The post Security Alert: Oracle Releases Critical Patch Update, October 2020 appeared first on Malware Devil.
Some or even your entire workforce might now be dispersed but their access to company networks still needs to be protected. Here we look at why a second factor of authentication is recommended to protect remote access. RDP Connections The Microsoft Remote Desktop Protocol (also known as RDP) is used to allow remote desktop to … Continued
The post Multi Factor Authentication for Remote Desktop Gateway and RDP Connections appeared first on Enterprise Network Security Blog from IS Decisions.
The post Multi Factor Authentication for Remote Desktop Gateway and RDP Connections appeared first on Security Boulevard.
The post Multi Factor Authentication for Remote Desktop Gateway and RDP Connections appeared first on Malware Devil.
In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola.
The history of this ransomware began in the first half of 2019, and back then it didn’t have any distinct branding – the ransom note included the title “0010 System Failure 0010”, and it was referenced by researchers simply as ‘ChaCha ransomware’.
Ransom note of an early version of Maze/ChaCha ransomware
Shortly afterwards, new versions of this Trojan started calling themselves Maze and using a relevantly named website for the victims instead of the generic email address shown in the screenshot above.
Website used by a recent version of Maze ransomware
The distribution tactic of the Maze ransomware initially involved infections via exploit kits (namely, Fallout EK and Spelevo EK), as well as via spam with malicious attachments. Below is an example of one of these malicious spam messages containing an MS Word document with a macro that’s intended to download the Maze ransomware payload.
If the recipient opens the attached document, they will be prompted to enable editing mode and then enable the content. If they fall for it, the malicious macro contained inside the document will execute, which in turn will result in the victim’s PC being infected with Maze ransomware.
In addition to these typical infection vectors, the threat actors behind Maze ransomware started targeting corporations and municipal organizations in order to maximize the amount of money extorted.
The initial compromise mechanism and subsequent tactics vary. Some incidents involved spear-phishing campaigns that installed Cobalt Strike RAT, while in other cases the network breach was the result of exploiting a vulnerable internet-facing service (e.g. Citrix ADC/Netscaler or Pulse Secure VPN). Weak RDP credentials on machines accessible from the internet also pose a threat as the operators of Maze may use this flaw as well.
Privilege escalation, reconnaissance and lateral movement tactics also tend to differ from case to case. During these stages, the use of the following tools has been observed: mimikatz, procdump, Cobalt Strike, Advanced IP Scanner, Bloodhound, PowerSploit, and others.
During these intermediate stages, the threat actors attempt to identify valuable data stored on the servers and workstations in the compromised network. They will then exfiltrate the victim’s confidential files in order to leverage them when negotiating the size of the ransom.
At the final stage of the intrusion, the malicious operators will install the Maze ransomware executable onto all the machines they can access. This results in the encryption of the victim’s valuable data and finalizes the attack.
Maze ransomware was one of the first ransomware families that threatened to leak the victims’ confidential data if they refused to cooperate.
In fact, this made Maze something of a trendsetter because this approach turned out to be so lucrative for the criminals that it’s now become standard for several notorious ransomware gangs, including REvil/Sodinokibi, DoppelPaymer, JSWorm/Nemty/Nefilim, RagnarLocker, and Snatch.
The authors of the Maze ransomware maintain a website where they list their recent victims and publish a partial or a full dump of the documents they have managed to exfiltrate following a network compromise.
Website with leaked data published by Maze operators
In June 2020, the criminals behind Maze teamed up with two other threat actor groups, LockBit and RagnarLocker, essentially forming a ‘ransomware cartel’. The data stolen by these groups now gets published on the blog maintained by the Maze operators.
It wasn’t just the hosting of exfiltrated documents where the criminals pooled their efforts – apparently they are also sharing their expertise. Maze now uses execution techniques that were previously only used by RagnarLocker.
The Maze ransomware is typically distributed as a PE binary (EXE or DLL depending on the specific scenario) which is developed in C/C++ and obfuscated by a custom protector. It employs various tricks to hinder static analysis, including dynamic API function imports, control flow obfuscation using conditional jumps, replacing RET with JMP dword ptr [esp-4], replacing CALL with PUSH + JMP, and several other techniques.
To counter dynamic analysis, this Trojan will also terminate processes typically used by researchers, e.g. procmon, procexp, ida, x32dbg, etc.
