Skip to content

Security

Dirty Sock Snapd Local Privilege Escalation Vulnerability

A local privilege escalation in snapd versions 2.28 through 2.37 that could allow the creation of root level accounts – may give you a Dirty Sock ! Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access… 

PhpMyAdmin Releases Security Update 4.8.5 Patches SQL Injection and Arbitrary File Read

PhpMyAdmin security fix v4.8.5 will patch an SQL Injection and arbitrary file read vulnerability. Security is a daily ongoing endeavor and discipline in today’s online world. In a security blog post the developers of phpMyAdmin announced version 4.8.5 of its software to address a few security related issues. The security fixes involve: Arbitrary file read vulnerability (https://www.phpmyadmin.net/security/PMASA-2019-1) SQL injection in… 

Linux APT Package Manager Remote Code Execution Bug Patched

Original Source: BleepingComputer Independent consultant and security contractor Max Justicz discovered a remote code execution issue in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. As described by Justicz, the APT vulnerability present in the package manager starting with version 0.8.15 “allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary… 

KeePassXC the Secure, Offline, Open Source Password Manager

In a vulnerable web and cloud based world, KeePassXC offers excellent password management that’s secure, reliable, offline by default and open source. A password manager is a tool that creates and stores passwords for you, so you can use many different passwords on different sites and services without having to memorize them all, and/or more importantly avoid using the same… 

HealthEquity Security Breach Email Hacked Again

HealthEquity Email Hack Breaches Data of Users… Again ! An email hack security breach on their mail has again potentially exposed personal data of HealthEquity customers. This is not the first time however, in June, an unauthorized user hacked into an employee’s email account and breached the data of 16,000 customers according to HealthEquity Email Hack. The most recent breach… 

Easily Change Cisco ASA VPN Peer IP

VPN use is very prevalent these days, especially for businesses and the number of mobile workers, remote offices and tunneled cloud infrastructure. Inevitably at some point the IP address of an end point will need to be changed. This can be accomplished quickly and easy in a few steps, in this blip we’ll look at a simple IKEv1 VPN tunnel… 

Ubiquiti ER-X EdgeRouter Increase Performance Tweak

If your like most home/office network tweakers looking for every bit of performance you can squeeze out of your home network. For $49 the small, yet powerful Ubiquiti ER-X is a great value offering gigabit ports, PoE, small form factor and VPN functionality.

As with any router the manufacturers release software updates periodically that offer fixes, security patches and added features. In once example, enabling hardware offloading on the Ubiquiti ER-X models.

Offloading is used to execute functions of the router using the hardware directly, rather than a process of software functions to greatly increase performance. The benefit of enabling offload in EdgeOS is increased performance and throughput by not limiting the performance to the CPU.

Cisco ASA 5508-X FirePower Threat Defense Appliance Reimage

Recently I was given a Cisco ASA 5508-X Firepower Threat Defense appliance to deploy. While these are the same hardware platform as the tried-true Cisco ASA 5508 firewalls, these run Cisco’s new ‘unified’ SourceFire linux based operating system (asa-ftd), which is essentially an operating system combining the SourceFire FirePower functionality with Cisco’s conventional firewalling capabilities. It’s Cisco’s new direction for combining these two platforms in to one hardware solution.

Without getting in to uber nerd verbosity, after unboxing the new unit and attempting to patch the OS to a new upgrade (version 6.0.2 -> 6.2.2), I was presented with a failed upgrade due to a corrupt MySQL database. Seriously ? This is why I loved the regular Cisco ASA in the first place, minimal OS running from flash memory, upgrades typically only require putting the new firmware in place, telling the Cisco ASA to boot the new firmware and reboot. The new SourceFire OS – it’s a full blown linux OS using MySQL for its backend, sigh… Since it was a new deployment and I couldn’t repair the tables or database I figured I’d go ahead and reach out to the Cisco TAC for insight.

Cisco ASA Utility PING TCP

Problem On a Cisco ASA you can specify which interface to launch a ‘ping’ from, but that’s it. However sometimes in troubleshooting you may find yourself with access to all remote assets to triangulate issues full or to properly initiate ‘interesting traffic. We can use TCP PING in an interactive manner with a variety of parameters. Note: You need ASA…