Infosec Press

Reader

Read the latest posts from Infosec Press.

from csantosb

img
Creating something new from scratch implies a certain ratio of unpredictable issues (loosely defined in the scope of this post: new errors, regressions, warnings, ... any unexpected behavior one may encounter). Most important, a digital design developer needs to define somehow what he considers to be a project issue, before even thinking about how to react to it. Luckily, in #modernhw a few usual tools are available to ease the process as a whole. Let’s overview some of them.
Here on the electronics digital design side of life, we have mainly three #freesoftware fine tools (among many others) to perform code checking to a large extent: osvvm, cocotb and vunit. They are all compatible with the ghdl compiler, and they are all available from my own #guix electronics channel (cocotb and vunit will hopefully get merged on guix upstream at some point). Each departs from the rest, adopting a different paradigm about how digital design testing should be understood: verification, cosimulation and unitary testing are master keywords here.
They are all complementary, so you’ll be able to combine them to test your designs. However, you’ll need to be careful and check twice what you’re doing, as some of their features overlap (random treatment, for example). You’ve been warned.

osvvm

First, we have osvvm. #Osvvm is a modern verification #vhdl library using most up-to-date language constructs (by the main contributor to the vhdl standard), and I’ll mention it frequently in this #modernhw posts series. Well documented and being continuously improved, it provides a large set of features for natively verifying advanced designs, among them, a constrained random facility, transactions, logging, functional coverage, scoreboards, FIFOs, sophisticated memory models, etc. Even some co-simulation capabilities are included here. Refer to the documentation repository for up-to-date details about osvvm.
You’ll be able to install osvvm with

# guix search osvvm
guix install osvvm-uart osvvm-scripts

You have a simple use of the osvvm vhdl library in the #aludesign, where the random feature is used to inject inputs to a dut unit. Testing runs for as long as every combination of two variables hasn’t been fully covered. This provides a means to be sure that all cases have been tested, regardless of random inputs. You’ll see an example simulation log here, using the remote ci builds facility of sourcehut.

vunit

Then, we have Vunit as a complete single point of failure framework. It complements traditional test benches with a software oriented approach, based on the “test early and test often” paradigm, a.k.a. unitary testing. Here, a pre-built library layer on top of the vhdl design scans, runs and logs unitary test cases embedded in user test benches. This approach seeks for an early way to detect as soon as possible conception errors. It performs random testing, advanced checking, logging, advanced communication and an advanced api to access the whole from python. It may be called from the command line, adding custom flags, and configured from a python script file where one defines libraries, sources and test parameters. Simple, elegant and efficient as a testing framework, if you want my opinion. Check the documentation for details.
Install it as usual with

guix install python-vunit

A clever example of its use is provided by the fw-open-logic firmware package (also included in the electronics channel). When you install it, you’ll need to build the package. During the process, the whole testing of its constituent modules is performed. You may have an overview with:

guix build fw-open-logic:out

By the way, if you need the simulation libraries, they are available too.

guix install fw-open-logic:out
# guix install fw-open-logic:sim  # sim libraries

cocotb

Finally, we have the interesting and original cocotb. It groups several construct providing a set of facilities to implement coroutine-based cosimulation of vhdl designs. Cosimulation, you say ? Yes. It requests on demand #ghdl simulation time from software (python, in this case), dispatching actions as the time advances. Afterward, based on events’ triggers, you’ll stop simulation coming back to software. This forth and back dance goes on, giving access to advanced testing and verification capabilities. Flexible and customizable as much as needed, in my opinion. Go read the documentation to understand how powerful cosumulation approach can reveal. By the way, install it with

guix install python-cocotb

From the previous, you’ll have understood that having access to verification, unitary testing and cosimulation libraries is paramount in #modernhw digital design. Independly or combined (be careful!), they provide powerful tools to detect issues (of any kind) in your design. And yet, this is not enough, as the question arises about where, and when do we run these tests ? From the previous logs in the examples, you’ll have noticed that tests run online in #ci infrastructure. How it goes ? This is the topic of the ci posts in this series.

 
Read more...

from csantosb

img
Putting new ideas in community, exchanging opinions, replying to someone's else impressions, sharing public experiences, showing feelings about modern way of living, writing down notes on what’s going on from one’s side ... So many interesting and useful content around to share. The question is, how to do so simply and without complications ? How not to expend way too much time messing with tooling ? Is it yet possible to concentrate on what really matters, contents ? Here I summarize the way I’ve found to contribute to this blog, which fits best with my workflow.

the what

First and foremost, for the requirements.
In my case, the requisites are simple, even if hard to get when one thinks about.
I need a distracting free environment to concentrate on what really matters: the content I’m willing to share. For sure, I do need to remain within my working environment, that’s to say, #emacs. I need to switch context quickly between any current activity and writing prose when something comes up; while writing, I need to stay focus. Similarly, I want to switch back to previous context when the writing is complete. No doubt, I need to complete previous notes when I have something new to include or to correct, so I need a means of retrieving previous posts quickly. Needless to say, I need a #freesoftware tool I may tune to my needs, fixing issues or including new features.
Last, but not least, I privilege a way to push remotely without complicated compilations of anything at all: a couple of keystrokes, and the text is sent online under the right form, including some markup and images, updating previous version if necessary, so that I can check its rendering with any web browser.
That’s it by now. Easy, right ?

the how

My current choice goes for writefreely as an open, decentralized and free alternative to web publishing on the web, which concentrates on providing a simple reading experience. This solution may be self-hosted, but there are also some friendly communities around helping out. Infosec.press is one of them. Blog posts show up in the #fediverse under the (platform) user account, so that they are easy to share. Server side, this is more than what I need.
But, client side ?, you must be asking. To write text, I’m using #orgmode, with all of its facilities, and not the markdown supported by default by the platform. Then, writefreely.el takes care of exporting contents, handling the data exchange with the server through the provided api. I had to fix a couple of issues before, mostly trivial side effects. This is one of the biggest advantages of #freesoftware, having the possibility to contribute to bug fixing, improving a common.
As for the question on how to access the blog contents locally, I opt for a different #plaintext file by blog ticket, that I manipulate as any other #orgroam item. When I type the name of a non-existing note, it creates a new one for me, based on a custom template which incorporates the necessary headings, title, tags and the like. Something like:

:PROPERTIES:
:ID:       ID-6dd1-45d7-a70e-ae5c99c2797a
:END:
#+TITLE: on writting freely
#+OPTIONS: toc:nil -:nil \n:t
#+LINK: srht https://repo/pics/%s
#+filetags: :tag1:tag2:
# a comment
[[srht:image.png]]
Donec neque quam, dignissim in, mollis nec, sagittis eu, wisi ... <!--more-->
Nunc eleifend leo vitae magna.

You’ll figure out.
Orgroam allows also to easily retrieve previous notes. Remains the question of images: just simply, they are hosted on an unlisted git repository, from where they are fetched. Now, with my working environment and with a couple of keys, I may pop up a new buffer, write some content, then publish, delete or update a new article within seconds, checking the results with #eww, all without leaving #emacs. You’ll get a set of local variables append to you buffer when you publish for the first time, something like

# Local Variables:
# writefreely-post-id: "282224eq48"
# writefreely-post-token: nil
# End:

which allows to retrieve the post online afterwards.
Put the whole under #git control, and the perfect blogging setup is ready for you to enjoy writing ! Simple, elegant and efficient.
Finally, I have packaged writefreely.el and sent a patch to #guix so that it will hopefully get merged upstream soon.

 
Read more...

from Ducks

From 49.12.82.250 to 195.201.173.222 Lots of domains moved , both ips in Hetzner space. Many of the domanis are fake crypto investing sites #cryptoscam. And other scam sites.

 
Read more...

from csantosb

img
We said #git, then. How to use git as efficiently as possible in #modernhw ? We know the answer, using a front end. Right, but then ? Following a set of simple principles and best practices that will make your life simpler. Follow me on this trip.

read a couple of good references

Pragmatic Version Control Using Git, Version Control with Git, 3rd Edition and Pragmatic guide to git are good examples, but there are many more around. Use them as a reference and as a starting point, and try to go beyond following your needs.
Check the official doc. And remember you have man git-log, man git-config, etc. at your disposal.

use a front end

Yes, again.
Avoid the #cli. And try to make your text editor and your front end as good friends as possible.

coding

Format your code properly, otherwise, diffing becomes useless, and your code diffs will be hidden by formatting diffs. Even worst, people you collaborate with will be unable to read your history. Comply to language standards.

changes

If possible, ask your text editor to have some kind of visual hints on what you have changed, added or removed.
Learn how to inspect diffs between working copy and staging area, between working copy and last commit, and the contents of a commit. Learn how to discard changes.

commits

Commits are lightweight diffs. A commit has one or two parent commits, and is identified by a unique hash.
Stage your changes first, commit them then. Learn how to stage chunks of changes, not all of them.
Remember to commit early, commit often: git is a CVS, not an archival, not a backup system. Never commit binaries (except artifacts: pdf, etc.).
Authentify who authors your developments and gpg-sign your commits.
Group changes in meaningful commits, and remember git history must be read as a novel: write meaningful commit messages. Consider that people spend much more time reading git history than writing it.

branches, tags and releases

A branch is a pointer to a commit, and if your remove the pointer to a commit, you won’t be able to access it anymore. Branches are free (as in beer !), so branch as much as your need.
Tags are fix pointers (labels) to commits (aliases) They identify stages, or important hints in development.
Remember to always store your work hash/tag along with your results, you’ll know what you’re doing, you’ll know which version of your submodules you’re using, and you’ll be able to compare your results.
Releases are numbered tags, identifying accomplishments. Be familiar with semantic versioning
Before merging branches, understand the differences between fast-forward (advance the pointer) and non fast-forward (keep branch history in a feature branch). And learn how to resolve merge conflicts with your frontend !

logs

Check frequently where you are in the log history, you may get backwards in history by just moving a pointer.
Learn to search (and filter searches) in the log messages

workflows

Remember local is decoupled from remote, and that git doesn’t impose any workflow, so everything is possible.
Learn the advised workflow in collaborative development: gitflow, and consider merge / pull requests are just artificial standards of a #gitforge.
At a minimum, use:

main, stable branch (releases only)
devel, working branch (commit here)
feature, topic-specific branch (spin-off)

locally

Everything may be fixed while working locally.
Use .gitignore., locally at $GITDIR/info/exclude and at global level at ./.gitignore. For lazy people you have gitignore.io
git-config your environment before anything else, globally at ~/.gitconfig, at project local at $GITDIR/config.
You’ll find more details about all the previous here.

 
Read more...

from Тетрадка | Notebook

I.

