to change this connection.

dns9 bond

Select the IPv4 configuration tab, change the method from automatic address (DHCP) to automatic address only (DHCP), which prevents your system from obtaining the address from your router’s DNS server. Then specify a DNS server. Here I enter the IP address of the BIND server on my local network.

throughout the year

Save your changes. Then restart NetworkManager to make the changes take effect.

Restart sudo systemctl NetworkManager

After logging in again, click the Grid Manager icon again and select Login Information. You can see that your Linux desktop now uses your BIND DNS server.

change dns server under linux

IPv6 separation in BIND

If you do not use IPv6 in your network, it is best to disable IPv6 in BIND, otherwise the BIND protocol contains many IPv6 errors, as shown below.

network unavailable resolution ‘mirrors.fedoraproject.org/AAAAA/IN’ : 2001:4178:2:1269:dood:rundvlees:café:fed5#53 network unavailable resolution ‘mirrors.fedoraproject.org/AAAAAAA/IN’ : 2001:4178:2:1269:dood:rundvlees:café:fed5#53 network unavailable resolution ‘mirrors.fedoraproject.org/AAAAAA/IN’ : 2001:4178:2:1269:dood:rundvlees:café:fed5#53.feedoraproject.org/A/IN’ : 2610:28:3090:3001:dood:rundvlees:café:fed5#53 network unavailable resolution ‘mirrors.feedoraproject.org/AAAAAA/IN’ : 2610:28:3090:3001:dood:rundvlees:café:fed5#53.

To disable IPv6 in BIND on CentOS/RHEL, open the file with /etc/sysconfig/name.

sudo nano /etc/sysconfig/name

And add the next line at the end of the file.

OPTIONS=4

Save the file and close it. Then start again by name and you’re done.

sudo systemctl Reboot with the name

Now execute the following command. You can see that BIND no longer listens to an IPv6 address.

sudo netstat -lnptu | grip with the title

Conclusion

I hope this guide has helped you set up a local DNS resolver on CentOS 8/RHEL 8 with BIND9. As always, if you find this message useful, subscribe to our free newsletter for more tips and tricks. Take care of yourself.

Evaluate this training manual.

On second thought: 3 On average: 5]centos 8 configure dns,how to configure dns server in centos 7 step by step,centos 8 bind-chroot,how to configure bind as an authoritative only dns server on centos,how to configure dns server in centos 7 step by step pdf,dynamic dns centos 8,how to configure secondary dns server in centos 7,centos private dns server

Read More

Beware of DHL’s Email Delivery – it could be a package scam – Naked Security

Another day of lockdown…

…another scam to report delivery of the package.

Here’s another reminder to think before you click, even if it takes a few seconds a day to see what you’re asked to do in an offensive email.

I think you will easily find that this is fake – we will explain why in this article – but we also understand very well why it seems quite innocent to click the mouse.

Many of the scams we’ve talked about are meant to get you to take action, to make you click, or a little bit of both.

For example, delivery fraud often provokes you by telling you what the tough item is on the way, like a mobile phone someone sends you as a gift.

At the same time, they put pressure on you to act quickly and warn you that delivery will be delayed or even cancelled if you do not pay the required fee to remove the item from the warehouse.

In order not to appear greedy and not to give the impression that they are not crooks, the amount to be paid is often very modest, for example $1, which is not the money that crooks would demand if they had money with them.

They won’t charge you – in fact, they won’t charge you at all because they want your personal information instead.

This time, the crooks follow a much more relaxed formula that says nothing more than Hey, here’s how to track your delivery, that’s kind of message you can reasonably expect when you order something or when someone orders something for you:

http://31.220.61.170/wp-content/uploads/2020/05/Beware-the-DHL-delivery-message-email---it-could-be.png--it-could-be.png

Notification of an incoming parcel!

This is to inform you that your e-mail contains a recorded [DISPLAY] message. Follow the URL below to track your shipment

And that’s all there is in an e-mail.

Therefore, an exclamation mark after the word notification is unlikely to be present in the original message – it is still a message, not a warning or warning.

More importantly, when you hover your mouse over a link, you don’t see the name of a website you’ve never heard of (this scam happens to use a compromised web server owned by a construction company in Bahrain).

