New Satana ransomware encrypts user files and master boot record

Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here

New Satana ransomware encrypts user files and master boot record

Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here

Firmware exploit can defeat new Windows security features on Lenovo ThinkPads

A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here

Firmware exploit can defeat new Windows security features on Lenovo ThinkPads

A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here

Apple patents a smartphone camera kill switch

The advent of high-resolution video recording in smartphones has been a boon for fans looking for concert footage on YouTube, but the bands aren't so keen on their concerts appearing for free online before the show even ends.Of course, it also sucks to be at a concert and have your view blocked by the dozens of smartphones being held up to take pictures and video.So it seems Apple, which has been trying to cozy up to the music industry, has come up with a fix that sounds good on paper but has potential for misuse. It has been granted a patent, first filed in 2011 and refiled in 2014, that allows the iPhone camera to detect an infrared signal that will give instructions or information to the camera.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cybersecurity: Stop the attacker’s offense, don’t do defense

Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cybersecurity: Stop the attacker’s offense, don’t do defense

Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here

Use Apache Spark? This tool can help you tap machine learning

Finding insight in oceans of data is one of enterprises' most pressing challenges, and increasingly AI is being brought in to help. Now, a new tool for Apache Spark aims to put machine learning within closer reach.Announced on Friday, Sparkling Water 2.0 is a major new update from H2O.ai that's designed to make it easier for companies using Spark to bring machine-learning algorithms into their analyses. It's essentially an API (application programming interface) that lets Spark users tap H2O's open-source artificial-intelligence platform instead of -- or alongside -- the algorithms included in Spark's own MLlib machine-learning library.To read this article in full or to leave a comment, please click here

Cato Networks offers a new model for network security as a service  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today. With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here

Cato Networks offers a new model for network security as a service  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today. With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here

DARPA unified space-sensor networks help keep orbiting junk from slamming into something important

DARPA recently said that it had finished integrating seven space-watching networks that will feed tons of new Earth-orbiting junk data into what the agency calls “the largest and most diverse network of space situational awareness networks ever assembled.”+More on Network World: NASA’s hot Juno Jupiter mission+DARPA’s OrbitOutlook (O2) program brings seven previously separate new space sensor networks together that could ultimately feed into the United States Space Surveillance Network (SSN), a worldwide network of 29 military radar and optical telescopes operated by the Air Force as well as NASA, the FAA and other entities that could use the information.To read this article in full or to leave a comment, please click here

DARPA unified space-sensor networks help keep orbiting junk from slamming into something important

DARPA recently said that it had finished integrating seven space-watching networks that will feed tons of new Earth-orbiting junk data into what the agency calls “the largest and most diverse network of space situational awareness networks ever assembled.”+More on Network World: NASA’s hot Juno Jupiter mission+DARPA’s OrbitOutlook (O2) program brings seven previously separate new space sensor networks together that could ultimately feed into the United States Space Surveillance Network (SSN), a worldwide network of 29 military radar and optical telescopes operated by the Air Force as well as NASA, the FAA and other entities that could use the information.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For July 1st, 2016

Hey, it's HighScalability time:


If you can't explain it with Legos then you don't really understand it.

 

If you like this sort of Stuff then please support me on Patreon.

  • 700 trillion: more pixels in Google's Satellite Map; 9,000km: length of new undersea internet cable from Oregon to Japan; 60 terabits per second: that undersea internet cable again; 12%: global average connection speed increase; 76%: WeChat users who spend more than 100RMB ($15) per month; 5 liters: per day pay in beer for Pyramid workers;  680: number of rubber bands it takes to explode a watermelon; 1,000: new Amazon services this year; $15 billion: amount Uber has raised; 7 million: # of feather on on each bird in Piper; 5.8 million: square-feet in Tesla Gigafactory; 2x: full-duplex chip could double phone-network data capacity; 

  • Quotable Quotes:
    • @hyc_symas: A shame everyone is implementing on top of HTTP today. Contemporary "protocol design" is a sick joke.
    • @f3ew: Wehkamp lost dev and accept environments 5 days before launch. Shit happens.  48 hours to recovery. #devopsdays
    • Greg Linden: Ultimately, [serverless computing] this is a good thing, making compute more efficient by allowing more overlapping workloads Continue reading

Scrutiny of Google’s tax liabilities intensifies with Spanish raid

Spain has joined the scrum of tax authorities examining Google's accounts to see if the company has paid all that it should.A team of 35 inspectors from Agencia Tributaria, the Spanish tax authority, raided Google offices on two sites in Madrid on Thursday, according to Spanish newspaper El País. The authority requested court approval for the raid on Tuesday, the report said.They were investigating the tax liabilities of Google's subsidiaries in Spain and Ireland, through which the company channels much of its European revenue.+ ALSO  ON NETWORK WORLD Is Google pushing the cloud envelope too far? +To read this article in full or to leave a comment, please click here

Hillary Clinton’s tech agenda draws cheers from IT industry

Leading tech groups hailed the release of Hillary Clinton's agenda for promoting technology and innovation, praising the presumptive Democratic presidential nominee's focus on issues like cybersecurity and her acknowledgement that the industry is vital to the nation's economic prosperity.[ Related: Obama, Zuckerberg push better broadband, innovative startups ]Clinton's "initiative on technology and innovation" comes as the most detailed elucidation of a technology platform from a major presidential candidate this election season, a multi-pronged plan that touches on issues like promoting science and technical education, building out broadband infrastructure and defending net neutrality.To read this article in full or to leave a comment, please click here

Study reveals security gap in big data projects

Ideally, the ultimate output of big-data analysis can provide a company with a valuable competitive advantage. But those results aren’t getting much additional security, according to an IDG Enterprise study of big-data initiatives.To read this article in full or to leave a comment, please click here(Insider Story)

Big Brother is listening as well as watching

In a world of ubiquitous security cameras, most people know by now that some form of Big Brother – government or private – is watching them. But they are less likely to know that in some areas, he is also listening.While it is not yet widespread, audio surveillance is increasingly being used on parts of urban mass transit systems.That is the bad news, in the view of privacy advocates. But the good news is that public awareness can, at least in some cases, curtail it.This past week, following revelations that New Jersey Transit didn’t have policies governing storage and who had access to data from audio surveillance on some of its light-rail trains, the agency ended the program.To read this article in full or to leave a comment, please click here