MikroTik and Ubiquity routers being Hijacked by Dyre Malware?

 

[adrotate banner=”4″]

 

Came across several interesting articles that claim there is a change in the way Dyre aka Upatre malware is spreading. Dyre seems to be getting a lot of press as it is used in browser hijacks to compromise online banking credentials and other sensitive private data. However, most recently – instead of infecting hosts, it appears to be compromising routers as well.  Blogger krebsonsecurity.com writes:

Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS.

As I first started researching this, I was wondering how they determined the router itself is compromised and not a host that sits on a NAT behind the router. Certainly different devices leave telltale signs visible in an IP packet capture that help point towards the true origin of a packet, so it’s possible that something was discovered in that way. It’s also possible the router isn’t being compromised via the Internet, but rather on the LAN side as it would be much easier for malware to scan the private subnet it sits on and attempt to use well known Continue reading

Second Flash Player zero-day exploit found in Hacking Team’s data

The huge cache of files recently leaked from Italian surveillance software maker Hacking Team is the gift that keeps on giving for attackers. Researchers sifting through the data found a new exploit for a previously unknown vulnerability in Adobe’s Flash Player.This is the second Flash Player zero-day exploit discovered among the files and the third overall—researchers also found a zero-day exploit for a vulnerability in Windows.A zero-day exploit is a previously unknown vulnerability for which a patch does not exist.To read this article in full or to leave a comment, please click here

VMware NSX 101 – Components

Today I want to explain the basic components and the set-up of VMware NSX. In this case I’m referring to NSX for vSphere or NSX-V for short. I want to explain what components are involved, how you set them up for an initial deployment and what the requirements are.

Versioning

At time of this writing the latest release is NSX 6.1.4. This version added support for vSphere 6, although you cannot use any vSphere 6 feature in this release, there is support for the platform itself only.

vSphere

The first step is of course deploy your ESXi vSphere cluster with ESXi 5.5 or 6.0 with vCenter 5.5 or 6.0. I recommend using the vCenter Server Appliance (VCSA) instead of the Windows version. You will also need a Windows VM where the vSphere Update Manager is installed, this is not available as virtual appliance, only as Windows application. I also highly recommend installing an Active Directory server to manage all of your passwords. You will be installing a large amount of machines with all different usernames and possibly passwords. I recommend picking a very long and difficult one, as all VMware appliances seem to require Continue reading

Static routes

OpenContrail allows the user to specify a static route with a next-hop of an instance interface. The route is advertised within the virtual-network that the interface is associated with. This script can be used to manipulate the static routes configured on an interface.

I wrote it in order to setup a cluster in which overlay networks are used hierarchically. The bare-metal nodes are running OpenStack using OpenContrail as the neutron plugin; a set of OpenStack VMs are running a second overlay network using OpenContrail which kubernetes as the compute scheduler.

In order to provide external access for the kubernetes cluster, one of the kubernetes node VMs was configured as an OpenContrail software gateway.

This is easily achievable by editing /etc/contrail/contrail-vrouter-agent.conf to include the following snippet:

# Name of the routing_instance for which the gateway is being configured
routing_instance=default-domain:default-project:Public:Public

# Gateway interface name
interface=vgw

# Virtual network ip blocks for which gateway service is required. Each IP
# block is represented as ip/prefix. Multiple IP blocks are represented by
# separating each with a space
ip_blocks=10.1.4.0/24

The vow interface can then be created via the following sequence of shell commands:

ip link add vgw type vhost
ip  Continue reading

Citizens of Tech 010 – Vinyl Glacier Robot Earthquakes

On today’s show recorded July 8th, 2015, we cover news from Amazon, review a cheap IP surveillance camera, dive deep on retina displays and how your eyeballs work, and do not discover extraterrestrial life. Also, robots duel, and glaciers cause earthquakes. Among other things!

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Citizens of Tech 010 – Vinyl Glacier Robot Earthquakes appeared first on Packet Pushers Podcast and was written by Ethan Banks.

The grim reaper approaches for Windows Server 2003

Microsoft’s Windows Server 2003 has its Windows XP moment coming very soon, and that’s bad news for IT leaders who have been dragging their feet.The company will end extended support for the 12-year-old operating system on July 14. That will leave users without security patches and other updates for any applications still running on the OS, which went out to manufacturers just weeks after the start of the second Iraq war. Microsoft says there were almost 24 million instances of Windows Server 2003 running in July 2014, though it hasn’t released more recent numbers as the end-of-support date has loomed.According to Mike Schutz, Microsoft’s general manager of cloud platform marketing, the good news is that most of the customers Microsoft has spoken with have moved “the vast percentage” of their server workloads off Windows Server 2003. But that still means that there are holdouts who will be left to protect their own servers as Microsoft cuts off security improvements.To read this article in full or to leave a comment, please click here

Reddit chief Ellen Pao resigns amid vitriol, protests

Ellen Pao is resigning as Reddit’s interim chief executive after a week of tumult on the online message board with many users calling for her ouster.Pao is resigning under a mutual agreement with Reddit’s board, the company announced. She will be succeeded by Steve Huffman , Reddit’s co-founder and original chief executive, who will work alongside Reddit co-founder Alexis Ohanian.Pao leaves the company after a storm of furor from users after Reddit’s termination of Victoria Taylor, a key employee who helped facilitate Reddit’s popular Ask Me Anything sessions.To read this article in full or to leave a comment, please click here

Plexxi Pulse – Bimodal IT: The future of network disruption?

