Upgrade a old DIR-850L which is running on 1.13 (Hardware version A1) to the latest version firmware 1.20

1. Upgrade to 1.14b07b01 (files.dlink.com.au - /products/DIR-850L/REV_A/Firmware/)
2. Upgrade to 1.15b04 (http://files.dlink.com.au/products/DIR-850L/REV_A/Firmware/Firmware_v1.20b03/DIR850LA1_FW115WWb04.bin)
3. Upgrade to 1.20b03 (files.dlink.com.au - /products/DIR-850L/REV_A/Firmware/)

DIR-850L Firmware Release Notes
=================================

**Note: a factory reset is recommended after upgrading to ensure correct configuration is applied**


Hardware: A1
Firmware: V1.20
Date: 20/09/2017


NOTE:
THE FIRMWARE V1.15WWB04 NEEDS TO BE UPLOADED FIRST AS A TRANSITIONAL FIRMWARE V1.15, BEFORE UPGRADING TO V1.20WWB03.
Upgrade to Firmware V1.15 and then instantly go back into the web user interface and upgrade to Firmware V1.20

Problems Resolved:
1. Fixed the following security issues
- Firmware Protection
- WAN & LAN XSS exploit
- WAN - weak cloud control
- WAN & LAN - Stunnel Private Keys
- WAN & LAN - Nonce brute force for DNS configuration
- Local - WEak file permission and credentials stored in clear text
- Local - DoS attack against some daemons

Source: D-Link Support Resources

Upgrade a old DIR-850L which is running on 1.13 (Hardware version A1) to the latest version firmware 1.20

Cisco ASA and FirePower 1000 and 1200 max VPN peers

Cisco ASA and FirePower 1000 and 1200 max VPN peers

Veeam just release a new version of Linux agent which can support Rocky linux 8.10

https://helpcenter.veeam.com/docs/agentforlinux/userguide/system_requirements_nosnap.html?ver=60

Veeam just release a new version of Linux agent which can support Rocky linux 8.10

Windows 11 hardening by hotcakex.github.io

https://github.com/HotCakeX/Harden-Windows-Security

Windows 11 hardening by hotcakex.github.io

Receive OpenSSL error from one IP and another one IP is normal

SSL_ERROR_SYSCALL

One destination IP address able to connect another cannot. 

Solution: Add the URL to URL whitelist on Cloud Fortinet Fortigate Firewall

Receive OpenSSL error from one IP and another one IP is normal

Identifying and preventing unwanted DNS queries from FortiGate's FQDN Address ObjectYES

FQDN on firewall rule to AWS service, sometime need to fine tune the DNS TTL

Reference:

Identifying and preventing unwanted DNS q... - Fortinet Community

Explanation of the FQDN default cache-ttl... - Fortinet Community

How to deal with FQDN with short DNS TTL - Fortinet Community

How To Change Session TTL For A Firewall Policy In FortiGate (hex64.net)

Identifying and preventing unwanted DNS queries from FortiGate's FQDN Address ObjectYES

Fortigate DNS and Server DNS different case connection rejected on firewall

When the destination URL on CDN e.g. AWS. 

If your Fortigate DNS and Server DNS different case connection denied on firewall

Solution:

To align with those device DNS is same.

Fortigate DNS and Server DNS different case connection rejected on firewall

How to check Lenovo Laptop "Type"

When you select the BIOS update, you will see there is a "Type" under the laptop model:

To check your laptop "Type", go to the system information and check the "system Model" and "BaseBoard Product":

How to check Lenovo Laptop "Type"

Install Deepin 23 on DELL 5400 laptop

After the installation, you will need to run the system update to install several update.

