Posted on No Comments on Multiple vulnerabilities in Cisco

Multiple vulnerabilities in Cisco

Here’s a summary of the Cisco Security Advisories:

  1. Cisco AppDynamics Network Visibility Service DoS Vulnerability: An unauthenticated, local attacker could cause a denial of service (DoS) condition due to improper handling of unexpected input.
  2. Cisco Crosswork NSO Open Redirect Vulnerability: An unauthenticated, remote attacker could redirect a user to a malicious web page due to improper input validation of a parameter in an HTTP request.
  3. Cisco Crosswork NSO Privilege Escalation Vulnerability: An authenticated, local attacker could elevate privileges to root on an affected device because of a user-controlled search path used to locate executable files.
  4. Cisco Secure Client NAM Privilege Escalation Vulnerability: An unauthenticated attacker with physical access could elevate privileges to SYSTEM due to a lack of authentication on a specific function.
  5. Cisco Secure Email and Web Manager XSS Vulnerabilities: Multiple vulnerabilities could allow a remote attacker to conduct XSS attacks against users of the interface due to insufficient input validation.
  6. Cisco Secure Email Gateway HTTP Response Splitting Vulnerability: An unauthenticated, remote attacker could conduct an HTTP response splitting attack due to insufficient input validation of some parameters.
  7. Cisco Unified Communications Products API DoS Vulnerability: An unauthenticated, remote attacker could cause high CPU utilization and potentially impact access and call processing due to improper API authentication and incomplete validation of the API request.
Read more Multiple vulnerabilities in Cisco
Posted on No Comments on Changes in atlassian university courses after Team24

Changes in atlassian university courses after Team24

During Team 24 Atlassian announced one, but big change in Atlassian University. Previously, on-demand courses cost $39. And now you can enroll in any of courses, or any of the learning paths containing those courses for free.

You can get started with courses that cover the basics — key concepts, core product features, and best practices — then validate your skills with a career-boosting credential. Or, you can take the guided route on one of learning paths, which are series of courses designed to help you achieve a particular goal.

What’s new

  • Free Learning Access: Atlassian University now offers 100% free on-demand courses to help individuals and teams at every stage of their journey, from getting started with a new product to preparing for an official certification.
  • Course Offerings: The courses cover key concepts, core features, best practices, and soft skills. Popular courses include managing Jira Service Projects, Asset Management Essentials, and Confluence Administration.
  • Learning Paths: Guided learning paths are available for specific goals like onboarding, delivering better outcomes at work, and advancing your career.
  • Certification Preparation: Free certification preparation learning paths are provided to help users earn Atlassian Certifications, validating their knowledge and skills.

If you don’t know that, Atlassian University is here:

https://university.atlassian.com/student/catalog?

Posted on No Comments on D-Link – multiple vulnerabilities, some are 0-days

D-Link – multiple vulnerabilities, some are 0-days

Here’s a summary of the vulnerabilities reported:

  • Remote Code Execution (RCE) Vulnerabilities:
    • D-Link D-View: Two vulnerabilities (ZDI-24-448, ZDI-24-450) allow remote code execution due to command injection and exposed dangerous methods. Both require authentication, which can be bypassed. CVSS rating: 8.8.
    • D-Link G416: Attackers can execute code on G416 routers without authentication (ZDI-24-446). CVSS rating: 8.8.
    • D-Link DIR-2150: The GetDeviceSettings feature in DIR-2150 routers is vulnerable to command injection by network-adjacent attackers without authentication (ZDI-24-442). CVSS rating: 8.8.
    • D-Link DIR-2640: A stack-based buffer overflow in DIR-2640-US routers allows RCE without authentication (ZDI-24-444). CVSS rating: 8.8.
    • D-Link D-View: Another vulnerability (ZDI-24-449) allows RCE through an exposed dangerous method with bypassable authentication. CVSS rating: 8.8.
  • Local Privilege Escalation:
    • D-Link Network Assistant: A vulnerability (ZDI-24-443) allows local attackers to escalate privileges by exploiting an uncontrolled search path element. Requires execution of low-privileged code. CVSS rating: 7.3.
  • Denial-of-Service (DoS):
    • D-Link DIR-3040: A memory leak in prog.cgi websSecurityHandler can be exploited by network-adjacent attackers to cause a DoS condition (ZDI-24-445). No authentication needed. CVSS rating: 4.3.
  • Authentication Bypass:
    • D-Link D-View: A vulnerability (ZDI-24-447) allows bypassing authentication using a hard-coded cryptographic key. No authentication needed for exploitation. CVSS rating: 9.8.

