Neverquest: A global threat targeting Financials

By: ASERT Research Team

On March 31st, Arbor’s Security Engineering & Response Team (ASERT) published a detailed threat brief on the Neverquest malware for Arbor customers. Along with thousands of IOC’s (indicators of compromise), the brief details Neverquest’s current inner workings and describes some reversing techniques ASERT uses to unravel and monitor this stealthy and quickly evolving malware. Applying this research at scale to malware and data acquired by our global ATLAS initiative allows us to develop targeted defenses and security context that enables customers to mitigate advanced threats and enhance their security posture over time [1].

This blog post provides excerpts from the Neverquest threat brief along with some new data that was not available at the time the brief was released to customers. In doing so, it also highlights the results of ASERT research activities that feed Arbor products.

Historical Threat Context and Prior Research

Originally, a malware family known as Ursniff was used to build newer malware called Gozi. After some success and a time of inactivity, Gozi was revitalized as Gozi Prinimalka, which has evolved into the modern Vawtrak/Neverquest (referred to as ‘Neverquest’ herein). Foundational threat analysis work has been performed for years on Continue reading

Bringing Enterprise Class Automation to Open Networking

Today Puppet Labs announced that Cumulus Networks has joined its Puppet Supported Program. We’re very excited about this and, if you’re implementing a software-defined data center, you should be excited too.

Is it finally possible to manage the data center instead of just managing stacks?

Because Cumulus Linux is Linux, our customers are able to use the same tools they know and love for managing Linux servers to manage their networks. The joint integration work we’ve done means it’s easier than ever for anyone that wants to automate their data center to extend their change management procedures across both servers and switches, unifying data center and network infrastructure under a single dashboard.

Beyond the streamlining of management consoles, this integration brings a host of business benefits to any organization. For example:

  • Businesses can more quickly deploy applications with integrated, end-to-end application deployment from provisioning the VM to the full-stack (see the diagram below)
  • Unified management and automation significantly reduces human error, meaning more uptime for services and applications
  • Support for multiple Puppet masters across dev, test and production assures full visibility of change management
  • Integration gives networking teams the ability to contribute to the Puppet code that manages infrastructure configuration

Continue reading

Facebook still king of social media among teens

The findings of a new survey debunks theories that Facebook is losing its “cool factor” among teenagers.Facebook is the most popular social network among teens, according to the results of the survey published Wednesday night by the Pew Research Center. The researchers found that 71 percent of all teens use it. And 41 percent of teens said they use Facebook the most often compared to other sites.The findings are a victory for Facebook, which has had to address claims in recent years that its site is losing popularity among teens. In 2013, Facebook’s chief financial officer admitted to a decline in the number of daily users among U.S. teens.To read this article in full or to leave a comment, please click here

Scaling out PostgreSQL for CloudFlare Analytics using CitusDB

When I joined CloudFlare about 18 months ago, we had just started to build out our new Data Platform. At that point, the log processing and analytics pipeline built in the early days of the company had reached its limits. This was due to the rapidly increasing log volume from our Edge Platform where we’ve had to deal with traffic growth in excess of 400% annually.

alt

Our log processing pipeline started out like most everybody else’s: compressed log files shipped to a central location for aggregation by a motley collection of Perl scripts and C++ programs with a single PostgreSQL instance to store the aggregated data. Since then, CloudFlare has grown to serve millions of requests per second for millions of sites. Apart from the hundreds of terabytes of log data that has to be aggregated every day, we also face some unique challenges in providing detailed analytics for each of the millions of sites on CloudFlare.

