Sidebar
Sysadmin
www.bleepingcomputer.com
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.
Please let me know if there is a better community to post to. This one seems like a good place to start. I have a very short character ICU domain registered and it was working for months. Without changes to DNS or anything else, it suddenly stopped working. I found out that no DNS records were resolved anymore. It is not that they are invalid. They are non-existant on any DNS servers. According to [dnschecker.org](https://dnschecker.org)'s DNS lookup for ALL records, there no records at all. Same with using `dig`, which just shows an A record with no value. I use my own nameservers and all of my other domains work fine. I have not changed anything on my end either. Still, I switched to Namecheap's default name servers to see if that would resolve the issue. No change. I contacted Namecheap few about a month ago. They opened a ticket for me with a High priority. They just a couple times now, saying they are still monitoring the issue but don't have an answer yet. Is anyone else experiencing something similar? Any ideas what may be going on?
www.thestack.technology
> > > Broadcom is killing off VMware’s on-premises perpetual licenses – and getting set to strong-arm VMware customers onto subscriptions, by also ending the sale of Support and Subscription renewals for such customers. > > > > VMware described this to customers as part of its plan to “complete the transition of all VMware by Broadcom solutions to subscription licenses.” > > > > “We are [also] ending the sale of Support and Subscription (SnS) renewals for perpetual offerings beginning today” SVP Krish Prasad said in a FAQ. > > > > > Which VMware products are affected? > > > > ``` > VMware Cloud Foundation > VMware vSphere > VMware vSAN > VMware NSX > VMware HCX > VMware Site Recovery Manager > VMware vCloud Suite > VMware Aria Suite > VMware Aria Universal > VMware Aria Automation > VMware Aria Operations > VMware Aria Operations for Logs > VMware Aria Operations for Networks > > ``` > >
thedfirreport.com
> > > In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. > > > > While other reports point to malware downloads as initial access, in this report the threat actors gained access via a MSSQL brute force attack. They then leveraged Cobalt Strike and Tor2Mine to perform post-exploitation activities. Within one hour of the threat actors accessing the network, they deployed BlueSky ransomware network wide. > >
> > > Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, > golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and > python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, > postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, > ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler). > >
Hey everyone. This magazine was on the abandoned list, so I put in to take over ownership, and here we are! I'd like to revive the sysadmin community here on kbin, and create a solid resource for all of us admins here on the fediverse. For now, until the board becomes more active again, I'm going to moderate it myself, however if you'd like to help out please DM me here or over on [Mastodon](https://fosstodon.org/@btp) and we can hash out the details. I'll be getting some basic board rules together soon, and will try to post as much useful and relevant information as I can. In the meantime, I hope to see everyone around, and feel free to post away, fellow admins!
Somebody I’m helping has an ancient, and i mean ancient (like 3 major versions before latest or so) install of Rundeck doing stuff for them. Might help them upgrade it to the latest (more like reinstall and configure from scratch, it was built years ago with assumptions no longer true), but before i commit I’d like to know if there’s decent replacements/alternatives for it these days. In case you don’t know Rundeck, it allows you to set it up so that a number of users, with various privilege levels, are allowed to execute scripts on remote machines, with whatever privileges the given script needs, giving them parameters from an allowed set you configure. That’s all, no more, no less. Sounds like something that should be common, but when you look for alternatives it gives you everything that’s ever been touched by the word DevOps, from Ansible and every “configuration engine” software ever made, to automation libraries and the like. I just want something that does this and no more, let people run scripts while preventing them to break stuff. If it’s something commandline friendly (Rundeck wasn’t as far as i can see) much better, and doubly so if it’s user friendly (have tried AWX and feels like it wants to be able to run the whole of Google from a browser window, dislike it in general, far too convoluted, and not user friendly at all for the not very techie office workers that use Rundeck today).
Somebody I’m helping has an ancient, and i mean ancient (like 3 major versions before latest or so) install of Rundeck doing stuff for them. Might help them upgrade it to the latest (more like reinstall and configure from scratch, it was built years ago with assumptions no longer true), but before i commit I’d like to know if there’s decent replacements/alternatives for it these days. In case you don’t know Rundeck, it allows you to set it up so that a number of users, with various privilege levels, are allowed to execute scripts on remote machines, with whatever privileges the given script needs, giving them parameters from an allowed set you configure. That’s all, no more, no less. Sounds like something that should be common, but when you look for alternatives it gives you everything that’s ever been touched by the word DevOps, from Ansible and every “configuration engine” software ever made, to automation libraries and the like. I just want something that does this and no more, let people run scripts while preventing them to break stuff. If it’s something commandline friendly (Rundeck wasn’t as far as i can see) much better, and doubly so if it’s user friendly (have tried AWX and feels like it wants to be able to run the whole of Google from a browser window, dislike it in general, far too convoluted, and not user friendly at all for the not very techie office workers that use Rundeck today).