The cryptographic scheme used by Maze consists of several levels:
This scheme is a variation of a more or less typical approach used by developers of modern ransomware. It allows the operators to keep their master private RSA key secret when selling decryptors for each individual victim, and it also ensures that a decryptor purchased by one victim won’t help others.
When executing on a machine, Maze ransomware will also attempt to determine what kind of PC it has infected. It tries to distinguish between different types of system (‘backup server’, ‘domain controller’, ‘standalone server’, etc.). Using this information in the ransom note, the Trojan aims to further scare the victims into thinking that the criminals know everything about the affected network.
Strings that Maze uses to generate the ransom note
Fragment of the procedure that generates the ransom note
Ransomware is evolving day by day, meaning a reactive approach to avoid and prevent infection is not profitable. The best defense against ransomware is proactive prevention because often it is too late to recover data once they have been encrypted.
There are a number of recommendations that may help prevent attacks like these:
Kaspersky products protect against this ransomware, detecting it as Trojan-Ransom.Win32.Maze; it is blocked by Behavior-based Protection as PDM:Trojan.Win32.Generic.
We safeguard our customers with the best Ransomware Protection technologies.
TIP Cloud Sandbox report summary and execution map with mapping on MITRE ATT&CK Framework
2332f770b014f21bcc63c7bee50d543a
CE3A5898E2B2933FD5216B27FCEACAD0
54C9A5FC6149007E9B727FCCCDAFBBD4
8AFC9F287EF0F3495B259E497B30F39E
The post Life of Maze ransomware appeared first on Malware Devil.
This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application (running on flask) that provides output similar to that of Watson. However, by using PatchChecker, one is not required to execute a binary on the target machine. Included in this project is also a web scraper that will automatically update the database for PatchChecker using information present on Microsoft sites, this allows for a more scalable and easier to use solution to the problem of finding CVEs to which a Windows system is (or is not) patched against. Additionally, any other CVEs can be added to the data collector input and checked for as long as they have an entry on https://portal.msrc.microsoft.com. You can also use this to get the data to update Watson.
Further information about this project can be found here or here (github.io mirror).
To use the patchchecker, you can either go to the publicly hosted website here at patchchecker.com or you can git clone this repo, install the required libraries, makes sure patches.db is in the same directory as app.py, and then start the application with python3 ./app.py. Once the application is started you can open the included “index.html” file in a browser to actually use the service and get the list of patches to which the system being tested is vulnerable.
Additional information can be found here.
Alternatively, you can use a curl command and do something like this: Request:
note: you can use any delimiter you wish, I’m using spaces here:
curl 'https://patchchecker.com/checkprivs/' --data-raw 'wmicinfo=KB1231411 KB1231441 KB1234141&build_num=17763'
Response:
note: used some fake KBs so it’s showing vuln to everything, i.e. I have nothing installed
note: output is trunctated
{
"total_vuln": 9,
"kbs_parsed": [
"KB1231411",
"KB1231441",
"KB1234141"
],
"total_kbs_parsed": 3,
"build": "17763",
"results": [
{
"refs": [
"https://exploit-db.com/exploits/46718",
"https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/"
],
"name": "CVE-2019-0836",
"vulnerable": true
}
]
}
To run the code in this repo yourself don’t forget to run: python3 -m pip install -r requirements.txt and run with python3. For reference, I used python 3.7.3.
The patchdata_collector.py the script is the pyppeteer scraper that iterates through several Microsoft sites to get the desired data for the cves specified in the --cve-list arg file. For an example of the expected format see the cves.txt file within the samples directory. Basically it’s a line-separated file with each line containing the following CVE-XXXX-XXXX|https://website.com/resource-pertaining-to-CVE,http://second_resource.comyou get the idea. An example of the resulting output can be found in the patches.db file included.
The code isn’t perfect but it gets the data and works for the time being. As reference, with 9 CVEs, it should take about 11 minutes to complete, YMMV.
