Archive

Category Archives for "Security"

Latest Ransomware Techniques Show Need for Layered Security

I think everyone that touches security has had multiple conversations about the hardened edge and soft center, commonly found in networks. This usually accompanies some discussion around the overlapping concepts of difference in depth, layered security and security ecosystems. It seems like many of the recent exploits have used a C2 connection for instructions. In those cases, assuming a perfect NGFW product and configuration actually existed that caught 100% of the malicious traffic, it would have the capability to impact those attacks.

However on June 27, Cisco Talos published an article about a ransomware variant known as Nyetya. As of today, Talos has been able to find no evidence of the more common initial infection vehicles. Both Cisco and Microsoft have cited the upgrade process for a tax accounting package as the initial point of infection.

Per Cisco Talos:

The identification of the initial vector is still under investigation. We have observed no use of email or Office documents as a delivery mechanism for this malware. We believe that infections are associated with software update systems for a Ukrainian tax accounting package called MeDoc. Talos is investigating this currently.

So what does this mean to the majority of the world that Continue reading

NonPetya: no evidence it was a “smokescreen”

Many well-regarded experts claim that the not-Petya ransomware wasn't "ransomware" at all, but a "wiper" whose goal was to destroy files, without any intent at letting victims recover their files. I want to point out that there is no real evidence of this.


Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

But these things aren't evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

The simplest, Occam's Razor explanation explanation is that they were simple mistakes. Such mistakes are common among ransomware. We think of virus writers as professional software developers who thoroughly test their code. Decades of evidence show the opposite, that such software is of poor quality with shockingly bad bugs.

It's true that effectively, nPetya is a wiper. Matthieu Suiche‏ does a great job describing one flaw that prevents it working. @hasherezade does a great job explaining another flaw.  But best explanation isn't that this is intentional. Even if these bugs didn't exist, it'd still be a wiper if the Continue reading

VMware Evolve Transform Security is Coming to A City Near You!

Modern IT professionals face significant security challenges. As digital transformation continues to connect applications, users, and data in the cloud, perimeter security models that once offered businesses protection are no longer sufficient. Critical visibility into users and endpoints is missing, enforcing policies is difficult, and, in the meantime, cyberattacks are more sophisticated and costly than ever.

What do IT teams need to defend today’s applications, users, and data from potentially brand-damaging attacks?

That’s the question VMware experts will be tackling during our VMware EVOLVE Transform Security events, coming to a city near you. During these half-day, in-person events, you will learn how a ubiquitous software layer can help support the security challenges of the modern business. 

VMware experts will guide you through how to:

  • Secure application infrastructure and better align security controls to apps
  • Secure identity and endpoints to control access and enforce data loss prevention
  • Streamline governance, risk management and compliance to limit cyber-attack vectors

Reserve your spot at an upcoming Transform Security-focused VMware EVOLVE event in your city:

The post VMware Evolve Transform Security is Coming to A City Near You! appeared first on Network Virtualization.

A kindly lesson for you non-techies about encryption

The following tweets need to be debunked:



The answer to John Schindler's question is:
every expert in cryptography doesn't know this
Oh, sure, you can find fringe wacko who also knows crypto that agrees with you but all the sane members of the security community will not.


Telegram is not trustworthy because it's closed-source. We can't see how it works. We don't know if they've made accidental mistakes that can be hacked. We don't know if they've been bribed by the NSA or Russia to put backdoors in their program. In contrast, PGP and Signal are open-source. We can read exactly what the software does. Indeed, thousands of people have been reviewing their software looking for mistakes and backdoors.

Encryption works. Neither the NSA nor the Russians can break properly encrypted content. There's no such thing as "military grade" encryption that is better than consumer grade. There's only encryption that nobody can hack vs. encryption that your neighbor's teenage kid can easily hack. There's essentially nothing in between. Those scenes in TV/movies about breaking encryption is as realistic as sound in space: good for dramatic presentation, but not how things work in the real world.

In particular, end-to-end encryption works. Continue reading

Security Here I Come!

The announcement has been made!  It is completely official!  I can finally share the awesome great news I am so excited about.  Security will be my absolute #1 focus now. 

Security has always fascinated me.  My entire career.  ….. It’s just that the fundamentals of routing and design intrigued me even more.  🙂

But now?  Yeah baby!  Now I get to flip a switch… dive into and completely surround myself with all things Security.  And I just could not be any more tickled pink and excited.  I feel like all my years of networking have been a build up towards this.

Am I leaving my CPOC lab and job I adore so much?  Nah… I’d go through withdrawal.  LOL.  Nah… wouldn’t be pretty.  It is just my role that will be changing.

Woot woot!  Security here I come!  ROCK!

 

 

 

 

Technology Short Take #84

Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!

Networking

  • When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
  • Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
  • Colin Lynch shares some details on his journey with VMware NSX (so far).
  • I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.

Servers/Hardware

  • Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.

Security

1 118 119 120 121 122 178