Daily Tech Digest - April 02, 2020

A crypto-mining botnet has been hijacking MSSQL servers for almost two years

botnet world map
The brute-force attacks that seek to guess the password of MSSQL servers have sprayed the entire internet. Guardicore says that since May 2018, they've more than 120 IP addresses used to launch attacks, with most IPs coming from China. "These are most likely compromised machines, repurposed to scan and infect new victims," Harpaz said. "While some of them were short-lived and responsible for only several incidents, a couple of source IPs were active for over three months." Harpaz said that the botnet has been in a constant churn, with the botnet losing servers and adding new ones daily. Per Guardicore, more than 60% of all hijacked MSSQL servers remain infected with the Vollgar crypto-mining malware only for short periods of up to two days. Harpaz said that almost 20% of all MSSQL systems, however, remain infected for more than a week, and even longer. Harpaz believes this is because either the Vollgar malware manages to disguise itself from the local security software, or the database isn't running one in the first place.

Thousands of potential phishing sites created to target Zoom users image
As well as targeting companies through Zoom, cybercriminals are trying different cyber scams to trick companies. These scams include impersonation on social media platforms or phishing emails. The scams are aimed at tricking employees into giving money away, provide the credentials to cloud-based applications, or pay fake invoices. This increase in online fraud is a significant threat that most companies are not prepared for. Yoav Keren, CEO, BrandShield, said: “With global businesses big and small become increasingly reliant on video conferencing facilities like Zoom, sadly, cybercriminals are trying to capitalise. Businesses need to educate their employees quickly about the risks they may face, and what to look out for. The cost of successful phishing attacks is bad for a company’s balance sheet in the best of times, but at the moment it could be fatal. “BrandShield protects some of the biggest corporations in the world and we takedown thousands of threats across websites and social media. 

Edge will evolve, from local deployments to regional, to the core; from regional to regional, or from regional to core. Increasingly, users won’t want to rely on public wide-are network (WAN) to relay data between datacentres or integrate data from different applications, especially since IoT apps mean a lot of integrated data. “Colocation provider VPNs and virtual interconnections are able to offer a kind of private routing,” Ascierto says. “You can track where the data is routed; it doesn’t go on the internet and a black hole appears at the core.” Edge computing startup Vapor IO signed a deal with network provider Cloudflare in January to roll out on the former’s Kinetic Edge integrated edge colocation, networking and exchange services platform. Nitin Rao, head of global infrastructure at Cloudflare, says the interconnection ecosystem includes small datacentres at wireless aggregation hubs, owned by investors. 

Coronavirus with world map and biohazard symbol
It’s not that these applications of AI are bad, but rather that they belong to a set with few actionable outcomes. If your big data analysis of traffic supports or undercuts a proposed policy of limiting transportation options in such and such a way, that’s one thing. If your analysis produces dozens of possible courses of action, any of which might be a dead end or even detrimental to current efforts, it’s quite another. Because these companies are tech companies, and by necessity part ways with their solutions once they are proposed. Any given treatment lead requires a grueling battery of real-life tests even to be excluded as a possibility, let alone found to be effective. Even drugs already approved for other purposes would need to be re-tested for this new application before they could be responsibly deployed at scale. Furthermore, the novel substances that are often the result of this type of drug discovery process are not guaranteed to have a realistic path to manufacturing even at the scale of thousands of doses, to say nothing of billions. That’s a completely different problem!

Danger / threats  >  storm clouds / lightning
DNS vendor BlueCat says it has been tracking the use of DNS over HTTPS (DoH) – a method of encrypting queries to prevent visibility into DNS traffic patterns. Over the last week through March 27, the company said it has seen a massive increase in the use of DoH across its customer base wrote Ben Ball, director of strategy and content marketing at BlueCat in a blog about the trend. “In the course of a single weekend, the number of endpoints attempting to use DoH went from an average of 90 to about 1,400. That’s a 1,500% increase in the use of DoH. Around 45% of these queries are from Firefox (which now activates DoH by default). Aside from that, we’re seeing queries to eleven different DoH services from all kinds of applications. DoH usage is fairly uniform across our customer base as well – this isn’t one company or industry vertical; this is a broad trend. While we haven’t seen any clear indications that any of these queries are from DoH enabled malware, that is an emerging threat that we are tracking,” Ball stated.