Install Deepin 23 on DELL 5400 laptop

HKMA and PCPD about AI related guideline

HKMA 

2019 Nov - Guiding Principles in the HKMA circular "Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions" (BDAI)

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2019/20191105e1.pdf

2020 Aug - Report on "Artificial Intelligence in Banking: The Changing Landscape in Compliance and Supervision"

Hong Kong Monetary Authority - Report on "Artificial Intelligence in Banking: The Changing Landscape in Compliance and Supervision" (hkma.gov.hk)

airep.pdf (aof.org.hk)

2024 Apr - Insights for Design, Implementation and Optimisation of Transaction Monitoring Systems

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240417e2a1.pdf

2024 May - Manpower Management in the Age of Artificial Intelligence

Hong Kong Monetary Authority - Arthur Yuen on Manpower Management in the Age of Artificial Intelligence (hkma.gov.hk)

2024 Aug - Consumer Protection in respect of Use of Generative Artificial Intelligence

https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240819e1.pdf

PCPD 

2021 Aug - Guidance on the Ethical Development and Use of Artificial Intelligence

https://www.pcpd.org.hk/english/resources_centre/publications/files/guidance_ethical_e.pdf

 

2024 Jun - Artificial Intelligence: Model Personal Data Protection Framework

https://www.pcpd.org.hk/english/resources_centre/publications/files/ai_protection_framework.pdf

HKMA and PCPD about AI related guideline

Veeam STDB Vault Site - Veeam Malware detection

When you enable the feature - "Suspicious activity detection"

The offline update of Veeam Malware detection will be essential for you. It is update in daily.

https://www.veeam.com/kb4514

https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index_manage_list.html?ver=120

https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection.html?ver=120

https://www.managecast.com/veeam-how-to-manually-updating-suspicious-file-list-in-limited-network-environment/

Veeam STDB Vault Site - Veeam Malware detection

H3C New OS - 磐宁 NingOS

https://www.h3c.com/cn/Service/Document_Software/Document_Center/Server/Catalog/Server_Parts/NingOS/Default.htm

https://www.h3c.com/cn/Service/Document_Software/Software_Download/Server/Catalog/system/system/NingOS/

H3C iMC new version running on NingOS + MariaDB

https://www.h3c.com/cn/Service/Document_Software/Document_Center/SDN/Catalog/IMC/IMC_V7/Installation/Installation_Manual/H3C_7.3-21299/02/?CHID=1063390

Reference:

https://www.chinaz.com/2023/0611/1533035.shtml

https://www.huanqiu.com/article/4DH5fdJ7eGp

H3C New OS - 磐宁 NingOS

Deepin Package Update in Terminal

sudo su

apt-get update && apt-get upgrade

Deepin Package Update in Terminal

Java application performance issue on Tomcat

Symptoms:

Each request delay 15 seconds 

Issue:

Tomcat上的java程序会调用CheckHttpEMPSID.execute()方法，该方法会调用getLocalHost()方法尝试解析本机主机名对应的地址， 当hosts文件中没配置对应的记录时，请求会通过dns对外发起解析， 当dns请求解析超时的情况下会造成java程序阻塞住。

Solution:

Vi /etc/hosts - add Server IP and hostname

E.g. 192.168.8.8 server01

Java application performance issue on Tomcat

WAF block request - Attack Type "HTTP parser attack"

WAF block request - Attack Type "HTTP parser attack" Violations - "HTTP protocol compliance failedhe - check maximum header of numbers" header over 21 (Default value is 20, max value is 30)

Recommended Actions

 Log on to the BIG-IP ASM/AWAF Configuration utility (gui).

 Go to Security > Policy Building > Learning and Blocking Settings.

 Expand HTTP protocol compliance failed.

 Modify the Check maximum number of headers value to the required value for your application.

 Click Save.

 Click Apply Policy.

Reference:

https://my.f5.com/manage/s/article/K35241129

Increase "Check maximum number of headers" to 30 under Learning and Blocking settings screen for a policy.

https://cdn.f5.com/product/bugtracker/ID1051213.html

WAF block request - Attack Type "HTTP parser attack"

Lenovo T14s Gen 4 upgrade BIOS to 1.20 (R2EUJ39W)

Lenovo T14s Gen 4 upgrade BIOS to 1.20 (R2EUJ39W)

https://support.lenovo.com/us/en/downloads/ds564941-bios-update-utility-bootable-cd-for-windows-11-10-64-bit-thinkpad-t14s-gen-4-type-21f8-21f9

which is fixed the charging issue.

