Evolution of Excel 4.0 Macro Weaponization – Continued

Introduction 

The evolution of the Excel 4.0 (XL4) macro malware proceeds apace, with new variations and techniques regularly introducedTo understand the threat landscape, the VMware NSBU Threat Analysis Unit extended its previous research on XL4 macro malware (see the previous blog) to analyze new trends and techniques.  

Against analysis engines, the new samples have some novel evasion techniques, and they perform attacks more reliably. These variants were observed in June and July. Figure 1 depicts the Excel 4.0 macro malware wave.  

Figure 1: Malicious XL4 submission: May-Aug 2020 

Broadly, the samples can be categorized into three clusters. Based on the variation of the samples in these three clustersthe weaponized documents can be grouped into multiple variants. 

Cluster 1: Relative Reference   

The samples in this cluster appeared in the month of June. They use FORMULA.FILL for obfuscation and to move the payload around the sheet. The formula uses relative references to access values stored in the sheet. There are variations in this category; Continue reading

Where Service Mesh and SmartNICs Meet

Intel sponsored this post. Smart Network Interface Controllers (SmartNICS) puts the service mesh at center stage where the network and the application layer meet. The new dimensions that come with the integration of hardware and software is ushering in a new generation of capabilities such as cryptographic operations and new approaches to resource utilization. At VMworld last month, VMware featured SmartNICs as part of

Member News: Haitian Chapter Calls for More Community Networks

From the community: The Haiti Chapter of the Internet Society recently posted a video advocating for more community networks in the country. Internet access is a necessity during the COVID-19 health emergency, the Chapter said. Still, there is a challenge of providing access in rural areas of the country. The Chapter wants a plan that allows communities to build their own networks “where it is not yet economically viable for Internet service providers” to offer broadband service.

Going to school: The Kyrgyzstan Chapter has provided an update about its very active ilimBox project, which provides an Internet-in-a-box service to schools in the country. In late August, the ilimBox team, with the financial support of the European Union, installed 22 ilimBox devices in the border villages of Batken region.

Don’t split the Internet: The Greater Washington, D.C., Chapter has voiced opposition to U.S. President Donald Trump’s plans to ban Chinese apps TikTok and WeChat from the U.S. The Chapter is “against breaking the Internet,” it wrote. The proposed ban “undermines the foundations of the Internet.” The Chapter’s statement echoes the position of the Internet Society as a whole.

Safety first: The St. Vincent and the Grenadines Continue reading

Introducing Cloudflare One Intel

Introducing Cloudflare One Intel
Introducing Cloudflare One Intel

Earlier this week, we announced Cloudflare One, a single platform for networking and security management. Cloudflare One extends the speed, reliability, and security we’ve brought to Internet properties and applications over the last decade to make the Internet the new enterprise WAN.

Underpinning Cloudflare One is Cloudflare’s global network - today, our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Internet. Our network handles, on average, 18 million HTTP requests and 6 million DNS requests per second. With 1 billion unique IP addresses connecting to the Cloudflare network each day, we have one of the broadest views on Internet activity worldwide.

We see a large diversity of Internet traffic across our entire product suite. Every day, we block 72 billion cyberthreats. This visibility provides us with a unique position to understand and mitigate Internet threats, and enables us to see new threats and malware before anyone else.

At the beginning of this month, as part of our 10th Birthday Week, we launched Cloudflare Radar, which shares high-level trends with the general public based on our network’s aggregate data. The same data that powers that view of the Internet also Continue reading

The OSI model explained and how to easily remember its 7 layers

The Open Systems Interconnect (OSI) model is a conceptual framework that describes networking or telecommunications systems as seven layers, each with its own function.The layers help network pros visualize what is going on within their networks and can help network managers narrow down problems (is it a physical issue or something with the application?), as well as computer programmers (when developing an application, which other layers does it need to work with?). Tech vendors selling new products will often refer to the OSI model to help customers understand which layer their products work with or whether it works “across the stack”. [ Related: What is IPv6, and why aren’t we there yet? ] The 7 layers of the OSI model The layers are: Layer 1—Physical; Layer 2—Data Link; Layer 3—Network; Layer 4—Transport; Layer 5—Session; Layer 6—Presentation; Layer 7—Application.To read this article in full, please click here

