0

Trend data on the SolarWinds Orion compromise

On Sunday, December 13, FireEye released a report on a sophisticated supply chain attack leveraging SolarWinds' Orion IT monitoring software. The malware was distributed as part of regular updates to Orion and had a valid digital signature.

One of the notable features of the malware is the way it hides its network traffic using a multi-staged approach. First, the malware determines its command and control (C2) server using a domain generation algorithm (DGA) to construct and resolve a subdomain of avsvmcloud[.]com.

These algorithmically generated strings are added as a subdomain of one of the following domain names to create a new fully-qualified domain name to resolve:

.appsync-api[.]eu-west-1[.]avsvmcloud[.]com
.appsync-api[.]us-west-2[.]avsvmcloud[.]com
.appsync-api[.]us-east-1[.]avsvmcloud[.]com
.appsync-api[.]us-east-2[.]avsvmcloud[.]com

An example of such a domain name might look like: hig4gcdkgjkrt24v6isue7ax09nksd[.]appsync-api[.]eu-west-1[.]avsvmcloud[.]com

The DNS query response to a subdomain of one of the above will return a CNAME record that points to another C2 domain, which is used for data exfiltration. The following subdomains were identified as the C2 domains used for data exfiltration:

freescanonline[.]com
deftsecurity[.]com
thedoccloud[.]com
websitetheme[.]com
highdatabase[.]com
incomeupdate[.]com
databasegalore[.]com
panhardware[.]com
zupertech[.]com
virtualdataserver[.]com
Continue reading

0

Day Two Cloud 079: Kubernetes Is Inevitable But Not Always Necessary

There's a lot of hype and fanfare around Kubernetes, but on today's Day Two Cloud episode we'll cut through the hype with a guest who has enterprise experience with Kubernetes and containers--including the pain and problems. Those pains revolve around complexity, the ignorance of the Kubernetes platform, and the disconnect between the designers of Kubernetes and the people trying to use it now. Our guest is Eric Wright, Technology Evangelist at Turbonomic and host of the DiscoPosse podcast.

0

Day Two Cloud 079: Kubernetes Is Inevitable But Not Always Necessary

There's a lot of hype and fanfare around Kubernetes, but on today's Day Two Cloud episode we'll cut through the hype with a guest who has enterprise experience with Kubernetes and containers--including the pain and problems. Those pains revolve around complexity, the ignorance of the Kubernetes platform, and the disconnect between the designers of Kubernetes and the people trying to use it now. Our guest is Eric Wright, Technology Evangelist at Turbonomic and host of the DiscoPosse podcast.

The post Day Two Cloud 079: Kubernetes Is Inevitable But Not Always Necessary appeared first on Packet Pushers.

0

Ode to Networking 0x00000011 – Did it Once

We’ve all done it once The old buggers say Powered down the data centre  by accident one day Today its a lot harder to do because people like me  have all done it once Now no one does it just once And no one remembers  Why the power system  Is done that way

0

EU Internet Society Chapters Call on European Commission to Follow the Path of Strong Encryption. Here’s Why You Should Too.

Internet Society Chapters in Europe are warning the European Commission that its recent plea for Member States to help find ways to access encrypted communications could make millions of citizens and countries more vulnerable to harm and terrorism online.

Representing digital security experts who share the Internet Society’s mission for a bigger and stronger Internet, several EU chapters issued statements expressing concern about the danger of the Commission’s request for backdoor access to encrypted communications in its Counter Terrorism Agenda. It was announced the same week the European Medicines Agency was victim to a major data breach when cyber attackers unlawfully accessed sensitive documents about COVID-19 vaccines.

End-to-end encryption is crucial to the security of European citizens, its economy, and the national security of its Member States. It is our strongest digital security tool online because it keeps data and communications private between the sender and receiver. Even the European Commission relies on Signal, an end-to-end encrypted messaging app, to secure its communications.

A recent report signed by over 50 leading cybersecurity experts shows how there is no way to give law enforcement access to end-to-end encrypted communications without putting all users at risk.

Encryption backdoors are dangerous because Continue reading

0

Lenovo unveils hybrid-cloud management tools

Lenovo Data Center Group has released new storage and data-management tools designed to boost performance and improve monitoring and analytic capabilities across enterprise systems that span the edge, data center and cloud.The enhancements include a new all-flash storage array with end-to-end NVMe support, an updated cloud-based management platform, and a new fibre channel switch. READ MORE: HP Enterprise expands GreenLake to cover HPC systems Lenovo ThinkSystem DM5100F The new Lenovo ThinkSystem DM5100F is high-performance, low-latency, all-NVMe storage at an affordable price point, designed to enhance analytics and AI deployments while accelerating applications' access to data. It's capable of delivering up to 45% improved performance compared to prior models, according to Lenovo.To read this article in full, please click here

0

Lenovo unveils hybrid-cloud management tools

Lenovo Data Center Group has released new storage and data-management tools designed to boost performance and improve monitoring and analytic capabilities across enterprise systems that span the edge, data center and cloud.The enhancements include a new all-flash storage array with end-to-end NVMe support, an updated cloud-based management platform, and a new fibre channel switch. READ MORE: HP Enterprise expands GreenLake to cover HPC systems Lenovo ThinkSystem DM5100F The new Lenovo ThinkSystem DM5100F is high-performance, low-latency, all-NVMe storage at an affordable price point, designed to enhance analytics and AI deployments while accelerating applications' access to data. It's capable of delivering up to 45% improved performance compared to prior models, according to Lenovo.To read this article in full, please click here

0

Making LLDP Work with Linux Bridge

Last week I described how I configured PVLAN on a Linux bridge. After checking the desired partial connectivity with ios_ping I wanted to verify it with LLDP neighbors. Ansible ios_facts module collects LLDP neighbor information, and it should be really easy using those facts to check whether port isolation works as expected.