For the next iteration of our Customer Analytics application, we wanted to get something up and running quickly, try out Kafka, write the aggregation application in Go, and see what could be done to scale out our trusty go-to database, PostgreSQL, from a Continue reading

Cloud computing brings changes for IT security workers

Watch out, computer security professionals: Cloud computing vendors are coming for your jobs.It may be inevitable, or you may be able to take back control by rigorously studying how your organization uses technology. But either way, life is changing for IT security experts.Companies like Google and Amazon have figured out configuration management while enterprises avoid the process, said Marcus Ranum, chief security officer of Tenable.“That’s the reason why Amazon is going to have your jobs in 10 years. We are failing as an industry,” said Ranum, who spoke Wednesday at a meeting of the Information Systems Security Association, New England chapter.To read this article in full or to leave a comment, please click here

In a mock cyberattack, Deloitte teaches the whole business how to respond

A security breach or big data loss can trigger an emergency for the entire business, not just for the IT or security teams, so staffers from multiple departments must know how to react quickly and effectively in such situations.This was one of the main lessons taught in a cyber incident war-gaming exercise held for the media on Tuesday in New York by consulting firm Deloitte.Deloitte typically conducts such exercises on behalf of large organizations that want to prepare for when they are hit by a major computer breach. In Tuesday’s event, the participants were executives from various companies, many of whom had participated in such an exercise before.To read this article in full or to leave a comment, please click here

Reminder: Solarized for Better Terminals

I have used the “Solarized” colour scheme on my Mac for several years. This is:

… a sixteen color palette…designed for use with terminal and gui applications

If you spend a lot of time using the Terminal, this makes a huge difference. It gives me the right combination of colours to make sure everything is readable, and reduces eye-strain.

I’ve used it for so long that I’ve forgotten about it. It’s become “normal” for me.

PuTTY Defaults == Unusable

Recently I’ve been forced to use PuTTY on Windows. I’d forgotten how terrible the default colour scheme is, particularly when you’re using VIM, or doing an “ls” on a RHEL system. Check this screenshot:

putty_default

The default LS_COLORS on a RHEL system, using PuTTY defaults, will displays directories in dark blue on a black background. Hopeless. I can’t read those directory names.

Solarized to the rescue

I downloaded the “Solarized Dark” registry file from here. Double-click that to merge the registry settings. You’ll then see a new PuTTY Saved session “Solarized Dark”:

putty_sessions

Load that session. Save it as the Default Settings if you like. Add any other settings you need – e.g. username, SSH key. Add the hostname/IP, and connect. Now see how Continue reading

HP Moonshot – Stuff I Wish I’d Known

Yeah, it looks just like this.
I've been working with HP Moonshot for some months now. It's a neat box with a lot of interesting features. There are plenty of press releases and (possibly paid-for) "reviews" available out there, but not much frank commentary from actual end users, and that's disappointing.

What is it?
Briefly, Moonshot is a miniature blade enclosure. I'm sure there are marketing folks who would like me to use different terminology, but it boils down to servers, Ethernet switches and power all rolled into one box.

There are some key differentiators between this enclosure and some of its larger cousins:

Low Power - The whole package is tuned for high density and low power. There are no monstrously fast multi-socket servers available, but the density is amazing. With 8 cores per node and 180 nodes per chassis we're talking about 300+ cores per rack unit!

Less Redundancy - Unlike the C-class enclosures which sport redundant "Onboard Administrator" modules, Moonshot has a single "Chassis Manager". I do not view this as a problem for two reasons: First, Moonshot is mostly suited for massively horizontally scalable applications which should tolerate failure of a whole chassis. Second, failure of Continue reading

Dell’s Venue 10 7000 vs Microsoft Surface 3: Same price, different appeal

The Venue 10 7000 from Dell and the Surface 3 from Microsoft share a few things in common: they will ship in a few weeks, are marketed as tablets that can be used as laptops, and start at $499. But they offer different advantages.To determine which one provides better value, buyers must decide whether they’ll use the device mostly as a tablet or as a laptop. Here’s how the products stack up on features.Screen size and resolutionThe Dell Venue 10 7000 has a slight edge on resolution, while the Surface 3 provides more screen size. Dell’s tablet has a 10.5-inch screen that can display images at a 2560 x 1600-pixel resolution, while the Surface 3 has a 10.8-inch screen with a 1920 x 1280-pixel resolution. The Venue uses the emerging OLED technology, while the Surface 3’s more conventional screen is based on LCD technology.To read this article in full or to leave a comment, please click here