Windows 10 bug that broke internet connectivity gets patched – here’s how to install the fix

Affected users are those running a VPN (or proxy) who might experience net connectivity issues with some applications (or the system may indicate there’s no internet connection, even if there actually is – a more minor glitch where connectivity isn’t actually disrupted). ... Note that Windows 10 users won’t get this new fix from Windows Update, as is commonly the case (at least not yet, at the time of writing). Rather, it is necessary to grab this one manually and install it that way. Luckily, this is a simple process which we’ll explain in full now. If you’re running Windows 10 November 2019 Update or May 2019 Update, head over to the Microsoft Update Catalog here and download the relevant version for your system. All you need to do to install the file is double-click on it once downloaded, and then follow the instructions. Version 1909 is the November 2019 Update and version 1903 is the May 2019 update (as you’ll see, there’s also a version for those running Windows Server). Almost all users will need to download the relevant patch for x64-based systems, if you’re running 64-bit Windows 10, which is highly likely.

The Future Of Data Science

The Future of Data Science
As of today, most of the data science usage is centred on descriptive, diagnostic or predictive analytics. In the future, the new-age data science practice will allow the service provider to generate content that is profitable and enriching for the consumer. Let me elaborate on this further. In one household, there are different consumer needs for online content on platforms like Netflix or Amazon Prime. My content consumption as a business professional is very different from that of my teenage kids. Today, it is difficult to track the individual user preferences as the service provider might not understand the actual user who is holding the remote in his or her hand. However, once we move to use voice, it will be easy for the machine to understand if the consumer is an adult or a teenage kid. Within a single user ID, then, the content that will be pushed will be very different and more relevant for the consumer. Once, such interactions start between the human consumer and the machine that understands the human voice (tone to predict mood/emotions), there are limitless possibilities to personalise the content, and then charge a premium for it.

Microsoft directly warns hospitals, 'Fix your vulnerable VPN appliances'

"Through Microsoft's vast network of threat intelligence sources, we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure," the Microsoft Threat Protection Intelligence Team revealed in a new post. "To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities," it added. The alert contained information about how attackers can exploit the flaws, and a "strong" warning that the affected hospitals need to apply security updates that will protect them from exploits.  One group the Microsoft team has been tracking is the REvil, aka Sodinokibi, ransomware gang, which is known for making massive ransom demands on businesses and government agencies. In January it was caught targeting unpatched Pulse Secure VPNs, as well as flaws in enterprise Citrix servers. The ransomware gang hasn't developed new attack techniques but rather has repurposed tactics from state-sponsored attacks for new campaigns that exploit the heightened need for information in the current coronavirus crisis.

Is Kubernetes becoming the driving force of enterprise IT?

Is Kubernetes becoming the driving force of enterprise IT? image
In a world where innovation and time to market is a top priority, Day One developers need to be able to efficiently provision infrastructure and get coding. Using a managed platform that provides ready access to everything needed to run containers and Kubernetes consistently across a hybrid environment (including support and security) means application and developer teams can spend more time solving business problems. Many organisations will want their hybrid environment to include multiple public clouds. This means they need to be aware of how much flexibility and freedom they’ll want for using the technologies of their choice—including emerging innovations like Quarkus, which lets you build cloud-native applications; or Operators, a way of packaging Kubernetes-native applications for easier management. Ultimately, this means understanding the difference between an open platform and a proprietary one.

Thousands of PCs break exaFLOP barrier

supercomputer / servers / data center / network
An exaFLOP is one quintillion (1018) floating-point operations per second, or 1,000 petaFLOPS. To match what a one exaFLOP computer system can do in just one second, you'd have to perform one calculation every second for 31,688,765,000 years. While the supercomputing stalwarts continue to build their systems, Folding@Home just crossed the exaFLOP barrier ahead of IBM, Intel, Nvidia, and the Department of Energy. Folding@home is a distributed computing project running for 20 years. It was administered first by the chemistry department at Stanford University and as of last year, by Washington University in St. Louis. Its software runs on individual PCs and remains idle as long as the computer is in use, then it kicks in when the PC is idle. The project simulates how proteins misfold and cause diseases such as cancer and Alzheimer's Disease. Proteins self-assemble in a process called folding. When a protein misfolds, disease can occur. By simulating protein misfolds, Folding@Home seeks to understand why they misfold and perhaps how to prevent it and undo the damage.

Quote for the day:

"Don't just hope to have a great day; do everything to make it a great day! Live Intentionally!" -- Bruce Van Horn

No comments:

Post a Comment