Lenovo T14s Gen 4 upgrade BIOS to 1.20 (R2EUJ39W)

D-Link DIR-867 and WPA3 support

January 29, 2024 NOTICE - This hardware revision will no longer receive firmware updates after the End of Support date
(EoS): March 29, 2024.

https://support.dlink.com/ProductInfo.aspx?m=DIR-867-US

If you are using DIR-867, it is good for you to upgrade to the latest version 1.30 since it was fixed several bugs and also it is support WPA3.

https://legacy.us.dlink.com/pages/product.aspx?id=01cef5f501d84cd29f6dc1cf65c04ed1

Firmware - Hardware A1:

https://legacyfiles.us.dlink.com/DIR-867/REVA/Firmware/DIR-867_REVA_FIRMWARE_v1.30B07.zip

D-Link DIR-867 and WPA3 support

CrowdStrike announced a new setting relating to the Incident on 19 July 2024 to allow customer to "control" Channel file update

CrowdStrike announced a new setting relating to the Incident on 19 July 2024, allowing customers to choose update approach on Sensor Operations and Rapid Response Content, but it's a generate setting for all hosts. There is no option for us to choose which group of Hosts effective. It is recommended by CrowdStrike to use "General Availability".

Unless they're allowing customers to define a small pilot group within their company, otherwise this features is almost useless....maybe we can say that it is better than nothing...since they using customers production environment as UAT and they allow you to choice which stage you join the test.

CrowdStrike announced a new setting relating to the Incident on 19 July 2024 to allow customer to "control" Channel file update

How to disable ESET Endpoint Security via GPO?

Use "Computer Configuration" and set the following policy:

How to disable ESET Endpoint Security via GPO?

2024年7月30日腾讯安全正式在国际的站发布RASP+方案――泰石引擎

It is recommended Tencent Cloud International CWPP customer (Pro/Ultimate) to enable those new features and also the Ransomware Defence.

Reference about this product release in mainland china at 2022:

https://cloud.tencent.com/developer/article/2119835

https://m.jiemian.com/article/8356977.html

https://segmentfault.com/a/1190000043819095

2024年7月30日腾讯安全正式在国际的站发布RASP+方案――泰石引擎

Install Deepin 20.9 on DELL Latitude 5400 as a contingency machine (To prepare for another Crowdstrike level disaster/catastrophic)

When you lost your AD, DHCP, NAC, DNS, Hyper-V even your notebook and deskop...almost everything on your back office environment. What can you do? As a system/network administrator, first come first to fix your machine to let you able to remote your infrastructure and able to start to save the world.

If you already install Deepin or another Linux on some old laptop which is already installed some administrative tools e.g. putty, FileZilla client....., which is already have fixed IP and also MAC address whitelist on your NAC. You can respond to disaster faster.

Install Deepin on DELL Latitude 5400.

1. Need to enter BIOS to enable USB Configuration - Enable USB Boot Support
2. SATA Operation - select AHCI

Then, you should able to use USB boot to install deepin on 5400.

Install Deepin 20.9 on DELL Latitude 5400 as a contingency machine (To prepare for another Crowdstrike level disaster/catastrophic)

Fortinet CVE-2024-26015 (FG-IR-23-446) and CVE-2024-26006 (FG-IR-23-485)

https://www.fortiguard.com/psirt/FG-IR-23-446

Upgrade to 7.4.4

https://www.fortiguard.com/psirt/FG-IR-23-485

Either disable "Web Mode" under SSL-VPN Portal or/and upgrade to 7.4.4

Fortinet CVE-2024-26015 (FG-IR-23-446) and CVE-2024-26006 (FG-IR-23-485)

Feishu first time login error - No permissions to access

 When you try to login the Feishu by using your email, you receive a "Notice". No permissions to access. Please contact your administrator for license to log in.

It is mean that your account did not being assign license or license expired.

Solution:

Feishu Admin go to admin portal:

Billing -> My Product -> Select a active license product to assign your account into it.

Feishu first time login error - No permissions to access

Cisco ASDM OpenJDK edition, ASDM-IDM Launcher and Azul Zulu JRE 8

Since Cisco ASDM 7.18(1) support Java 1.8 (Version 8) only. You need to install Azul Zulu JRE 8 on your machine.