The OSI model explained (and how to easily remember) the 7-layer network model

When most non-technical people hear the term “seven layers”, they either think of the popular Super Bowl bean dip or they mistakenly think about the seven layers of Hell, courtesy of Dante’s Inferno (there are nine). For IT professionals, the seven layers refer to the Open Systems Interconnection (OSI) model, a conceptual framework that describes the functions of a networking or telecommunication system.The model uses layers to help give a visual description of what is going on with a particular networking system. This can help network managers narrow down problems (Is it a physical issue or something with the application?), as well as computer programmers (when developing an application, which other layers does it need to work with?). Tech vendors selling new products will often refer to the OSI model to help customers understand which layer their products work with or whether it works “across the stack”.To read this article in full, please click here

Introducing WARP for Desktop and Cloudflare for Teams

Introducing WARP for Desktop and Cloudflare for Teams
Introducing WARP for Desktop and Cloudflare for Teams

Cloudflare launched ten years ago to keep web-facing properties safe from attack and fast for visitors. Cloudflare customers owned Internet properties that they placed on our network. Visitors to those sites and applications enjoyed a faster experience, but that speed was not consistent for accessing Internet properties outside the Cloudflare network.

Over the last few years, we began building products that could help deliver a faster and safer Internet to everyone, not just visitors to sites on our network. We started with the first step to visiting any website, a DNS query, and released the world’s fastest public DNS resolver, 1.1.1.1. Any Internet user could improve the speed to connect to any website simply by changing their resolver.

While making the Internet faster for users, we also focused on making it more private. We built 1.1.1.1 to accelerate the last mile of connections, from user to our edge or other destinations on the Internet. Unlike other providers, we did not build it to sell ads.

Last year we went one step further to make the entire connection from a device both faster and safer when we launched Cloudflare WARP. With the push of a Continue reading

Cloudflare Gateway now protects teams, wherever they are

Cloudflare Gateway now protects teams, wherever they are
Cloudflare Gateway now protects teams, wherever they are

In January 2020, we launched Cloudflare for Teams—a new way to protect organizations and their employees globally, without sacrificing performance. Cloudflare for Teams centers around two core products - Cloudflare Access and Cloudflare Gateway.

In March 2020, Cloudflare launched the first feature of Cloudflare Gateway, a secure DNS filtering solution powered by the world’s fastest DNS resolver. Gateway’s DNS filtering feature kept users safe by blocking DNS queries to potentially harmful destinations associated with threats like malware, phishing, or ransomware. Organizations could change the router settings in their office and, in about five minutes, keep the entire team safe.

Shortly after that launch, entire companies began leaving their offices. Users connected from initially makeshift home offices that have become permanent in the last several months. Protecting users and data has now shifted from a single office-level setting to user and device management in hundreds or thousands of locations.

Security threats on the Internet have also evolved. Phishing campaigns and malware attacks have increased in the last six months. Detecting those types of attacks requires looking deeper than just the DNS query.

Starting today, we’re excited to announce two features in Cloudflare Gateway that solve those new challenges. First, Continue reading

Equinix launches bare metal cloud service

Having completed its purchase of bare-metal cloud specialist Packet in March, Equinix is announcing the availability of Equinix Metal, an automated and interconnected bare metal cloud service in four major regions.A bare metal service means the customer provides the operating environment, not just the apps. Typical IaaS/PaaS includes the operating system (either Linux or Windows) plus developer tools and middleware. In a bare metal environment, there's no operating system or virtual machine. All you get are cores, memory, storage, and networking. READ MORE: Why a bare-metal cloud provider might be just what you need | Google Cloud's bare-metal initiative | Rackspace offers bare-metal cloud offeringTo read this article in full, please click here

