New Emotet attacks use fake Windows Update lures
According to an update from the Cryptolaemus group, since yesterday, these
Emotet lures have been spammed in massive numbers to users located all over
the world. Per this report, on some infected hosts, Emotet installed the
TrickBot trojan, confirming a ZDNet report from earlier this week that the
TrickBot botnet survived a recent takedown attempt from Microsoft and its
partners. These boobytrapped documents are being sent from emails with spoofed
identities, appearing to come from acquaintances and business partners.
Furthermore, Emotet often uses a technique called conversation hijacking,
through which it steals email threads from infected hosts, inserts itself in
the thread with a reply spoofing one of the participants, and adding the
boobytrapped Office documents as attachments. The technique is hard to pick
up, especially among users who work with business emails on a daily basis, and
that is why Emotet very often manages to infect corporate or government
networks on a regular basis. In these cases, training and awareness is the
best way to prevent Emotet attacks. Users who work with emails on a regular
basis should be made aware of the danger of enabling macros inside documents,
a feature that is very rarely used for legitimate purposes.
Prolific Cybercrime Group Now Focused on Ransomware
Overall, the group does not display sophisticated tactics, techniques and
procedures (TTPs), but they are aggressive in their attempts to gain a
foothold in companies, says Kimberly Goody, senior manager of the Mandiant
threat intelligence financial crime team at FireEye. "The main thing that sets
this group apart from our perspective is how widespread their campaigns are,"
she says. "They are sophisticated, but they have a wide reach. And their
constant evolution of their TTPs—even though minor—can prevent organizations
from being able to adequately defend against their spam campaigns." The group
also highlights a trend observed by FireEye. Since early 2019, financial
cybercrime groups once focused on stealing payment-card data are now shifting
to compromising corporate networks, infecting a significant number of systems
with ransomware, and then extorting the business for large sums, Goody says.
"Point of sale intrusions were very profitable, and we saw actors such as FIN6
and FIN7—all the way back to FIN5—they were targeting payment card data,"
Goody says.
Agile: 4 signs your transformation is in trouble
True culture change requires more than a shot in the arm. The shot in the arm
jolts the team awake and gets them moving, but from that moment the old
culture drags everyone back where they started, so you have to fight against
it. If you started with fun and creativity (or just never got there),
look for opportunities to light the path toward a more creative and fun world
at a leadership level. Virtual happy hours are fine, but, especially during
COVID, you need to go further than that to set the example. Maybe you throw in
a game. Maybe you have an appetizer delivered to each person’s house. Maybe
you give each person $30 to surprise a teammate with a personal encouragement.
No matter the approach, bring back the fun and joy and you’ll boost creativity
from your agile teams. When you go to the gym and you only lift weights to
strengthen your biceps, they get stronger while your leg muscles stay the same
(or get weaker). The same thing happens in agile and produces similarly
disproportionate results. Focusing on agility in one part of the organization
(like the software teams), but not the leadership that fills their funnel,
actually builds fragility into your business.
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
“VPN bugs are tremendously dangerous for a bunch of reasons,” he told
Threatpost. “These systems expose entry points into sensitive networks and
there is very little in the way of security introspection tools for system
admins to recognize when a breach has occurred. Attackers can breach a VPN and
then spend months mapping out a target network before deploying ransomware or
making extortion demands.” Adding insult to injury, this particular flaw
exists in a pre-authentication routine, and within a component (SSL VPN) which
is typically exposed to the public internet. “The most notable aspect of this
vulnerability is that the VPN portal can be exploited without knowing a
username or password,” Young told Threatpost. “It is trivial to force a system
to reboot…An attacker can simply send crafted requests to the SonicWALL
HTTP(S) service and trigger memory corruption.” However, he added that a
code-execution attack does require a bit more work. “Tripwire VERT has also
confirmed the ability to divert execution flow through stack corruption,
indicating that a code-execution exploit is likely feasible,” he wrote, adding
in an interview that an attacker would need to also leverage an information
leak and a bit of analysis to pull it off.
Avoiding Serverless Anti-Patterns with Observability
New adopters of serverless are more susceptible to anti-patterns, so not being
aware of — or not understanding the effect of — these anti-patterns, may be
frustrating. So it acts as a barrier to serverless adoption. Observability
mitigates this black box effect, and understanding the possible anti-patterns
allows us to monitor the right metrics and take the right actions. Therefore,
this article goes through some of the major anti-patterns unique to serverless
and describes how the right strategy in observability can cushion the impact
of anti-patterns creeping into your serverless architectures. Serverless
applications tend to work best when asynchronous. This is a concept that was
preached by Eric Johnson in his talk at ServerlessDays Istanbul, titled
“Thinking Async with Serverless.” He later on went to present a longer version
of the talk at ServerlessDays Nashville. As teams and companies begin to adopt
serverless, one of the biggest mistakes they can make is designing their
architecture while still having a monolith mentality. This results in a lift
and shift of their previous architectures. This means the introduction of
major controller functions and misplaced await functions.