---
- name: Display LLDP neighbors on selected interface
  hosts: all
  gather_facts: true
  vars:
    target_interface: GigabitEthernet0/1
  tasks:
  - name: Display neighbors gathered with ios_facts
    debug:
      var: ansible_net_neighbors[target_interface]

Alas, none of the routers saw any neighbors on the target interface.

0

Making LLDP Work with Linux Bridge

Last week I described how I configured PVLAN on a Linux bridge. After checking the desired partial connectivity with ios_ping I wanted to verify it with LLDP neighbors. Ansible ios_facts module collects LLDP neighbor information, and it should be really easy using those facts to check whether port isolation works as expected.

---
- name: Display LLDP neighbors on selected interface
  hosts: all
  gather_facts: true
  vars:
    target_interface: GigabitEthernet0/1
  tasks:
  - name: Display neighbors gathered with ios_facts
    debug:
      var: ansible_net_neighbors[target_interface]

Alas, none of the routers saw any neighbors on the target interface.

0

3 Reasons to Invest in a Cloud Certification Program

Certification programs ensure your team has the required knowledge to work with the most advanced cloud technologies, close skills gaps, and reduce the need to shop for talent on the open market.

0

Opengear Cheat Sheet

How to do stuff and things with Opengear.

0

SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear

Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform.The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind’s Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others.To read this article in full, please click here

0

SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear

Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform.The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind’s Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others.To read this article in full, please click here

0

Supercharge CoreDNS with Cluster Addons

Infoblox sponsored this post. Sandeep Rajan Sandeep is a software engineer at Infoblox focussing on open source contributions to the Cloud Native Computing Foundation (CNCF) projects CoreDNS and Kubernetes. There has been an increasing demand from users to be able to manage the health, status, rollout, rollback, etc., of CoreDNS in a Kubernetes cluster; and not just rely on CoreDNS being managed by the cluster management tools. Since the use of Operators in Kubernetes is now generally accepted, the aim of the

0

Object-based Approach to Cisco ACI:

 A Guide to Understand the Logic Behind Application Centric Infrastructure 

This book will be soon available

Click "read more >>" to open the Table of Contents and see the About the Book section

Continue reading

0

The History of EARN, RARE, and European Networks (part 2)

European networks from the mid-1980’s to the late 2000’s underwent a lot of change, bolstered by the rise and fall of America Online, the laying of a lot of subsea cables, and the creation of several organizations, including EARN and RARE, to bolster the spread and use of the Internet. Daniele Bovio joins Donald Sharp and Russ White on this episode of the History of Networking to give us a good overall perspective of this history.

You can find more information about the history of EARN at https://earn-history.net.

download

0

Trojan in SolarWinds security has far-reaching impact

SolarWinds says a compromise of its widely used Orion network-monitoring platform endangers the networks of public and private organizations that use it and that the problem should be remediated right away.In a security advisory, SolarWinds said customers should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure their environment is safe. An additional hotfix release that both replaces the compromised component and provides several additional security enhancements is expected in the next day or two.The company’s managed services tools appear to be uncompromised, and the company said it isn’t aware of any similar issues with its non-Orion products, like RMM, N-Central, and SolarWinds MSP products.To read this article in full, please click here

0

Trojan in SolarWinds security has far-reaching impact

SolarWinds says a compromise of its widely used Orion network-monitoring platform endangers the networks of public and private organizations that use it and that the problem should be remediated right away.In a security advisory, SolarWinds said customers should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure their environment is safe. An additional hotfix release that both replaces the compromised component and provides several additional security enhancements is expected in the next day or two.The company’s managed services tools appear to be uncompromised, and the company said it isn’t aware of any similar issues with its non-Orion products, like RMM, N-Central, and SolarWinds MSP products.To read this article in full, please click here

0

Full Stack Journey 049: Kubernetes Backup And Data Protection With Open-Source Velero

Have you developed a backup/restore strategy for your Kubernetes clusters? In this Full Stack Journey episode, we discuss why Kubernetes operators should be planning for backup/restore functionality, and debunk some myths that say you don't need it in Kubernetes. We also dive into the open-source Velero project, a tool for backup/restore and data protection of Kubernetes cluster resources. Our guests are Carlisia Thompson and Nolan Brubaker.

0

Full Stack Journey 049: Kubernetes Backup And Data Protection With Open-Source Velero

Have you developed a backup/restore strategy for your Kubernetes clusters? In this Full Stack Journey episode, we discuss why Kubernetes operators should be planning for backup/restore functionality, and debunk some myths that say you don't need it in Kubernetes. We also dive into the open-source Velero project, a tool for backup/restore and data protection of Kubernetes cluster resources. Our guests are Carlisia Thompson and Nolan Brubaker.

The post Full Stack Journey 049: Kubernetes Backup And Data Protection With Open-Source Velero appeared first on Packet Pushers.