1 When the heavens above did not exist, 2 And earth beneath had not come into being — 3 There was Apsû, the first in order, their begetter, 4 And demiurge Tia-mat, who gave birth to them all; 5 They had mingled their waters together 6 Before meadow-land had coalesced and reed-bed was to he found — 7 When not one of the gods had been formed 8 Or had come into being, when no destinies had been decreed, 9 The gods were created within them: 10 Lah(mu and Lah(amu were formed and came into being. 11 While they grew and increased in stature 12 Anšar and Kišar, who excelled them, were created. 13 They prolonged their days, they multiplied their years. 14 Anu, their son, could rival his fathers. 15 Anu, the son, equalled Anšar, 16 And Anu begat Nudimmud, his own equal. 17 Nudimmud was the champion among his fathers: 18 Profoundly discerning, wise, of robust strength; 19 Very much stronger than his father's begetter, Anšar 20 He had no rival among the gods, his brothers. 21 The divine brothers came together, 22 Their clamour got loud, throwing Tia-mat into a turmoil. 23 They jarred the nerves of Tia-mat, 24 And by their dancing they spread alarm in Anduruna. 25 Apsû did not diminish their clamour, 26 And Tia-mat was silent when confronted with them. 27 Their conduct was displeasing to her, 28 Yet though their behaviour was not good, she wished to spare them. 29 Thereupon Apsû, the begetter of the great gods, 30 Called Mummu, his vizier, and addressed him, 31 “Vizier Mummu, who gratifies my pleasure, 32 Come, let us go to Tia-mat!” 33 They went and sat, facing Tia-mat, 34 As they conferred about the gods, their sons. 35 Apsû opened his mouth 36 And addressed Tia-mat 37 “Their behaviour has become displeasing to me 38 And I cannot rest in the day-time or sleep at night. 39 I will destroy and break up their way of life 40 That silence may reign and we may sleep.” 41 When Tia-mat heard this 42 She raged and cried out to her spouse, 43 She cried in distress, fuming within herself, 44 She grieved over the (plotted) evil, 45 “How can we destroy what we have given birth to? 46 Though their behaviour causes distress, let us tighten discipline graciously.” 47 Mummu spoke up with counsel for Apsû— 48 (As from) a rebellious vizier was the counsel of his Mummu— 49 “Destroy, my father, that lawless way of life, 50 That you may rest in the day-time and sleep by night!” 51 Apsû was pleased with him, his face beamed 52 Because he had plotted evil against the gods, his sons. 53 Mummu put his arms around Apsû's neck, 54 He sat on his knees kissing him. 55 What they plotted in their gathering 56 Was reported to the gods, their sons. 57 The gods heard it and were frantic. 58 They were overcome with silence and sat quietly. 59 Ea, who excels in knowledge, the skilled and learned, 60 Ea, who knows everything, perceived their tricks. 61 He fashioned it and made it to be all-embracing, 62 He executed it skilfully as supreme—his pure incantation. 63 He recited it and set it on the waters, 64 He poured sleep upon him as he was slumbering deeply. 65 He put Apsû to slumber as he poured out sleep, 66 And Mummu, the counsellor, was breathless with agitation. 67 He split (Apsû's) sinews, ripped off his crown, 68 Carried away his aura and put it on himself. 69 He bound Apsû and killed him; 70 Mummu he confined and handled roughly. 71 He set his dwelling upon Apsû, 72 And laid hold on Mummu, keeping the nose-rope in his hand. 73 After Ea had bound and slain his enemies, 74 Had achieved victory over his foes, 75 He rested quietly in his chamber, 76 He called it Apsû, whose shrines he appointed. 77 Then he founded his living-quarters within it, 78 And Ea and Damkina, his wife, sat in splendour. 79 In the chamber of the destinies, the room of the archetypes, 80 The wisest of the wise, the sage of the gods, Be-l was conceived. 81 In Apsû was Marduk born, 82 In pure Apsû was Marduk born. 83 Ea his father begat him, 84 Damkina his mother bore him. 85 He sucked the breasts of goddesses, 86 A nurse reared him and filled him with terror. 87 His figure was well developed, the glance of his eyes was dazzling, 88 His growth was manly, he was mighty from the beginning. 89 Anu, his father's begetter, saw him, 90 He exulted and smiled; his heart filled with joy. 91 Anu rendered him perfect: his divinity was remarkable, 92 And he became very lofty, excelling them in his attributes. 93 His members were incomprehensibly wonderful, 94 Incapable of being grasped with the mind, hard even to look on. 95 Four were his eyes, four his ears, 96 Flame shot forth as he moved his lips. 97 His four ears grew large, 93 And his eyes likewise took in everything. 99 His figure was lofty and superior in comparison with the gods, 100 His limbs were surpassing, his nature was superior. 101 'Mari-utu, Mari-utu, 102 The Son, the Sun-god, the Sun-god of the gods.' 103 He was clothed with the aura of the Ten Gods, so exalted was his strength, 104 The Fifty Dreads were loaded upon him. 105 Anu formed and gave birth to the four winds, 106 He delivered them to him, “My son, let them whirl!” 107 He formed dust and set a hurricane to drive it, 108 He made a wave to bring consternation on Tia-mat. 109 Tia-mat was confounded; day and night she was frantic. 110 The gods took no rest, they . . . . . . . 111 In their minds they plotted evil, 112 And addressed their mother Tia-mat, 113 “When Apsû, your spouse, was killed, 114 You did not go at his side, but sat quietly. 115 The four dreadful winds have been fashioned 116 To throw you into confusion, and we cannot sleep. 117 You gave no thought to Apsû, your spouse, 113 Nor to Mummu, who is a prisoner. Now you sit alone. 119 Henceforth you will be in frantic consternation! 120 And as for us, who cannot rest, you do not love us! 121 Consider our burden, our eyes are hollow. 122 Break the immovable yoke that we may sleep. 123 Make battle, avenge them! 124 [ . . ] . . . . reduce to nothingness! 125 Tia-mat heard, the speech pleased her, 126 (She said,) “Let us make demons, [as you] have advised.” 127 The gods assembled within her. 128 They conceived [evil] against the gods their begetters. 129 They . . . . . and took the side of Tia-mat, 130 Fiercely plotting, unresting by night and day, 131 Lusting for battle, raging, storming, 132 They set up a host to bring about conflict. 133 Mother H(ubur, who forms everything, 134 Supplied irresistible weapons, and gave birth to giant serpents. 135 They had sharp teeth, they were merciless . . . . 136 With poison instead of blood she filled their bodies. 137 She clothed the fearful monsters with dread, 138 She loaded them with an aura and made them godlike. 139 (She said,) “Let their onlooker feebly perish, 140 May they constantly leap forward and never retire.” 141 She created the Hydra, the Dragon, the Hairy Hero 142 The Great Demon, the Savage Dog, and the Scorpion-man, 143 Fierce demons, the Fish-man, and the Bull-man, 144 Carriers of merciless weapons, fearless in the face of battle. 145 Her commands were tremendous, not to be resisted. 146 Altogether she made eleven of that kind. 147 Among the gods, her sons, whom she constituted her host, 148 She exalted Qingu, and magnified him among them. 149 The leadership of the army, the direction of the host, 150 The bearing of weapons, campaigning, the mobilization of conflict, 151 The chief executive power of battle, supreme command, 152 She entrusted to him and set him on a throne, 153 “I have cast the spell for you and exalted you in the host of the gods, 154 I have delivered to you the rule of all the gods. 155 You are indeed exalted, my spouse, you are renowned, 156 Let your commands prevail over all the Anunnaki.” 157 She gave him the Tablet of Destinies and fastened it to his breast, 158 (Saying) “Your order may not be changed; let the utterance of your mouth be firm.” 159 After Qingu was elevated and had acquired the power of Anuship, 160 He decreed the destinies for the gods, her sons: 161 “May the utterance of your mouths subdue the fire-god, 162 May your poison by its accumulation put down aggression.”

II.

