Aggregator

Campaign Uses Updated Version of the Malware Plugin, Kaspersky Says
Hackers are deploying an updated strain of EagerBee malware to target internet service providers and government organizations in the Middle East, warn security researchers. EagerBee operates in memory and comes with advanced stealth and security evasion capabilities.

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for the vulnerabilities added to the catalog: […]

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited

The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware

In an age where digital footprints can be traced with just a few clicks, surveillance technology has become a double-edged sword. While it can enhance security and improve services, it also poses significant privacy concerns. One of the most formidable players in this realm is Russia, whose surveillance technologies are expanding their reach across borders, […]

The post Silent Spies: How Russian Surveillance Systems Are Tracking You Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. This vulnerability is known as CVE-2024-8002. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

• 0x00 前言
• 0x01 获取适合 us-16-xg 的 3D 打印件
• 0x02 购买合适的猫头鹰风扇
• 0x03 拆机
• 0x04 减速线
• 0x05 安装风扇
• 0xff 参考

0x00 前言

最近在考虑升级家庭内网，最开始买了个小型万兆交换机，Switch Flex XG (usw-flex-xg)，这个小设备挺精美的，当然 UBNT 家的东西都挺精美的，虽然它只有4个 10G 电口。

到后面发现有的设备只有 SFP+ 光口，有的又只有电口，考虑到有很多这种复杂混合的场景，我的 Switch Flex XG 就不能满足这种万兆需求了，如果使用光转电模块，模块本身贵不说（便宜的出现兼容问题比较麻烦）， 发热量还非常高。

思前想后，还是考虑修改架构，从以前的纯电口切换到以光口为主，电口为辅的混合内网万兆架构，光口的优势很多，如模块便宜，发热量低，性能要求也低等优点，唯一缺点就是和电口的兼容性不好。 挑了很久的交换机，最后还是选中了 us-16-xg，这个产品在闲鱼上2000不到就能拿下，但有12个光口和4个电口，共16个万兆口，作为通常溢价较高的 UBNT 产品性价比太高了。

但这个产品的最大缺点就是噪音较大，两个小风扇吹起来有点吵，比氦气盘的炒豆子还稍大一点，要是放卧室肯定是睡不着的。

搜了一下是可以对它进行改造的，使用出名的猫扇，但不能直接改，原装的是 3CM 的风扇，猫扇最小的是 4CM，中间需要加一个 3D 打印件，下文详细介绍完整的改造流程。

0x01 获取适合 us-16-xg 的 3D 打印件

reddit 的帖子里，讨论了如何让 us-16-xg 更加静音，提到可以通过 3D 打印，打印一个转接头，把 3CM 风扇转接到 4CM 风扇使用，具体打印件的蓝图地址。

对于我来说没有3D打印机，自己是没法打印的，还好闲鱼上有该打印件成品卖的，可以直接下单。 到手如图所示：

看起来比较简陋，但用起来效果挺不错的。

0x02 购买合适的猫头鹰风扇

猫头鹰风扇，简称猫扇，在风扇领域可以说是大名鼎鼎，说到静音风扇优先想到猫扇。适合该交换机的猫扇是最小规格的 40MM 直径的风扇，型号为 Noctua NF-A4x20 FLX，对应的适配器接口是 3 pin 的。

花费 125/个，两个共250人民币，在淘宝上买了两个新的风扇。

猫扇确实做得很好，看包装就知道，整体包装比较精美，内部风扇和配件一应俱全，配备了两根降速线（Low Noise Adaptor 和 Ultra Low Noise Adaptor ），扩展线，螺丝，减震胶钉等内容。

