Daily Tech Digest - March 03, 2020

This phishing email contains a password-protected file. Don't open it

Uncovered by security analysts at Palo Alto Networks' Unit 42 research division, the campaign appears to have started in January this year and uses a number of sneaky techniques to compromise chosen victims and gain remote access to systems. Targets of this hacking campaign receive an email that encourages them to open a phoney password-protected document that claims to have been locked in order to secure personal information supposedly contained within. Many of the emails are themed around refunds, online transactions and other invoices. Researchers believe the password comes in the phishing email and the use of a document featuring the branding in this case of a real cybersecurity provider is a means of generating additional trust from the victim. Unlocking the document will enable macros and execute the commands for the next stages of the attack, which ultimately uses PowerShell to install a remote access tool onto the system, along with mechanisms to ensure it maintains persistence. The tool installed is NetSupport Manger, a legitimate form of remote access control software often used in IT support or for remote collaboration to gain access to the PC.

Industry group launched to develop standards for fibre deployment in sewer network

“Although fibre in the sewers is no new concept, the TUG was established to bring key stakeholders from across the industry together to agree on consistent standards for this process, and share knowledge,” said Wayne Earp, chair of the TUG and consultant at WFE Consulting. “This will make laying fibre quicker, while also enabling the deployment of cutting-edge network monitoring technology, helping to reduce wastage, flooding and driving forward a better customer experience.” The TUG will regularly convene to allow the utility companies to exchange technical information, with the purpose of using their shared knowledge to create specifications and codes of practice relating to the deployment of fibre optic cables within sewer pipes. The idea is that these standards, as well as SSE’s new infrastructure, will help mobile network operators to deploy 5G services more quickly and efficiently, as well as at a potentially lower cost.

A Siri for Network Security: How Chatbots can Enhance Business Agility

Imagine how useful it would be if the benefits of chatbots could be applied to enterprise IT environments, to accelerate and automate information-sharing across areas of the business where data has traditionally been siloed and hard to gain access to – even though sharing that information would benefit the organization. A great example of this is the data siloing that often happens with IT and network security teams, and with business application owners. For example, if an application owner wants an answer to the simple question “Is network traffic currently allowed from this specific server to this second server?” getting it can be complicated if the enterprise does not have a Network Security Management (NSM) solution. The process would involve asking several different stakeholders and having to use multiple firewall and device management consoles. Even if the organization does use a NSM solution, the application owner might not get an immediate answer to their question: they would have to either access the NSM system and know how to use it themselves, or ask a member of the IT or security team – which may interrupt more important security-related tasks.

Researchers use ultrasound waves vibrating through tables to access cellphones

Zhang and his co-authors were able to send “voice” commands to cellphones as they sat inconspicuously on a table, next to the owner. With the addition of a stealthily placed microphone, the researchers were able to communicate back and forth with the phone, ultimately controlling it from afar. Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies. “If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command,” Zhang said. To test the ability of ultrasonic waves to transmit these “commands” through solid surfaces, the research team set up a host of experiments that included a phone on a table. Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone’s user, is a waveform generator to generate the correct signals.

5G-ready ruggedized server from Supermicro is a "datacenter on a pole"

The SuperServer is 5G-ready and was designed in cooperation with the O-RAN Alliance, a consortium of tech companies dedicated to "industry movement to non-proprietary hardware platforms and the growing adoption of standardized system interfaces," Supermicro said. A radio access network (RAN) is the backbone of cellular infrastructure: It's the entire chain from your personal device to its local tower, through a radio network controller, and on to the cellular network.  O-RAN is pushing for a 5G world that operates on an open interface that will "enable smaller vendors and operators to introduce their own services, or customize the network to suit their own unique needs," as well as "enable multi-vendor deployments, enabling a more competitive and vibrant supplier ecosystem." O-RAN said that 5G will result in wireless networks that are increasingly complex while also running more demanding applications. Without an open interface, O-RAN argues, traditional methods of deploying, maintaining, and operating networks will become too burdensome for human IT professionals. 

