Major zero-day flaw found in Microsoft Word

McAfee security researchers are warning of a new zero-day vulnerability in Microsoft Word being exploited via attached .rtf files since at least January.The exploit allows a Word document to install malware onto your PC without you ever knowing it, giving the attackers full access to your machine. According to McAfee, the exploit works by connecting to a remote server controlled by the hackers, which will download a file that runs as a .hta file, a dynamic HTML file that is used in Word. Security firm FireEye also noted similar malicious .rtf files in its own alert. Both firms say the flaws are within Microsoft's Object Linking and Embedding (OLE) technology and affects all versions of Office, including Office 2016 for Windows 10.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Can Amazon be stopped?

Prime retail space is going vacant. The latest example of yet another retailer closing its doors is Payless Shoe Source. Payless has filed Chapter 11 and will be closing 400 stores. It’s ironic really, because their whole premise is Americans want to pay less for shoes, but the retailer can’t match the price or experience of online options. It’s one more example of the epidemic hitting brick-and-mortar retailers.Last year (and again this year), it was Radio Shack that prompted the headlines. Sears has been in decline for decades. The Limited is even more limited now that it has filed for bankruptcy and has begun closing 250 of its stores.RELATED: How Notre Dame is going all in with Amazon’s cloud Macy’s and Sears alone will be abandoning 28 million square feet of retail space. The loss of these anchor stores is what starts the dreaded domino effect at the mall. If the mall can’t back fill that space, reduced numbers of shoppers impact the demand for sunglasses, cinnamon rolls and all the other small businesses that survive on the other brands’ crowds. When they fall, so does the mall.To read this article in full or to leave a Continue reading

VMware Buys Monitoring Company Wavefront

Wavefront software can monitor applications in containers.

Microsoft Word exploit linked to cyberspying in Ukraine conflict

A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents.On Wednesday, FireEye said it uncovered one attack that weaponized a Russian military training manual. Once opened, the malicious document will deliver FinSpy, a surveillance software that’s been marketed to governments.To read this article in full or to leave a comment, please click here

Microsoft Word exploit linked to cyberspying in Ukraine conflict

A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents.On Wednesday, FireEye said it uncovered one attack that weaponized a Russian military training manual. Once opened, the malicious document will deliver FinSpy, a surveillance software that’s been marketed to governments.To read this article in full or to leave a comment, please click here

6 vulnerabilities to watch for on the factory floor

 Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence Sean McBride The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.”To read this article in full or to leave a comment, please click here

6 vulnerabilities to watch for on the factory floor

 Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence Sean McBride The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.”To read this article in full or to leave a comment, please click here

On the ‘net: Why a new routing stack?

In late 2016, several companies worked together to fork Quagga—that is, to pull the code based into a new Git repository, and hence into a separately maintained project. This new open source routing stack has been dubbed Free Range Routing (FRR). There is current participation in the project from Cumulus, 6Wind, LinkedIn, and others; the project is aligned with the Linux Foundation, and available on GitHub. —LinkedIn

The post On the ‘net: Why a new routing stack? appeared first on rule 11 reader.

On the ‘net: Why a new routing stack?

In late 2016, several companies worked together to fork Quagga—that is, to pull the code based into a new Git repository, and hence into a separately maintained project. This new open source routing stack has been dubbed Free Range Routing (FRR). There is current participation in the project from Cumulus, 6Wind, LinkedIn, and others; the project is aligned with the Linux Foundation, and available on GitHub. —LinkedIn

The post On the ‘net: Why a new routing stack? appeared first on 'net work.

Actility Raises a $75M Series D for Industrial IoT Platform

Former FCC Chairman Tom Wheeler is on the board.

BlackBerry wins $815 million in overpaid royalty to Qualcomm

BlackBerry said Wednesday it has been awarded US$815 million in an arbitration decision for excess royalties it had paid to chip company Qualcomm.Qualcomm and BlackBerry had entered into an agreement in April last year to arbitrate a dispute over whether Qualcomm's agreement to cap certain royalties applied to payments made by BlackBerry under a license agreement between the two companies.Qualcomm has faced charges of excessive royalty rates by regulators as well as other companies. Apple filed a lawsuit in January in a U.S. federal court in California against Qualcomm, objecting, among other things, to the chip company charging a royalty on the selling price of phones rather than on the value of the specific baseband chipset supplied for the iPhone.To read this article in full or to leave a comment, please click here