1 Tia-mat gathered together her creation 2 And organised battle against the gods, her offspring. 3 Henceforth Tia-mat plotted evil because of Apsû 4 It became known to Ea that she had arranged the conflict. 5 Ea heard this matter, 6 He lapsed into silence in his chamber and sat motionless. 7 After he had reflected and his anger had subsided 8 He directed his steps to Anšar his father. 9 He entered the presence of the father of his begetter, Anšar, 10 And related to him all of Tia-mat's plotting. 11 “My father, Tia-mat our mother has conceived a hatred for us, 12 She has established a host in her savage fury. 13 All the gods have turned to her, 14 Even those you (pl.) begat also take her side 15 They . . . . . and took the side of Tia-mat, 16 Fiercely plotting, unresting by night and day, 17 Lusting for battle, raging, storming, 18 They set up a host to bring about conflict. 19 Mother H(ubur, who forms everything, 20 Supplied irresistible weapons, and gave birth to giant serpents. 21 They had sharp teeth, they were merciless. 22 With poison instead of blood she filled their bodies. 23 She clothed the fearful monsters with dread, 24 She loaded them with an aura and made them godlike. 25 (She said,) “Let their onlooker feebly perish, 26 May they constantly leap forward and never retire.” 27 She created the Hydra, the Dragon, the Hairy Hero, 28 The Great Demon, the Savage Dog, and the Scorpion-man, 29 Fierce demons, the Fish-man, and the Bull-man, 30 Carriers of merciless weapons, fearless in the face of battle. 31 Her commands were tremendous, not to be resisted. 32 Altogether she made eleven of that kind. 33 Among the gods, her sons, whom she constituted her host, 34 She exalted Qingu and magnified him among them. 35 The leadership of the army, the direction of the host, 36 The bearing of weapons, campaigning, the mobilization of conflict, 37 The chief executive power of battle supreme command, 38 She entrusted to him and set him on a throne. 39 “I have cast the spell for you and exalted you in the host of the gods, 40 I have delivered to you the rule of all the gods. 41 You are indeed exalted, my spouse, you are renowned, 42 Let your commands prevail over all the Anunnaki.” 43 She gave him the tablet of Destinies and fastened it to his breast, 44 (Saying) “Your order may not he changed; let the utterance of your mouth be firm.” 45 After Qingu was elevated and had acquired the power of Anuship 46 He decreed the destinies for the gods. her sons: 47 “May the utterance of your mouths subdue the fire-god, 48 May your poison by its accumulation put down aggression.” 49 Anšar heard; the matter was profoundly disturbing. 50 He cried “Woe!” and bit his lip. 51 His heart was in fury, his mind could not be calmed. 52 Over Ea his son his cry was faltering. 53 “My son, you who provoked the war, 54 Take responsibility for whatever you alone have done! 55 You set out and killed Apsû, 56 And as for Tia-mat, whom you made furious, where is her equal?” 57 The gatherer of counsel, the learned prince, 58 The creator of wisdom, the god Nudimmud 59 With soothing words and calming utterance 60 Gently answered [his] father Anšar 61 “My father, deep mind, who decrees destiny, 62 Who has the power to bring into being and destroy, 63 Anšar, deep mind, who decrees destiny, 64 Who has the power to bring into being and to destroy, 65 I want to say something to you, calm down for me for a moment 66 And consider that I performed a helpful deed. 67 Before I killed Apsû 68 Who could have seen the present situation? 69 Before I quickly made an end of him 70 What were the circumstances were I to destroy him?” 71 Anšar heard, the words pleased him. 72 His heart relaxed to speak to Ea, 73 “My son, your deeds are fitting for a god, 74 You are capable of a fierce, unequalled blow . . [ . . . ] 75 Ea, your deeds are fitting for a god, 76 You are capable of a fierce, unequalled blow . . [ . . . ] 77 Go before Tia-mat and appease her attack, 78 . . [ . . . ] . . . her fury with [your] incantation.” 79 He heard the speech of Anšar his father, 80 He took the road to her, proceeded on the route to her. 81 He went, he perceived the tricks of Tia-mat, 82 [He stopped], fell silent, and turned back. 83 [He] entered the presence of august Anšar 84 Penitently addressing him, 85 “[My father], Tia-mat's deeds are too much for me. 86 I perceived her planning, and [my] incantation was not equal (to it). 87 Her strength is mighty, she is full of dread, 88 She is altogether very strong, none can go against her. 89 Her very loud cry did not diminish, 90 [I became afraid] of her cry and turned back. 91 [My father], do not lose hope, send a second person against her. 92 Though a woman's strength is very great, it is not equal to a man's. 93 Disband her cohorts, break up her plans 94 Before she lays her hands on us.” 95 Anšar cried out in intense fury, 96 Addressing Anu his son, 97 “Honoured son, hero, warrior, 98 Whose strength is mighty, whose attack is irresistible 99 Hasten and stand before Tia-mat, 100 Appease her rage that her heart may relax 101 If she does not harken to your words, 102 Address to her words of petition that she may be appeased.” 103 He heard the speech of Anšar his father, 104 He took the road to her, proceeded on the route to her. 105 Anu went, he perceived the tricks of Tia-mat, 106 He stopped, fell silent, and turned back. 107 He entered the presence of Anšar the father who begat him, 108 Penitently addressing him. 109 “My father, Tia-mat's [deeds] are too much for me. 110 I perceived her planning, but my [incantation] was not [equal] (to it). 111 Her strength is mighty, she is [full] of dread, 112 She is altogether very strong, no one [can go against her]. 113 Her very loud noise does not diminish, 114 I became afraid of her cry and turned back. 115 My father, do not lose hope, send another person against her. 116 Though a woman's strength is very great, it is not equal to a man's. 117 Disband her cohorts, break up her plans, 118 Before she lays her hands on us.” 119 Anšar lapsed into silence, staring at the ground, 120 He nodded to Ea, shaking his head. 121 The Igigi and all the Anunnaki had assembled, 122 They sat in tight-lipped silence. 123 No god would go to face . . [ . . ] 124 Would go out against Tia-mat . . . . [ . . ] 125 Yet the lord Anšar, the father of the great gods, 126 Was angry in his heart, and did not summon any one. 127 A mighty son, the avenger of his father, 128 He who hastens to war, the warrior Marduk 129 Ea summoned (him) to his private chamber 130 To explain to him his plans. 131 “Marduk, give counsel, listen to your father. 132 You are my son, who gives me pleasure, 133 Go reverently before Anšar, 134 Speak, take your stand, appease him with your glance.” 135 Be-l rejoiced at his father's words, 136 He drew near and stood in the presence of Anšar. 137 Anšar saw him, his heart filled with satisfaction, 138 He kissed his lips and removed his fear. 139 “My [father] do not hold your peace, but speak forth, 140 I will go and fulfil your desires! 141 [Anšar,] do not hold your peace, but speak forth, 142 I will go and fulfil your desires! 143 Which man has drawn up his battle array against you? 144 And will Tia-mat, who is a woman, attack you with (her) weapons? 145 [“My father], begetter, rejoice and be glad, 146 Soon you will tread on the neck of Tia-mat! 147 [Anšar], begetter, rejoice and be glad, 148 Soon you will tread on the neck of Tia-mat! 149 [“Go,] my son, conversant with all knowledge, 150 Appease Tia-mat with your pure spell. 151 Drive the storm chariot without delay, 152 And with a [ . . ] which cannot be repelled turn her back.” 153 Be-l rejoiced at his father's words, 154 With glad heart he addressed his father, 155 “Lord of the gods, Destiny of the great gods, 156 If I should become your avenger, 157 If I should bind Tia-mat and preserve you, 158 Convene an assembly and proclaim for me an exalted destiny. 159 Sit, all of you, in Upšukkinakku with gladness, 160 And let me, with my utterance, decree destinies instead of you. 161 Whatever I instigate must not be changed, 162 Nor may my command be nullified or altered.”

III.

1 Anšar opened his mouth 2 And addressed Kaka, his vizier, 3 “Vizier Kaka, who gratifies my pleasure, 4 I will send you to Lah(mu and Lah(amu. 5 You are skilled in making inquiry, learned in address. 6 Have the gods, my fathers, brought to my presence. 7 Let all the gods be brought, 8 Let them confer as they sit at table. 9 Let them eat grain, let them drink ale, 10 Let them decree the destiny for Marduk their avenger. 11 Go, be gone, Kaka, stand before them, 12 And repeat to them all that I tell you: 13 “Anšar, your son, has sent me, 14 And I am to explain his plans. 15-52 = II, 11-48 ( instead of 'My father,' put ' 'Thus,' ) 53 I sent Anu, but he could not face her. 54 Nudimmud took fright and retired. 55 Marduk, the sage of the gods, your son, has come forward, 56 He has determined to meet Tia-mat. 57 He has spoken to me and said, 58-64 = II, 156-162 ( begin with quotation marks: “If ) 65 Quickly, now, decree your destiny for him without delay, 66 That he may go and face your powerful enemy.” 67 Kaka went. He directed his steps 68 To Lah(mu and Lah(amu, the gods his fathers. 69 He prostrated himself, he kissed the ground before them, 70 He got up, saying to them he stood, 71-124 = II, 13-66 125 When Lah(h(a and Lah(amu heard, they cried aloud. 126 All the Igigi moaned in distress, 127 “What has gone wrong that she took this decision about us? 128 We did not know what Tia-mat was doing.” 129 All the great gods who decree destinies 130 Gathered as they went, 131 They entered the presence of Anšar and became filled with [joy], 132 They kissed one another as they . [ . . ] in the assembly. 133 They conferred as they sat at table, 134 They ate grain, they drank ale. 135 They strained the sweet liquor through their straws, 136 As they drank beer and felt good, 137 They became quite carefree, their mood was merry, 138 And they decreed the fate for Marduk, their avenger.

IV.

1 Anšar opened his mouth 2 And addressed Kaka, his vizier, 3 “Vizier Kaka, who gratifies my pleasure, 4 I will send you to Lah(mu and Lah(amu. 5 You are skilled in making inquiry, learned in address. 6 Have the gods, my fathers, brought to my presence. 7 Let all the gods be brought, 8 Let them confer as they sit at table. 9 Let them eat grain, let them drink ale, 10 Let them decree the destiny for Marduk their avenger. 11 Go, be gone, Kaka, stand before them, 12 And repeat to them all that I tell you: 13 “Anšar, your son, has sent me, 14 And I am to explain his plans. 15-52 = II, 11-48 ( instead of 'My father,' put ' 'Thus,' ) 53 I sent Anu, but he could not face her. 54 Nudimmud took fright and retired. 55 Marduk, the sage of the gods, your son, has come forward, 56 He has determined to meet Tia-mat. 57 He has spoken to me and said, 58-64 = II, 156-162 ( begin with quotation marks: “If ) 65 Quickly, now, decree your destiny for him without delay, 66 That he may go and face your powerful enemy.” 67 Kaka went. He directed his steps 68 To Lah(mu and Lah(amu, the gods his fathers. 69 He prostrated himself, he kissed the ground before them, 70 He got up, saying to them he stood, 71-124 = II, 13-66 125 When Lah(h(a and Lah(amu heard, they cried aloud. 126 All the Igigi moaned in distress, 127 “What has gone wrong that she took this decision about us? 128 We did not know what Tia-mat was doing.” 129 All the great gods who decree destinies 130 Gathered as they went, 131 They entered the presence of Anšar and became filled with [joy], 132 They kissed one another as they . [ . . ] in the assembly. 133 They conferred as they sat at table, 134 They ate grain, they drank ale. 135 They strained the sweet liquor through their straws, 136 As they drank beer and felt good, 137 They became quite carefree, their mood was merry, 138 And they decreed the fate for Marduk, their avenger.