The 3 fundamentals of hybrid cloud architecture management

hybrid integration
To integrate data center hosting and public cloud services, developers can choose between two main strategies: treat cloud as the front-end application hosting point or turn both the data center and the cloud into an elastic resource pool. This decision will dictate the toolset you use to manage and monitor application components. A public cloud front-end hosting strategy uses the cloud provider's hosting service to manage your app deployment, which means developers can manage back-end infrastructure on a separate platform from the deployed apps. This can lead to integration issues since the hosting environments are managed separately and developers do not have to manually configure app compatibility with the data center. However, complications can arise when front-end components need to access data sitting in on-premises databases. To mitigate this, you must implement an additional APM strategy that sets easy-to-identify trace points to monitor communication between the front-end app and the data center. In a unified resource pool strategy, the cloud and data center share a hosting pool for an app. Abstraction tools, such as Apache Mesos, can help create resource pools that link your tools and provide support for scaling and failover.

What is Deno? A ‘better’ Node.js

What is Deno? A ‘better’ Node.js
The way Deno improves security over Node.js is simple: By default, Deno won’t let a program access disk, network, subprocesses, or environmental variables. When you need to allow any of these, you can opt in with a command line flag, which can be as granular as you like, for example --allow-read=/tmp or --allow-net=google.com. Another security improvement in Deno is that it always dies on uncaught errors, unlike Node.js, which will allow execution to proceed after an uncaught error, with results that may not be predictable. In Node.js, you load CommonJS modules using the require keyword and they all, standard and third-party alike, implicitly come from npmjs.com. In Deno, you load ES modules using the import keyword and explicitly state the URL. ... Deno modules can be hosted anywhere – there is no centralized repository for third-party modules. In addition, modules are always cached and compiled locally, and aren’t updated unless you explicitly ask for a refresh. Therefore, you should be able to run Deno programs that are already on your laptop, as long as all the imports have been resolved once, even if you are on an airplane with no connectivity.

Coronavirus prep could spark better disaster recovery

young man on video conference coronavirus remote communication telecommuting by gcshutter getty ima
If your company strongly encourages workers to stay home in response to the virus a significant portion of your company might be working from home for extended periods of time. From a data-protection standpoint; this significantly increases the chances that important intellectual property will be created outside of your data center. If your company currently relies on storing such data on file servers or similar systems, remote employees will probably not be able to use such systems easily. As a result, they will create and store important data directly on their laptops, leaving centralized company storage out of the picture. This means that you should probably examine your company's policy regarding data protection of laptops and mobile devices. Many companies don’t provide backup and recovery for mobile devices, despite the fact that most experts feel they should. Now might be a good time to do so. The main reason early attempts at laptop backup failed was users would kill the backup process because it slowed them down, and it cost too much. The good news is several providers can back up your laptops and mobile devices in such a way that users never realize backups are running.

Compare serverless tools and services in the public cloud

Google Cloud Functions is the platform's serverless, event-driven computing service. Similar to AWS Lambda, Google Cloud Functions abstracts away the underlying infrastructure management and enables developers to focus on writing code and other tasks. With Google Cloud Functions, small programmatic code segments execute functions into a cloud environment in response to specific events. This service can be trigged by resources within or outside of Google Cloud Platform (GCP). Google Cloud Functions connect with other GCP services along with other third-party services. GCP's serverless compute tool can trigger log analysis and data backups and carry out redundant tasks on data sets, among other tasks. Users pay for the number of functions they use. ... App Engine scales resources of any size with automatic infrastructure management and server maintenance. This tool provides built-in services, such as load balancing, application logging and health checks. The serverless compute platform also offers data storage and configuration capabilities.

DoppelPaymer Ransomware Slams Supplier to Boeing and Tesla

DoppelPaymer Ransomware Slams Supplier to Boeing and Tesla
In the case of DoppelPaymer, the gang has been publishing data from organizations it purportedly compromised, since the middle of last month. The group's name-and-shame website has at times featured data from more than a dozen organizations, although as of Tuesday it featured data from just six organizations. "Below you can find private data of the companies which were hacked by DoppelPaymer," the site reads. "These companies decided to keep the leakage secret. And now their time to pay is over." As of Tuesday, the alleged Visser data was featured alongside alleged data from Furniture Row, which is an American furnishing retailer with 330 stores across 31 states. Furniture Row and Visser Precision were both founded by Barry Visser, an entrepreneur who in the 1980s also founded the chain retailer Big Sur Waterbeds. Dumped data includes what is purportedly Visser's nondisclosure-agreements with both SpaceX and Tesla, as well as sales contact lists, tax forms and receipts. The sales contact lists contain email addresses and phone numbers for individuals working at a variety of companies.

Quote for the day:

"A leadership disposition guides you to take the path of most resistance and turn it into the path of least resistance." -- Dov Seidman

No comments:

Post a Comment