Using JRE version 1.8.0_412 OpenJDK 64-Bit Server VM

User home directory = 

----------------------------------------------------

c:   clear console window

f:   finalize objects on finalization queue

g:   garbage collect

h:   display this help message

m:   print memory usage

q:   hide console

s:   dump system properties

----------------------------------------------------

Application Logging Started at 

---------------------------------------------

Local Launcher Version = 1.9.7

Local Launcher Version Display = 1.9(7)

Cisco ASDM OpenJDK edition, ASDM-IDM Launcher and Azul Zulu JRE 8

Cisco ASA and CVE-2024-6387

For the ASA: 

 - Releases before 9.17 (not included) are not affected. 

 - Releases between 9.17 (included) and 9.19 (not included) are affected if configured to use CiscoSSH (non default configuration) 

 - Releases 9.19 and greater are affected with the default configuration

Reference:

https://bst.cisco.com/quickview/bug/CSCwk61618

Cisco ASA and CVE-2024-6387

Upgrade Cisco ASA firmware to 9.12.4.67 to fix Cisco rates CVE-2024-20358 vulnerability as MEDIUM. CVE-2024-20353 and CVE-2024-20359 vulnerabilities are rated HIGH

In 26 April 2024, Cisco recommend Cisco ASA 9.12.4.65 customer to upgrade their firmware to 9.16.4.57 to fix Cisco rates CVE-2024-20358 vulnerability as MEDIUM. CVE-2024-20353 and CVE-2024-20359 vulnerabilities are rated HIGH. It found that 9.16.x have behaviour change on LDAPS certificate checking. If the SSL certificate expired, the LDAPS will failed. 

Cisco have release 9.12.4.67 to fix those vulnerabilities for keep who want to stay at 9.12.x

Upgrade Cisco ASA firmware to 9.12.4.67 to fix Cisco rates CVE-2024-20358 vulnerability as MEDIUM. CVE-2024-20353 and CVE-2024-20359 vulnerabilities are rated HIGH

Windows 11 Update failed - Realtek Semiconductor Corp. - Extension - 6.0.9411.1

Solution:

Click the pause updates foe a week button and then click check updates.

Reference:

https://answers.microsoft.com/en-us/windows/forum/all/realtek-semiconductor-corp-extension-6094111/905ee855-f5c8-4b6b-ac58-d3f758bde4e5?page=1

Windows 11 Update failed - Realtek Semiconductor Corp. - Extension - 6.0.9411.1

ASUS RT-AX56U action required to upgrade firmware

Firmware version 3.0.0.4.386_51679

- Release Note -

Security updates:

 - Fixed command injection vulnerability.

 - Fixed the ARP poisoning vulnerability.

 - Fixed code execution in custom OVPN.

 - Fixed the injection vulnerability in AiCloud.

 - Fixed stack buffer overflow in lighttpd.

 - Fixed CVE-2023-35720

 - Fixed the code execution vulnerability in AiCloud.

 - Fixed the XSS and Self-reflected HTML injection vulnerability.

*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.

ASUS RT-AX56U action required to upgrade firmware

Windows 11 Windows Update failed after sysprep

 If you installed Remote Server Administration Tools (RSAT) on Windows 11 then you uninstall it before your run sysprep. You machine from this image will failed to apply Windows monthly update.

Windows 11 Windows Update failed after sysprep

Microsoft 365 and Office update button missing

To resolve this issue, change the following value to "true"

Microsoft 365 and Office update button missing

The new series Sangfor firewall - Sangfor Network Secure

The new series Sangfor firewall - Sangfor Network Secure. (NSF-1050A-I, NSF-1100A-I, NSF-3100A-I and NSF-7100A-I). This new series are running on OS - Network Secure Platform (Network Secure 8.0.85 - the first release)

One of the new feature - "SOC Lite" which is good for security administrators.

It is also able to intergrate with Sangfor Security Cloud and Sangfor Endpoint Security

Reference:

https://www.sangfor.com/cybersecurity/products/network-secure-next-generation-firewall

The new series Sangfor firewall - Sangfor Network Secure

User Microsoft Office Outlook to receive RSS of O365 URL and IP address change

1. How to subscribe RSS in Outlook https://support.microsoft.com/en-au/office/subscribe-to-an-rss-feed-73c6e717-7815-4594-98e5-81fa369e951c
2. RSS link - https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7

User Microsoft Office Outlook to receive RSS of O365 URL and IP address change

Cisco VPN error - Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network

Possible reason: The Cisco ASA SSL certificate issue on the VPN profile and/or Interface

