LVM is not simple to deal with. And although I do believe that I must know how to deal with it by using CLI environment, it's always a good thing to know how to use some LVM GUI tools. This article presents some good ones. Just remember: first and foremost, you must understand how it works under the hoods, and then dare to test some of these good tools.
Read the article at https://www.linuxjournal.com/content/review-gui-lvm-tools
It is always a good idea to keep a resource monitor open. HTop has been my pet for years. But now, I guess it is time to change.
BPyTop is an awesome alternative, lightweight, and fully featured. Excellent job, written in Python. After that, I haven't seen my Htop interface for days! Read this concise article, and give BPyTop a try, if you haven't already!
Read more here: https://www.cyberciti.biz/open-source/command-line-hacks/bpytop-awesome-linux-macos-and-freebsd-resource-monitor/
Many of the "smart" and "advanced" users who use browser extensions (browser extensions) to download photos, videos, and other content from sites like Facebook, Instagram, Vimeo, and Spotify, have just "achieved" the results that security professionals have always warned about: they managed to contaminate their equipment with silent password stealers, who work without drawing almost any attention, even making the user think "he is safe and that he never had any problem with viruses and malware".
In reality, end users usually don't even know what malware is ...
Read more on this subject at ArsTechnica.
In this video, not only another Linux phone will be presented. The author will dive into some questions about privacy and profit. In the end, he will think about Linux as a good option for mobiles.
Worthy a peek!
Microsoft's server-based Linux protection program is now offering a public preview of improved endpoint detection and response features.
I know it's still hard for some of you to wrap your minds around it, but Microsoft really does support Linux these days. A case in point: Back in June, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use. Now, Microsoft has improved the Linux version of Defender, by adding a public preview of endpoint detection and response (EDR) capabilities.
This is still not a version of Microsoft Defender you can run on a standalone Linux desktop. Its primary job remains to protect Linux servers from server and network threats. If you want protection for your standalone desktop, use such programs as ClamAV or Sophos Antivirus for Linux.
For businesses, though, with workers from home now using their Macs and Windows PCs here, there, and everywhere, it's a different story. While based on Linux servers, you'll be able to use it to protect PCs running macOS, Windows 8.1, and Windows 10.
With these new EDR capabilities, Linux Defender users can detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats. This builds on the existing preventative antivirus capabilities and centralized reporting available via the Microsoft Defender Security Center. Specifically, it includes:
To run the updated program, you'll need one of the following Linux servers: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian or higher; or Oracle Linux 7.2.
Next, to try these public preview capabilities, you'll need to turn on the preview features in Microsoft Defender Security Center. Before you do this, make sure you're running version 101.12.99 or higher. You can find out which version you're running with the command:
mdatp health
You shouldn't switch all your servers running Microsoft Defender for Endpoint on Linux to the preview in any case. Instead, Microsoft recommends you configure only some of your Linux servers to Preview mode, with the following command:
$ sudo mdatp edr early-preview enable
Once that's done, if you're feeling brave and want to see for yourself if it works, Microsoft is offering a way to run a simulated attack. To do this, follow the steps below to simulate a detection on your Linux server and investigate the case.
1 - Verify that the onboarded Linux server appears in Microsoft Defender Security Center. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.
2 - Download and extract the script file from here aka.ms/LinuxDIY to an onboarded Linux server and run the following command:
./mde_linux_edr_diy.sh
After a few minutes, it should be raised in Microsoft Defender Security Center.
Look at the alert details, machine timeline, and perform your typical investigation steps.
Good luck!
By Steven J. Vaughan-Nichols for Linux and Open Source | November 17, 2020 -- 21:16 GMT (13:16 PST) | Topic: Security
Source: https://www.zdnet.com/article/microsoft-defender-for-linux-adds-new-security-feature/
If and when our government suggests something similar "for our safety", we should be concerned...
Under the guise of a "cybersecurity exercise," the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services.
Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users' devices via a technique called MitM (Man-in-the-Middle).
Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government's certificate. Earlier this morning, Nur-Sultan residents also received SMS messages informing them of the new rules.
Kazakhstan users have told ZDNet today that they are not able to access sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix without installing the government's root certificate.
This is the Kazakh government's third attempt at forcing citizens to install root certificates on their devices after a first attempt in December 2015 and a second attempt in July 2019.
Both previous attempts failed after browser makers blacklisted the government's certificates.
In a statement published on Friday, Kazakh officials described their efforts to intercept HTTPS traffic as a cybersecurity training exercise for government agencies, telecoms, and private companies.
They cited the fact that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. Officials did not say how long the training exercise will last.
The Kazakh government used a similarly vague statement last year, in 2019, describing its actions as a "security measure to protect citizens." Representatives for major browser makers, pivotal in blocking the Kazakh government's first two attempts to backdoor HTTPS traffic, told ZDNet they will investigate the recent incident and take appropriate measures.
By Catalin Cimpanu for Zero Day | December 6, 2020 -- 15:46 GMT (07:46 PST)
Source: https://www.zdnet.com/article/kazakhstan-government-is-intercepting-https-traffic-in-its-capital/
If you use VMWare, you might be concerned about your environment's security ...
Multiple VMware products are exploited in attacks that access Windows active directory.
DAN GOODIN - 12/7/2020, 4:19 PM
The National Security Agency says that Russian state hackers are compromising multiple VMware systems in attacks that allow the hackers to install malware, gain unauthorized access to sensitive data, and maintain a persistent hold on widely used remote work platforms.
The in-progress attacks are exploiting a security bug that remained unpatched until last Thursday, the agency reported on Monday. CVE-2020-4006, as the flaw is tracked, is a command-injection flaw, meaning it allows attackers to execute commands of their choice on the operating system running the vulnerable software. These vulnerabilities are the result of code that fails to filter unsafe user input such as HTTP headers or cookies. VMware patched CVE-2020-4006 after being tipped off by the NSA.
Attackers from a group sponsored by the Russian government are exploiting the vulnerability to gain initial access to vulnerable systems. They then upload a Web shell that gives a persistent interface for running server commands. Using the command interface, the hackers are eventually able to access the active directory, the part of Microsoft Windows server operating systems that hackers consider the Holy Grail because it allows them to create accounts, change passwords, and carry out other highly privileged tasks.
“The exploitation via command injection led to installation of a web shell and follow-on malicious activity where credentials in the form of SAML authentication assertions were generated and sent to Microsoft Active Directory Federation Services, which in turn granted the actors access to protected data,” NSA officials wrote in Monday’s cybersecurity advisory.
For attackers to exploit the VMware flaw, they first must gain authenticated password-based access to the management interface of the device. The interface by default runs over Internet port 8443. Passwords must be manually set upon installation of software, a requirement that suggests administrators are either choosing weak passwords or that the passwords are being compromised through other means.
“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system,” VMware said in an advisory published on Thursday. “This account is internal to the impacted products and a password is set at the time of deployment. A malicious actor must possess this password to attempt to exploit CVE-2020-4006.”
The active attacks come as large numbers of organizations have initiated work-from-home procedures in response to the COVID-19 pandemic. With many employees remotely accessing sensitive information stored on corporate and government networks, software from VMware plays a key role in safeguards designed to keep connections secure.
The command-injection flaw affects the following five VMware platforms:
People running one of these products should install the VMware patch as soon as possible. They should also review the password used to secure the VMware product to ensure it’s strong. Both the NSA and VMware have additional advice for securing systems at the links above.
Monday’s NSA advisory didn’t identify the hacking group behind the attacks other than to say it was composed of “Russian state-sponsored malicious cyber actors.” In October, the FBI and the Cybersecurity and Infrastructure Security Agency warned that Russian state hackers were targeting the critical Windows vulnerability dubbed Zerologon. That Russian hacking group goes under many names, including Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala.