V

1 He fashioned heavenly stations for the great gods, 2 And set up constellations, the patterns of the stars. 3 He appointed the year, marked off divisions, 4 And set up three stars each for the twelve months. 5 After he had organized the year, 6 He established the heavenly station of Ne-beru to fix the stars' intervals. 7 That none should transgress or be slothful 8 He fixed the heavenly stations of Enlil and Ea with it. 9 Gates he opened on both sides, 10 And put strong bolts at the left and the right. 11 He placed the heights (of heaven) in her (Tia-mat's) belly, 12 He created Nannar, entrusting to him the night. 13 He appointed him as the jewel of the night to fix the days, 14 And month by month without ceasing he elevated him with a crown, 15 (Saying,) “Shine over the land at the beginning of the month, 16 Resplendent with horns to fix six days. 17 On the seventh day the crown will be half size, 18 On the fifteenth day, halfway through each month, stand in opposition. 19 When Šamaš [sees] you on the horizon, 20 Diminish in the proper stages and shine backwards. 21 On the 29th day, draw near to the path of Šamaš, 22 . [ . . ] the 30th day, stand in conjunction and rival Šamaš. 23 I have ( . . . . ] . the sign, follow its track, 24 Draw near . . ( . . . . . ) give judgment. 25 . [ . . . . ] . Šamaš, constrain [murder] and violence, 26 . [ . . . . . . . . . . . . . . . . . . . ] . me. * * * * * * 35 At the end [ . . . 36 Let there [be] the 29th day [ . . . “ 37 After [he had . . . . ] the decrees [ . . . 38 The organization of front and . [ . . . 39 He made the day [ . . . 40 Let the year be equally [ . . . 41 At the new year [ . . . 42 The year . . . . . [ . . . 43 Let there be regularly [ . . . 44 The projecting bolt [ . . . 45 After he had [ . . . 46 The watches of night and day [ . . . 47 The foam which Tia-mat [ . . . 48 Marduk fashioned [ . . . 49 He gathered it together and made it into clouds. 50 The raging of the winds, violent rainstorms, 51 The billowing of mist—the accumulation of her spittle— 52 He appointed for himself and took them in his hand. 53 He put her head in position and poured out . . [ . . ] . 54 He opened the abyss and it was sated with water. 55 From her two eyes he let the Euphrates and Tigris flow, 56 He blocked her nostrils, but left . . 57 He heaped up the distant [mountains] on her breasts, 58 He bored wells to channel the springs. 59 He twisted her tail and wove it into the Durmah(u, 60 [ . . . ] . . the Apsû beneath his feet. 61 [He set up] her crotch—it wedged up the heavens— 62 [(Thus) the half of her] he stretched out and made it firm as the earth. 63 [After] he had finished his work inside Tia-mat, 64 [He spread] his net and let it right out. 65 He surveyed the heavens and the earth . . [ . ] . 66 [ . . ] their bonds . . . . . . . 67 After he had formulated his regulations and composed [his] decrees, 68 He attached guide-ropes and put them in Ea's hands. 69 [The Tablet] of Destinies which Qingu had taken and carried, 70 He took charge of it as a trophy (?) and presented it to Anu. 71 [The . ] . of battle, which he had tied on or had put on his head, 72 [ . ] . he brought before his fathers. 73 [Now] the eleven creatures to which Tia-mat had given birth and . . . , 74 He broke their weapons and bound them (the creatures) to his feet. 75 He made images of them and stationed them at the [Gate] of the Apsû, 76 To be a sign never to be forgotten. 77 [The gods] saw it and were jubilantly happy, 78 (That is,) Lah(mu, Lah(amu and all his fathers. 79 Anšar [embraced] him and published abroad his title, “Victorious King,” 80 Anu, Enlil and Ea gave him gifts. 81 Mother Damkina, who bore him, hailed him, 82 With a clean festal robe she made his face shine. 83 To Usmû, who held her present to give the news, 84 [He entrusted] the vizierate of the Apsû and the care of the holy places. 85 The Igigi assembled and all did obeisance to him, 86 Every one of the Anunnaki was kissing his feet. 87 They all [gathered] to show their submission, 88 [ . . . ] . they stood, they bowed down, “Behold the king!” 89 His fathers [ . . . ] . and took their fill of his beauty, 90 Be-l listened to their utterance, being girded with the dust of battle. 91 . [ . . . . . . . . . . . . ] . . . . . . . 92 Anointing his body with . [ . . . ] cedar perfume. 93 He clothed himself in [his] lordly robe, 94 With a crown of terror as a royal aura. 95 He took up his club and held it in his right hand, 96 . . . ] . he grasped in his left. 97 [ . . . . . . . . . . . . . . . . . . . . ] 98 . . . ] . he set his feet. 99 He put upon . [ . . . 100 The sceptre of prosperity and success [he hung] at his side. 101 After [he had . . . ] the aura [ 102 He adorned(?) his sack, the Apsû, with a fearful [ . . ] 103 Was settled like . [ . . . 104 In [his] throne room [ . . . 105 In his cella [ . . . 106 Every one of the gods [ . . . 107 Lah(mu and Lah(amu . [ . . . . . . . ] . 108 Opened their mouths and [addressed] the Igigi gods, 109 “Previously Marduk was our beloved son, 110 Now he is your king, heed his command!” 111 Next, they all spoke up together, 112 “His name is Lugaldimmerankia, trust in him!” 113 When they had given kingship to Marduk, 114 They addressed to him a benediction for prosperity and success, 115 “Henceforth you are the caretaker of our shrine, 116 Whatever you command, we will do!” 117 Marduk opened his mouth to speak 118 And addressed the gods his fathers, 119 “Above the Apsû, the emerald (?) abode, 120 Opposite Ešarra, which I built for you, 121 Beneath the celestial parts, whose floor I made firm, 122 I will build a house to be my luxurious abode. 123 Within it I will establish its shrine, 124 I will found my chamber and establish my kingship. 125 When you come up from the Apsû to make a decision 126 This will be your resting place before the assembly. 127 When you descend from heaven to make a decision 128 This will be your resting place before the assembly. 129 I shall call its name 'Babylon', “The Homes of the Great Gods”, 130 Within it we will hold a festival: that will be the evening festival. 131 [The gods], his fathers, [heard] this speech of his, 132 . [ . . . . . . . . . . . . ] . they said, 133 “With regard to all that your hands have made, 134 Who has your [ . . . ]? 135 With regard to the earth that your hands have made, 136 Who has your [ . . . ]? 137 In Babylon, as you have named it, 138 Put our [resting place] for ever. 139 . [ . . . . . . . . . ] let them our bring regular offerings 140 . [ . . . . . . . . . . . . . . . . ] . . 141 Whoever [ . . . ] our tasks which we . [ . . . 142 Therein [ . . . . . ] its toil . [ . . . 143 [ . . . . . . . . . . . . . . . . . . . . . ] 144 They rejoiced [ . . . . . . . . . . . ] . . [ . . . 145 The gods . [ . . . . . . . . . . . . . ] 146 He who knows [ . . . . . . . . . ] . them 147 He opened [his mouth showing] them light, 148 . . [ . . . . . . . . . ] his speech . [ . ] 149 He made wide [ . . . . . . . . ] . them [ . . . 150 And . [ . . . . . . . . . . . . ] . . . . . 151 The gods bowed down, speaking to him, 152 They addressed Lugaldimmerankia, their lord, 153 “Formerly, lord, [you were our beloved] son, 154 Now you are our king, . . [ . . . ] 155 He who . [ . ] . [ . ] preserved [us] 156 . . [. . . ] the aura of club and sceptre. 157 Let him conceive plans [ . . . . ] . . [ . . . ] 158 [ . ] . . [ . . . . . . that] we . [ . . .”

VI.

1 When Marduk heard the gods' speech 2 He conceived a desire to accomplish clever things. 3 He opened his mouth addressing Ea, 4 He counsels that which he had pondered in his heart, 5 “I will bring together blood to form bone, 6 I will bring into being Lullû, whose name shall be 'man'. 7 I will create Lullû—man 8 On whom the toil of the gods will be laid that they may rest. 9 I will skilfully alter the organization of the gods: 10 Though they are honoured as one, they shall be divided into two.” 11 Ea answered, as he addressed a word to him, 12 Expressing his comments on the resting of the gods, 13 “Let one brother of theirs be given up. 14 Let him perish that people may be fashioned. 15 Let the great gods assemble 16 And let the guilty one be given up that they may be confirmed.” 17 Marduk assembled the great gods, 18 Using gracious direction as he gave his order, 19 As he spoke the gods heeded him: 20 The king addressed a word to the Anunnaki, 21 “Your former oath was true indeed, 22 (Now also) tell me the solemn truth: 23 Who is the one who instigated warfare, 24 Who made Tia-mat rebel, and set battle in motion? 25 Let him who instigated warfare be given up 26 That I may lay his punishment on him; but you sit and rest. 27 The Igigi, the great gods, answered him, 28 That is, Lugaldimmerankia, the counsellor of the gods, the lord, 29 “Qingu is the one who instigated warfare, 30 Who made Tia-mat rebel and set battle in motion.” 31 They bound him, holding him before Ea, 32 They inflicted the penalty on him and severed his blood-vessels. 33 From his blood he (Ea) created mankind, 34 On whom he imposed the service of the gods, and set the gods free. 35 After the wise Ea had created mankind 36 And had imposed the service of the gods upon them— 37 That task is beyond comprehension 38 For Nudimmud performed the creation with the skill of Marduk— 39 King Marduk divided the gods, 40 All the Anunnaki into upper and lower groups. 41 He assigned 300 in the heavens to guard the decrees of Anu 42 And appointed them as a guard. 43 Next he arranged the organization of the netherworld. 44 In heaven and netherworld he stationed 600 gods. 45 After he had arranged all the decrees, 46 And had distributed incomes among the Anunnaki of heaven and netherworld, 47 The Anunnaki opened their mouths 48 And addressed their lord Marduk, 49 “Now, lord, seeing you have established our freedom 50 What favour can we do for you? 51 Let us make a shrine of great renown: 52 Your chamber will be our resting place wherein we may repose. 53 Let us erect a shrine to house a pedestal 54 Wherein we may repose when we finish (the work).” 55 When Marduk heard this, 56 He beamed as brightly as the light of day, 57 “Build Babylon, the task you have sought. 58 Let bricks for it be moulded, and raise the shrine!” 59 The Anunnaki wielded the pick. 60 For one year they made the needed bricks. 61 When the second year arrived, 62 They raised the peak of Esagil, a replica of the Apsû. 63 They built the lofty temple tower of the Apsû 64 And for Anu, Enlil, and Ea they established its . . as a dwelling. 65 He sat in splendour before them, 66 Suveying its horns, which were level with the base of Ešarra. 67 After they had completed the work on Esagil 68 All the Anunnaki constructed their own shrines. 69 300 Igigi of heaven and 600 of the Apsû, all of them, had assembled. 70 Be-l seated the gods, his fathers, at the banquet 71 In the lofty shrine which they had built for his dwelling, 72 (Saying,) “This is Babylon, your fixed dwelling, 73 Take your pleasure here! Sit down in joy! 74 The great gods sat down, 75 Beer-mugs were set out and they sat at the banquet. 76 After they had enjoyed themselves inside 77 They held a service in awesome Esagil. 78 The regulations and all the rules were confirmed: 79 All the gods divided the stations of heaven and netherwor1d. 80 The college of the Fifty great gods took their seats, 81 The Seven gods of destinies were appointed to give decisions. 82 Be-l received his weapon, the bow, and laid it before them: 83 His divine fathers saw the net which he had made. 84 His fathers saw how skilfully wrought was the structure of the bow 85 As they praised what he had made. 86 Anu lifted it up in the divine assembly, 87 He kissed the bow, saying, “It is my daughter!” 88 Thus he called the names of the bow: 89 “Long Stick” was the first; the second was, “May it hit the mark.” 90 With the third name, “Bow Star”, he made it to shine in the sky, 91 He fixed its heavenly position along with its divine brothers. 92 After Anu had decreed the destiny of the bow, 93 He set down a royal throne, a lofty one even for a god, 94 Anu set it there in the assembly of the gods. 95 The great gods assembled, 96 They exalted the destiny of Marduk and did obeisance. 97 They invoked a curse on themselves 98 And took an oath with water and oil, and put their hands to their throats. 99 They granted him the right to exercise kingship over the gods, 100 They confirmed him as lord of the gods of heaven and netherworld. 101 Anšar gave him his exalted name, Asalluh(i 102 “At the mention of his name, let us show submission! 103 When he speaks, let the gods heed him, 104 Let his command be superior in upper and lower regions. 105 May the son, our avenger, be exalted, 106 Let his lordship be superior and himself without rival. 107 Let him shepherd the black-heads, his creatures, 108 Let them tell of his character to future days without forgetting. 109 Let him establish lavish food offerings for his fathers, 110 Let him provide for their maintenance and be caretaker of their sanctuaries, 111 Let him burn incense to rejoice their sanctums. 112 Let him do on earth the same as he has done in heaven: 113 Let him appoint the black-heads to worship him. 114 The subject humans should take note and call on their gods, 115 Since he commands they should heed their goddesses, 116 Let food offerings be brought [for] (?) their gods and goddesses, 117 May they (?) not be forgotten, may they remember their gods, 118 May they . . . their . . , may they . . their shrines. 119 Though the black-heads worship some one, some another god, 120 He is the god of each and every one of us! 121 Come, let us call the fifty names 122 Of him whose character is resplendent, whose achievement is the same. 123 (1) MARDUK As he was named by his father Anu from his birth, 124 Who supplies pasturage and watering, making the stables flourish. 125 Who bound the boastful with his weapon, the storm flood, 126 And saved the gods, his fathers, from distress. 127 He is the son, the sun-god of the gods, he is dazzling, 128 Let them ever walk in his bright light. 129 On the peoples that he created, the living beings, 130 He imposed the service of the gods and they took rest. 131 Creation and annihilation, forgiveness and exacting the penalty 132 Occur at his command, so let them fix their eyes on him. 133 (2) Marukka: he is the god who created them 134 Who put the Anunnaki at ease, the Igigi at rest. 135 (3) Marutukku: he is the support of land, city, and its peoples, 136 Henceforth let the peoples ever heed him. 137 (4) Meršakušu: fierce yet deliberating, angry yet relenting, 138 His mind is wide, his heart is all-embracing. 139 (5) Lugaldimmerankia is the name by which we all called him, 140 Whose command we have exalted above that of the gods his fathers. 141 He is the lord of all the gods of heaven and netherworld, 142 The king at whose injunctions the gods in upper and lower regions shudder. 143 (6) Narilugaldimmerankia is the name we gave him, the mentor of every god, 144 Who established our dwellings in heaven and netherworld in time of trouble, 145 Who distributed the heavenly stations between Igigi and Anunnaki, 146 Let the gods tremble at his name and quake on their seats. 147 (7) Asalluh(i is the name by which his father Anu called him, 148 He is the light of the gods, a mighty hero, 149 Who, as his name says, is a protecting angel for god and land, 150 Who by a terrible combat saved our dwelling in time of trouble. 151 (8) Asalluh(i-Namtilla they called him secondly, the life-giving god, 152 Who, in accordance with the form (of) his (name), restored all the ruined gods, 153 The lord, who brought to life the dead gods by his pure incantation, 154 Let us praise him as the destroyer of the crooked enemies. 155 (9) Asalluh(i-Namru, as his name is called thirdly, 156 The pure god, who cleanses our character.” 157 Anšar, Lah(mu, and Lah(amu (each) called him by three of his names, 158 Then they addressed the gods, their sons, 159 “We have each called him by three of his names,