Why you should (sometimes) let software run your business

Changing your business processes to match your software sounds like a classic case of the tail wagging the dog. After all, business leaders are responsible for deciding how their company is run, and software is supposed to support that, helping the company run as efficiently as possible.Yet this is exactly what is happening in 82 percent of enterprises, according to a survey by TrackVia, maker of a low-code software development platform. These companies report changing a part of their business operations or processes to match the way their software works.Is allowing corporate software to dictate how a company is run an abrogation of management's duty to manage, or can it sometimes be the best way to manage a company?To read this article in full or to leave a comment, please click here

How IoT helps insurers mitigate the risks of climate change

Insurance companies are on the front lines when it comes to exposure to the financial risks of climate change. The internet of things (IoT) is shaping up to be a key component in mitigating those risks."Insurance companies rely upon historical loss records to guide their underwriting and set their prices," Washing Insurance Commission Mike Kreidler and California Insurance Commission Dave Jones wrote in the forward of Insurer Climate Risk Disclosure Survey Report & Scorecard: 2016 Findings & Recommendations by nonprofit organization Ceres. "More and more frequently, the climate is behaving in ways that we can't predict. Weather patterns are shifting, and the severity and breadth of damage are intensifying, resulting in more costly disasters than we've ever seen. There is no basis in historical data for events like Hurricane Sandy, the Joplin, Missouri tornado, the Oso landslide in Washington state and record-breaking landslides in Western states. In 2016 alone, 31 major disaster declarations were reported to the Federal Emergency Management Agency (FEMA) by the end of August."To read this article in full or to leave a comment, please click here

HPE Packages its IT Operations Products in Containers

IT operations want to use new technology, but without a lot of risk.

Citrix Makes SD-WAN Platform More Compatible for Cloud

Divesting in GoTo means Citrix will put more focus on NetScaler.

Microsoft to host education event May 2

Microsoft is hosting an education-focused event in New York City on May 2, and the tech titan is expected to reveal new software and hardware. The company sent out invitations a day after it launched the Windows 10 Creators Update, the latest major feature release for its current operating system.Microsoft is working to make its devices and services appeal to educators, especially as the company faces increased competition from Google’s G Suite and Chromebooks. Both companies are locked in a war over which business will power the future of productivity, and education is a major battleground for each. Microsoft Microsoft attached this image to the email it sent inviting journalists to its May 2 education event.To read this article in full or to leave a comment, please click here

Issue deploying CSR on ESXi vSphere 6.5

I recently ran into a slight bump when deploying the Cisco Cloud Services Router 1000v (CSR) on ESXi vSphere 6.5.  The error message I received when trying to deploy the CSR OVA was: VALUE_ILLEGAL: Value “VMXNET3 virtio” of ResourceSubType element not found in [E1000, VmxNet2, VmxNet3]. I Googled this message and found nothing. Great, well […]

The post Issue deploying CSR on ESXi vSphere 6.5 appeared first on Overlaid.

Managing Your Time When You Have Too Many Things You Want To Do

A friend of mine asked me the following.

“How did you manage your time and schedule for 5 years with everything you wanted and needed to do?”

Here’s the context for that question. For about 5 years, I had a full-time job as a global network engineer for an e-learning company. Later, I transitioned to a similar role for a medical startup, again full-time. At the same time I was employed in those roles, I was blogging and podcasting as the Packet Pushers community grew.

As Packet Pushers ramped up, it turned into a second full-time job, a state I maintained until I was able to transition to working for myself exclusively.

Managing time and schedule.

Let’s get into the meat. How did I manage my schedule with ever so much to do?

First off, I had understanding employers that let me blog and podcast during traditional work hours, as long as it did not interfere with my regular work duties. I was always upfront about this. I never snuck off during the day to work on my side business. My boss always knew exactly what was up.

This translated roughly to flexible hours. There was also the understanding that I was always Continue reading

Just for fun: Program Commodore 64 games for Windows 10 PCs

You don't need to go searching for a Commodore 64 on Ebay to relive the vintage PC's glory days.Avid gamer Petri Wilhelmsen is providing a way to write and run C64 programs on Windows PCs for tech-savvy gamers who want to go old-school.Wilhelmsen has put up a primer on Github for coding Commodore 64 applications for Windows PCs. Wilhelmsen holds a day job as a senior program manager for gaming at Microsoft.The guide provides basic instructions on how to put a game together by writing applications, creating graphics and compiling music.To read this article in full or to leave a comment, please click here

Containers are growing up

Microsoft made a splash in the application container market this week with its purchase of Deis, a company that helps customers manage clusters of containers.The move is significant for a number of reasons. First of all, it shows Microsoft’s commitment to supporting Linux containers and specifically its willingness to invest in making it easier for customers of its Azure cloud platform to use containers at scale. Microsoft is also seemingly giving customers multiple options in how they can use and manage containers in the Azure cloud. Choice for end users is always a good thing.To read this article in full or to leave a comment, please click here