0

The MITRE ATT&CK framework explained: Discerning a threat actor’s mindset

This is part 2 of the blog series on the MITRE ATT&CK framework for container security, where I explain and discuss the MITRE ATT&CK framework. For those who are not familiar with what the MITRE framework is, I encourage you to read part 1.

In my previous blog post, I explained the first four stages of the MITRE ATT&CK framework and the tactics used by adversaries to gain a foothold in the network or the environment within a containerized application. What happens next?

Imagine a military battalion trying to invade its enemy’s territory. What would a soldier do once they’ve infiltrated the opposition? They would take cover and wait for the right opportunity to attack. Similarly, in cyber crime, an attacker will take time to make sure they evade any type of defense that has been put in place. This is the fifth stage in the MITRE ATT&CK framework. In this article, I will explore this fifth stage, along with stages six through nine, and look at how Calico can help mitigate the attack techniques used in these stages.

Delivery and exploitation tactics

Defense evasion

Many security solutions offer Continue reading

0

How Digital Transformation Is Eroding NetOps Visibility And Control

The following post is by Jeremy Rossbach, Chief Technical Evangelist, Broadcom. We thank Broadcom for being a sponsor. When it comes to cloud adoption, hybrid approaches are the reality for the vast majority of large organizations today. While some may solely be running workloads in a legacy on-premises data center and others may run 100% […]

The post How Digital Transformation Is Eroding NetOps Visibility And Control appeared first on Packet Pushers.

0

Joining lines of text on Linux

There are number of ways to join multiple lines of text and change delimiters if needed. This article shows two of the easier ways to do this and explains the commands.Using the tr command The tr command is quite versatile. It’s used to make many types of changes to text files, but it can also flatten multiple lines into one by replacing newline characters with blanks. It does, however, remove the final newline as well. Note the $ prompt at the end of the second line. That's a clue!$ tr '\n' ' ' < testfile This is a file that I can use for testing. $ $ tr '\n' ' ' < testfile > newfile To fix this problem, you can add a newline to the end of the file with an echo command like this:To read this article in full, please click here

0

Joining lines of text on Linux

There are number of ways to join multiple lines of text and change delimiters if needed. This article shows two of the easier ways to do this and explains the commands.Using the tr command The tr command is quite versatile. It’s used to make many types of changes to text files, but it can also flatten multiple lines into one by replacing newline characters with blanks. It does, however, remove the final newline as well. Note the $ prompt at the end of the second line. That's a clue!$ tr '\n' ' ' < testfile This is a file that I can use for testing. $ $ tr '\n' ' ' < testfile > newfile To fix this problem, you can add a newline to the end of the file with an echo command like this:To read this article in full, please click here

0

VMware ESXi server ransomware evolves, after recovery script released

After the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware’s ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here

0

VMware ESXi server ransomware evolves, after recovery script released

After the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware’s ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here

0

VMware ESXi server ransomware evolves, after recovery script released

After the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware’s ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here

0

Hybrid Cloud Should Benefit You, Not Bezos

We have always been convinced, and remain so, that there is no way that the largest organizations in the world will move their computing to one of the big cloud builders. …

Hybrid Cloud Should Benefit You, Not Bezos was written by Timothy Prickett Morgan at The Next Platform.

0

Project Escalation Is Good! How To Identify Stakeholders And Escalate Well

When tackling technical projects, every organization needs a system to make decisions, resolve conflicts, and chart alternative paths when plans go awry. Effective escalation is key, but the prospect of escalation can make engineers anxious. We need to reframe our view of escalation as a tool to help move a project forward.

The post Project Escalation Is Good! How To Identify Stakeholders And Escalate Well appeared first on Packet Pushers.

0

A Deep Dive into the Recent Microsoft Cloud Services Outage

Configuration changes and DNS issues have been the source of multiple major outages over the last two years. And everyone knows there will be more to come.

0

Stage Manager is Incomplete

I’ve been using macOS Stage Manager off and on for a little while now. In Stage Manager, I can see the beginnings of what might be a very useful paradigm for desktop computing. Unfortunately, in its current incarnation, I believe Stage Manager is incomplete.

Note that I haven’t yet tried Stage Manager on my iPad; my comments here apply only to the macOS implementation.

For those of you who haven’t yet tried Stage Manager yet, here’s a screenshot of my desktop, taken while I was writing this blog post:

I’ll draw your attention to the list of “recently used applications” on the left side of the screen. That’s the “Cast” (a term used by Howard Oakley in his great introductory article on Stage Manager). As you can see in this screenshot, the Cast supports application groups—like having Slack and Mail grouped together—as well as single applications. This allows you to easily switch between groups of applications simply by clicking on the preview in the Cast (which, using Howard’s terminology, moves the application or applications to the Stage).

This is the glimmer of a useful paradigm that I see in Stage Manager: being able to assemble groups of applications that Continue reading

0

Bringing faster updates to Ansible Automation Platform

In today’s fast moving world, schedule driven, incremental releases may not be what customers are looking for. After gathering input from both external and internal customers, there is a definite appetite for more content driven releases.

Rather than waiting weeks to get official builds with a bug fix (schedule driven), most would like to have those builds made available within days after the code has been tested and merged (content driven). Beginning with Red Hat Ansible Automation Platform 2.3, this new release mechanism will be the norm. This blog will explain what it means for you and your processes.

 

What is Ansible Automation Platform?

From a business perspective, Ansible Automation Platform is the solution Red Hat offers its customers to reach and unleash the full potential of strategic automation.