Six or more day old accounts are currently serving dodgy links, under different subjects from your instance. Could someone look into this?
I have always configured a web server to default to a certain domain that I'm pointing to it. I just setup a web server with a few domains on it and realized I should be using a `default` sites-available config... I think. Is there a best practice for setting up a web server with multiple domains? Right now, I have a self signed cert for the default config, in case someone points to my server for some reason OR if there is something done outside the configs for each domain. Since the `default` config has no domain associated to it, I had to use a self signed cert. Also, right now, I just have `default` return a 404. If it makes a difference, I'm running nginx. Is there some docs out there on what is best to do here? Thanks for any input.
Hello m/sysadmin, and welcome to ~~this month's~~ *the first monthly* Patch Megathread! This is the place to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the community, and provide a singular resource to read. While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. Remember the rules of safe patching: * Deploy to a test/dev environment before prod. * Deploy to a pilot/test group before the whole org. * Have a plan to roll back if something doesn't work. * Test, test, and test!
www.ghacks.net
Microsoft plans to introduce the new Microsoft Teams in mid-July 2023 and start replacing the classic Teams in September.
www.bleepingcomputer.com
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
techcommunity.microsoft.com
Welcome to the June 2023 edition of What’s New in Teams! Following a month of great announcements from Microsoft Build 2023, we are not slowing down by bringing you 45 new features for the month of June. We have a great line-up of new features to announce. My personal favorites are Spatial Audio i...
Apparently also coming soon to Teams to help us "stay engaged in conversations as you browse the web". Thanks so much Microsoft - I always thought it was my social anxiety keeping me from staying engaged in conversations - turns out I was just using the wrong browser!
Does anyone else block AI tools like ChatGPT or Zoom notation extensions in their office network? Why or why not? My team has been debating the risk involved with them but I've been on the fence. I saw this article (that's part ad for Asterisk) on it this morning and it got me thinking about it again. [https://thehackernews.com/2023/06/generative-ai-apps-chatgpt-potential.html](https://thehackernews.com/2023/06/generative-ai-apps-chatgpt-potential.html) [\#ChatGPT](https://kbin.social/tag/ChatGPT) [#AI](https://kbin.social/tag/AI) [#security](https://kbin.social/tag/security) [#sysadmin](https://kbin.social/tag/sysadmin)
Here's the error i'm getting. Seeing others on different sites are also reporting this issue. `-- 5.7.51 TenantInboundAttribution; There is a partner connector configured that matched the message's recipient domain. The connector had either the RestrictDomainsToIPAddresses or RestrictDomainsToCertificate set`
www.theverge.com
The attack caused intermittent outages for about a day.
I setup this community specifically because of the time I've spent over the years browsing and relying on reddit.com/r/sysadmin for sources of information on tips/tricks, security exploits & patches, outages, and yes even the ranting about how our jobs all suck. (I like mine, for what it's worth.) Come on down, ask questions, post what the sysadmin community needs to know about, or head in to get either sympathy or chastisement about why you haven't left your job yet. 🤣 Want to be a mod? Let me know!
arstechnica.com
The transition will be "automatic", but if you're using Google Domains as of now, this is your heads up to start moving things unless you like Squarespace.
I recently found: [AAD Auth](https://github.com/ubuntu/aad-auth) from Canonical/Ubuntu for native AzureAD auth for Ubutnu systems. For the past bit we've mostly been Windows/macOS, and never really entertained linux for business use - mostly because we've never had the tooling for it. We exclusively use Azure AD (no on-prem AD), so in the past when looking the solution has been Azure AD Domain Services with SSSD. Whilst this is likely very 'Googleable' and something I could spin up and test myself (which I likely still will), in the interest of trying to start some discussion on this magazine - I was wondering if anyone has had any experiences (positive/negative) with using native AAD auth with Ubuntu?