Hackers Marketing ‘Most Sophisticated’ Mac Malware Ever

Hackers with their targets set on devices running Apple’s MacOS are selling access to new, sophisticated attacks that can infect machines and hold them for ransom. The attacks, which include a malware-as-a-service (MaaS) known as MacSpy and a ransomware-as-a-service called MacRansom — both of which attackers can purchase to use to direct at a target— …

Continue reading "Hackers Marketing ‘Most Sophisticated’ Mac Malware Ever"

Knights Landing System Development Targets Dark Matter Study

Despite the best efforts of leading cosmologists, the nature of dark energy and dark matter – which comprise approximately 95% of the total mass-energy content of the universe – is still a mystery.

Dark matter remains undetected even with all the different methods that have been employed so far to directly find it.  The origin of dark energy is one of the greatest puzzles in physics. Cosmologist Katrin Heitmann, PI of an Aurora Early Science Program effort at the Argonne Leadership Computing Facility (ALCF) and her team are conducting research to shed some light on the dark universe.

“The reach

Knights Landing System Development Targets Dark Matter Study was written by Nicole Hemsoth at The Next Platform.

Crash Override: Malware that took down a power grid may have been a test run

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US.The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer in the ESET report (pdf), has nothing to do with espionage and everything to do with cyber-sabotage.Crash Override, Dragos says, “is the first ever malware framework designed and deployed to attack electric grids.” It could be “leveraged at multiple sites simultaneously.” Dragos founder Robert M. Lee told Reuters, “The malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.”To read this article in full or to leave a comment, please click here

Crash Override: Malware that took down a power grid may have been a test run

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US.The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer in the ESET report (pdf), has nothing to do with espionage and everything to do with cyber-sabotage.Crash Override, Dragos says, “is the first ever malware framework designed and deployed to attack electric grids.” It could be “leveraged at multiple sites simultaneously.” Dragos founder Robert M. Lee told Reuters, “The malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.”To read this article in full or to leave a comment, please click here

Worth Reading: World IPv6 Report

On the fifth anniversary of World IPv6 Launch, we’re excited to share a detailed report on the State of IPv6 Deployment in 2017. It really is staggering how far IPv6 deployment has progressed in five years. In mid-2012, Google measured less than 1% of users accessing their services over IPv6. Today that figure is getting close to 20%. Since World IPv6 Launch, several major operators are now delivering the majority of traffic from major content sources like Google, Akamai and others over IPv6. Individual operators, like T-Mobile USA, have deployed IPv6-only networks for their subscribers. —CircleID

The post Worth Reading: World IPv6 Report appeared first on rule 11 reader.

9 free Wi-Fi stumbling and surveying tools

Stumbling and surveyingHere are 9 tools that provide important details on known and unknown aspects of your Wi-Fi network. Each of these tools gives you the basic wireless details: SSIDs, signal strength, channels, MAC addresses and security status. Some can even reveal “hidden” or non-broadcasted SSIDs, display the noise levels, or display statistics on successful and failed packets of your wireless connection. Two of the tools include Wi-Fi password cracking tools as well, useful for educational or penetration testing purposes.To read this article in full or to leave a comment, please click here

47% off Etekcity Wireless Dimmable Color LED Desk Lamp – Deal Alert

With simple touch control, the Etekcity living color lamp can be adjusted to provide the perfect lighting. The white LED lamp provides up to 3 adjustable brightness levels for your reading and studying convenience. The base can be illuminated in virtually any hue with simple color spectrum touch and drag control. Turn on only the base of the lamp to use it as a soft and soothing night light. Whether used for studying, reading, or relaxing, the living color lamp will provide high-quality LED illumination that champions energy efficiency for lower usage and costs. The bright LED lighting also minimizes eye fatigue, allowing you to finish the task at hand without getting a migraine. The Etekcity LED lamp is a #1 best-seller on Amazon with 4.5 out of 5 stars from over 500 people (read reviews). The typical list price of $29.99 has been reduced 47% to just $15.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Hitachi wants to IoT-enable cities

Hitachi is an interesting organization. A huge conglomerate with total revenues of over $80 billion per annum, it employs over 300,000 people worldwide and has an incredibly broad range of contributing businesses in the power, industrial, urban development and healthcare spaces to name just a few.+ Also on Network World: Smart city tech growing in the U.S. + One of the businesses within the Hitachi Group is the Hitachi Insight Group (HIG), an organization focused on digital solutions within the broader Internet of Things (IoT) space. HIG offers the Lumada IoT platform, a solution that serves both public and private sector customers across three distinct categories: IoT, Energy IoT and Smart City.To read this article in full or to leave a comment, please click here

