Netgear Zero-Day Vulnerability Allows Full Takeover

A cybersecurity researcher found a Netgear Zero-Day vulnerability which allows full takeover of about 79 Netgear router models.

“The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer.”

“This vulnerability affects firmwares as early as 2007 (WGT624v4, version 2.0.6),” he said in his post. “Given the large number of firmware images, manually finding the appropriate gadgets is infeasible. Rather, this is a good opportunity to automate gadget detection.”

Affected router models

According to Nichols, 79 Netgear router models and 758 firmware images contain the vulnerable HTTPD daemon.

A list of these affected models and firmware can be found in Nichols’ PoC exploit.… Read the rest

Dell Network Tutorials

Restore Dell N4024 or N4048 Switch to factory defaults

To restore the Dell N4024 or N4048 switch to factory defaults you can follow the below procedure:

  1. Manually reboot your switch
  2. While the switch is booting up keep an eye on the bootup screen and find “Dell Networking Boot Options” and select option #2 (Display Boot Menu) within 3 seconds.
  3. On Boot Main Menu, enter choice # 10 for enable password removal.

Dell Networking Boot Options

Select a menu option within 3 seconds or the Operational Code will start automatically…

1 – Start Operational Code

2 – Display Boot Menu

Select Cl , 2) # 2

Boot Main Menu

1 – Start Operational Code
2 – Select Baud Rate
3 – Retrieve Logs
4 – Load New Operational Code
5 – Display Operational Code Details
9 – Reboot
10 – Restore Configuration to Factory Defaults
11 – Activate Backup Image
12 – Start Password Recovery
Enter Read the rest

Dell Network Tutorials

Restore Dell N3024 or N3048 Switch to factory defaults

To restore the Dell N3024 or N3048 switch to factory defaults you can follow the below procedure:

  1. Manually reboot your switch
  2. While the switch is booting up keep an eye on the bootup screen and find “Dell Networking Boot Options” and select option #2 (Display Boot Menu) within 3 seconds.
  3. On Boot Main Menu, enter choice # 10 for enable password removal.

Dell Networking Boot Options

Select a menu option within 3 seconds or the Operational Code will start automatically…

1 – Start Operational Code

2 – Display Boot Menu

Select Cl , 2) # 2

Boot Main Menu

1 – Start Operational Code
2 – Select Baud Rate
3 – Retrieve Logs
4 – Load New Operational Code
5 – Display Operational Code Details
9 – Reboot
10 – Restore Configuration to Factory Defaults
11 – Activate Backup Image
12 – Start Password Recovery
Enter Read the rest

UniFi Tutorials

Unifi Cloud Controller Adoption Using SSH

In this Tutorial I will be showing you how to adopt New Unifi Devices to your Unifi Cloud Controller using the SSH Method.

We will first start off by:

  1. Download and install Advanced IP Scanner.

  2. Open the Advanced IP Scanner and run a scan to locate all your New Unifi devices.
    • Note: Make sure network discovery is enabled on your computer

  3. Within Advanced IP Scanner make sure to notice the IP addresses that each Unifi Device is using.

  4. Download, install, and run: PuTTY

  5. Enter the IP address of the UniFi device, Port 22, Connection type: SSH, and click “Open”

  6. Login using the default username is ubnt and password is ubnt.

  7.  In that same console window type without quotes  “set-inform” followed by the server address http://yourdomain:8080/inform” 
    • Make sure to use a DNS name instead of an IP address. 
    • Make sure to use http:// instead of https:// and use :8080/inform,
Read the rest
UniFi Tutorials

Unifi Cloud Controller Adoption

In this Tutorial I will be showing you how to adopt New Unifi Devices to your Unifi Cloud Controller.

We will first start off by:

  1. Download and install Google Chrome.

  2. Download, install and run within Google Chrome the Ubiquiti Device Discovery Tool 

  3. Next Click: [Scan] and wait for your devices to show up.
    • Note: Make sure network discovery is enabled on your computer.

  4. Afterwards click on [Unifi Family] on the top right corner.

  5. You should now see the [Action] Button next to all the devices.

  6. Click [Action].

  7. In this popup window change the “Inform URL” to your Unifi Controller’s set-inform URL
    • Make sure to use a DNS name instead of an IP address. 
    • Make sure to use http:// instead of https:// and use :8080/inform, at the end of the domain, example: http://unifi.patrickdomingues.com:8080/inform.

