Polkit vulnerability provides local privilege escalation bypass
Many of the Linux distros are vulnerable to the Polkit exploit. This vulnerability provides a local privilege escalation bypass. A hacker can easily obtain root access with this vulnerability.
The vulnerability was recently discovered by GitHub Security Lab security researcher Kevin Backhouse. The vulnerability CVE-2021-3560 was publicly disclosed, and a fix was released on June 3, 2021. Make sure to update your Linux servers if you haven’t done so already.
A few of the vulnerable distros shared by Backhouse includes distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04 and Debian.
“When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process,” Red Hat’s security advisory explains.
The few commands which allow this exploit to work is nothing complex.
This vulnerability … Read the rest
How to Install Docker on Ubuntu 20.04
In this tutorial you will be shown how to install Docker onto Ubuntu 20.04. Docker is an open source platform that simplifies the process of building, running, managing and distributing applications. It does this by virtualizing the operating system of the computer on which it is installed and running.
Lets Get Started!
Prerequisites
- Create a Ubuntu 20.04 VPS server on Linode. The $5 plan will be fine for this tutorial. If your planning on deploying many containers consider using a larger plan.
Lets SSH into Ubuntu 20.04 and perform some updates.
- To SSH into the server we will be using Putty. Download and install Putty.
- Open up putty and type in the IPv4 address of your server and click open.
- Log into your Ubuntu 20.04 server with the username and password.
- started with making sure we have the latest updates installed.
sudo apt update sudo apt upgrade
5. … Read the rest
How To Backup Ubuntu 20.04 To Backblaze B2 Storage
In this tutorial I will be showing you how to install Duplicati Backup Software on Ubuntu 20.04 and then how to configure backups to store data into Backblaze B2 Storage. It is important to have backups of your Ubuntu 20.04 server because If your server gets hacked or corrupted you will lose everything. So it is best to install a 3rd party backup solution that transfers data to cloud storage.
In this tutorial we will be using the OS Ubuntu 20.04, Duplicati Backup Software and BackBlaze B2 Cloud Storage.
1. Lets get started with installing Duplicati Backup Software onto Ubuntu 20.04 by using the following commands one at a time.
wget https://updates.duplicati.com/beta/duplicati_2.0.5.1-1_all.deb sudo apt-get -f install -y sudo dpkg -i duplicati_2.0.5.1-1_all.deb
2. Alright so Duplicati is now installed but there are a few more things we need to do to get it working properly. Lets configure webservice … Read the rest
6 In The Wild Exploits Resolved With Windows Patch Tuesday
This Tuesday Microsoft Windows Patch Tuesday has deployed a sum of 50 patches which also included critical patches to mitigate 6 vulnerabilities that are being used in the wild to run exploits on systems. Elevation vulnerability’s are no joke because hackers can log into your system as an administrator and push wide spread ransomware. I am glad they have fewer vectors for deployments.
Vulnerabilities Exploited in the Wild
Although Microsoft fixed a total of seven zero-day vulnerabilities. One was CVE-2021-31968, Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn’t been seen in attacks. It was issued a CVSS score of 7.5. The following below are the vulnerabilities that were recently patched.
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability.
Top IT Management Certifications
So your here to find out what top IT Management Certifications you can get to get a leg up in your current position or to be promoted to IT Management. I’ve been and IT Manager for a few years and it is definitely challenging work. I was mostly a technical person and for me the aspect of having to handle employees and growing the social skills required was rough, even to this day it is something I must keep working on.
If you want to succeed as an IT manager you will need to have a working knowledge of cyber security, storage, hardware, software, networking and management frameworks and then use all that knowledge ad methodologies to improve the business.
Top IT Management Certifications
- AMA Certified Professional in Management
- Certified Information Security Manager (CISM)
- Certified Associate in Project Management (CAPM)
- Certified in the Governance of Enterprise IT (CGEIT)
- Information Technology
Fraud Awareness: What Does Fraud Look Like?
Fraud happens every day and you and your employees may not even know that you have been defrauded out of your information or money. Cyber Fraud is real and you must be vigilant.
Identifying when someone is trying to defraud you or your organization is a vital part of the day-to-day responsibilities of your employees. Here are a few red flags that might indicate a fraud attempt:
Large orders:
- When a fraudster uses stolen payment methods, they will attempt to maximize spending in a single transaction before the victim realizes their information has been stolen.
Multiple transactions in a short period of time:
- This could be a sign that someone gained unauthorized access to a customer’s account or that someone is attempting to max out a stolen credit card.
Fast shipping:
- Most consumers choose affordable shipping options. Beware of overnight or priority shipments, especially those that involve high-priced orders.
Unusual
… Read the rest
Staying Safe In The Cloud
I’m sure by now your company has you working with some cloud applications like Microsoft 365, Google Docs, Dropbox and Salesforce just to name a few. You need to be vigilant because hackers can use tactics to trick you into fake landing portals.
Did you know that Nearly 80% of organizations have experienced a cloud security hack in the past 18 months? Did you know $4.41 million is the average cost for an organization when its cloud services are hacked? Also, cloud-based cyberattacks rose 630% in a recent 3-month period. Obviously cybercrime is on the rise and hackers find creative ways into tricking you.
There is no such thing as a completely safe cloud provider and the way you go about using the cloud can have a significant impact for your organization. In these four scenarios, we will explore the security risks and tips associated with each.
… Read the rest
Scenario 1
Your
How to Fix Offscreen window programs back to desktop
There may have been a few times where a program may not show up on your desktop and and it seems to show up offscreen some where. You know its open because you see a thumbnail overview. We have a simple and obvious fix for this offscreen windows programs.
Follow these steps:
- Locate your task bar, by default its at the bottom of your screen.
- Right click an open area of your task bar with your mouse pointer.
- A window will open up click [ Cascade windows ]
This should have resolved the issue with your window hiding on you some where.
… Read the rest
Have You Heard Of Text Message Scams Called Smishing?
Have you ever received unsolicited mobile text messages with an unfamiliar or strange web link? Well this is a trick to target recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
Fewer people are aware of the dangers of clicking links in text messages and they happen to be more trusting of text messages, so smishing is often a lucrative endeavor for obtaining credentials, banking information and private data.
Smishing is a form of phishing that involves text messaging. Victims will typically receive a deceptive text message that is intended to lure you into providing your personal or financial information. These scammers often attempt to disguise themselves as a government agency, bank, or other high ranking companies.
These criminals are looking to obtain your personally identifiable information (PII) such as: account usernames and passwords, Social Security number, date of birth, credit … Read the rest
Why Cybersecurity Matters For Your Small Business
Cybersecurity is a crucial element for continued success in any industry. What I am sharing with you today are reasons why cybersecurity matters for your small business.
To succeed in today’s technical ecosystem cybersecurity must be part of your small to medium-sized business operations. So the same way that you’d never leave your store or office unlocked and vulnerable to street crime, you should never leave any aspect of your business network unprotected without security. Myself and many other managed service providers can provide a fully up-to-date understanding of cybersecurity — how to help you mitigate the risks and build cyber-resilience.
Why Cybersecurity Matters
Hackers and cybercriminals are getting more sophisticated each year, devising new, creative ways to fool people into handing over money or data. In some instances, they can target your systems without interacting with anyone at the company. There are many cyber security professionals but what really … Read the rest
Loading ...