usage: patchdata_collector.py [-h] --cve-list CVE_LIST [--db DB] [--new-db] [-v]
[-vv] [--no-headless] [--json JSON]
optional arguments:
-h, --help show this help message and exit
--cve-list CVE_LIST line and pipe separated list containing CVEs and
related-URLs with information example: CVE-2020-1048|https://github.com/ionescu007/faxhell,https://github.com/ionescu007/PrintDemon
--db DB sqlite database filename
--new-db erases old database (if exists)
-v set output to debug (verbose)
-vv set output to annoying
--no-headless run browser with headless mode disabled
--json JSON json format output, argument should be json filename
Running time ./patchdata_collector.py --cve-list cves.txt --db antest.db --new-db yields the following output:
2020-06-05 20:38:49.292 | INFO | __main__:main:181 - Loaded 10 CVEs
2020-06-05 20:38:49.430 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-0836
2020-06-05 20:40:27.183 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1064
2020-06-05 20:41:07.158 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-0841
2020-06-05 20:41:31.675 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1130
2020-06-05 20:42:58.527 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1253
2020-06-05 20:43:25.069 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1315
2020-06-05 20:44:57.974 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1385
2020-06-05 20:45:22.026 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1388
2020-06-05 20:46:48.407 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2019-1405
2020-06-05 20:48:07.026 | INFO | __main__:parsekb:33 - Parsing KBs for: CVE-2020-1048
finished
real 11m27.793s
user 1m21.632s
sys 0m14.559sThe post PatchChecker – Web-based check for Windows privesc vulnerabilities appeared first on Hakin9 – IT Security Magazine.
The post PatchChecker – Web-based check for Windows privesc vulnerabilities appeared first on Malware Devil.
On the 20th of October 2020, VMware released a security advisory for a vulnerability affecting ESXi OpenSLP, identified as CVE-2020-3992. OpenSLP as used in VMware ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the *critical severity range with a maximum CVSSv3 base score of 9.8 out of 10.
Read More
The post VMware ESXi OpenSLP – Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-051) appeared first on Malware Devil.
It’s often said that humans are the weakest link in cybersecurity. Indeed, I’d have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer that is unused has no purpose. It behooves security practitioners to get smarter about how […]… Read More
The post More Effective Security Awareness: 3 Tips for NCSAM appeared first on The State of Security.
The post More Effective Security Awareness: 3 Tips for NCSAM appeared first on Security Boulevard.
The post More Effective Security Awareness: 3 Tips for NCSAM appeared first on Malware Devil.
The proliferation of IoT devices, particularly in the workplace, has left businesses with a new set of security challenges to deal with. For any company considering investing in IoT devices, it is important to understand the nature of these challenges and how to address them. One of the biggest challenges to enterprise IoT adoption is..
The post How To Tackle the 5 Biggest Enterprise IoT Security Challenges appeared first on Security Boulevard.
The post How To Tackle the 5 Biggest Enterprise IoT Security Challenges appeared first on Malware Devil.
In my 20+ years working for and with telecommunication providers around the world, I’ve witnessed firsthand how the industry has evolved to offer continuously improved services to a wide audience of consumers. One of the most amazing things about this industry is that it provides essential connectivity service to every segment of society – from…
The post Is Telco Cybersecurity the New Competitive Edge for Service Providers? appeared first on Allot Blog.
The post Is Telco Cybersecurity the New Competitive Edge for Service Providers? appeared first on Security Boulevard.
The post Is Telco Cybersecurity the New Competitive Edge for Service Providers? appeared first on Malware Devil.
The House Permanent Select Committee on Intelligence held a virtual hearing on the topic of Misinformation and Conspiracy Theories with an august panel of specialists well-steeped in how disinformation and misinformation are created, amplified and consumed. The hearing underscored misinformation and conspiracy as both domestic and international issues with respect to the United States. The..
The post HPSCI Takes Misinformation, Conspiracy Theories Hearing Online appeared first on Security Boulevard.
The post HPSCI Takes Misinformation, Conspiracy Theories Hearing Online appeared first on Malware Devil.
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!
The post DEF CON 28 Safe Mode AppSec Village – Chloe Messdaghi’s ‘The Elephant In The Room: Burnout’ appeared first on Security Boulevard.
The post DEF CON 28 Safe Mode AppSec Village – Chloe Messdaghi’s ‘The Elephant In The Room: Burnout’ appeared first on Malware Devil.
JPCERT-AT-2020-0040
JPCERT/CC
2020-10-21
On October 20, 2020 (local time), Oracle released critical patch updates for multiple Oracle products.
Oracle Critical Patch Update Advisory – October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
A remote attacker may perform unauthorized operations or unauthorized deletion or falsification of sensitive information. Users of the affected products are recommended to update to the latest version appropriately.