If you click your mouse to see what’s going on, you’ll see a simple web page like this:

http://31.220.61.170/wp-content/uploads/2020/05/1589387744_878_Beware-the-DHL-delivery-message-email---it-could-be.png--it-could-be.png

No matter how inexplicable and insincere the page itself may seem, the address bar is a happy sign that it is a scam.

The URL (which we have hidden here) wasn’t on any visible or audible domain name, so it was totally different for any website you would expect from a DHL server.

There is also no padlock because the URL is started with http:// (unsecured) and not https:// (encrypted session).

Ironically, although the web service used by the company from which the site was hacked supports HTTPS and the site has a valid HTTPS certificate, the scammers have ignored the benefits of an encrypted connection.

As we said, an HTTPS certificate does not mean you can trust the website and its content, only that your connection is not easily traceable.

However, the lack of HTTPS certificates on legitimate websites today is so unusual that it should be seen as an immediate warning that not everything is so good.

Of course, if you haven’t noticed the alerts and haven’t entered your password, the information will not be passed on to DHL, but directly to the fraudsters, who are likely to verify your password not only in your real DHL account, but also in any other account they think you have. (Therefore, never use the same password on more than one website).

What should I do?

  • Don’t be fooled by the fact that you’re waiting for a delivery. Scammers don’t need to know you’re waiting for delivery to find the right time. Especially during a coronavirus pandemic, they can simply assume that this is the case, and for many people they will be right for a long time to come.
  • Consider delivery messages as notifications only and ignore links. It’s a bit more complicated, but avoid clicking on the links in these messages. If you order products online, please pay attention to the website you want to use to track your products and go there yourself in case of delivery problems.
  • Check the URL in the address bar. Today, most cybercriminals use HTTPS sites because everyone expects to see a padlock in the address bar. However, the padlock does not indicate that you are on the correct page, only that you are on a page with an HTTPS certificate. Remember to go to your laptop and check the link from there. This takes extra effort because the address bar is larger and tells more.
  • Use third party products to ensure the safety of your phone. Sophos Intercept X for mobile adds built-in protection to your phone by keeping you away from risky websites.
  • Immediately change the passwords you enter on websites that you later discover to be fake. The sooner you change the current password, the less time the scammers have to try to use it. If you come to a payment page where you enter the details of the payment card and then discover that fraud has been committed, call your bank fraud hotline immediately. (Look on the back of your card to find the correct phone number).

Newest Podcast Bare Security

Read More

ITAR Compliance to End-to – End Encryption

Last March, the U.S. State Department approved the exclusion of ITAR for encrypted technical data. This reduction means that defense companies can now disclose non-confidential technical data outside the United States to authorized persons. This exchange can take place without the need for an export licence, provided that the data is properly secured by means of end-to-end encryption. If the data is fully encoded, the exchange is not considered as an export.
According to the federal register:

The relatively secure electronic transmission or storage [P] (end-to-end encryption) of unclassified technical information via a foreign communication infrastructure does not constitute an export, re-export, transfer or temporary entry.

Definition : Technical data for ITAR

All information, including drawings, documentation, diagrams, flow charts, etc., required to design, develop, manufacture, operate, maintain or modify elements of the SULA. These may include specifications for satellite equipment, a list of materials for the production of an unmanned aerial vehicle, or drawings and photographs of objects supporting the production and assembly of a ground vehicle.

This initiative by the Ministry of Foreign Affairs is important because it has modernised the approach that companies can use to exchange ITAR data abroad. With this new capacity in their arsenal, OIW companies are now able to exchange data that was previously inaccessible to them.

End-to-end coding for ITAR

Previously, ITAR’s technical data had to be hosted exclusively in data centers in the United States, where only U.S. employees could work. However, the new extract frees the technical data from the many restrictions introduced by these rules.

The Regulation stipulates that the streaming encrypted technical data can be accessed both in the United States and by authorised persons outside the United States. The conditions for this exchange are as follows:

  • The data is not classified.
  • The data is protected by end-to-end encryption and algorithms that comply with FIPS 140-2.
  • A cloud service provider does not have access to the decryption keys.
  • Data is not intentionally transmitted or stored in countries where access is restricted.
  • The data is not intentionally sent from a country with limited access.

