指标信息和含义请自行参照官网:
金山云:
阿里云:
AWS:
腾讯云:
云监控的资源范围:
(1)ELB
(2)EIP
(3)NAT 网关
(4)专线
Reference:
Wednesday, September 20, 2023
Tuesday, September 19, 2023
CrowdStrike Support Rocky Linux since 8.4
CrowdStrike Support Rocky Linux 8.4, 8.5, 8.6, 8.7, 8.8 and 9.0
For Rocky Linux 9.1, it is support user mode for now, it is not support Kernel mode.
Sunday, September 10, 2023
How to recommend a phone for BYOD/CYOD/COPE/COBO Android users
Unlike Apple iPhone (iOS), Android phone have many variety, unless user buy a Google Pixel series phone or Android One certified phone (It seems that only Nokia still have phone in Android One program and Nokia phone are pure Android OS with similar OS upgrade and security update policy with Google)
It is not easy to recommend a phone for such purpose in the past.
So, Google have a program call "Android Enterprise Recommend (AER)"
Android Enterprise Recommended. It's not just a seal of approval. It's a shortlist of devices and service providers that meet Google's strict enterprise requirements. So you can feel good about setting your business up on mobile. - https://www.android.com/intl/en_uk/enterprise/recommended/ and https://www.android.com/enterprise/recommended/
Search device for AER:
https://androidenterprisepartners.withgoogle.com/devices/
Android Enterprise feature list – which is the feature list for EMM:
https://developers.google.com/android/work/requirements
For example, Xiaomi have many phone under this program:
https://www.mi.com/global/support/android-enterprise-recommended
For the AER device, each device will receive security updates 90 days, 3 years security update and 2 OS version release upgrade.
https://trust.mi.com/zh-CN/misrc/updates/phone?tab=aerdata
Remark:
BYOD is Bring Your Own Device
CYOD is Choose Your Own Device
COPE is Company Owned/Personally Enabled
COBO is Company Owned/Business Only
https://www.wired.com/brandlab/2018/06/byod-cyod-cope-cobo-really-mean/
Saturday, September 9, 2023
How to fix the 22.04.3 default wallpaper incorrect after upgrade from 20.04
There are minor bug I hit, the wallpaper did not update ot 22.04.3 LTS default one.
I resolve it by change it from .png to .jpg one and apply the setting. (After that, you can change it back to .png one)
More about Lubuntu:
https://hackmd.io/@yizhewang/SkfJGOWvD
https://wiki.ubuntu.org.cn/Lubuntu
https://linux.cn/article-12242-1.html
http://www.mintos.org/distro/lubuntu-focal.html
https://www.mycomputertips.co.uk/115
Lubuntu 18.04 LTS upgrade to 20.04 LTS then 22.04 LTS
I have a old IBM X61 laptop which is installed Lubuntu 18.04 LTS and it is long time did not use.
I power on it and try to upgrade it, it cannot upgrade to 20.04 LTS at the first place.
After I click the "Yes, Upgrade Now", it is no respond……
Then, I upgrade all base software of the Lubuntu, I re-run the update again, it show all software update to date and 20.04.6 LTS available. I click "Upgrade" and it start the upgrade process.
After the upgrade complete, you will see a Lubuntu 20.04 wallpaper
I run the upgrade again, this time, Lubuntu 22.04.3 LTS is now available. Click "Upgrade.."
After the upgrade, it successfully and you have 22.04.3
(Action required) Patch or Mitigating Cisco ASA now - Cisco VPN to breach network (Akira ransomware gang) - CVE-2023-20269
Background:
Aug 22, 2023 - Akira ransomware targets Cisco VPNs to breach organizations
Aug 30, 2023 - Hacking campaign bruteforces Cisco VPNs to breach networks
Sep 8, 2023 - Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
https://www.helpnetsecurity.com/2023/09/08/cve-2023-20269/
Details:
The vulnerability allows two possible scenarios:
1. an unauthenticated, remote attacker conducting a brute force attack to identify valid username and password combinations for unauthorized remote access VPN sessions,
2. or an authenticated, remote attacker establishing a clientless SSL VPN session with an unauthorized user (only applicable on Cisco ASA Software Release 9.16 or earlier).
https://isp.page/news/unpatched-cisco-asa-flaw-exploited-by-attackers-cve-2023-20269/
Cisco has yet to address CVE-2023-20269, waiting for a fix the company recommends:
1. Use dynamic access policy (DAP) to terminate VPN tunnel establishment when the DefaultADMINGroup or DefaultL2LGroup connection profile/tunnel group is used.
2. Deny Remote Access VPN Using the Default Group Policy (DfltGrpPolicy). When the DfltGrpPolicy is not expected to be used for remote access VPN policy assignment, administrators can prevent remote access VPN session establishment using the DefaultADMINGroup or DefaultL2LGroup connection profiles/tunnel groups by setting the vpn-simultaneous-logins option for the DfltGrpPolicy to zero.
3. Restrict Users in the LOCAL User Database.
4. Lock Users to a Specific Connection Profile/Tunnel Group Only
5. Prevent Users from Establishing Remote Access VPN Sessions
https://securityaffairs.com/150516/hacking/cve-2023-20269-cisco-asa-e-ftd.html
SOC check log on SIEM:
Login attempts with invalid username/password (%ASA-6-113015)
Example:
%ASA-6-113015: AAA user authentication Rejected: reason = reason : local database: user = user: user IP = xxx.xxx.xxx.xxx
Remote access VPN session creation attempts for unexpected connection profiles/tunnel groups (%ASA-4-113019, %ASA-4-722041, or %ASA-7-734003)
Reference:
https://www.govcert.gov.hk/tc/alerts_detail.php?id=1103
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
https://security.tencent.com/ti/update_detail/jfeC3Y9tU1NazTsSBPoxWIDAE7Gnrhcg
Broadcom (Symantec) Messaging Gateway license update
Before apply the new / renewal license, please make sure your current license on hand and ready for reapply.
Since this product is funny, you may hit issue after you apply the new / renewal license. Use the current license file to fallback and also resume service which is your fastest option.
Wednesday, September 6, 2023
ASUS routers RT-AX55, AX56U_V2 and RT-AC86U vulnerable to critical remote code execution flaws (CVSS 9.8)
The Asus RT-AX55 and AX56U_V2 are same hardware and firmware but different market only.
The AX56U are different hardware and firmware. And also, the AX56U latest firmware on ASUS RT-AX56U 韌體版本 3.0.0.4.386.51665
Version 3.0.0.4.386.51665
74.75 MB
Firmware:
ASUS RT-AX55 Firmware version 3.0.0.4.386_52041
Version 3.0.0.4.386_52041
65.17 MB
2023/08/31
Reference:
https://www.hkepc.com/forum/viewthread.php?fid=12&tid=2598705&extra=&page=2
https://www.hkepc.com/forum/viewthread.php?fid=12&tid=2598169&page=1
Subscribe to:
Posts (Atom)