From a technical perspective, Ansible Automation Platform is an umbrella of many components that provide automation capabilities. Some of these well known components include automation controller, Ansible automation hub, ansible-runner and ansible-core, which also have underlying dependencies.

A parallel can be easily drawn with Red Hat Enterprise Linux, which is the sum of all its components’ capabilities to run a battle tested operating system, just like Ansible Continue reading

0

Tanzu Service Mesh Security Enhancements using Confidential Computing

Performance and Security Optimizations on Intel Xeon Scalable Processors with Intel SGX – Part 3

Contributors

Andrew Babakian — VMware

Saidulu Aldas, Ramesh Masavarapu, Sakari Poussa, Tarun Viswanathan —  Intel

Introduction

Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience for building distributed workloads. The focus is on improving the performance of crypto accelerations and making workloads more secure.

The Service Mesh architecture pattern solves many problems, which are well-known and extensively documented, and will not be central to this discussion. However, the focal point of this blog series will include the architectural challenges of Service Mesh in the following top focus areas:

1. Performance
2. Security

In Part 1 of this series, we looked at how Tanzu Service Mesh uses eBPF to achieve network acceleration. In Part 2, we showcased how Intel and VMware collaborated to accelerate Tanzu Service Mesh crypto use cases and improve the performance of asymmetric crypto operations.

In this Part 3 blog series, we will discuss one security challenge (concerning the service mesh private key protection mechanism) and our solution.

In the current Continue reading

0

Real-Life Not-Exactly-Networking AI Use Case

I get several emails every week¹ from people I never heard of telling me what a wonderful job they could do writing guest blog posts on a range of topics of interest to my audience.

I’m positive you must be pretty intelligent to be a successful scammer, so I’m sure the good ones are using ChatGPT to generate the “unique” content they’re promising. I felt it was high time to return the favor.

0

Real-Life Not-Exactly-Networking AI Use Case

I get several emails every week¹ from people I never heard of telling me what a wonderful job they could do writing guest blog posts on a range of topics of interest to my audience.

I’m positive you must be pretty intelligent to be a successful scammer, so I’m sure the good ones are using ChatGPT to generate the “unique” content they’re promising. I felt it was high time to return the favor.

0

Installing the Prerelease Pulumi Provider for Talos

Normally, installing a Pulumi provider is pretty easy; you run pulumi up and the provider gets installed automatically. Worst case scenario, you can install the provider using pulumi plugin install. However, when dealing with prerelease providers, sometimes things have to be done manually. Such is the case with the prerelease Pulumi provider for Talos Linux. In this post, I’ll show you what the manual process looks like for installing a prerelease provider.

The GitHub repository for the prerelease Pulumi provider for Talos can be found here. As of this writing, the latest release was v0.1.0-beta.0. Currently, the prerelease provider for Talos Linux can’t be installed automatically when running pulumi up, and pulumi plugin install doesn’t work either.

The manual process for installing this provider looks like this:

1. Download the latest release of the Talos provider from the GitHub Releases page. This will download a tarred and gzipped archive.
2. The plugin files need to go into a specific subdirectory under ~/.pulumi/plugins. Navigate to that directory, and create a subdirectory whose name corresponds to the version of the Talos provider. For example, if the version downloaded is v0.1.0-beta.0, then the name of the new Continue reading

0

Learning to use Python classes

This tutorial demonstrates object-oriented programming and Python classes.

I think that most people learn best when working on a practical project, so I will show readers how to build a simple program that they can share with their friends and family. While building the program, I demonstrate the types of problems solved by using Python classes and I use Python classes to build and manage multiple game elements.

NOTE: I realize this is off-topic for my blog. I used the Pyxel game framework as an tool to introduce Python programming to my child. After using Pyxel to build a game, I thought that it provided a good example of using Python classes in an easy-to-understand way.

I assume the reader has already learned the basics of Python programming.

Python Classes

A Python class is a type of Python object used in object-oriented programming. Programmers create new objects by instantiating, or calling, classes. They may then use or modify those instances’ attributes in their programs.

Each instance of a class is a unique object that may contain variables, called data attributes, and functions, called methods.

Each class also contains an initialization function, called a constructor, that runs when a new Continue reading

0

Fortinet Announces A New System on Chip (SoC) For Its Firewall Appliances

Fortinet has announced new chip hardware, the SP5, to power FortiGate firewall appliances for entry-level and medium-size customers that need firewalls at campus, branch, and edge locations. Fortinet is positioning this chip as a high-performance, energy-efficient option compared to security devices using off-the-shelf CPUs. Fortinet has long developed its own ASICs and has three hardware […]

The post Fortinet Announces A New System on Chip (SoC) For Its Firewall Appliances appeared first on Packet Pushers.

0

Day Two Cloud 181: Implementing Patterns And Practices For Infrastructure as Code

On today's Day Two Cloud podcast we talk about Infrastructure as Code (IaC) and software practices you might want to put in place for the parts of your team who know what they're doing with infrastructure but may not be familiar with developer practices that can help make code more reliable and operational processes more repeatable. Our guest is author Rosemary Wang.

0

Day Two Cloud 181: Implementing Patterns And Practices For Infrastructure as Code

On today's Day Two Cloud podcast we talk about Infrastructure as Code (IaC) and software practices you might want to put in place for the parts of your team who know what they're doing with infrastructure but may not be familiar with developer practices that can help make code more reliable and operational processes more repeatable. Our guest is author Rosemary Wang.

The post Day Two Cloud 181: Implementing Patterns And Practices For Infrastructure as Code appeared first on Packet Pushers.