IBM expands the role of its hybrid-cloud security package

IBM is expanding the role of its security-software package for hybrid-cloud deployments by improving the gathering of security data collected within customer networks and drawing on third-party threat-intelligence feeds, among other upgrades.IBM’s Cloud Pak for Security, which features open-source technology for hunting threats and automation capabilities to speed response to cyberattacks, can bring together on a single console data gathered by customers’ existing security point products.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here

Equinix launches bare metal cloud service

Having completed its purchase of bare-metal cloud specialist Packet in March, Equinix is announcing the availability of Equinix Metal, an automated and interconnected bare metal cloud service in four major regions.A bare metal service means the customer provides the operating environment, not just the apps. Typical IaaS/PaaS includes the operating system (either Linux or Windows) plus developer tools and middleware. In a bare metal environment, there's no operating system or virtual machine. All you get are cores, memory, storage, and networking. READ MORE: Why a bare-metal cloud provider might be just what you need | Google Cloud's bare-metal initiative | Rackspace offers bare-metal cloud offeringTo read this article in full, please click here

IBM expands the role of its hybrid-cloud security package

IBM is expanding the role of its security-software package for hybrid-cloud deployments by improving the gathering of security data collected within customer networks and drawing on third-party threat-intelligence feeds, among other upgrades.IBM’s Cloud Pak for Security, which features open-source technology for hunting threats and automation capabilities to speed response to cyberattacks, can bring together on a single console data gathered by customers’ existing security point products.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here

The 5G Problems

The Apple iPhone 12 has 5G but its not for customers. Its because the mobile co’s wanted it. And they indirectly paid Apple for it. While its true that 5G increases bandwidth and reduces latency, it more important that it reduces infrastructure costs. Alert: This twitter thread is a trial of the “blog post as […]

Must Read: Redistributing Full BGP Feed into OSPF

The idea of redistributing the full Internet routing table (840.000 routes at this moment) into OSPF sounds as ridiculous as it is, but when fat fingers strike, it should be relatively easy to recover, right? Just turn off redistribution (assuming you can still log into the offending device) and move on.

Wrong. As Dmytro Shypovalov explained in an extensive blog post, you might have to restart all routers in your OSPF domain to recover.

And that, my friends, is why OSPF is a single failure domain, and why you should never run OSPF between your data center fabric and servers or VM appliances.

Must Read: Redistributing Full BGP Feed into OSPF

The idea of redistributing the full Internet routing table (840.000 routes at this moment) into OSPF sound as ridiculous as it is, but when fat fingers strike it should be relatively easy to recover, right? Just disable redistribution (assuming you can still log into the offending device) and move on.

Wrong. As Dmytro Shypovalov explained in an extensive blog post, you might have to restart all routers in your OSPF domain to recover.

And that, my friends, is why OSPF is a single failure domain, and why you should never run OSPF between your data center fabric and servers or VM appliances.

pygnmi 2. How to use pyGNMI?

Hello my friend,

In the previous article we have mentioned that we have started building our own Python package, which will allow you to easily interact with the network functions over gNMI. Today we want to share with you some progress and explain, how you can start benefiting from it right now.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Is automation really so important?

Amount of network-related tasks in each company is growing years, if company is doing well. The number of employees is not. That creates a need for business relying on technologies to “do more with less”. The automation is a key enabler for this approach. And we are keen to help your business (or yourself) to find a right approach to network automation and successfully implement it. In our trainings:

  • We explain the advantages and challenges of network automation in multivendor networks.
  • We teach you how to reach quick wins in network automation to fuel your automation projects for Continue reading

How to download and play YouTube and other videos on Linux

Who would have imagined that there’s a Linux tool available for downloading YouTube videos? Well, there is and it works for Linux as well as for other operating systems. So, if you need to watch some of the available videos even when your internet connection is flaky or you need to be offline for a while, this tool can be especially handy.The tool for downloading videos is called youtube-dl. (The “dl” portion undoubtedly means “download”.) It’s very easy to use and drops webm or mp4 files onto your system. Both formats provide compressed, high-quality video files that you can watch whenever you like.To read this article in full, please click here

1 912 913 914 915 916 3,882