Vulnerability in Cisco Small Business Switches
Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.
These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.
One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.
Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the … Read the rest
How to direct Unifi VLAN traffic to OpenDNS
In this tutorial you will be shown how to direct UniFi VLAN traffic to OpenDNS. Many companies love using OpenDNS due to it ease of use but sometimes it can be tricky to deploy on UniFi since the GUI keeps changing. This tutorial guides you through Unifi Controller Version 6.1.71.
OpenDNS is a Internet security company based in San Francisco that provides easy-to-implement Internet navigation and Web security solutions for families, schools, governmental organizations and businesses of all sizes. The services provided by OpenDNS increase the speed of navigating websites and prevent unintended access to phishing and malware sites as well as to any Web content that you configure to be restricted.
Lets Get Started
In this tutorial I will be using a UniFi UDM Pro on Controller Version 6.1.71. Please update your controller as needed as some times may vary if your not up to date. I will be … Read the rest
Ransomware Risk Management
The National institute of Standards and Technology (NIST) has released a new document called: cybersecurity framework profile for ransomware risk management. The document contains detailed steps that you can take to reduce the risk of infection and it has was to prevent ransomware attacks.
They outline these basics
NIST has provided the basic and best approach to preventing, mitigating and protecting critical data against ransomware events and they recommend the following:
- Use Antivirus Software to scan your system, emails and flash drives.
- Keep Systems up to date and all software fully patched.
- Use a services or products that blocks access to ransomware sites.
- Put a policy in place that only allows authorized apps to be used in computers.
- Restrict personal devices to internal network access resources.
- Do not provide users with local administrative privileges.
- Block use of personal apps on work computer for example: email, chat, social media.
- Provide
Install Windows 11 Within VirtualBox
In this tutorial you will be shown how to install Windows 11 within VirtualBox. VirtualBox is great VM software to test releases of different types of OS’s.
Lets get started
- Lets download Virtual Box
- Once downloaded go through the wizard and leave default settings.
- If you need Windows 11 you can follow this Windows 11 Download tutorial.
- Open Virtual Box.
- Click on the New icon.
- Name your Virtual Machine
- Find and select version and select Windows 10. Click Next
- Memory Size 2GB will be fine. Click Next
- Hard Disk, Select Create a Virtual hard disk now. Click Next
- Hard Disk File type can be left with VDI selected. Click Next
- Storage on physical hard disk, select Dynamically allocated. Click Next
- File location and size can be left as default. Click Create
- Start the virtual machine
- VM should boot into the ISO, go through the process of installing windows.
If you
… Read the rest
How to Download Windows 11
In this tutorial you will be shown how to download and install Windows 11 and use Rufus bootable USB. This is the latest release of Microsoft Windows 11 is visually great in my option however it all comes down to how you feel about it.
This tutorial I will show you how to download Windows 11 iso. Make sure you have proper backups of your system before making any changes. You choose to move forward at your own digression and I will not be liable for any data loss.
Keep in mind that this stolen software release was not supposed to be leaked to the public. This ISO was found from random link sources and may have been tampered with.
Windows 11: Release Date
We could expect Microsoft to announce the release date of Windows 11 at its event next week. The event is scheduled for June 24 at 11:00 … Read the rest
Phishing Attacks Growing At Rapid Pace
What’s going on?
- The frequency of phishing attacks is different for each industry and is based on the targeted firm’s size. Healthcare and manufacturing sectors are the most targeted by phishing scams.
- Social media are also lucrative targets, with social messaging apps being the main target. Accounts with single sign-on accounted for 40% of all phishing attacks.
- There are many different types of phishing attacks
SSL VPN Attacks Up Nearly 2000%
A recent report published by Nuspire outlined what activity cyber criminals have been up to. SSL VPN attacks have gone up nearly 2000%.
Increase in VPN attacks
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.
“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”
Because of the significant increase in VPN and RDP … Read the rest
How To Execute Docker without using sudo privilege on Ubuntu 20.04
In this tutorial you will be shown how to configure Ubuntu 20.04 to execute Docker without using sudo. By default, you have to run docker commands with sudo privilege or by a user in the docker group. This tutorial will show you how to bypass that.
To test your privileges to confirm you cannot run Docker without sudo type in docker run hello-word. You should get the following message and if should move forward with the tutorial.
$ docker run hello-world Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker. sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.27/containers/json: dial unix /var/run/docker.sock: connect: permission denied
Lets Get Started
- SSH into your Ubuntu 20.04 server.
- Create new group. This command will likely fail as group maybe already exist, but let’s run it anyways.
sudo groupadd docker
3. Now we will add the current logged in user to the docker group
sudo
Docker Command Guide: A Complete List of Essential Commands
In this tutorial you will be shown how to use Docker commands and if you need help Executing docker without using sudo privilege click here.
In this section below I will explain how to use docker commands. So, before going into these details, let’s take look at the syntax of ‘docker’ commands:
$ docker [options] [sub-commands] [arguments]
Now if you want to list all available sub-commands of docker, run:
$ dockerThere are many sub-commands and arguments that can follow after $docker. Below are some of them in the following sections of this tutorial.
Management Commands:
attach ## Attach local standard input, output, and error streams to a running container build ## Build an image from a Dockerfile commit ## Create a new image from a container's changes cp ## Copy files/folders between a container and the local filesystem create ## Create a new container diff ## Inspect changes
54% of all employees reuse passwords on multiple accounts
Yubico released the results of a study into current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era. The report surveyed 3,006 employees, business owners, and C-suite executives at large organizations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.
Data shows that since the start of the pandemic employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments.
Less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms of 2FA like mobile authentication apps and SMS one-time passcodes.
Loading ...