160 Now you call his names, like us.” 161 The gods rejoiced as they heard their speech, 162 In Upšuukkinaki they held a conference, 163 “Of the warrior son, our avenger, 164 Of the provisioner, let us extol the name.” 165 They sat down in their assembly, summoning the destinies, 166 And with all due rites they called his name:

VII.

1 (10)Asarre, the giver of arable land who established plough-land, 2 The creator of barley and flax, who made plant life grow. 3 (11)Asaralim, who is revered in the counsel chamber, whose counsel excels, 4 The gods heed it and grasp fear of him. 5 (12)Asaralimnunna, the noble, the light of the father, his begetter, 6 Who directs the decrees of Anu, Enlil, and Ea, that is Ninšiku. 7 He is their provisioner, who assigns their incomes, 8 Whose turban multiplies abundance for the land. 9 (13) Tutu is he, who accomplishes their renovation, 10 Let him purify their sanctuaries that they may repose. 11 Let him fashion an incantation that the gods may rest, 12 Though they rise up in fury, let them withdraw. 13 He is indeed exalted in the assembly of the gods, his [fathers], 14 No one among the gods can [equal] him. 15 (14) Tutu-Ziukkinna, the life of [his] host, 16 Who established, the pure heavens for the gods, 17 Who took charge of their courses, who appointed [their stations], 16 May he not be forgotten among mortals, but [let them remember] his deeds. 19 (15) Tutu-Ziku they called him thirdly, the establisher of purification, 20 The god of the pleasant breeze, lord of success and obedience, 21 Who produces bounty and wealth, who establishes abundance, 22 Who turns everything scant that we have into profusion, 23 Whose pleasant breeze we sniffed in time of terrible trouble, 24 Let men command that his praises be constantly uttered, let them offer worship to him. 25 As (16) Tutu-Agaku, fourthly, let humans extol him, 26 Lord of the pure incantation, who brought the dead back to life, 27 Who showed mercy on the Bound Gods, 28 Who threw the imposed yoke on the gods, his enemies, 29 And to spare them created mankind. 30 The merciful, in whose power it is to restore to life, 31 Let his words be sure and not forgotten 32 From the mouths of the black-heads, his creatures. 33 As (17) Tutu-Tuku, fifthly, let their mouth give expression to his pure spell, 34 Who extirpated all the wicked by his pure incantation. 35 (18) Šazu, who knew the heart of the gods, who saw the reins, 36 Who did not let an evil-doer escape from him, 37 Who established the assembly of the gods, who rejoiced their hearts, 38 Who subjugated the disobedient, he is the gods' encompassing protection. 39 He made truth to prosper, he uprooted perverse speech, 40 He separated falsehood from truth. 41 As (19) Šazu-Zisi, secondly, let them continually praise him, the subduer of aggressors, 42 Who ousted consternation of from the bodies of the gods, his fathers. 43 (20) Šazu-Suh(rim, thirdly, who extirpated every foe with his weapons, 44 Who confounded their plans and turned them into wind. 45 He snuffed out all the wicked who came against him, 46 Let the gods ever shout acclamations in the assembly. 47 (21) Šazu-Suh(gurim, fourthly, who established success for the gods, his fathers, 48 Who extirpated foes and destroyed their offspring, 49 Who scattered their achievements, leaving no part of them, 50 Let his name be spoken and proclaimed in the land. 51 As (22) Šazu-Zah(rim, fifthly, let future gererations discuss him, 52 The destroyer of every rebel, of all the disobedient, 53 Who brought all the fugitive gods into the shrines, 54 Let this name of his be established. 55 As (23) Šazu-Zah(gurim, sixthly, let them altogether and everywhere worship him, 56 Who himself destroyed all the foes in battle. 57 (24) Enbilulu is he, the lord who supplies them abundantly, 58 Their great chosen one, who provides cereal offerings, 59 Who keeps pasturage and watering in good condition and established it for the land, 60 Who opened watercourses and distributed plentiful water. 61 (25) Enbilulu-Epadun, lord of common land and . . ., let them [call him] secondly, 62 Canal supervisor of heaven and netherworld, who sets the furrow, Who establishes clean arable land in the open country, 63 Who directs irrigation ditch and canal, and marks out the furrow. 64 As (26) Enbilulu-Gugal, canal supervisor of the water courses of the gods, let them praise him thirdly, 65 Lord of abundance, profusion, and huge stores (of grain), 66 Who provides bounty, who enriches human habitations, 67 Who gives wheat, and brings grain into being. 68 (27) Enbilulu-H(egal, who accumulates abundance for the peoples . . . . 69 Who rains down riches on the broad earth, and supplies abundant vegetation. 70 (28) Sirsir, who heaped up a mountain on top of Tia-mat, 71 Who plundered the corpse of Tia-mat with [his] weapons, 72 The guardian of the land, their trustworthy shepherd, 73 Whose hair is a growing crop, whose turban is a furrow, 74 Who kept crossing the broad Sea in his fury, 75 And kept crossing over the place of her battle as though it were a bridge. 76 (29) Sirsir-Malah( they named him secondly—so be it— 77 Tia-mat was his boat, he was her sailor. 78 (30) Gil, who ever heaps up piles of barley, massive mounds, 79 The creator of grain and flocks, who gives seed for the land. 80 (31) Gilima, who made the bond of the gods firm, who created stability, 81 A snare that overwhelmed them, who yet extended favours. 82 (32) Agilima, the lofty, who snatches off the crown, who takes charge of snow, 83 Who created the earth on the water and made firm the height of heaven. 84 (33) Zulum, who assigns meadows for the gods and divides up what he has created, 85 Who gives incomes and food-offerings, who administers shrines. 86 (34) Mummu, creator of heaven end underworld, who protects refugees, 87 The god who purifies heaven and underworld, secondly Zulummu, 88 In respect of whose strength none other among the gods can equal him. 89 (35) Gišnumunab, creator of all the peoples, who made the world regions, 90 Who destroyed Tia-mat's gods, and made peoples from part of them. 91 (36) Lugalabdubur, the king who scattered the works of Tia-mat, who uprooted her weapons, 92 Whose foundation is secure on the “Fore and Aft”. 93 (37) Pagalguenna, foremost of all lords, whose strength is exalted, 94 Who is the greatest among the gods, his brothers, the most noble of them all. 95 (38) Lugaldurmah(, king of the bond of the gods, lord of Durmah(u, 96 Who is the greatest in the royal abode, infinitely more lofty than the other gods. 97 (39) Aranunna, counsellor of Ea, creator of the gods, his fathers, 98 Whom no god can equal in respect of his lordly walk. 99 (40) Dumuduku, who renews for himself his pure abode in Duku, 100 Dumuduku, without whom Lugalduku does not make a decision. 101 (41) Lugalšuanna, the king whose strength is exalted among the gods, 102 The lord, the strength of Anu, he who is supreme, chosen of Anšar. 103 (42) Irugga, who plundered them all in the Sea, 104 Who grasps all wisdom, is comprehensive in understanding. 105 (43) Irqingu, who plundered Qingu in . . . battle, 106 Who directs all decrees and establishes lordship. 107 (44) Kinma, the director of all the gods, who gives counsel, 108 At whose name the gods bend down in reverence as before a hurricane. 109 (45) Dingir-Esiskur—let him take his lofty seat in the House of Benediction, 110 Let the gods bring their presents before him 111 Until he receives their offerings. 112 No one but he accomplishes clever things 113 The four (regions) of black-heads are his creation, 114 Apart from him no god knows the measure of their days. 115 (46) Girru, who makes weapons hard (?), 116 Who accomplished clever things in the battle with Tia-mat, 117 Comprehensive in wisdom, skilled in understanding, 118 A deep mind, that all the gods combined do not understand. 119 Let (47) Addu be his name, let him cover the whole span of heaven, 120 Let him thunder with his pleasant voice upon the earth, 121 May the rumble fill (?) the clouds And give sustenance to the peoples below. 122 (48) Aša-ru, who, as his name says, mustered the Divine Fates 123 He indeed is the warden of absolutely all peoples. 124 As (49) Ne-beru let him hold the crossing place of heaven and underworld, 125 They should not cross above or below, but should wait for him. 126 Ne-beru is his star, which he caused to shine in the sky, 127 Let him take his stand on the heavenly staircase that they may look at him. 128 Yes, he who constantly crosses the Sea without resting, 129 Let his name be Ne-beru, who grasps her middle, 130 Let him fix the paths of the stars of heaven, 131 Let him shepherd all the gods like sheep, 132 Let him bind Tia-mat and put her life in mortal danger, 133 To generations yet unborn, to distant future days, 134 May he continue unchecked, may he persist into eternity. 135 Since he created the heavens and fashioned the earth, 136 Enlil, the father, called him by his own name, (50) 'Lord of the Lands'. 137 Ea heard the names which all the Igigi called 138 And his spirit became radiant. 139 “Why! He whose name was extolled by his fathers 140 Let him, like me, be called (51) 'Ea'. 141 Let him control the sum of all my rites, 142 Let him administer all my decrees.” 143 With the word “Fifty” the great gods 144 Called his fifty names and assigned him an outstanding position. 145 They should be remembered; a leading figure should expound them, 146 The wise and learned should confer about them, 147 A father should repeat them and teach them to his son, 148 One should explain them to shepherd and herdsman. 149 If one is not negligent to Marduk, the Enlil of the gods, 150 May one's land flourish, and oneself prosper, 151 (For) his word is reliable, his command unchanged, 152 No god can alter the utterance of his mouth. 153 When he looks in fury, he does not relent, 154 When his anger is ablaze, no god can face him. 155 His mind is deep, his spirit is all-embracing, 156 Before whom sin and transgression are sought out. 157 Instruction which a leading figure repeated before him (Marduk): 158 He wrote it down and stored it so that generations to come might hear it. 159 [ . . ] . Marduk, who created the Igigi gods, 160 Though they diminish . . . let them call on his name. 161 . . . the song of Marduk, 162 Who defeated Tia-mat and took kingship