0x03 拆机

话不多说直接开拆。

先看下拆开前的样子，我这个虽然是二手的，但是成色挺新，划痕灰尘都比较少，各种配件也都在。

揭开头盖骨之后的样子：

拆的过程中发现螺丝刀质量不行，差点给我拧滑丝，我的刀头直接给我弯了，还好有个备用的螺丝刀临时顶了上去。

先把两个风扇卸了：

叫什么 sunon 的牌子的，也是 made in china 的风扇，这两个风扇看着小，噪音可实在是不小。

没搜到同款的风扇，搜到了一个近似款的，型号为 MC30151V2-000U-A99 Sunon ，感觉数据可能差不多。

可以看到这个小风扇最大转速能达到 7000 RPM，噪音可以达到 20 dB(A)，当然这个值噪音值也不是很高，但实验室数据和实际数据存在较大偏差也是正常的。 :)

虽然猫扇的转速不如原装风扇，但猫扇的直径更大，最终满速散热效果应该和原装的风扇效果差不多。

0x04 减速线

猫扇是有减速线的，但这里我没有用，因为减速线主要是以减少最大转速为代价，比较生硬，虽然确实静音效果非常好，但也对散热有一定影响。

官方对于减速线的效果是有统计图的：

使用 ULNA 跟不用的效果确实非常明显，但我家里因为其他设备也挺吵的，根本没有那么安静，所以我就没有接任何的减速线。

如果读者有这样环境的需求，那么减速线也是可以考虑使用的。

0x05 安装风扇

接下来把 3D 打印件和猫扇组合在一起，这一步需要考虑几个问题：

• 猫扇的正反，背面出风，正面进风
• 打印件的角度
• 减震胶钉需要修剪，不然不能完美塞进去。

安装第一个风扇：

两个都装好：

由于3D打印件没有考虑减震胶钉，所以不修剪的话会稍微翘起来，特别是放在板子上的部分。

然后把盖子盖回去，测试一把直接点亮，运行完美。

最后对比一下换猫扇前和猫扇后的温度和风扇状态：

换之前：

换之后：

可以看到温度和风扇和原来是差不多的，但噪音却已经小了非常多。

0xff 参考

3D 打印件图纸

How can I make the Ubiquiti UniFi Switch 16 XG quieter

[网络] 究极进化？不讲武德的万兆光结构全案例实场景组网分享！

Silencing the Ubiquiti US-16XG 10G switch

MC30151V2-000U-A99 Sunon 风扇手册

UniFi_Switch_US-16-XG_DS

0x00 前言 0x01 获取适合 us-16-xg 的 3D 打印件 0x02 购买合适的猫头鹰风扇

A vulnerability classified as critical was found in Linux Kernel up to 5.10.74/5.14.13. Affected by this vulnerability is the function mlx5_core_destroy_cq. The manipulation leads to memory leak. This vulnerability is known as CVE-2021-47438. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.14.13. It has been declared as critical. Affected by this vulnerability is the function digital_in_send_sdd_req. The manipulation leads to memory leak. This vulnerability is known as CVE-2021-47442. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.75/5.14.14 and classified as critical. This vulnerability affects the function qla2x00_process_els of the component qla2xxx. The manipulation leads to memory leak. This vulnerability was named CVE-2021-47473. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM App Connect Enterprise up to 11.0.0.25/12.0.12.0. This affects an unknown part. The manipulation leads to uncaught exception. This vulnerability is uniquely identified as CVE-2024-31904. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM App Connect Enterprise up to 12.0.12.1. This issue affects some unknown processing of the component Access Token Handler. The manipulation leads to use of a key past its expiration date. The identification of this vulnerability is CVE-2024-31893. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Juniper Networks Junos OS and Junos OS Evolved. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2024-39532. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in N-able Ecosystem Agent. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2024-5445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Connect up to 11.4.7/12.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-54042. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Cognos Command Center 10.2.4.1/10.2.5 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unprotected storage of credentials. This vulnerability is known as CVE-2024-31899. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.155/5.10.75/5.14.14. Affected by this issue is the function kmem_cache_open. The manipulation leads to memory leak. This vulnerability is handled as CVE-2021-47466. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.