Products affected by these vulnerabilities include:
– Java SE JDK/JRE 15
– Java SE JDK/JRE 11.0.8
– Java SE JDK/JRE 8u261
– Java SE JDK/JRE 7u271
– Java SE Embedded 8u261
– Oracle Database Server 19c
– Oracle Database Server 18c
– Oracle Database Server 12.2.0.1
– Oracle Database Server 12.1.0.2
– Oracle Database Server 11.2.0.4
– Oracle WebLogic Server 14.1.1.0.0
– Oracle WebLogic Server 12.2.1.4.0
– Oracle WebLogic Server 12.2.1.3.0
– Oracle WebLogic Server 12.1.3.0.0
– Oracle WebLogic Server 10.3.6.0.0
However, since there are many other versions and products affected by these vulnerabilities, please refer to the information provided by Oracle for more details.
In addition, there are cases where Java JRE is pre-installed on the PC or WebLogic is used in software products for servers. Please check if any of the affected products is included in the PCs or servers that you use.
Oracle Corporation
Oracle Java SE Support Roadmap
https://www.oracle.com/technetwork/java/eol-135779.html
Oracle has released updates for each product.For Java SE, Oracle Database and WebLogic, the following versions have been released:
– Java SE JDK/JRE 15.0.1
– Java SE JDK/JRE 11.0.9
– Java SE JDK/JRE 8u271
– Java SE JDK/JRE 7u281
– Java SE Embedded 8u271
– Oracle Database Server *
– Oracle WebLogic Server *
* Details of the updated versions are not available as of October 21.Please check with Oracle, etc. for the latest information.
Some applications that use affected products may not run properly after updating the software to the latest version. Please update to the latest version after considering any possible impacts to applications that you may use.
Java SE Downloads
https://www.oracle.com/technetwork/java/javase/downloads/index.html
Free Java Download
https://java.com/en/download/
Users of 64-bit Windows may have 32-bit and/or 64-bit versions of JDK/JRE installed. Please check the versions installed on your system and apply the appropriate updates.
Users can check the version of Java that they are using at the page below. If both 32-bit and 64-bit versions of Java are installed,please check the versions installed, using a 32-bit and 64-bit browser respectively. (In environments where Java is not installed, there may be a request to install Java. If you do not require Java, please do not install.)
Verify Java and Find Out-of-Date Versions
https://www.java.com/en/download/installed.jsp
Oracle Corporation
Oracle Critical Patch Update Advisory – October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Corporation
Listing of Java Development Kit 15 Release Notes
https://www.oracle.com/java/technologies/javase/15u-relnotes.html
Oracle Corporation
Listing of Java Development Kit 11 Release Notes
https://www.oracle.com/java/technologies/javase/11u-relnotes.html
Oracle Corporation
Java Development Kit 8 Update Release Notes
https://www.oracle.com/java/technologies/javase/8u-relnotes.html
Oracle Corporation
Java SE 7 Advanced and Java SE 7 Support (formerly known as Java for Business 7) Release Notes
https://www.oracle.com/java/technologies/javase/7-support-relnotes.html
Oracle Corporation
Oracle Java SE Embedded 8 Release Notes
https://www.oracle.com/java/technologies/javase/embedded8-relnotes.html
Oracle Corporation
October 2020 Critical Patch Update Released
https://blogs.oracle.com/security/october-2020-critical-patch-update-released
Oracle Corporation
Oracle Java SE Support Roadmap
https://www.oracle.com/technetwork/java/eol-135779.html
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
The post Security Alert: Oracle Releases Critical Patch Update, October 2020 appeared first on Malware Devil.
A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
The post Network Security News Summary for Wednesday October 21 2020 appeared first on Malware Devil.
A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
The post Network Security News Summary for Wednesday October 21 2020 appeared first on Malware Devil.
For the past several months, I’ve been tracking a campaign that sends rather odd-looking emails like this
The sender (from) address on these emails is usually impersonating an existing shipping or logistics company. The ships mentioned in the emails actually exist, and according to marinetraffic.com, the vessels are in fact traveling in the area and with cargo that makes the content of such harbor berthing reservation and cargo manifest emails seem plausible.
Between two to five emails of this style arrive in one of my spam traps every weekday. The scammers don’t work on the weekends, and sometimes, they take a full week off. But they inevitably come back, and try again. Most emails are received between 2am and 4am UTC, which – assuming the mails are sent during the local morning – could suggest that the sender is sitting somewhere between Bangkok and Shanghai. The sending email servers are everywhere, but show some clustering in Malaysia.
The emails themselves display a casual familiarity with marine jargon, tonnages, draft, cargo types, DWT, routing, ETAs and marine radio procedures. They would be mildly entertaining to read, before getting filed in the spam folder … if it weren’t for the attachment.