 
Read more...

from Тетрадка | Notebook

R hslfow szev nvmgrlmvw yvuliv, gszg, rm gsv zfgfnm lu gsv kivxvwrmt bvzi, R szw ulin'w nlhg lu nb rmtvmrlfh zxjfzrmgzmxv rmgl z xofy lu nfgfzo rnkilevnvmg, dsrxs dzh xzoovw gsv Qfmgl; dv nvg lm Uirwzb vevmrmth. Gsv ifovh gszg R wivd fk ivjfrivw gszg vevib nvnyvi, rm srh gfim, hslfow kilwfxv lmv li nliv jfvirvh lm zmb klrmg lu Nlizoh, Klorgrxh, li Mzgfizo Ksrolhlksb, gl yv wrhxfhh'w yb gsv xlnkzmb; zmw lmxv rm gsivv nlmgsh kilwfxv zmw ivzw zm vhhzb lu srh ldm dirgrmt, lm zmb hfyqvxg sv kovzhvw. Lfi wvyzgvh dviv gl yv fmwvi gsv wrivxgrlm lu z kivhrwvmg, zmw gl yv xlmwfxgvw rm gsv hrmxviv hkrirg lu rmjfrib zugvi gifgs, drgslfg ulmwmvhh uli wrhkfgv, li wvhriv lu erxglib; zmw, gl kivevmg dzings, zoo vckivhhrlmh lu klhrgrevmvhh rm lkrmrlmh, li wrivxg xlmgizwrxgrlm, dviv zugvi hlnv grnv nzwv xlmgizyzmw, zmw kilsryrgvw fmwvi hnzoo kvxfmrzib kvmzogrvh.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

📦 Vorsicht vor gefälschten Paketbenachrichtigungen warning – Kriminelle nutzen die Black Friday Zeit, um gefälschte Paketbenachrichtigungen zu versenden, die Nutzer zur Zahlung von angeblichen Versandkosten verleiten und sie in Abofallen locken. https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/

🧱 Google blocked 1000 pro China websites from services security news – Google has blocked over 1,000 sites linked to a network promoting pro-China narratives, exposing coordinated disinformation tactics that blur the lines between authentic and fake news. https://www.theregister.com/2024/11/25/google_beijing_propaganda/

📦 Supply chain vendor Blue Yonder succumbs to ransomware cybercrime – Blue Yonder has suffered a ransomware attack, disrupting services and affecting customers like Starbucks and UK retailers, who are struggling to maintain supply chain operations. https://www.theregister.com/2024/11/26/blue_yonder_ransomware/

📞 Malware linked to Salt Typhoon used to hack telcos around the world security news – Salt Typhoon, a sophisticated Chinese APT group, has exploited various vulnerabilities to infiltrate telecom companies globally, using advanced malware and tactics for cyber-espionage. https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

🔧 Weekend QNAP, Veritas bugs hit patch pipelines vulnerability – QNAP patched 24 vulnerabilities in its products, including critical flaws in Notes Station 3, while Veritas faces delays in addressing seven critical vulnerabilities in its Enterprise Vault software. https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/

🚔 Emergency Vehicle Lights Can Screw Up a Car’s Automated Driving System security research – Research reveals that emergency vehicle lights can disrupt camera-based automated driving systems, causing them to misidentify objects and potentially leading to accidents, highlighting vulnerabilities in AI driving tech. https://www.wired.com/story/emergency-vehicle-lights-can-screw-up-a-cars-automated-driving-system/

🚫 Steam Removes Oct 7 Game at Request of UK Counter-Terrorism Unit security news – Valve removed the game 'Fursan al-Aqsa' from Steam in the UK at the request of the Counter-Terrorism Internet Referral Unit, citing concerns over its portrayal of violence related to the Israel-Palestine conflict. https://www.404media.co/steam-removes-oct-7-game-at-request-of-uk-counter-terrorism-unit/

🔓 Canadian privacy regulators publish details of medical testing company’s data breach data breach – A court ruling has allowed the public release of a report detailing a 2019 data breach at LifeLabs, exposing millions of Canadians' health data and revealing inadequate security measures. https://therecord.media/canadian-privacy-regulators-publish-life-labs-investigation

🦠 Russia-linked hackers exploited Firefox and Windows bugs in 'widespread' hacking campaign security research – RomCom, a Russian-linked hacking group, exploited zero-day vulnerabilities in Firefox and Windows to deploy malware via a 'zero-click' exploit, targeting users in Europe and North America. https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

🤫 US alleges man is cybercrook with distaste for opsec cybercrime – Nicholas Kloster, 31, is accused of a cybercrime spree in Missouri, including unauthorized access and damage to computers, showing a blatant disregard for operational security. https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

📊 Someone Made a Dataset of One Million Bluesky Posts for 'Machine Learning Research' privacy – A dataset of one million public Bluesky posts was released for machine learning research but was later removed by its creator, citing violations of transparency and consent principles. https://www.404media.co/someone-made-a-dataset-of-one-million-bluesky-posts-for-machine-learning-research/

👔 NSO Group Spies on People on Behalf of Governments privacy – NSO Group, known for selling Pegasus spyware, reportedly operates the spyware on behalf of governments, revealing that they install and extract data from targeted devices themselves. https://www.schneier.com/blog/archives/2024/11/nso-group-spies-on-people-on-behalf-of-governments.html

⚖️ Judge rejects data brokers’ bid to throw out case brought by law enforcement officers privacy – A federal judge denied data brokers' motion to dismiss a lawsuit by New Jersey law enforcement officers under Daniel's Law, which protects their personal information from being disclosed online. https://therecord.media/judge-rejects-bid-to-throw-out-data-broker-police-privacy-case

🎮 Russian Disinformation Campaign Spreads Lies About Ukraine's ‘Stalker 2’ security news- A Russian disinformation campaign falsely claims that the Ukrainian game Stalker 2 is used for military enlistment and data collection, aiming to undermine the game's significance amidst the ongoing conflict. https://www.404media.co/stalker2-disinformation/

📳 T-Mobile says telco hackers had 'no access' to customer call and text message logs data breach – T-Mobile stated that hackers did not access customer calls, texts, or voicemails during a cyberattack linked to the China-backed group Salt Typhoon, while emphasizing their robust cybersecurity measures. https://techcrunch.com/2024/11/27/t-mobile-says-telco-hackers-had-no-access-to-customer-call-and-text-message-logs/

🚢 Investigators think a Chinese ship purposefully cut critical data cables security news – European investigators allege a Chinese ship intentionally dragged its anchor to sever two critical data cables, potentially linked to Russian intelligence, while the Kremlin denies involvement. https://techcrunch.com/2024/11/27/investigators-think-a-chinese-ship-purposefully-cut-critical-data-cables/

💻 Mimic Ransomware: What You Need To Know malware – Mimic ransomware, first identified in 2022, encrypts files and may exfiltrate data, leveraging the legitimate 'Everything' tool for quick file access. Infected files have a '.QUIETPLACE' extension, and a new variant called Elpaco has emerged, targeting systems via RDP. https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

⚽ Italian football club Bologna FC says company data stolen during ransomware attack data breach – Bologna FC confirmed a ransomware attack by RansomHub, resulting in the theft of 200GB of sensitive data, including financial documents and player medical records, which may be leaked online. https://therecord.media/italian-football-club-blogna-fc-ransomware

📱 15 SpyLoan Android apps found on Google play had over 8 million installs malware – McAfee identified 15 SpyLoan apps on Google Play with over 8 million installs, exploiting users through deceptive tactics to collect sensitive data and leading to extortion and harassment. https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html


Some More, For the Curious

🤦‍♂️ Malicious NPM Package Exploits React Native Documentation Example security research – A malicious npm package mimicked official React Native documentation, tricking developers and highlighting vulnerabilities in supply chain security. Vigilance is essential to prevent such attacks. https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/

🗳️ Security Analysis of the MERGE Voting Protocol security research – The MERGE voting protocol, intended for internet voting, is criticized for its fundamental flaws and the impracticality of ensuring trustworthy elections without significant legal and administrative reforms. https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html

🎮 The Exploitation of Gaming Engines: A New Dimension in Cybercrime cybercrime – Cybercriminals exploit Godot Engine to distribute malware undetected, infecting over 17,000 machines. This new trend poses significant risks to developers and gamers alike. https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/

🚨 Malware campaign abused flawed Avast Anti security research – Threat actors exploited a vulnerable Avast Anti-Rootkit driver to gain kernel-level access, disable security tools, and compromise systems, highlighting the risks of flawed drivers in malware campaigns. https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

🛡️ Zyxel firewalls targeted in recent ransomware attacks vulnerability – Zyxel warns that a ransomware group is exploiting a patched command injection vulnerability in its firewalls, allowing attackers to execute OS commands if certain conditions are met. https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html

🔑 BitLocker Security: Are Your Keys Truly Safe? hacking write-up – BitLocker's security relies on the TPM, but its default configuration may expose vulnerabilities. Without additional authentication, attackers can sniff the TPM bus and access encryption keys, compromising data. https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/

🧑‍💻 The source code of Banshee Stealer leaked online malware – Banshee Stealer, a macOS malware for stealing sensitive data, has had its source code leaked on GitHub, leading to the shutdown of its operations by the developers. https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.html

📄 The Four Question Framework for Threat Modeling security research – Shostack + Associates has released a free whitepaper on the Four Question Framework for Threat Modeling, emphasizing the importance of consistent phrasing to maintain nuance and intent in security discussions. https://shostack.org/blog/four-question-frame/

⚠️ ProjectSend critical flaw actively exploited in the wild, experts warn vulnerability – A critical vulnerability in ProjectSend (CVE-2024-11680) is being actively exploited, allowing unauthorized access and webshell uploads. Many instances remain unpatched, raising significant security concerns. https://securityaffairs.com/171494/hacking/projectsend-critical-flaw-actively-exploited.html

🏇 Race Condition Attacks against LLMs security research – New attacks against LLMs include 'Flowbreaking,' which disrupts guardrails, and 'Second Thoughts,' where LLMs retract sensitive content if a user interrupts the response. These exploit vulnerabilities in the surrounding application architecture. https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html

🔒 Zabbix urges upgrades after SQL injection bug disclosure vulnerability – Zabbix warns of a critical SQL injection vulnerability (CVE-2024-42327) affecting multiple product versions, potentially allowing full system compromise. Users are urged to upgrade to the latest versions for protection. https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/

🐱 Code found online exploits LogoFAIL to install Bootkitty Linux backdoor malware – Malicious code exploiting the LogoFAIL vulnerability can hijack the boot process of certain Linux devices from manufacturers like Acer and HP, allowing installation of the Bootkitty backdoor without user interaction. https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/


CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2023-28461, a vulnerability in Array Networks, to its catalog due to active exploitation, underscoring the need for federal agencies to address known vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Тетрадка | Notebook

“Както водата, газта и електричеството идват отдалеч в нашето жилище с помощта на почти незабележимо движение на ръката, за да ни обслужат, така ще бъдем снабдявани с картини или с поредици от тонове, които ще се появяват с помощта на едно леко движение, почти знак, и също тъй ще ни напускат.”

