Dirty Sock Snapd Local Privilege Escalation Vulnerability

A local privilege escalation in snapd versions 2.28 through 2.37 that could allow the creation of root level accounts – may give you a Dirty Sock ! Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically

Read more

PhpMyAdmin Releases Security Update 4.8.5 Patches SQL Injection and Arbitrary File Read

PhpMyAdmin security fix v4.8.5 will patch an SQL Injection and arbitrary file read vulnerability. Security is a daily ongoing endeavor and discipline in today’s online world. In a security blog post the developers of phpMyAdmin announced version 4.8.5 of its software to address a few security related issues. The security fixes involve: Arbitrary file read vulnerability (https://www.phpmyadmin.net/security/PMASA-2019-1) SQL injection in the Designer interface (https://www.phpmyadmin.net/security/PMASA-2019-2) The arbitrary file read vulnerability could also be exploited to delete

Read more

Linux APT Package Manager Remote Code Execution Bug Patched

Original Source: BleepingComputer Independent consultant and security contractor Max Justicz discovered a remote code execution issue in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. As described by Justicz, the APT vulnerability present in the package manager starting with version 0.8.15 “allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in

Read more

KeePassXC the Secure, Offline, Open Source Password Manager

In a vulnerable web and cloud based world, KeePassXC offers excellent password management that’s secure, reliable, offline by default and open source. A password manager is a tool that creates and stores passwords for you, so you can use many different passwords on different sites and services without having to memorize them all, and/or more importantly avoid using the same non-secure password. You only need to remember one password (and/or key file) that then allows

Read more

Examine Network Socket Connections with Linux ss Command Instead of Netstat

Examine Network Socket Connections with Linux ss Command Instead of Netstat The Linux ‘ss’ command replaces the older ‘netstat’ and makes a lot of information about network and socket connections available for you to easily examine or troubleshoot issues. The ss (socket statistics) command provides a lot of information by displaying details on socket activity. What is a Socket? A socket is a Linux file descriptor for communicating with the network. In Linux, they say

Read more

PhpMyAdmin MySQL Table Export SQL Format Missing

PhpMyAdmin MySQL Table Export SQL Format Not Available phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web, it’s a very popular tool included with many server control panels such as Plesk and cPanel.  Recently an incident was sent my way where a large customer was advising the ability to export single MySQL tables within PhpMyAdmin was no longer providing the expected SQL format by default. In fact,

Read more

HealthEquity Security Breach Email Hacked Again

HealthEquity Email Hack Breaches Data of Users… Again ! An email hack security breach on their mail has again potentially exposed personal data of HealthEquity customers. This is not the first time however, in June, an unauthorized user hacked into an employee’s email account and breached the data of 16,000 customers according to HealthEquity Email Hack. The most recent breach is similar according to this site notification to customers: On October 5, 2018, HealthEquity’s information

Read more

Apache httpd No Space Left on Device AH00023

Issue Had this pop up today, been several years since the ugly Apache semaphore scenario reared its messy head. You’ll have an Apache http web service down, upon typical quick look and attempt to restart, Apache fails to kick off. No biggie, whether digging through logs, systemctl status and journalctl stuffs you’ll eventually come across something similar to: [Sun Dec 23 15:22:11.048641 2018] [core:emerg] [pid 39427] (28)No space left on device: AH00023: Couldn’t create the

Read more

Linux Mint 19.1 “Tessa” Cinnamon Released !

The team is proud to announce the release of Linux Mint 19.1 “Tessa” Cinnamon Edition. Linux Mint 19.1 is a long term support release which will be supported until 2023. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use. New features: This new version of Linux Mint contains many improvements. For an overview of the new features please visit: “What’s new in Linux

Read more

Easily Change Cisco ASA VPN Peer IP

VPN use is very prevalent these days, especially for businesses and the number of mobile workers, remote offices and tunneled cloud infrastructure. Inevitably at some point the IP address of an end point will need to be changed. This can be accomplished quickly and easy in a few steps, in this blip we’ll look at a simple IKEv1 VPN tunnel -while IKEv2 is the way to go these days – there are still a gazillion

Read more