  8. Log into your Unifi Cloud Controller and create your new site if needed. You should notice
Read the rest
UniFi Tutorials

How To Enable UniFi Controller MFA

In this Tutorial we will show you how to enable MFA for the UniFi Controller and once it is setup correctly you will be presented with the MFA login.

We will first start off by:

  1. Creating an account on Ubiquiti’s website https://account.ui.com/. Make sure to use the same email address that you are going to use for the Controller.

  2. Then follow these steps https://help.ui.com/hc/en-us/articles/115012986607-How-to-Enable-Two-Factor-Authentication#2

  3. Now log into your controller and go to Enable Settings > Remote Access > Local login with UBNT account on your UniFi server.

  4. Afterwards within your controller and create your admin account using the same exact username, email, and password as your UI account.

  5. Log out and then when you log in directly to UniFi you will be prompted for MFA
Multi Factor Authentication Login Screen
Read the rest

CISA Alerts in Ongoing Ransomware Exploiting Vulnerabilities in RDP and VPNs

The DHS Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding an on going Nefilim ransomware campaign, after the New Zealand Computer Emergency Response Team (CERT NZ) issuing an alert as well.

CISA Alerts Ransomware

Nefilim ransomware is the successor of Nemty ransomware and was first discovered in February 2020. The developers of the ransomware conduct their own attacks and deploy the ransomware manually after gaining access to enterprise networks.

Once an attacker gains a foothold through the remote access system, they then use tools such as mimikatz, psexec, and Cobalt Strike to elevate privileges, move laterally across a network, and establish persistence on the network.

The attacker identifies and extracts sensitive information from the network and encrypts files. Nefilim ransomware has commonly been used, but other ransomware can also be used. Once the attacker has the information they want they attempt to sell or publicly release the information.

Ransomware Mitigations

Read the rest

Kaseya Script for Windows Disk Cleanup

Aren’t you glad you stumbled upon this Kaseya Script for Windows Disk Cleanup? This Windows Disk Cleanup script for Kaseya cleans up everything from windows.

What does it do?

I am glad you asked. The script uses the Kaseya scripting engine to apply the options below to the registry and afterwards the script will run a CMD to run the specific Disk Cleaner Settings Profile we created to clean up all the junk.Windows Disk Cleanup Kaseya Script

  • Active Setup Temp Folders
  • BranchCache
  • Downloaded Program Files
  • GameNewsFiles
  • GameStatisticsFiles
  • GameUpdateFiles
  • Internet Cache Files
  • Memory Dump Files
  • Offline Pages Files
  • Old ChkDsk Files
  • Previous Installations
  • Recycle Bin
  • Service Pack Cleanup
  • Setup Log Files
  • System error memory dump files
  • System error minidump files
  • Temporary Files
  • Temporary Setup Files
  • Temporary Sync Files
  • Thumbnail Cache
  • Update Cleanup
  • Upgrade Discarded Files
  • User file versions
  • Windows Defender
  • Windows Error Reporting Archive Files
  • Windows Error Reporting Queue Files
  • Windows Error Reporting System Archive
Read the rest

Recent Plex Vulnerability Allows Full System Takeover

Recently it was found that Plex had a vulnerability that allowed hackers to do a full system takeover. 

The three vulnerabilities that were found are CVE-2020-5740CVE-2020-5741, and CVE-2020-5742 which was detected by Tenable security researcher Chris Lyne and reported to Plex on May 31st.

If hackers are able to exploit this vulnerability they could execute code to gain access to all files, create backdoors and even move to other devices on the network.

Phishing for Plex Media Server Tokens (CVE-2020-5742)

Update to the latest version

Make sure that you are not vulnerable, log into your plex server and update right away.

“We have rolled out a change in our update distribution servers. This change will protect Plex Media Server version 1.18.2 or newer,” the Plex Security Team said. “Plex Media Server installations older than 1.18.2 will still be exploitable and we highly encourage users on older

Read the rest

Amazon Phishing Emails Are Running Rampant

Amazon phishing emails are running rampant. These hackers are using these types of phishing emails to try and gain access to your account and information and use it to purchase items with.

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS 

New Amazon Phishing Email

  • Don’t ever open random attachments.

Always Review Incoming Email Address

  • In this case the email address is completely random and not coming from a verifiy
Read the rest

Stay Informed

Receive instant notifications when new content is released.