Thursday, November 7, 2024
Saturday, October 12, 2024
Receive OpenSSL error from one IP and another one IP is normal
SSL_ERROR_SYSCALL
One destination IP address able to connect another cannot.
Solution: Add the URL to URL whitelist on Cloud Fortinet Fortigate Firewall
Identifying and preventing unwanted DNS queries from FortiGate's FQDN Address ObjectYES
FQDN on firewall rule to AWS service, sometime need to fine tune the DNS TTL
Reference:
Fortigate DNS and Server DNS different case connection rejected on firewall
When the destination URL on CDN e.g. AWS.
If your Fortigate DNS and Server DNS different case connection denied on firewall
Solution:
To align with those device DNS is same.
Friday, October 11, 2024
How to check Lenovo Laptop "Type"
When you select the BIOS update, you will see there is a "Type" under the laptop model:
To check your laptop "Type", go to the system information and check the "system Model" and "BaseBoard Product":
Wednesday, October 2, 2024
Install Deepin 23 on DELL 5400 laptop
After the installation, you will need to run the system update to install several update.
Wednesday, September 4, 2024
HKMA and PCPD about AI related guideline
HKMA
2019 Nov - Guiding Principles in the HKMA circular "Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions" (BDAI)
2020 Aug - Report on "Artificial Intelligence in Banking: The Changing Landscape in Compliance and Supervision"
2024 Apr - Insights for Design, Implementation and Optimisation of Transaction Monitoring Systems
2024 May - Manpower Management in the Age of Artificial Intelligence
2024 Aug - Consumer Protection in respect of Use of Generative Artificial Intelligence
PCPD
2021 Aug - Guidance on the Ethical Development and Use of Artificial Intelligence
2024 Jun - Artificial Intelligence: Model Personal Data Protection Framework
Veeam STDB Vault Site - Veeam Malware detection
When you enable the feature - "Suspicious activity detection"
The offline update of Veeam Malware detection will be essential for you. It is update in daily.
Thursday, August 29, 2024
Friday, August 16, 2024
Saturday, August 10, 2024
Java application performance issue on Tomcat
Symptoms:
Each request delay 15 seconds
Issue:
Tomcat上的java程序会调用CheckHttpEMPSID.execute()方法,该方法会调用getLocalHost()方法尝试解析本机主机名对应的地址, 当hosts文件中没配置对应的记录时,请求会通过dns对外发起解析, 当dns请求解析超时的情况下会造成java程序阻塞住。
Solution:
Vi /etc/hosts - add Server IP and hostname
E.g. 192.168.8.8 server01
WAF block request - Attack Type "HTTP parser attack"
WAF block request - Attack Type "HTTP parser attack" Violations - "HTTP protocol compliance failedhe - check maximum header of numbers" header over 21 (Default value is 20, max value is 30)
Recommended Actions
Log on to the BIG-IP ASM/AWAF Configuration utility (gui).
Go to Security > Policy Building > Learning and Blocking Settings.
Expand HTTP protocol compliance failed.
Modify the Check maximum number of headers value to the required value for your application.
Click Save.
Click Apply Policy.
Reference:
Increase "Check maximum number of headers" to 30 under Learning and Blocking settings screen for a policy.
Lenovo T14s Gen 4 upgrade BIOS to 1.20 (R2EUJ39W)
Lenovo T14s Gen 4 upgrade BIOS to 1.20 (R2EUJ39W)
which is fixed the charging issue.
Wednesday, August 7, 2024
D-Link DIR-867 and WPA3 support
January 29, 2024 NOTICE - This hardware revision will no longer receive firmware updates after the End of Support date
(EoS): March 29, 2024.
(EoS): March 29, 2024.
If you are using DIR-867, it is good for you to upgrade to the latest version 1.30 since it was fixed several bugs and also it is support WPA3.
Firmware - Hardware A1:
CrowdStrike announced a new setting relating to the Incident on 19 July 2024 to allow customer to "control" Channel file update
CrowdStrike announced a new setting relating to the Incident on 19 July 2024, allowing customers to choose update approach on Sensor Operations and Rapid Response Content, but it's a generate setting for all hosts. There is no option for us to choose which group of Hosts effective. It is recommended by CrowdStrike to use "General Availability".