This new guide now allows OIW companies to take advantage of the benefits of the cloud in a way that was not possible in the past. This is made possible by full encryption and appropriate key management. Under these provisions, DIB companies may now send data to the United States or to an authorized person abroad, or even store data outside the United States until it is stored in a country with limited access.

For example: Sending ITAR technical data abroad

A U.S. defense company permanently sends ITAR-encrypted technical data to a U.S. company operating out of its office in Germany. The Ministry of Foreign Affairs is not obliged to approve the export of data unless they have been re-exported to a restricted country or to the Russian Federation.

When PreVeil meets ITARstandards

With PreVeil end-to-end encryption and device-based keys, the platform easily meets the new ITAR standards. PreVeil’s Gov community offering also stores ITAR data in AWS GovCloud data centers so that other storage needs can be easily met.

The PreVeil platform uses end-to-end encryption to protect user data. Full encryption ensures that data is encrypted on the transmitting device and never decrypted except on the receiving device. This ensures that only the sender and receiver can read the information revealed – and no one else. The data is never decrypted on the server, so even if the attackers manage to hack the server, they only get gibberish.

In addition, no cloud service provider (including PreVeil) has access to the keys, network access codes or passwords to decipher data in PreVeil. Private keys are only stored on user devices. The public keys stored on the server are encrypted so that the attacker can never access them.

Defense contractors who rely on PreVeil can securely and reliably exchange ITAR data with organizations in the U.S. outside the U.S. and store ITAR data on servers abroad.

http://31.220.61.170/wp-content/uploads/2020/05/ITAR-Compliance-with-End-to-End-Encryption.png
Find out how PreVeil can help you meet ITAR standards Contact us.

For the first time, PreVeil contains a message about ITAR compliance with the end-to-end encryption requirements.

*** This is the syndicate Blog Security Bloggers Network of Blog – PreVeil, written by Orlee Berlove. The original message can be found at the following address: https://www.preveil.com/blog/itar-compliance-with-end-to-end-encryption/.

Read More

How to Set up Multiboot USB Drives With Ventoy In Linux

Ventoy is a free, multi-platform, open-source program for creating multi-boot USB flash drives. You don’t have to reformat your USB devices over and over again. Just create a bootable USB stick once and add as many ISOs as you want in the future. Ventoy automatically creates menu items for newly added ISOs and adds them to the start menu. After creating a multi-boot USB, boot the system from the USB stick, select the ISO you want to boot and start using the system as soon as possible. It’s as simple as that!

Characteristics

Ventoy ships have dozens of useful functions, which are listed below

  • Very easy to install and use.
  • Fast (limited to the copy speed of an iso file).
  • You don’t have to get the ISO. All you have to do is download it directly from the ISO file.
  • Supports Legacy + UEFI.
  • Supports safe loading of UEFI files.
  • You can create startup disks with ISO files larger than 4 GB.
  • Almost all types of operating systems are supported. The developer claims that more than 200 ISO files have been tested with Ventoy.
  • The automatic installation is supported. Meaning – You can add your own template or script for automatic implementation. For example, boot script for Redhat/CentOS, xml autoYast for SUSE, pre-configuration script for Debian. Place the script or template on a USB stick and ask Ventoy to use it for automatic installation. You can also update these scripts at any time. There is no need to create a new ISO file, just use the original ISO.
  • Write protection on the USB stick during boot.
  • Normal use of USB memory sticks is not affected. This allows you to use the USB flash drive for other purposes (e.g. to copy files).
  • Update Ventoy when a new version is available, without creating a bootable USB stick. Non-destructive data when updating the version.
  • It is not necessary to update Ventoy when a new distribution is released.
  • To add a new operating system, copy/paste the ISO to a USB stick. There’s no reason to start over.
  • Supports Memdisk mode. On some machines the ISO cannot start. In this case, you can use the Memdisk mode. In this mode, Ventoy loads the entire ISO file into memory and then downloads it.
  • the frame of the expansion modules.
  • Download the native style menu for Legacy & UEFI.
  • Cross platform. It supports Linux and Windows.
  • Free and open source!

Creating Ventoy Multiboot USB Drives under Linux

You must first find the name of your USB stick. The following manual describes the different ways to find information about hard disks under Linux.