Gartner refers to bimodal IT as “having two modes of IT, each designed to develop and deliver information- and technology-intensive services in its own way.”

If this week’s top articles are any indication, it’s certainly a topic that is at forefront everyone’s minds. We’ve especially been enjoying Kurt Marko’s series for Forbes. For some, bimodal is just another buzzword, but for others, it presents an entirely new way of approaching IT. It disrupts legacy IT, offering groundbreaking tactics for testing and rolling-out new technologies. No other area of IT needs this more than the network. As we’ve frequently discussed, storage and compute have evolved rapidly over the last decade, but networking has remained unchanged – despite huge shifts in the way we manage and move information. The articles below are certainly a good start to a lengthy discussion. Enjoy!

 

Forbes: Bimodal IT Doesn’t Mean Bipolar Organizations: The Path to IT Transformation

By Kurt Marko

Never underestimate a buzzword’s power to frame the discussion. As I recently discussed, the term bimodal IT has captured the imagination and polemical energy of technology commentators and like many IT discussions in the age of 140-character commentary, it often degenerates into polarized, all-or-nothing Continue reading

OPM director resigns after unprecedented data breach

The director of the U.S. Office of Personnel Management resigned on Friday, a day after her agency announced hackers had stolen information on 21.5 million current, former and prospective government employees and their families.Katherine Archuleta said she had informed President Barack Obama of her plans to step down, and he had accepted her resignation.“I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work,” she said in an email to employees.Archuleta had been at the agency for less than two years, joining in November 2013 at about the time the agency began an upgrade of its cyberdefenses. It was as part of that upgrade that it discovered two separate ongoing breaches that, investigators concluded, were unprecedented in their size and seriousness.To read this article in full or to leave a comment, please click here

OPM director resigns after unprecedented data breach

The director of the U.S. Office of Personnel Management resigned on Friday, a day after her agency announced hackers had stolen information on 21.5 million current, former and prospective government employees and their families.Katherine Archuleta said she had informed President Barack Obama of her plans to step down, and he had accepted her resignation.“I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work,” she said in an email to employees.Archuleta had been at the agency for less than two years, joining in November 2013 at about the time the agency began an upgrade of its cyberdefenses. It was as part of that upgrade that it discovered two separate ongoing breaches that, investigators concluded, were unprecedented in their size and seriousness.To read this article in full or to leave a comment, please click here

Show 245 – What Makes Citrix Netscaler Different? – Sponsored

What features does the Netscaler platform have that make it unique? This isn’t just a bunch of fluffy marketing points. Rather, we opted to focus on some of the nuts and bolts of how NetScaler handles more interesting things like L7 packet manipulation, policy declaration, the use of promise theory, IPFIX extensions, that sort of thing.

The post Show 245 – What Makes Citrix Netscaler Different? – Sponsored appeared first on Packet Pushers.

Show 245 – What Makes Citrix Netscaler Different? – Sponsored

What features does the Netscaler platform have that make it unique? This isn’t just a bunch of fluffy marketing points. Rather, we opted to focus on some of the nuts and bolts of how NetScaler handles more interesting things like L7 packet manipulation, policy declaration, the use of promise theory, IPFIX extensions, that sort of thing.

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 245 – What Makes Citrix Netscaler Different? – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Internet voting not ready yet, but can be made more secure

A push to allow Internet voting in elections is growing stronger along with advances in the underlying technology, but systems are not yet secure enough to use with relative certainty that the vote counts will be accurate, according to a new report. Still, while "no existing system guarantees voter privacy or the correct election outcomes," election officials could take several steps to significantly improve the security and transparency of Internet voting systems, said the report, commissioned by the U.S. Vote Foundation, an organization that helps U.S. residents vote. + A LOOK BACK: Voting groups release guidelines for e-voting checks +To read this article in full or to leave a comment, please click here

VMware patches vulnerabilities in Workstation, Player, Fusion and Horizon View Client

VMware released patches for serious vulnerabilities in several of its products that could lead to arbitrary code execution, privilege escalation on the host OS and denial of service.VMware Workstation and Horizon View Client for the Windows platform had multiple memory manipulation issues that could allow a guest to execute code on the host OS or to trigger a denial-of-service condition. Workstation, Player, and Fusion also had a flaw that could enable a denial-of-service attack against the guest or host operating systems.To address the code execution issue, VMware released Workstation 11.1.1 and 10.0.6; VMware Player 7.1.1 and 6.0.6; and Horizon Client for Windows 3.4.0, 3.2.1 and 5.4.2 (with local mode). The company also fixed the separate denial-of-service issue in VMware Workstation 10.0.5 and VMware Player 6.0.6 for all platforms and Fusion 7.0.1 and 6.0.6 for OS X.To read this article in full or to leave a comment, please click here