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

⚠️ PSA: You shouldn't upload your medical images to AI chatbots privacy – Users are cautioned against uploading private medical images to AI chatbots like Grok, as it risks exposing sensitive data, which may be used to train models and shared without clear protections. https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/


News For All

🌟 These alternatives to popular apps can help reclaim your online life from billionaires and surveillance privacy – Explore privacy-focused alternatives to popular apps that empower you to control your data, avoiding surveillance and monetization by big tech companies. https://techcrunch.com/2024/11/24/these-alternatives-to-popular-apps-can-help-reclaim-your-online-life-from-billionaires-and-surveillance/

🕵️‍♀️ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? cybercrime – This article explores the underrepresented roles of women in Russian-speaking cybercrime, revealing their contributions, challenges, and evolving dynamics amid geopolitical tensions, highlighting both historical and contemporary insights. https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-creatures-or-significant-members-of-underground

🎶 Spotify abused to promote pirated software and game cheats cybercrime – Threat actors are exploiting Spotify playlists and podcasts to promote pirated software and game cheats, leveraging Spotify's SEO benefits to drive traffic to malicious sites. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/

🦠 Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden malware – A malvertising campaign on Facebook disguised as Bitwarden updates spreads malware through fake ads, tricking users into installing malicious Chrome extensions that exploit business accounts. https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/

⚠️ Really Simple Security plugin flaw impacts 4M+ WordPress sites vulnerability – A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin affects over 4 million WordPress sites, allowing attackers to bypass authentication and gain full admin access. A fix has been released. https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html

💻 Ransomware gang Akira leaks unprecedented number of victims’ data in one day cybercrime – The Akira ransomware gang leaked a record 35 victims' data in one day, showcasing their aggressive tactics. This marks a significant surge in their operations since emerging in 2023. https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

🚨 Alleged Russian Phobos ransomware administrator extradited to U.S., in custody cybercrime – Evgenii Ptitsyn, a Russian alleged Phobos ransomware administrator, has been extradited to the U.S. after extorting over $16 million from more than 1,000 victims worldwide, facing multiple charges. https://cyberscoop.com/alleged-russian-phobos-ransomware-administrator-extradited-to-u-s-in-custody/

🛒 Scammer Black Friday offers: Online shopping threats and dark web sales security news – Kaspersky's report highlights the surge in online shopping-related cyber threats, including phishing attacks, fake mobile apps, and banking trojans, emphasizing the risks during Black Friday and the role of the dark web in selling stolen data. https://securelist.com/black-friday-report-2024/114589/

🔒 Microsoft beefs up Windows security with new recovery and patching features security news – In response to the CrowdStrike outage, Microsoft announced enhancements to Windows security, including Quick Machine Recovery, kernel mode changes for antivirus, and Administrator Protection for user permissions, aimed at improving system resilience and recovery. https://techcrunch.com/2024/11/19/microsoft-beefs-up-windows-security/

⚖️ German court says victims of massive Facebook data breach can be compensated data breach – A German court ruled that victims of the 2021 Facebook data breach can claim €100 ($105) in compensation, acknowledging non-material damage due to loss of control over personal data, despite no financial loss evidence. https://therecord.media/german-court-says-victims-facebook-breach-compensation

🌍 Niantic uses Pokémon Go player data to build AI navigation system security news – Niantic is developing a 'Large Geospatial Model' for AI navigation, using visual scans from Pokémon Go and Scaniverse players, leveraging over 10 million scanned locations worldwide to enhance augmented reality applications. https://arstechnica.com/ai/2024/11/niantic-uses-pokemon-go-player-data-to-build-ai-navigation-system/

📍 Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany security news – A report reveals that a data broker is selling detailed location data of US military and intelligence personnel in Germany, raising national security concerns as this information can be exploited for espionage and other malicious activities. https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

📺 Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events security research – Threat actors exploit misconfigured JupyterLab and Jupyter Notebook servers to hijack environments for illegal sports streaming, using tools like ffmpeg to capture and redistribute broadcasts, posing significant risks to organizations. https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html

📱 Malicious QR Codes: How big of a problem is it, really? security news – Malicious QR codes exploit weaknesses in anti-spam filters, with around 60% of emails containing QR codes being spam. Security experts recommend caution when scanning QR codes, as they can lead to phishing or malware sites. https://blog.talosintelligence.com/malicious_qr_codes/

🚸 UK says a new law banning social media for under-16s is 'on the table' security news – The UK government is considering a ban on social media for under-16s to protect children's wellbeing, with a new study announced to assess social media's impact. The proposal aligns with the upcoming Online Safety Act aimed at enhancing online safety for children. https://therecord.media/britain-social-media-ban-children-proposal

🏥 750,000 Patients' Medical Records Exposed After Data Breach at French data breach – A cyber attack on a French hospital exposed the medical records of over 750,000 patients, with the hacker claiming access to data from multiple healthcare facilities. The breach was linked to stolen login credentials for the Mediboard system. https://www.tripwire.com/state-of-security/750000-patients-medical-records-exposed-after-data-breach-french-hospital

💰 DeliveryHero subsidiary fined \$5.2 million for tracking drivers’ geolocation privacy – Italy's data privacy regulator fined Foodinho S.r.l. €5 million ($5.2 million) for illegally tracking drivers' geolocation, including outside working hours, and sharing data with third parties without consent. The company is also prohibited from using biometric data for identity verification. https://therecord.media/deliveryhero-subsidiary-fined-5-million-geolocation-data

🐖 Meta cracks down on millions of accounts it tied to pig-butchering scams security news – Meta has removed millions of accounts linked to pig-butchering scams, a fraudulent scheme costing victims billions. The crackdown aims to protect users from organized crime. https://cyberscoop.com/meta-cracks-down-on-millions-of-accounts-it-tied-to-pig-butchering-scams/

🎉 Hackers break into Andrew Tate’s online ‘university,’ steal user data and flood chats with emojis data breach – Hackers accessed data of nearly 800,000 users from Andrew Tate's online course, leaking emails and private chats while disrupting chats. https://techcrunch.com/2024/11/21/hackers-break-into-andrew-tates-online-university-steal-user-data-and-flood-chats-with-emojis/


Some More, For the Curious

🔓 BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA security research – BrazenBamboo exploits a zero-day vulnerability in FortiClient to extract user VPN credentials using their DEEPDATA malware, highlighting the ongoing threat of credential theft. https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

🔒 What To Use Instead of PGP security research – The article argues against using PGP for secure communications, recommending better alternatives like Sigstore, SSH signatures, Magic Wormhole, and Signal for various use cases, emphasizing modern tools over outdated methods. https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

🛡️ Inside the Threat: A Behind-the-Scenes Look at Stopping an Active Intrusion cyber defense – This article details a proactive investigation into an active intrusion, showcasing how early detection, vigilant employees, and layered security measures thwarted a potentially devastating ransomware attack. https://sec-consult.com/blog/detail/inside-the-threat-a-behind-the-scenes-look-at-stopping-an-active-intrusion/

📝 Azure Detection Engineering: Log idiosyncrasies you should know about cyber defense – This article discusses various inconsistencies and intricacies in Azure logs, including schema, IP addresses, user-agent fields, and UUID formatting, offering insights for better monitoring and detection in Azure environments. https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about

🔍 CVE-2024-10524 Wget Zero Day Vulnerability vulnerability – A zero-day vulnerability (CVE-2024-10524) in Wget allows attackers to exploit shorthand HTTP URLs, potentially leading to phishing, SSRF, and MiTM attacks. A patch has been released in version 1.25.0. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/

⚠️ Critical 9.8-rated VMware vCenter RCE bug under exploit security news – Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been confirmed exploited in the wild, including a critical RCE flaw rated 9.8. Urgent fixes are required. https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/

🎈 Microsoft announces its own Black Hat-like hacking event with big rewards for AI security security news – Microsoft is launching Zero Day Quest, a major hacking event aimed at discovering cloud and AI security flaws, offering $4 million in rewards. The event emphasizes collaboration with security researchers and aims to enhance industry-wide security practices. https://www.theverge.com/2024/11/19/24299999/microsoft-zero-day-quest-hacking-event-ai-cloud-security

🩶 Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock privacy – Leaked documents reveal that Graykey, a law enforcement tool for unlocking phones, can only access partial data from modern iPhones running iOS 18 and iOS 18.0.1, highlighting the ongoing battle between forensics tools and phone security. https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

🛠️ Botnet serving as ‘backbone’ of malicious proxy network taken offline security research – The ngioweb botnet, a key player in malicious proxy services, has been dismantled by security experts. This botnet, primarily composed of compromised IoT devices and routers, facilitated various cybercrimes, including DDoS attacks and credential stuffing. https://cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/

🔒 Fintech giant Finastra confirms it's investigating a data breach data breach – Finastra is investigating a data breach involving its internal Secure File Transfer Platform after a hacker claimed to sell 400GB of stolen data from the company’s banking clients. Initial evidence suggests compromised credentials. https://techcrunch.com/2024/11/20/fintech-giant-finastra-confirms-its-investigating-a-data-breach/

🖇️ D-Link says replace vulnerable routers or risk pwnage vulnerability – D-Link has advised users of older VPN router models to replace them due to a serious unauthenticated remote code execution vulnerability. The company will not issue patches for affected devices, which have reached end of life, and is offering a discount on a new model. https://www.theregister.com/2024/11/20/dlink_rip_replace_router/

🔒 A new ‘ultra-secure’ phone carrier says it can make you harder to track security news – Cape, a new privacy-focused phone carrier, aims to protect users' data by minimizing personal information collection and offering a pre-configured Android phone with enhanced security features, targeting high-risk individuals. https://www.theverge.com/2024/11/21/24302416/cape-ultra-secure-phone-data-collection-tracking

🎛️ Finding Access Control Vulnerabilities with Autorize cyber defense – This article discusses how to identify access control vulnerabilities using Autorize, focusing on vertical and horizontal access control issues in web applications, and highlights the importance of proper session management and user permissions. https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/

🏘️ Spies hack Wi-Fi networks in far-off land to launch attack on target next door security research – Russian hackers linked to Fancy Bear executed a 'Nearest Neighbor Attack' by compromising a nearby Wi-Fi-enabled device to access a high-value target's network, exploiting credential weaknesses without needing physical proximity. https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/

😱 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years vulnerability – Five critical vulnerabilities in the needrestart utility allow local attackers to gain root access, posing severe risks to system security. Immediate updates are urged. https://www.theregister.com/2024/11/21/qualys_needrestart_linux_vulnerabilities/


CISA Corner

🔍 Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization security research – CISA conducted a red team assessment revealing critical vulnerabilities in a US critical infrastructure organization, highlighting issues with insufficient technical controls, lack of staff training, and ineffective monitoring that allowed attackers to exploit systems. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including command injection and authentication bypass flaws in Kemp LoadMaster and Palo Alto Networks PAN-OS, urging users to review related security bulletins. https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, related to VMware vCenter Server, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including code execution and XSS vulnerabilities in Apple products and an incorrect authorization flaw in Oracle PLM, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases One Industrial Control Systems Advisory vulnerability – CISA issued an advisory (ICSA-24-324-01) on November 19, 2024, regarding vulnerabilities in Mitsubishi Electric's MELSEC iQ-F Series. Users are urged to review the advisory for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/11/19/cisa-releases-one-industrial-control-systems-advisory ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has released seven advisories on November 21, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems, including products from Automated Logic and Schneider Electric. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories

🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released security updates to fix vulnerabilities in various products, warning that cyber threat actors could exploit these flaws to gain control of affected systems. Users are urged to apply the updates. https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Kevin Neely's Security Notes

I finally decided to move my #NextCloud instance from one that I had been operating on the #Vultr hosting service to my #HomeLab.