All vulnerabilities are marked as “0Day,” indicating they are previously unknown and unpatched. The CVSS ratings range from 4.3 to 9.8, reflecting the severity of the vulnerabilities. The higher the CVSS score, the more severe the vulnerability. It’s important for organizations using these D-Link products to be aware of these vulnerabilities and apply any available patches or mitigations provided by the vendor.

Read more D-Link – multiple vulnerabilities, some are 0-days
Posted on No Comments on ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability

Vulnerability

ZDI-24-439
ZDI-CAN-20464

CVE ID CVE-2023-24948
CVSS SCORE 7.6,
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Windows

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The ZDI has assigned a CVSS rating of 7.6. The following CVEs are assigned: CVE-2023-24948.

Microsoft FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

In order to exploit this vulnerability, the victim must pair with the attacker’s Bluetooth device.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

How could an attacker exploit this vulnerability?

An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

Source:

http://www.zerodayinitiative.com/advisories/ZDI-24-439/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948

Posted on No Comments on The Art of Mindful Living

The Art of Mindful Living

In today’s fast-paced world, it’s easy to get lost in the chaos and forget about the importance of taking care of ourselves. Mindful living is about being fully present in the moment, paying attention to our thoughts and feelings without judgment, and cultivating a sense of inner peace and happiness. In this blog post, we will explore the art of mindful living and how it can improve our overall well-being.

Mindfulness

Mindfulness is the practice of bringing our full attention to the present moment. By focusing on our breath, bodily sensations, and surrounding environment, we become aware of our thoughts and feelings without getting caught up in them. Mindfulness allows us to observe our experiences with curiosity and non-judgment, helping us to develop a greater understanding of ourselves and the world around us. Through regular practice, we can become more mindful in our everyday activities, such as eating, walking, and interacting with others.

Mental health

One of the key benefits of mindful living is its positive impact on our mental health. Research has shown that mindfulness can reduce stress, anxiety, and depression, while increasing feelings of calmness and well-being. By being present in the moment, we are better able to manage our emotions and respond to difficult situations with clarity and composure. Mindful living also enhances our ability to focus and concentrate, improving our productivity and overall cognitive function.

In addition to its mental health benefits, mindful living can also have a profound effect on our physical well-being. When we practice mindfulness, we become more attuned to our body’s needs, allowing us to make healthier choices in terms of diet, exercise, and sleep. By listening to our body and giving it the care it deserves, we can improve our overall health and vitality. Mindful eating, for example, involves paying attention to the taste, texture, and aroma of our food, which not only enhances our enjoyment of the meal but also promotes healthier eating habits.

Self-care

In conclusion, mindful living is a powerful tool for self-care and personal growth. By incorporating mindfulness into our daily lives, we can cultivate a deep sense of inner peace, resilience, and happiness. Whether it’s through formal meditation practice or simply being more present in our daily activities, the art of mindful living can transform our lives in profound ways. So why not start today? Take a moment to pause, breathe, and embrace the beauty of this present moment.

Remember, self-care is not selfish, it’s essential for our well-being. Let’s prioritize our mental and physical health by embracing the art of mindful living. If you are a male, living in the UK, you may visit guys from Andy’s man club, or you can search similar organization in your neighberhood.

And remember – if you need urgent help and you are in UK, call Samaritans – 116 123. It’s a free number, and theye are there to help you.

Posted on No Comments on Apple Siri and ChatGPT: Revolutionizing AI Chat Technology

Apple Siri and ChatGPT: Revolutionizing AI Chat Technology

  •  

The article on https://www.nytimes.com discusses the collaboration between Apple’s Siri and OpenAI’s ChatGPT to enhance the capabilities of the virtual assistant. I found it really intresting.

Advancements in AI Technology: A Look at Apple’s Siri and ChatGPT

In the ever-evolving landscape of artificial intelligence (AI) technology, companies like Apple are constantly pushing the boundaries of what is possible. One of the most recent advancements in AI technology is the integration of ChatGPT into Apple’s Siri virtual assistant. This collaboration has the potential to revolutionize the way we interact with AI systems and could pave the way for even more sophisticated AI applications in the future.