Only the Agile Survive in Today’s Ever-Changing Business Environment
It’s almost inevitable that you’ll end up overlooking a vital document or
missing a key contract in the hectic rush. Scrabbling around for all the
relevant files and folders causes your confidence to leak away as you feel
that you’re just not ready for this deal, and I’ve often seen that become a
self-fulfilling prophecy. One company I consulted for learned this lesson when
a well-known international consumer goods brand showed interest in buying
their logistics business. Although the CEO had been hoping to arrange an exit
on favorable terms, the CFO wasn’t on board and hadn’t made any advance
preparations for due diligence situations. The prospective buyer was only in
town for three days and wanted to look over their documents and agree on a
preliminary contract before she left, but the CFO was so rattled by the
pressure that he presented a profit and loss statement from the wrong
year. The buyer declined to continue with the negotiations, and the CFO
was left knowing that he’d let a great deal slip through his fingers simply
because he didn’t have all of his books digitized and organized in a secure,
centralized resource.
Singapore Launches IoT Cybersecurity Labelling
The Cybersecurity Labelling Scheme will focus first on Wi-Fi routers and smart
home hubs, according to the Cyber Security Agency of Singapore. "Amid the
growth in number of IoT products in the market, and in view of the short
time-to-market and quick obsolescence, many consumer IoT products have been
designed to optimize functionality and cost over security," the Cyber Security
Agency says. "As a result, many devices are being sold with poor cybersecurity
provisions, with little to no security features built-in." ... Singapore's
program is voluntary for manufacturers for now, but the nation intends
eventually to make it mandatory. The testing has four rating levels, and the
CSA has offered detailed information for manufacturers. Developers can make
declarations that their products conform with the first two levels. The first
level means a product meets basic security requirements, such as mandating the
use of unique passwords and delivering software updates as dictated by the
European Telecommunications Standards Institute's EN 303 645 standard. The
second level encompasses the first level requirements plus following the IoT
Cyber Security Guide developed by Singapore's Infocomm Media Development
Authority, or IMDA.
Why AI can’t ever reach its full potential without a physical body
A designer can’t effectively build a software sense-of-self for a robot. If a
subjective viewpoint were designed in from the outset, it would be the
designer’s own viewpoint, and it would also need to learn and cope with
experiences unknown to the designer. So what we need to design is a framework
that supports the learning of a subjective viewpoint. Fortunately, there is a
way out of these difficulties. Humans face exactly the same problems but they
don’t solve them all at once. The first years of infancy display incredible
developmental progress, during which we learn how to control our bodies and
how to perceive and experience objects, agents and environments. We also learn
how to act and the consequences of acts and interactions. Research in the new
field of developmental robotics is now exploring how robots can learn from
scratch, like infants. The first stages involve discovering the properties of
passive objects and the “physics” of the robot’s world. Later on, robots note
and copy interactions with agents (carers), followed by gradually more complex
modelling of the self in context. In my new book, I explore the experiments in
this field.
Singapore releases AI ethics, governance reference guide
Noting that AI sought to inject intelligence into machines to mimic human
action and thought, SCS President Chong Yoke Sin noted that rogue or
misaligned AI algorithms with unintended bias could cause significant damage.
This underscored the importance of ensuring AI was used ethically. "On the
other hand, stifling innovation in the use of AI will be disastrous as the new
economy will increasingly leverage AI," Chong said, as she stressed the need
for a balanced approach that prioritised human safety and
interests. Speaking during SCS' Tech3 Forum, Singapore's Minister for
Communications and Information S. Iswaran further underscored the need to
build trust with the responsible use of AI in order to drive the adoption and
extract the most benefits from the technology. "Responsible adoption of AI can
boost companies' efficiencies, facilitate decision-making, and help employees
upskill into more enriching and meaningful jobs," Iswaran said. "Above all, we
want to build a progressive, safe, and trusted AI environment that benefits
businesses and workers, and drives economic transformation." The launch of a
reference guide would provide businesses access to a counsel of experts
proficient in AI ethics and governance, so they could deploy the technology
responsibly, the minister said.
How to ensure faster, quality code to ease the development process
If there’s one metric most businesses are focused on when it comes to coding,
it’s speed. Tech and dev teams are at the forefront of innovation, and they’re
used to moving at a serious pace. Anything that slows down the process of
shipping code damages their ability to perform. To move quickly though, and to
get from planning to coding in record time, teams need real-time visibility
into what’s being worked on and transparent access to the latest updates from
the team. Closed-off communication, like email, which limits visibility of
information to a handful of people selected by a single sender, isn’t up to
the task. Instead, channel-based communication can provide a single-space for
developers to collaborate, share priorities and simplify processes in order to
speed up testing and deployment. Rather than having to sift through
information flying in from different sources, channel-based messaging
integrates all existing tools into a single place, meaning developers can
increase visibility over deploys and get straight to the information they
need. Developers can pull in key material using integrations that plug
different apps like Jira and Github right into their discussions.
Quote for the day:
"A coach is someone who can give correction without causing resentment." -- John Wooden
No comments:
Post a Comment