Sized between 500k and 1.5m, the attachment type of choice by the bad guys for the past several months has been a “.cab”. Virustotal detection for the samples varies, and ranges from “none” at time of receipt, to 50+ engines a couple days later.
Two recent samples from this campaign
https://www.virustotal.com/gui/file/ba81b061a2dd678c1035ab99f70e36ce23446fa7f59a449722eac51dcb856d88/detection
https://www.virustotal.com/gui/file/40f23fd166724fa53a78234c4cdef2a8f95c2fc1e52bcd7b381efaa23cea6bc1/detection
The malware in question happens to be Agent Tesla spyware. Since April, my sandbox collected several hundred distinct Agent Tesla samples from this actor. Agent Tesla exfiltrates stolen data via HTTPS, and more commonly, over email (SMTPS, tcp/587). While the former (HTTPS) destinations tend to be rather random, the latter (email) destinations are often hosted on email domains that also belong to shipping companies. This indicates to me that the campaign is likely successful to some extent, and over the months in fact has managed to steal valid email credentials (and probably more than that) from firms in the shipping and logistics sector.
Indicators for the emails:
– look for emails with *.cab attachment, with the email subject in all-uppercase
Indicators post-compromise:
– look for outbound attempts to tcp/587 destined for email servers other than your own
Current tcp/587 C&C domains used are mail.trinityealtd[.]com and smtp.hyshippingcn[.]com, but these destinations are changing daily.
The campaign has a lot of commonalities with what BitDefender reported in April for the Oil&Gas industry https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/.
If you have additional information on this campaign, please let us know, or share in the comments below.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The post Shipping dangerous goods, (Wed, Oct 21st) appeared first on Malware Devil.
The post Eliminating the Threat of Look-alike Domains appeared first on Security Boulevard.
The post Eliminating the Threat of Look-alike Domains appeared first on Malware Devil.
Danny Akacki discusses how do we, as a NDR product company with an emphasis on user outreach and education, continue not only to keep our product effective for distributed workforce’s but also continue to beat the drum on education and knowledge share? It’s not easy but we’ve come up with a few ways both to stay connected to our clients and help them keep an eye on their wires. This segment is sponsored by GigaMon. This segment is sponsored by GigaMon. This segment is sponsored by GigaMon. Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn75
The post Trickbot Rises, GRU Hackers Indicted, & Danny Akacki – SWN #75 appeared first on Malware Devil.
Danny Akacki discusses how do we, as a NDR product company with an emphasis on user outreach and education, continue not only to keep our product effective for distributed workforce’s but also continue to beat the drum on education and knowledge share? It’s not easy but we’ve come up with a few ways both to stay connected to our clients and help them keep an eye on their wires. This segment is sponsored by GigaMon. This segment is sponsored by GigaMon. This segment is sponsored by GigaMon. Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn75
The post Trickbot Rises, GRU Hackers Indicted, & Danny Akacki – SWN #75 appeared first on Malware Devil.
O boom do acesso remoto trouxe muitas mudanças repentinas, e com elas, as empresas tiveram que se adaptar rapidamente. Com isso, muitas brechas acabam ficando para trás, abrindo espaço para vulnerabilidades e ataques cibernéticos. E com isso, a dúvida: devo …
The post Processo, Controle, Comunicação ou DigitalOps: como manter sua empresa segura e em conformidade appeared first on ManageEngine Blog.
The post Processo, Controle, Comunicação ou DigitalOps: como manter sua empresa segura e em conformidade appeared first on Security Boulevard.
The post Processo, Controle, Comunicação ou DigitalOps: como manter sua empresa segura e em conformidade appeared first on Malware Devil.
Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.
Read More
The post Ransomware Group Makes Splashy $20K Donation to Charities appeared first on Malware Devil.
Earthling Security and Respond Software are excited to announce a new partnership that will enable Respond Software to be FedRAMP certified and sold through Earthling Security to help government agencies automate their cybersecurity monitoring and…
The post Respond Software Embarks on FedRAMP Journey to Drive SOC Automation for Government Agencies, Names Earthling Security 3PAO and MSSP appeared first on Respond Software.
The post Respond Software Embarks on FedRAMP Journey to Drive SOC Automation for Government Agencies, Names Earthling Security 3PAO and MSSP appeared first on Security Boulevard.
The post Respond Software Embarks on FedRAMP Journey to Drive SOC Automation for Government Agencies, Names Earthling Security 3PAO and MSSP appeared first on Malware Devil.
In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...