Solution: Fix the SSL certificate issue

Cisco VPN error - Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network

Slack will end of support Android 10 or before after 1 Sep 2024

 

Reference:

https://slack.com/intl/zh-tw/help/articles/1500001836081-%E5%90%84%E7%A8%AE%E4%BD%9C%E6%A5%AD%E7%B3%BB%E7%B5%B1%E3%80%81%E6%87%89%E7%94%A8%E7%A8%8B%E5%BC%8F%E7%89%88%E6%9C%AC%E5%92%8C%E7%80%8F%E8%A6%BD%E5%99%A8%E7%9A%84-Slack-%E6%94%AF%E6%8F%B4%E7%94%9F%E5%91%BD%E9%80%B1%E6%9C%9F

Slack will end of support Android 10 or before after 1 Sep 2024

Huawei P20 Upgrade from 9 to Android 10

After upgrade to 9.0.0.197 (Android 9, EMUI 9), you will able to continuous to use OTA to upgrade several times (5 times) until you upgrade to Android 10.

Huawei P20 Upgrade from 9 to Android 10

Huawei P20 Upgrade from 8.1 to Android 9

 My Huawei P20 running on Android 8.1 and the OTA show it is running the latest version.

In fact, you can upgrade to Android 9 via install Hisuite on your computer and use USB to connect to your phone "https://consumer.huawei.com/levant/support/hisuite/"

1. Install Hisuite
2. Connect your phone to computer and on your P20, you need to enter developer mode (By go to about > System, on top of the version number to click it several time. It will show you are developer now. Then, back to previous page on your phone, and enter the developer mode to enable USB debug
3. You will see a screen on your computer like the following:
4. 

   
   
   
5. The first update still 8.1 (Before this update, my version is 8.1.0.152)
6. 

   
   After that you can use OTA on your phone to upgrade to 9.0.0.197
7. 

   
   
   

Huawei P20 Upgrade from 8.1 to Android 9

Skyguard Proxy support running on Tencent Cloud

 

Skyguard Proxy support running on Tencent Cloud

CVE-2024-3661 - Workaround and Mitigation

On May 6, 2024, a researcher from Leviathan Security Group identified a new technique, termed as "TunnelVision", that can bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of Dynamic Host Configuration Protocol (DHCP). TunnelVision involves the routing of traffic without encryption through a VPN. This traffic can be directed by the attacker's configured DHCP server using option 121, ultimately being redirected to the internet via a side channel created by the attacker. The existing VPN tunnel remains intact, and the side channel created by the attacker cannot be detected by the existing VPN tunnel. CVE-2024-3661 has been assigned to this critical vulnerability.

Workaround and Mitigation advise:

1. Instead of using public WiFi network, use a mobile hotspots for VPN connection

2. In hotel, instead of using hotel Wired or WiFi network directly, use a travel router to connect to hotel wired network, then use this network for VPN connection

3. Using a Virtual machine for VPN connection

Reference:

https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability 

https://www.leviathansecurity.com/blog/tunnelvision 

https://security.paloaltonetworks.com/CVE-2024-3661 

https://support.checkpoint.com/results/sk/sk182290 

https://my.f5.com/manage/s/article/K000139553

CVE-2024-3661 - Workaround and Mitigation

Fix Google Chrome update failed Error 7

Error: 

There are Google Chrome update failed Error 7:

Solution:

Need to able to access tools.google.com and dl.google.com

Reference:

https://support.google.com/chrome/answer/111996?hl=en

Fix Google Chrome update failed Error 7

How to find which Access Point (AP) connected on Windows 10 / 11?

To find a AP which is your laptop connected, you can run the following command:

netsh wlan show in

There is 1 interface on the system:

    Name                   : Wi-Fi

    Description            :

    GUID                   : 

    Physical address       : 

    State                  : connected

    SSID                   : 

    BSSID                  : <This is the MAC address of the AP you connected>

    Network type           : Infrastructure

    Radio type             : 802.11n

    Authentication         : 

    Cipher                 : 

    Connection mode        : Auto Connect

    Channel                : 

    Receive rate (Mbps)    : 

    Transmit rate (Mbps)   : 

    Signal                 : %

    Profile                : 

    Hosted network status  : Not available

How to find which Access Point (AP) connected on Windows 10 / 11?