Microsoft is warning of a zero-day vulnerability cve-2021-40444

Microsoft is warning of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors. The vulnerability was exploited by threat actors in malspam attacks spreading weapon zed Office docs. 

The remote code execution vulnerability in MSHTML affects Microsoft Windows, the issue received a CVSS score of 8.8. MSHTML is the main HTML component of the Windows Internet Explorer browser, it is also used in other applications. The vulnerability was reported by Mandiant researchers Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, and Haifei Li from EXPMON. EXPMON researchers defined the attack exploiting the CVE-2021-40444 flaw as a highly sophisticated zero-day exploit attack against Microsoft Office users.

Mitigation published by Microsoft:

Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.

Warning if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To disable ActiveX controls on an individual system:

1. To disable installing ActiveX controls in Internet Explorer in all zones, paste the following into a text file and save it with the .reg file extension.

2. Double-click the .reg file to apply it to your Policy hive.

3. Reboot the system to ensure the new configuration is applied.

Dahua IP camera forget password how to reset

 

                           Dahua IP camera forgot password how to reset


Today I’m trying to reset step by step guide dahua (IR BULLET NETWORK CAMERA) model no: DH –IPC- HFW1230S1P –S4. Device Initialization and Password Reset for Networking Cameras.

The first step removes the front side camera black flat plastic then two crew open the screwdriver


The second step installation “Config Tooltthis one is old version software and other new version software General_ConfigTool_ChnEng_V5.000.0000001.7.R.20210227” whatever choose and download to the installation you system.


Third step power on IP camera and see this one, whole point 1 as 2 so you will need to touch the screwdriver for just 10 sec. Next step jumper blue cable and orange cable, touch to the lags hold just 10 sec and it’s successfully reset your password.


Fourth step plug in net cable to the camera to pc tab to Network properties click, to the “Ethernet” then click Properties see IPV4 manually change IP address.


Install “Config Tool” click and open tab to the “Search setting” put there manually IP address, and default user “admin” then password “admin” press ok. It’s searching IP for camera IP address show on Config tools

Using “ConfigTool” allows you to initialize remote devices over the same LAN, and supports initializing multiple devices at the same time. Instructions

Step 1 Double click the on the desktop and enter the main interface.

Step 2 Click the to enter the IP configuration screen.

Step 3 Select uninitialized device(s) and then click “initialize” device initialization interface.

Step 4 Select device(s) to initialize, and then click “Initialize” and you access ton the web-base brower type IP address 192.168.1.108 hit enter then open the page login user: admin then New Password.

Data breach of the Ministry of Home Affairs Nepal


 Kathmandu. Data breach of the Ministry of Home Affairs Nepal, the personal information of Nepali citizens has been leaked online. It has been found that sensitive details of citizens are leaked from the websites of various ministries and departments of the government.

The District Administration Office, Makawanpur has been posting the details of the service recipients online. But security experts have expressed concern that the release of a citizen's personal details could lead to possible cyber-attacks and abuse.

A Google search engine for 'site.gov.np sanket number' reveals the details of the service recipients who have obtained passport services from the District Administration Office, Makwanpur.

It includes the name, address, citizenship number, passport number and other details of the citizen.

Assistant District Officer of Makwanpur Baburam Aryal said that the details have been made public online for the information of the service recipients who have applied for passports.

He said that arrangements have been made to keep the details online and provide information to the service recipients in case the passport is ready.

"Other administration offices have also informed the service recipients by making the details public online," he said. "The old details have been removed after a certain period of time. “Stating that the service recipients have not raised the issue of personal privacy so far, he mentioned that if there is any danger from this, it will be removed from the website.

sources by techpana

 

Vulnerable products are used in an organization hacked

 When outdated and vulnerable products are used in an organization, the way to penetrate that organization will be open.

In the broadcast images, it can be seen that Windows 7 is installed on Evin prison systems. Windows that went out of business a year and a half ago and support has stopped. If other equipment is not managed and updated in this way, experts know that it will not be difficult to penetrate this system!

A year and a half ago here the necessary warning was repeatedly given and it was said that from today every Windows 7 is a vulnerability in the organization.

Hackers group have leaked security camera footage from inside Iran's notorious Evin prison showing the brutal treatment of inmates. The surveillance video shows inmates fighting, being hit by guards and dragged along the floor, and in one scene smashing a bathroom mirror in an attempt to use the glass to self-harm. One clip shows the hacker group taking control of monitors in the prison control room, flashing a message stating Evin prison is a stain of shame on Raisi's black turban and white beard" and calling for "nationwide protests to release political prisoners. 

Ebrahim Raisi, the new president of Iran, is a hardline cleric who is subject to US sanctions for alleged human rights abuses, with accusations against him including presiding over a torture regime in Evin prison and ordering mass executions. His victory means hardliners will have full control over all branches of government in Iran for the first time in almost a decade, after ultra-conservatives took a majority in last year's parliamentary elections. 