Unless they're allowing customers to define a small pilot group within their company, otherwise this features is almost useless....maybe we can say that it is better than nothing...since they using customers production environment as UAT and they allow you to choice which stage you join the test.
How to disable ESET Endpoint Security via GPO?
Use "Computer Configuration" and set the following policy:
2024年7月30日腾讯安全正式在国际的站发布RASP+方案――泰石引擎
It is recommended Tencent Cloud International CWPP customer (Pro/Ultimate) to enable those new features and also the Ransomware Defence.
Reference about this product release in mainland china at 2022:
Sunday, July 21, 2024
Install Deepin 20.9 on DELL Latitude 5400 as a contingency machine (To prepare for another Crowdstrike level disaster/catastrophic)
When you lost your AD, DHCP, NAC, DNS, Hyper-V even your notebook and deskop...almost everything on your back office environment. What can you do? As a system/network administrator, first come first to fix your machine to let you able to remote your infrastructure and able to start to save the world.
If you already install Deepin or another Linux on some old laptop which is already installed some administrative tools e.g. putty, FileZilla client....., which is already have fixed IP and also MAC address whitelist on your NAC. You can respond to disaster faster.
Install Deepin on DELL Latitude 5400.
- Need to enter BIOS to enable USB Configuration - Enable USB Boot Support
- SATA Operation - select AHCI
Then, you should able to use USB boot to install deepin on 5400.
Thursday, July 11, 2024
Fortinet CVE-2024-26015 (FG-IR-23-446) and CVE-2024-26006 (FG-IR-23-485)
Upgrade to 7.4.4
Either disable "Web Mode" under SSL-VPN Portal or/and upgrade to 7.4.4
Wednesday, July 10, 2024
Feishu first time login error - No permissions to access
When you try to login the Feishu by using your email, you receive a "Notice". No permissions to access. Please contact your administrator for license to log in.
It is mean that your account did not being assign license or license expired.
Solution:
Feishu Admin go to admin portal:
Billing -> My Product -> Select a active license product to assign your account into it.
Cisco ASDM OpenJDK edition, ASDM-IDM Launcher and Azul Zulu JRE 8
Since Cisco ASDM 7.18(1) support Java 1.8 (Version 8) only. You need to install Azul Zulu JRE 8 on your machine.
Using JRE version 1.8.0_412 OpenJDK 64-Bit Server VM
User home directory =
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
q: hide console
s: dump system properties
----------------------------------------------------
Application Logging Started at
---------------------------------------------
Local Launcher Version = 1.9.7
Local Launcher Version Display = 1.9(7)
Tuesday, July 9, 2024
Cisco ASA and CVE-2024-6387
- Releases before 9.17 (not included) are not affected.
- Releases between 9.17 (included) and 9.19 (not included) are affected if configured to use CiscoSSH (non default configuration)
- Releases 9.19 and greater are affected with the default configuration
Reference:
Friday, July 5, 2024
Upgrade Cisco ASA firmware to 9.12.4.67 to fix Cisco rates CVE-2024-20358 vulnerability as MEDIUM. CVE-2024-20353 and CVE-2024-20359 vulnerabilities are rated HIGH
Cisco have release 9.12.4.67 to fix those vulnerabilities for keep who want to stay at 9.12.x
Monday, July 1, 2024
Windows 11 Update failed - Realtek Semiconductor Corp. - Extension - 6.0.9411.1
Solution:
Click the pause updates foe a week button and then click check updates.
Reference:
https://answers.microsoft.com/en-us/windows/forum/all/realtek-semiconductor-corp-extension-6094111/905ee855-f5c8-4b6b-ac58-d3f758bde4e5?page=1
Friday, June 28, 2024
ASUS RT-AX56U action required to upgrade firmware
Firmware version 3.0.0.4.386_51679
- Release Note -
Security updates:
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability.
- Fixed code execution in custom OVPN.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud.
- Fixed the XSS and Self-reflected HTML injection vulnerability.
*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.
