The Ramblings of a Developer, Project Manager, Sys Admin and Tech Junkie
A deadly combination, with bad actors currently targeting badly maintained/secured instances of Microsoft SQL Server (MSSQL), of which there are many in the wild. Freeworld, like most ransomware’s it is designed to encrypt a user’s files to deny them access and asks for payment in order to restore. Files are appended with “.FreeWorldEncryption“. Contact details…
In the ever-evolving landscape of IT operations and infrastructure management, automation tools have emerged as the heroes of efficiency and consistency. Among these tools, Ansible stands tall, offering a wide array of functionalities to simplify complex tasks. One such feature, the lineinfile function, proves to be a valuable asset when it comes to managing files…
To set up Remote Desktop Protocol (RDP) on an Ubuntu system, you can use a program called “xrdp,” which allows you to access your Ubuntu desktop remotely from another computer. Here are the steps to install and configure RDP on Ubuntu: 1. Update your system: Open a terminal (Ctrl+Alt+T) and run the following commands to…
As you have probably gathered I am a big fan of virtualisation. Most of my home server/cyber lab is built on a Dell Poweredge server, allowing me to build and serve VMs, APIs, docker containers, etc. I am addicted to learning and playing with technology so a home lab was a no brainer. Spin up…
Critical Infrastructure at Risk as Thousands of VNC Instances Exposed
Introduction Web application security is of paramount importance in today’s digital landscape, with cyber threats becoming increasingly sophisticated. To safeguard sensitive data and maintain the trust of users, developers and security professionals need effective tools for identifying and mitigating vulnerabilities. In this blog post, we’ll introduce two popular web application security testing tools for beginners:…
Do you go around remembering trying to remember seldom used server details? What was that server name or IP again? We use connection managers for that sort of thing. But what if I’m away from my PC. One could use the built in ssh config file option and make it portable in some way, e.g.…
What was it? The Log4j flaw refers to a critical security vulnerability in the Apache Log4j library, which is a widely used Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, was discovered in December 2021. It allowed attackers to execute arbitrary code remotely by exploiting the way Log4j processed user-supplied data that included specially…
So one of my tasks in the “day job” is to manage the redesign and upgrade of a small business network and infrastructure. Not exactly rocket science, but for anyone who has done so, you know there’s disruption, teething problems and gotchas. Wouldn’t it be great to be able to build and test as much…
For any of us running servers it is critical that we keep on top of security. As soon as I provision a new server I receive hundreds of attacks, even before any website or front-facing service is installed on the server. Why? Because there are so many bots scanning IP ranges for machines to compromise.…