March 30, 2016

Cyber criminals use Microsoft PowerShell in ransomware attacks

Traditional ransomware variants typically install malicious files on the system which, in some instances, can be easier to detect. Although the code is simple, PowerWare is a novel approach to ransomware, the researchers said, reflecting a growing trend of malware authors thinking outside the box in delivering ransomware. Carbon Black researchers found that PowerWare is delivered through a macro-enabled Microsoft Word document that launches two instances of PowerShell. One instance downloads the ransomware script and the other takes the script as input to run the malicious code to encrypt files on the target system and demand payment for releasing them.


Train your IT team for endurance

Work is the ultimate endurance event. While a triathlete might compete in a 5- to 12-hour event, the average career is measured in decades. Consider your IT organization for a moment. If it's like the majority, it's been conditioned around sprinting. A firefight or development sprint results in a fury of activity, the organizational equivalent of an athlete spiking her heartbeat to the max and tenaciously hanging there until it's physically impossible to sustain that level of effort. Like the athlete, after the sprint the team usually hits a wall and performance crashes down— employees even become physically affected by the workload. Contrast this to the team that has trained and measured around the productivity they can produce at sustainable activity levels. There's a quiet energy and diligence, and this team can make a strategic sprint or two when the time comes, without depleting themselves and falling apart.


Q&A: Database infrastructure must match modern apps

As a standard SQL solution, the way you build an application is not significantly different from how you build a system against other relational database management systems. The difference is that it scales. If you're running Oracle on a single machine, and you reach the capacity of a SQL machine, you switch to Oracle RAC, and that gets you some more performance. But when that gets exhausted, you're done. With NuoDB, you can take an intuitive database application design, and rather than changing the application to handle more scalability, you just plug in more computers.


Is outsourcing IT worth the compliance risk?

“Regulators have taken a deeper interest in outsourcing services that have an impact on either the regulatory posture of the organization or on cyber security and cyber-crime,” explains Bala Pandalangat, president and CEO of Centre for Outsourcing Research & Education (CORE), an organization that provides outsourcing advice and training based in Toronto. CORE’s membership includes Deloitte, IBM, Xerox, large banks, universities and law firms such as Torys LLP. “We see several common mistakes when it comes to outsourcing arrangements,” says Pandalangat. “The number one mistake is viewing risk management is an after-thought. Many deals emphasize the financial benefit of outsourcing at the expense of risk management. If risk management is not built into the contract, costly adjustments may be required to address that concern.”


NASA Software Audit Reveals Budgetary Black Hole

The audit warns that delays with such software designed for the Space Launch System (SLS) rocket could affect the ability to react to unexpected issues during launch operations, and could impact the launch schedule for the unmanned Orion system, which is due to lift off in 2018. The first exploration mission would allow the space agency to use the lunar vicinity as a proving ground to test technologies farther from Earth, and demonstrate it can get to a stable orbit in the area of space near the moon in order to support sending humans to deep space. The root of the budgetary issues appears to result from NASA's June 2006 decision to integrate multiple products or parts of products rather than develop software in-house or buy an off-the-shelf product.


Apple’s New Challenge: Learning How the U.S. Cracked Its iPhone

The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. ... Making matters trickier, Apple’s security operation has been in flux. The operation was reorganized late last year. A manager who had been responsible for handling most of the government’s data extraction requests left the team to work in a different part of the company, according to four current and former Apple employees, who spoke on the condition of anonymity because they were not authorized to speak publicly about the changes.


Prep your smartphone for emergency situations

Another obvious recommendation, but one that can save you a lot of grief: keep your device in tip-top shape. Remove all unnecessary apps which might drain the battery. Keep a couple of spare batteries (if your device allows you the option of swapping these out). Make sure the hardware performs well; replace damaged screens, buttons and other elements which may be malfunctioning. And by all means keep it as fully charged as possible. I use car chargers, desk chargers and of course a bedside charger so at least two-thirds of the time during a normal day (and sometimes 100% depending on my schedule) I have access to power.


The triumphant, magnificent, and unexpected return of PC gaming

What makes the PC even more compelling right now is that the VR revolution has finally started. Just this week, the Oculus Rift debuted for PC with a host of new games that you can’t play on any of the consoles. (I will have a full report on that device soon.) That system requires at least an Intel Core i5 processor, 8GB of RAM, and at least a NVIDIA GTX 970 or AMD 290 GPU. The consoles just don’t have enough horsepower to make VR look realistic or compelling, despite what you may have heard. My theory is that PC gamers are smart enough to know this. They’ve seen the writing on the wall, and it says Virtual Reality


IT Security Threat to Intensify in Next Two Years

The report, Threat Horizons 2018, says the ability of organizations to protect IT is progressively being weakened. Businesses and society, for that matter, are becoming more reliant on complex new technologies to function, which intensifies the threat landscape, the report contends. "We are having to be a little bit more, perhaps, critical of the way in which we look at our use of technology, and that's what you're beginning to see with some of the predictions we're coming out with now," Steve Durbin, managing director of the Information Security Forum, says in an interview with Information Security Media Group. "Let's bear in mind: These predictions are really trying to put some extra weaponry into the armory for the security professionals so we can anticipate some of the challenges that we're going to be seeing."



Quote for the day:


"Strategy is a commodity, execution is an art." -- Peter Drucker