ChatGPT, developed by OpenAI, is a state-of-the-art language model that uses deep learning techniques to generate human-like responses to text inputs. By incorporating ChatGPT into Siri, Apple has significantly enhanced the virtual assistant’s ability to understand and respond to natural language queries. This means that Siri can now engage in more complex and nuanced conversations with users, making interactions with the virtual assistant feel more natural and intuitive.

One of the key advantages of integrating ChatGPT into Siri is its ability to generate contextually relevant responses. This means that Siri can now better understand the context of a conversation and provide more accurate and personalized answers to user queries. For example, if a user asks Siri for restaurant recommendations, the virtual assistant can now take into account the user’s location, preferences, and past interactions to offer more tailored suggestions.

Another significant benefit of this integration is the improved conversational capabilities of Siri. With ChatGPT, Siri can now engage in more fluid and coherent conversations with users, making interactions with the virtual assistant feel more like chatting with a real person. This enhanced conversational ability not only makes Siri more user-friendly but also opens up new possibilities for how AI systems can be used in various applications, such as customer service and virtual assistants.

Furthermore, the integration of ChatGPT into Siri has the potential to improve the overall user experience of Apple’s ecosystem. By making Siri more intelligent and responsive, Apple can enhance the functionality of its devices and services, making them more valuable to users. This could lead to increased user engagement and loyalty, as well as a competitive edge in the AI technology market.

Read more Apple Siri and ChatGPT: Revolutionizing AI Chat Technology

Posted on No Comments on Build your own NAS

Build your own NAS

Table of Contents

Build Your Own NAS: A Comprehensive Guide

In today’s digital age, data storage has become a crucial aspect of our lives. From personal photos and videos to important work documents, we rely heavily on our devices to store and protect our data. However, with the increasing amount of data we generate, traditional storage options like external hard drives and USBs are no longer sufficient. This is where Network Attached Storage (NAS) comes in. A NAS is a dedicated storage device that connects to your home network, allowing you to access and share files from multiple devices. While there are many pre-built NAS options available in the market, building your own NAS can be a cost-effective and customizable solution. In this article, we will guide you through the process of building your own NAS.

Why Build Your Own NAS?

Before we dive into the technicalities of building a NAS, let’s first understand why it might be a better option than buying a pre-built one.

  • Cost-effective: Building your own NAS can be significantly cheaper than buying a pre-built one. You have the freedom to choose the components that fit your budget and needs.
  • Customizable: With a pre-built NAS, you are limited to the features and specifications provided by the manufacturer. Building your own NAS allows you to customize it according to your specific requirements.
  • Expandable: As your storage needs grow, you can easily upgrade and expand your DIY NAS by adding more hard drives.
  • Learning experience: Building your own NAS can be a great learning experience, especially for those interested in technology and networking.

Components Needed for Building a NAS

Now that we have established the benefits of building your own NAS, let’s take a look at the components you will need:

  • Computer: You will need a computer to act as the central server for your NAS. This can be an old computer that you no longer use or a new one specifically built for this purpose.
  • Operating System: You will need an operating system (OS) to run on your NAS. Popular options include FreeNAS, OpenMediaVault, and NAS4Free.
  • Hard drives: The most crucial component of a NAS is the hard drive. You will need at least two hard drives to set up a RAID (Redundant Array of Independent Disks) configuration for data redundancy and protection.
  • Network Interface Card (NIC): A NIC is required to connect your NAS to your home network.
  • Power Supply Unit (PSU): A PSU is needed to power your NAS and its components.
  • Case: While not necessary, a case can help protect your NAS and keep it organized.
Read more Build your own NAS
Posted on No Comments on Vulnerabilities in Adobe Readed DC Software

Vulnerabilities in Adobe Readed DC Software

Consolidated summary:

  • ZDI-24-424 & ZDI-24-425: Both vulnerabilities, identified as CVE-2024-30305 and CVE-2024-30303 respectively, have a CVSS score of 7.8 and affect Adobe Acrobat Reader DC. They allow remote code execution due to improper handling of AcroForms. Users must interact with a malicious page or file to trigger the flaw.
  • ZDI-24-427: Identified as CVE-2024-30306 with a CVSS score of 7.8, this vulnerability in Adobe Acrobat Reader DC allows remote code execution through an out-of-bounds read in AcroForms. User interaction is required.
Read more Vulnerabilities in Adobe Readed DC Software