In a tweet on Tuesday, the head of Iran's prison organisation, Mahammad Mehdi Has Mohammadi, confirmed the authenticity of the leaked security camera footage. Accepting responsibility for the "unacceptable behaviour", Mr Mohammadi committed to dealing seriously with the offenders and, according to a translation by Al Jazeera, wrote: 

I also apologise to God, our dear supreme leader, the great nation and the honourable prison guards, whose efforts will certainly not be ignored due to these errors." Evin prison is notorious for hosting political prisoners, including many dual-nationals and citizens of Western countries, including Nazanin Zaghari-Ratcliffe and Kylie Moore-Gilbert.

How-to Guide Stuff Off Shodan

 As technology advances and society becomes more interconnected, the chances of your digital device being located on full spectrum search engines has increased dramatically. Asset and device owners may choose to intentionally expose their devices to the public Internet, but some are unaware of this potential and unknowingly face a higher risk of cyberattack. The ability to query for Internet-connected assets is vital to managing attack surface, and Shodan.io can support those efforts.

WHAT IS SHODAN1 Shodan (www.shodan.io) is a web-based search platform for Internet connected devices. This tool can be used not only to identify Internet connected computers and Internet of Things/Industrial Internet of Things (IoT/IIoT), but also Internet connected Industrial Control Systems (ICS) and platforms. Further, potential exploits, default passwords and other attack elements can be harvested from search results. Integrations with vulnerability tools, logging aggregators and ticketing systems allow Shodan to be seamlessly incorporated into an organization’s infrastructure.

full read download pdf 


How Linux works 2nd Edition



Praise for the first edition of how linux works

 “A great resource. In roughly 350 pages, the book covers all the basics.” —eWEEK “I would definitely recommend this book to those who are interested in Linux, but have not had the experience to know the inner workings of the OS.” —O’ReillyNet “One of the best basic books on learning Linux, written with the power user in mind. Five stars.” —Opensource-Book-Reviews.com “Succeeds admirably because of the way in which it’s organized and the level of technical detail it offers.” —Kickstart News “This is a very different introduction to Linux. It’s unflashy, concentrates on the command line, and digs around in the internals rather than on GUI frontends that take the place of more familiar MS Windows tools.” —TechBookReport.com “This book does a good job of explaining the nuts and bolts of how Linux operates.” —Hosting Resolve

You can Read fully this PDF

Nepal's cyber security why weaknesses point



Nepal's cyber security why weaknesses point

A few weeks ago, about two thousand government websites were hacked after four hours closed. Question has been raised in Nepal's cyber security.




Experts believe that the hackers attack on the server of national information technology centering of government agencies websites showed a weak state of cyber security.
They said that the incident is large and threatening the national security in the future, will not increase its lessons. Officials say that after the incident adopting more vigilance for cyber security, government officials.


Due to weakness of cyber security, the lack of necessary policy and action plan, lack of investment in security and lack of regular safety test is the main three reasons.

Ø  Predecessor required
According to Cyber ​​Security Advisor Saroj Lamichenne, the government should formulate policy and method for dealing with such incidents.
Lamichhane says: "To avoid such threats, it is necessary to set a definite period and plan cyber security with priority."
He suggested that the criteria for purchase equipment of information technology used in government bodies should be made.
In the event of increasing the use of technology globally, Nepal also needs to formulate timely policy.

"Cyber ​​assault for Nepal cannot be seen as a major subject in the instantaneous situation, even if it is not serious about such issues, it may have to face a major risk at once," he added.
 


Ø  Low investment in security

 

Vice President of Computer Association Nepal (CAN) Federation, Sunnah Pandey said that due to government depression, the country could not invest in information technology sector because the country could not progress relatively well about cyber security.

He said that the government has started keeping important personal details such as citizenship and driver's permission on websites, and said that there could be no higher cost in the future, if not to invest immediately in that area.
Pandey says, "The website seems to be justified after leaving the website now. Information may be stolen at the time of the website running.


He has experienced two or three teams to secure the server in other countries.
"A team is working to attack the server in a new way and another team will resist it so that it can be done immediately after the attack is attacked."
He said that the government wants to save the software from cyber-attack in Nepal.

 

Ø  Security alert

 

Based on the needs of the government, based on a certain type of software, rather than using a website by using the website, then officials say successful hackers are able to attack the same number.
Information Officer of National Information Technology Center, Ramesh Prasad Pokharel told BBC Nepali service, "It has started using non-software software to minimize such incidents - it will likely reduce the potential to hack in future."
According to him, the recent hack did China and India hackers, and it affected the flow of service to various important bodies.

The release issued by the Center was stated that government service was blocked in the official domain name server (gov.np DNS) due to the huge traffic coming from abroad in the Government Unified Data Center.
Pokharel says: "Such conditions have also been made repeatedly, even if there is no definite criterion or policy about making important things like government agencies websites. “There is no security test to continue at that time."

 

 

Ø  Policy arrangements

 

Although cyber assault through the internet cannot be stopped, it can be said that Rosa Kiran Basukula, deputy director of the Nepal Telecommunication Authority, was made rapidly by speeding the process of making necessary policy rules.
Bacukala says: "We have presented the documents regarding cyber security policy in collaboration with the International Telecommunications Association before the government."

He said that it is important to safeguard the website and discourage cybercrimes if the payment for online banking and internet is accelerating.
Sources By: BBCNEPAL