Wednesday, June 19, 2024
Windows 11 Windows Update failed after sysprep
If you installed Remote Server Administration Tools (RSAT) on Windows 11 then you uninstall it before your run sysprep. You machine from this image will failed to apply Windows monthly update.
Microsoft 365 and Office update button missing
To resolve this issue, change the following value to "true"
Monday, June 10, 2024
The new series Sangfor firewall - Sangfor Network Secure
The new series Sangfor firewall - Sangfor Network Secure. (NSF-1050A-I, NSF-1100A-I, NSF-3100A-I and NSF-7100A-I). This new series are running on OS - Network Secure Platform (Network Secure 8.0.85 - the first release)
One of the new feature - "SOC Lite" which is good for security administrators.
It is also able to intergrate with Sangfor Security Cloud and Sangfor Endpoint Security
Reference:
Wednesday, June 5, 2024
Cisco VPN error - Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network
Possible reason: The Cisco ASA SSL certificate issue on the VPN profile and/or Interface
Solution: Fix the SSL certificate issue
Sunday, June 2, 2024
Huawei P20 Upgrade from 9 to Android 10
After upgrade to 9.0.0.197 (Android 9, EMUI 9), you will able to continuous to use OTA to upgrade several times (5 times) until you upgrade to Android 10.
Saturday, June 1, 2024
Huawei P20 Upgrade from 8.1 to Android 9
My Huawei P20 running on Android 8.1 and the OTA show it is running the latest version.
In fact, you can upgrade to Android 9 via install Hisuite on your computer and use USB to connect to your phone "https://consumer.huawei.com/levant/support/hisuite/"
- Install Hisuite
- Connect your phone to computer and on your P20, you need to enter developer mode (By go to about > System, on top of the version number to click it several time. It will show you are developer now. Then, back to previous page on your phone, and enter the developer mode to enable USB debug
- You will see a screen on your computer like the following:
- The first update still 8.1 (Before this update, my version is 8.1.0.152)
After that you can use OTA on your phone to upgrade to 9.0.0.197
Friday, May 24, 2024
Sunday, May 19, 2024
CVE-2024-3661 - Workaround and Mitigation
On May 6, 2024, a researcher from Leviathan Security Group identified a new technique, termed as "TunnelVision", that can bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of Dynamic Host Configuration Protocol (DHCP). TunnelVision involves the routing of traffic without encryption through a VPN. This traffic can be directed by the attacker's configured DHCP server using option 121, ultimately being redirected to the internet via a side channel created by the attacker. The existing VPN tunnel remains intact, and the side channel created by the attacker cannot be detected by the existing VPN tunnel. CVE-2024-3661 has been assigned to this critical vulnerability.
Workaround and Mitigation advise:
1. Instead of using public WiFi network, use a mobile hotspots for VPN connection
2. In hotel, instead of using hotel Wired or WiFi network directly, use a travel router to connect to hotel wired network, then use this network for VPN connection
3. Using a Virtual machine for VPN connection
Reference:
Fix Google Chrome update failed Error 7
Error:
There are Google Chrome update failed Error 7:
Solution:
Need to able to access tools.google.com and dl.google.com
Reference:
How to find which Access Point (AP) connected on Windows 10 / 11?
To find a AP which is your laptop connected, you can run the following command:
netsh wlan show in
There is 1 interface on the system:
Name : Wi-Fi
Description :
GUID :
Physical address :
State : connected
SSID :
BSSID : <This is the MAC address of the AP you connected>
Network type : Infrastructure
Radio type : 802.11n
Authentication :
Cipher :
Connection mode : Auto Connect
Channel :
Receive rate (Mbps) :
Transmit rate (Mbps) :
Signal : %
Profile :
Hosted network status : Not available
Friday, April 26, 2024
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
- Upgrade your Cisco ASA to the below versions: (Depend on your Cisco ASA support which version)9.16.4.579.18.4.229.20.2.10
- Check your firewall log or SIEM to see if there are any IOC IP hit your log.
For more detail of the IOC, please check:
Check your Cisco ASA compatibility:
Reference:
Subscribe to:
Posts (Atom)