Critical Security Fixes from Adobe, Microsoft



  • Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on.

    brokenwindowsMore than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user.

    Security firm Qualys recommends that top priority for patching should go to a vulnerability in the Windows Search service, noting that this is the third recent Patch Tuesday to feature a vulnerability in this service.

    Qualys’ Jimmy Graham observes that many of the vulnerabilities in this month’s release involve the Windows Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems.

    According to Microsoft, none of flaws in August’s Patch Tuesday are being actively exploited in the wild, although Bleeping Computer notes that three of the bugs were publicly detailed before today’s patch release.

    Case in point: This month’s patch batch from Microsoft does not address the recently-detailed SMBLoris flaw, a vulnerability in all versions of Windows that can be used to remotely freeze up vulnerable systems or cause them to crash.

    brokenflash-aFor those of you who still have Adobe Flash Player installed in a browser, it’s time to update and/or restart your browser. The latest version of Flash Player is v. 26.0.0.151 for Windows, Mac and Linux systems.

    Windows users who browse the Web with anything other than Internet Explorer may need to apply the Flash patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

    Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates and/or restart the browser to get the latest Flash version). Chrome users may need to restart the browser to install or automatically download the latest version. When in doubt, click the vertical three dot icon to the right of the URL bar, select “Help,” then “About Chrome”: If there is an update available, Chrome should install it then. Chrome will replace that three dot icon with an up-arrow inside of a circle when updates are ready to install).

    Better yet, consider removing or at least hobbling Flash Player, which is a perennial target of malware attacks. For more on how to do that and other ways to reduce your exposure to Flash-based attacks, see this post.

    By the way, the bulk of the vulnerabilities that Adobe patched today were in versions of its Acrobat and Adobe PDF Reader software. If you use either of these products, please take a moment to update them today.

    As always, if anyone experiences weirdness or troubles after installing today’s updates, please leave us a note about it in the comments.

    https://krebsonsecurity.com/2017/08/critical-security-fixes-from-adobe-microsoft-2/





Tmux Commands

screen and tmux

A comparison of the features (or more-so just a table of notes for accessing some of those features) for GNU screen and BSD-licensed tmux.

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This - being a cheat-sheet - is just to point out the most very basic features to get you on the road.

Trust the developers and manpage writers more than me. This document is originally from 2009 when tmux was still new - since then both of these programs have had many updates and features added (not all of which have been dutifully noted here).

Action tmux screen
start a new session tmux OR
tmux new OR
tmux new-session
screen
re-attach a detached session tmux attach OR
tmux attach-session
screen-r
re-attach an attached session (detaching it from elsewhere) tmux attach -d OR
tmux attach-session -d
screen -dr
re-attach an attached session (keeping it attached elsewhere) tmux attach OR
tmux attach-session
screen -x
detach from currently attached session ^b d OR
^b :detach
^a ^d OR
^a :detach
rename-window to newname ^b , <newname> OR
^b :rename-window <newn>
^a A <newname>
list windows ^b w ^a w
list windows in chooseable menu ^a "
go to window # ^b # ^a #
go to last-active window ^b l ^a ^a
go to next window ^b n ^a n
go to previous window ^b p ^a p
see keybindings ^b ? ^a ?
list sessions ^b s OR
tmux ls OR
tmux list-sessions
screen -ls
toggle visual bell ^a ^g
create another window ^b c ^a c
exit current shell/window ^d ^d
split window/pane horizontally ^b " ^a S
split window/pane vertically ^b % ^a |
switch to other pane ^b o ^a <tab>
kill the current pane ^b x OR (logout/^D)
collapse the current pane/split (but leave processes running) ^a X
cycle location of panes ^b ^o
swap current pane with previous ^b {
swap current pane with next ^b }
show time ^b t
show numeric values of panes ^b q
toggle zoom-state of current pane (maximize/return current pane) ^b z
break the current pane out of its window (to form new window) ^b !
re-arrange current panels within same window (different layouts) ^b [space]
Kill the current window (and all panes within) ^b killw [target-window]
  • Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates.

    https://threatpost.com/new-phishing-scam-reels-in-netflix-users-to-tls-certified-sites/132976/

    read more
  • A new botnet from the Dark Web displays a never-before-seen level of complexity in terms of the sheer breadth of its various tools.

    https://threatpost.com/mylobot-botnet-emerges-with-rare-level-of-complexity/132967/

    read more
});