A note on Vultr: I am impressed with this service. I have used them for multiple projects and paid with various means, from credit card to #cryptocurrency for about 10 years and I cannot even remember a downtime that impacted me. (In fact, I think there was only one real downtime, which was planned, well-communicated, and didn’t impact me because my setup was fairly resilient). With a growing volume of data, and sufficient spare hardware that wasn’t doing anything, I decided to bring it in-house.

This is not going to be a full guide, as there are plenty of those, but I did run into some hurdles that may be common, especially if a pre-built Nextcloud instance was used. So this is meant to provide some color and augment the official and popular documentation.

Getting started

Plan out the migration

Migration Overview

Essentially, there are three high-level steps to this process 1. Build a new Nextcloud server in the homelab 2. Copy the configuration (1 file), database (1 backup file), apps (install apps), and data (all user files) over to the new system 3. Restore all the copied data to the new instance

Preparing to Migrate

  1. Start with the NextCloud official documentation for migrating to a different server as well as:
    1. Backing up Nextcloud
    2. and the restoring a server doc
  2. Check out Nicholas Henkey’s migrate Nextcloud to a new server blog post. This is very thorough and has some great detail if you’re not super familiar with Nextcloud (because you used a pre-built instance)
  3. For the new build:
    1. A full set of installation instructions, placing [Nextcloud behind an Nginx proxy](https://github.com/jameskimmel/Nextcloud_Ubuntu/blob/main/nextcloud_behind_NGINX_proxy.md.
    2. An older install document for Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache

Migration

While the official documentation describes the basics, the following is the steps I recommend following. This is at a medium level, providing the details, but not the specific command-line arguments (mostly).

  1. Build the new server
    1. Use your favorite flavor of Linux (I used Debian, and these notes will reflect that)
      1. install all updates,
      2. install fail2ban or similar security if you’re exposing this to the Internet.
      3. name the new system the same as the outgoing server
    2. Download the Nextcloud install from the nextcloud download site and choose either:
      1. update the current system to the latest version of whatever major version your running, and then download latest-XX.tar.bz2 where ‘XX’ is your version
      2. identify your exact version and download it from nextcloud
    3. Install the dependencies (mariaDB, redis, php, apache, etc. etc.)
      1. note: if the source server is running nginx, I recommend sticking with that for simplicity, keeping in mind that only Apache is officially supported
    4. Unpack Nextcloud
    5. Validate that it’s working
    6. Place it into maintenance mode
  2. Backup the data

    1. If using multi-factor authentication, find your recovery codes or create new ones
    2. Place the server into maintenance mode
    3. Backup the database
    4. copy the database backup to a temporary location on the new server
  3. Restore the data

    1. Restore the database
    2. copy /path/to/nextcloud/config/config.php over the existing config.php
    3. rsync the data/ directory to the new server
      1. you can remove old logs in the data directory
      2. you may need to use an intermediary step, like a USB drive. It’s best if this is ext4 formatted so you can retain attributes
      3. the rsync options should include -Aaxr you may want -v and/or --progress to get a better feel for what’s going on
      4. if rsync-ing over ssh, the switch is -e ssh
    4. If you have installed any additional apps for your Nextcloud environment, rsync the apps/ directory in the same way as the data dir above
    5. Validate the permissions in your nextcloud, data, and apps directories. Fix as necessary, see the info Nicholas Henkey’s post (linked above) for commands
    6. Redirect your A or CNAME record to the new system
    7. Configure SSL on the new system
    8. Turn off maintenance mode
    9. Log in and test! :fingers-crossed:

Troubleshooting

Hopefully everything is working. Make sure to check the logs if something is broken.

log locations – the nextcloud.log in the data/ directory – the apache logs in /var/log/apache2 – the redis logs in /var/log/redis – the system logs, accessible with journalctl

Reiterating: Remember or check for these items

These are the specific notes I took as I ran into problems that I had to work around or solve. These are incorporated in the above, so this is basically a restatement of the gotchas I ran into:

  • upgrade the current one to the latest version of the current release (i.e. the latest of the major version you are on, so if you were running 29.0.3, get to 29.0.9)
    • this makes it easier when you download <version>-latest.tar.bz2
    • If you’d prefer to skip that, use the nextcloud download site with all available versions. Make sure to grab the same one and compare the specific version as listed in config.php. Example: 'version' => '29.0.9.2',
  • use the same name on the new server
  • use the same web server. Apache is officially supported, but if you’re using nginx, it will be easier to stay on that.
  • Most multi-factor authentication, like WebAuthN, FIDO hardware keys, etc. will not work over HTTP in the clear.
    • IOW: make sure you have recovery codes
  • If the apps aren’t copied over, the new server sees them as installed rather than installable. I suppose one could “delete” or remove them in the admin GUI and then reinstall, but otherwise, there was no button to force a reinstall.
  • Files and data you need to copy over after creating the install. Do each of these separately, rather
    • if you have any additional apps, copy the apps/ directory over
    • copy config.php
    • copy the data/ directory
  • Is your current install using Redis-based transactional file locking?
    • If the previous system was using Redis and it is still in the configuration, the new system will not be able to obtain file-locking and essentially all users will be read-only and not able to modify or create new files.
    • In config.php, you will see settings such as 'redis' and 'memcache.locking' => '\\OC\\Memcache\\Redis',
    • make sure Redis is installed on the new system and running on the same port (or change the port in config.php)
    • Install the necessary software: apt install redis-server php-redis php-apcu
    • Ensure that the Redis and APCu settings in config.php are according to the documented single-server settings

The Memcache settings should look something like the following configuration snippet. Alternatively, you could enable and use the process socket.


'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host' => 'localhost',
     'port' => 6379,
],
 
Read more...

from Not Simon 🐐

Country: Democratic People's Republic of Korea (DPRK) Objective: Corporate Espionage, Financial Gain (Page Last Updated: November 23, 2024) Organizations:

  • 313 General Bureau of the Munitions Industry Department (MID)
  • The Ministry of Atomic Energy Industry
  • Ministry of Defense
  • Korea People's Army
  • DPRK Education Commission's Foreign Trade Office
  • Pyongyang Information Technology Bureau of the Central Committee's Science and Education Department
  • Pyongyang University of Automation (training)
  • Technical Reconnaissance Bureau
    • subordinate cyber unit: 110th Research Center
  • Chinyong Information Technology Cooperation Company (Chinyong)

Companies employing DPRK IT workers:

  • Yanbian Silverstar Network Technology Co. Ltd.
  • Volasys Silver Star

Identified individuals assisting DPRK IT workers:

  • Minh Phuong Vong
  • Matthew Isaac Knoot
  • Christina Marie Chapman
  • Oleksandr Didenko
  • Sim Hyon Sop (Sim)

Groups or Aliases:

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

Unknown Date

2024

2023

2022

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Kevin Neely's Security Notes

Nextcloud administration notes

These instructions and administrative notes were written for the pre-built Nextcloud provided by hosting provider Vultr. As a way to de- #Google my life and take back a bit of #privacy, I have been using a Vultr-hosted instance for a couple years now and it has run quite well. These notes are really aimed at the small instance for personal use. Please don’t use my notes if you’re responsible for an enterprise server!

Upgrading Nextcloud

#Nextcloud, with all it's PHP-based functionality, can become temperamental if not upgraded appropriately.  These are my notes to remind me how to now completely break things. When upgrading, the first pass will usually bring you to the most up-to-date version of Nextcloud in your major release, e.g. an instance running 27.1.4 would be brought up to 27.1.11. Running the script again would bring the instance to 28.0.x.

To update a Nextcloud server running on the #Vultr service to the latest version, you need to follow the steps below:

  1. Backup your Nextcloud data: Before starting any update process, it's always a good idea to create a backup of your Nextcloud data. This will ensure that you can restore your data in case of any unexpected issues during the update process.
    1. Shutdown the OS with shutdown -h now
    2. Power down the instance in Vultr
    3. Create a snapshot
    4. Wait
    5. Wait some more – depending on how much data is hosted on the system
    6. Power it back up
  2. SSH into the Vultr server: To update the Nextcloud server, you need to access the server using SSH. You can use an SSH client such as PuTTY to connect to the Vultr server.
  3. Switch to the Nextcloud user: Once you are logged in, switch to the Nextcloud user using the following command: sudo su -s /bin/bash www-data.
  4. Navigate to the Nextcloud directory: Navigate to the Nextcloud directory using the following command: cd/var/www/html  (could be /var/www/nextcloud or other.  Check what's in use)
  5. Stop the Nextcloud service: To avoid any conflicts during the update process, stop the Nextcloud service using the following command (as www-data): php occ maintenance:mode --on 
  6. Update the Nextcloud server: To update the Nextcloud server, you need to run the following command(as www-data): php updater/updater.phar. This will start the update process and download the latest version of Nextcloud.
  7. Update the OS, as needed, with apt upgrade
  8. Start the Nextcloud service: Once the update is complete and verified, you can start the Nextcloud service using the following command: sudo -u www-data php occ maintenance:mode --off.
  9. Verify the update: After the update process is complete, you can verify the update by accessing the Nextcloud login page. You should see the latest version of Nextcloud listed on the login page.
  10. Assuming all is running smoothly, the snapshot that was created in step 1 can be safely deleted. Otherwise, they accrue charges on the order of pennies / gigabyte / day.

Some other notes

Remove files in the trash

When a user deletes files, it can take a long time from them to actually disappear from the server.

root@cloud:/var/www/html# sudo -u www-data php -f /var/www/html/cron.php root@cloud:/var/www/html# sudo -u www-data php occ config:app:delete files_trashbin background_job_expire_trash

Set files to expire

root@cloud:/var/www/html# sudo -u www-data php occ config:app:set —value=yes iles_trashbin background_job_expire_trash

 
Read more...