WhatsApp leaves IBM’s SoftLayer cloud for Facebook data center: What it really means

If you keep up with technology news, you’ve been hearing a lot lately about how enterprises are moving more and more key workloads from their own on-premise data centers to the public cloud. In fact, it happens so much that even the biggest transitions are hardly news anymore. Man bites dog? What does make people pay attention, though, is when the opposite happens: When a major product or service moves from running in the public cloud to an on-premise data center. And that’s exactly what happened last week when CNBC broke the news that Facebook plans to move its WhatsApp service from IBM’s SoftLayer public cloud service to its proprietary data centers.To read this article in full or to leave a comment, please click here

WhatsApp leaves IBM’s SoftLayer cloud for Facebook data center: What it really means

If you keep up with technology news, you’ve been hearing a lot lately about how enterprises are moving more and more key workloads from their own on-premise data centers to the public cloud. In fact, it happens so much that even the biggest transitions are hardly news anymore. Man bites dog? What does make people pay attention, though, is when the opposite happens: When a major product or service moves from running in the public cloud to an on-premise data center. And that’s exactly what happened last week when CNBC broke the news that Facebook plans to move its WhatsApp service from IBM’s SoftLayer public cloud service to its proprietary data centers.To read this article in full or to leave a comment, please click here

PCI Express 4.0 is done, 5.0 spec nears approval

This is one of those stories that isn’t very sexy, but it is important. The PCI Express 3.0 data transfer standard has been around longer than it should have, and now it seems the PCI-SIG that develops the standard is making up for it with two new specs in two years. The SIG—a consortium of 700 hardware vendors, including IBM, Intel and HP Enterprise—develops the spec, which is the standard for moving data around within a computer. Plug-in peripherals, like video cards and SSDs, use the PCI Express bus for data transfer. + Also on Network World: SSD shootout: PCI Express blows away SATA and M.2 in throughput testing + PCI Express 3.0, or PCIe, was finished in 2010, and motherboards began to appear in 2011. The 4.0 spec should have been done within three years but only now is being finished because if there’s one way to screw up development, it’s to have it done by committee, and 700 cooks can really spoil the broth. To read this article in full or to leave a comment, please click here

First Speakers in Autumn Network Automation Course

Today I can tell you who the first speakers in the autumn 2017 network automation online course will be.

Sounds promising? Why don’t you register before we run out of early-bird tickets?

More notes on US-CERTs IOCs

Yet another Russian attack against the power grid, and yet more bad IOCs from the DHS US-CERT.

IOCs are "indicators of compromise", things you can look for in order to order to see if you, too, have been hacked by the same perpetrators. There are several types of IOCs, ranging from the highly specific to the uselessly generic.

A uselessly generic IOC would be like trying to identify bank robbers by the fact that their getaway car was "white" in color. It's worth documenting, so that if the police ever show up in a suspected cabin in the woods, they can note that there's a "white" car parked in front.

But if you work bank security, that doesn't mean you should be on the lookout for "white" cars. That would be silly.

This is what happens with US-CERT's IOCs. They list some potentially useful things, but they also list a lot of junk that waste's people's times, with little ability to distinguish between the useful and the useless.

An example: a few months ago was the GRIZZLEYBEAR report published by US-CERT. Among other things, it listed IP addresses used by hackers. There was no description which would be useful IP Continue reading

Security as an Enabler?

I have often wondered why the “security as an enabler” model is as unique as unicorns in the wild. I think the logic works in a vacuum and it would be great if it held true. However when humans and politics (layer 8 stuff) come into the mix, it seems that the cybersecurity team tend to be viewed as the  naysayers that block progress. Quite honestly, the “security as an enabler” mantra only seems to work for those organizations that are directly profiting from the sale of cybersecurity. Those that understand the role cybersecurity plays in a typical organization realize that this is unfortunate.

With this thought in mind, I was reading through an article about the traits of CEO’s and found identified points that I think contribute to these challenges for information security:

  • Bias toward action
  • Forward Thinking

By no means am I criticizing CEO’s for these traits—they are primary contributors to keeping a given business relevant in its industry. I’m just using these to help explain the fallacy of a “security as an enabler” mindset within a given organization.

CEO’s are the highest single point of authority within an organization. They often appoint CSO’s (Chief Security Officers) or CISO’s Continue reading

1 2,021 2,022 2,023 2,024 2,025 3,841