I’m going to use the fdisk command to find information about my USB stick:

$ Ship’s disc -l

Taking samples:

Data media /dev/sdc : 14.54 GiB, 15597568000 bytes, 30464000 sectors
Disk model : Cruzer Blade
units: Sectors 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
Input/output size (minimum/optimal): 512 bytes / 512 bytes
Type of reader: dos
Reader ID: 0x4d924612

As you can see the name of my USB stick is /dev/sdc.

Then you can download the latest Venta script from the release page. At the time of writing this manual, the latest version was 1.0.10.

Go to the place where you downloaded the script and unzip it. I unzipped it in a folder called Ventoy in Desktop. CD in the Venta directory:

Dollar Risk Disk

Now execute the following command to create a multi-boot USB stick:

$ ship sh -I /dev/sdc

Replace /dev/sdc with the name of your USB stick.

You will be asked to confirm the process of creating a bootable USB stick. Check the name of the USB stick, enter Y and press ENTER to continue:

Taking samples:

*******************************************
* Ventoy2Disk Script *
* lung panda [email protected] *
********************************************************************

Media: model /dev/sdc
: SanDisk Cruiser Blade (scsi)
Size : 14 GB

Look out! Look out!
You install Ventoy in /dev/sdc.
All data on the /dev/sdc drive will be lost! !!

Can we continue? (y/n)j

All data on the /dev/sdc drive will be lost! !!
Check again. Can we continue? (y/n)j

Creating partitions in /dev/sdc …
Closed
mkfs on disc partitions …
make efi bold fs …
mkfs.fat 4.1 (2017-01-24)
successful
mkexfatfs 1.3.0 Create
… ready for use.
Fuzzy… …ready.
The file system has been created successfully.
Write data to hard disk …
Data synchronization …
esp Partition handling …
Inversion: /home/sk/Desktop/ventoy/tmp_mnt : Target engaged.
rm: Cannot remove ./tmp_mnt: The device or source is busy

The installation of Ventoy in /dev/sdc has been successfully completed.

Creating multi-boot USB flash drives with Ventoy under Linux

A multi-boot USB stick is created in seconds. The above command creates two sections. You can check this with the fdisk command:

Data support /dev/sdc : 14.54 GiB, 15597568000 bytes, 30464000 sectors
Disk model : Cruzer Blaze units: Sectors 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytes Input/output size (minimum/optimal): 512 bytes / 512 bytesDrive type : Volume ID: f2f0556

Original boot-end sectors Device type
/dev/sdc1 2048 30398463 30396416 14.5G 7 HPFS/NTFS/exFAT
/dev/sdc2 * 30398464 30463999 65536 32M ef EFI (FAT-12/16/32)

Now copy the ISO files in the first section. In the file manager you will only see this first part.

Copy ISO files to a bootable USB stick created with Ventoy

You can also go to the location where you saved the ISO files and copy all ISO files from the command line using rsync, as shown below:

$ rsync *.iso /media/$USER/ventoy/ process -ah

Note that some Linux distributions allow USB to be installed in the /run/media/ directory.

Let’s go, let’s go, let’s go, let’s go! We just made a multi-boot USB stick with Ventoy.

Boot your system with a USB stick and you will be satisfied with the Ventoy boot menu:

Ventoy multiple download menu

Select the operating system you want to start and press ENTER to start it!

Here is a brief visual demonstration of a multi-boot USB stick created with Ventoy :

Cool, huh? That’s right!

Downloading ISO images to RAM

As I said before, ISO images cannot start up on some machines, especially in the legacy BIOS mode. This is where Memdisk mode comes in handy. When recording mode is activated, Ventoy loads the entire ISO image file into memory and loads from there.

To activate the backup mode, press the F1 key before selecting the operating system. You will see a message in the upper right corner when Memdisk mode is enabled.

Activation of the Memdisk mode in Veneto

The ISO is now loaded into the memory:

Download ISO memory to Venta

To return to normal mode, press the F1 key again.

Sounds like reading:

Believe it or not, Ventoy is one of the easiest, fastest and most ingenious tools I have ever used to create multi-boot USB Flash Drives. It worked!

I hope this helps.

Source:

Thank you so much for coming!

Help us to help you:

Have a nice day!

Read More