PQ Show 47 – VMKernel Bindings & iSCSI with Chris Wahl

Chris Wahl of WahlNetwork.com and co-author of Networking for VMware Administrators joins Ethan Banks for a discussion of when -- and when NOT -- to use VMkernel bindings when doing iSCSI plumbing between VMware hosts and storage arrays.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post PQ Show 47 – VMKernel Bindings & iSCSI with Chris Wahl appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Oracle bolsters Retail Cloud with new services

It’s been just over half a year since Oracle completed its US$5.3 billion acquisition of Micros, and on Wednesday the company added several new services to the retail-focused technologies it gained through that deal.Six new Oracle Retail cloud services, specifically, are now available by subscription, with the goal of helping retailers manage e-commerce, customer engagement, order management, order fulfillment, loss prevention and brand compliance.Oracle’s new Retail Brand Compliance Management cloud service, for instance, automates many of the operations required to grow and improve private-label merchandising operations. Retailers can use it to plan, track and manage merchandising activities, drop shipping and supplier relationships.To read this article in full or to leave a comment, please click here

Flaw in WordPress caching plug-in could affect over 1 million sites

A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.WordPress websites are a popular target for hackers and many of them are compromised due to plug-in vulnerabilities. Just on Tuesday, the FBI warned that attackers sympathetic to the extremist group ISIS -- also known as ISIL -- have defaced many websites by exploiting known vulnerabilities in WordPress plug-ins.The persistent cross-site scripting (XSS) flaw in WP Super Cache can be exploited by sending a specifically crafted query to a WordPress website with the plug-in installed, according to Marc-Alexandre Montpas, a senior vulnerability researcher at Web security firm Sucuri.To read this article in full or to leave a comment, please click here

Seven new hardware technologies for Windows 10 PCs

The arrival of Windows 10 later this year could usher in more convenient, fun and wire-free PC computing.Some new features that make for easier hardware handling are already available, but not yet in Windows PCs, which still make up the vast majority of desktop and laptop machines. For example, Apple's MacBook and Google's Chromebook Pixel have set the stage for USB Type C ports and its associated reversible cables to be used in Windows PCs later this year. Meanwhile, the new Windows Hello feature -- which will allow users to unlock a Windows 10 device by recognizing a face, iris or fingerprint -- could bring 3D cameras and more sensors to PCs.To read this article in full or to leave a comment, please click here

Microsoft creates a container for Windows

Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system.“We’re finding that interest in containers is very high,” said Mike Schutz, who runs cloud platform product marketing for Microsoft. Twenty percent of Azure users deploy Linux and a significant number of those users run Docker containers, he said.The Windows Server Container can be used to package an application so it can be easily moved across different servers. It uses a similar approach to Docker’s, in that all the containers running on a single server all share the same operating system kernel, making them smaller and more responsive than standard virtual machines.To read this article in full or to leave a comment, please click here

Intel courts China’s hardware startups to popularize its mobile, IoT chips

Erwin Liu is the CEO of a fledgling Chinese startup, and he’s been the happy recipient of free chips from Intel.“Whenever I went to Intel’s offices, they would always give us some free samples,” he said.Liu’s company, CEIN Biotechnology, which develops finger vein scanners, is just one among the many Chinese tech startups Intel is courting.In the battle for chip supremacy, the U.S. tech giant has been trying to dig deep into China’s hardware industry, and ensure that not just big vendors use its technology, but small emerging players too.On Wednesday, Intel held its annual developers conference in Shenzhen, China, at a time when rival ARM-based chips from Qualcomm and MediaTek have been all the rage.To read this article in full or to leave a comment, please click here

Network Zen: You Cant Change The Fact But You Might Change The Perception

  The mendicant was perplexed. This wasn’t unusual and, truth be told, the mendicant often didn’t understand everything and lived in a constant state of perplexedness. But this time, he was sure of the facts and knew that something was not right. He sighed and went to find the the Master. The Master was communing […]


The post Network Zen: You Cant Change The Fact But You Might Change The Perception appeared first on EtherealMind.

1 3,561 3,562 3,563 3,564 3,565 3,856