-
News & Notes: Kaseya Suffers Massive REvil Ransomware Attack Over Weekend
Over the holiday July 4th weekend some big news hit. There was a massive REvil ransomare attack on Kaseya, an American software company. Reported to us by SANS Daily StormCenter Podcast, news is still developing here, here, and here about the extent of the damage, which is not fully known but expected to be significant. Kaseya provides IT management software to MSPs (Managed Service Providers) and IT teams to improve efficiency and security, and allowing small to medium-sized businesses to manage their IT assets, service desk and more. Biblio: SANS Storm Center Podcast
-
News & Notes: Print Spooler Vulnerability
(Updated July 7, 2021) The #printnightmare nightmare continues. Microsoft is looking at a serious remote code execution (RCE) vulnerability dubbed #printnightmare, or more officially CVE-2021-34527). [1] As reported by IT WORLD CANADA [2], a Chinese security company leaked a proof of concept exploit for a zero day vulnerability that they thought had been plugged, meaning patched or fixed. (It’s common to openly discuss such vulnerabilities after they have been disclosed to the company and a patch issued.) BUT. In this case, the bug, or vulnerability, had NOT yet been patched in that time span. Microsoft has now issued a patch to address the #PrintNightmare Windows Print Spooler vulnerability (CVE-2021-34527). The…
-
What is Border Gateway Protocol (BGP)?
Border Gateway Protocol is one of those foundational, core infrastructure protocols used by Internet users everyday but not top of mind for the average consumer or end-user. Border Gateway Protocol, or BGP, is a routing protocol. BGP is the primary protocol for the Internet, and is a Layer 4 Transport protocol that sits on top of TCP [2]. It’s purpose is to keep the various systems on the Internet up to date with the information needed to send and receive data traffic correctly. So, real quick in a nutshell, when information is sent around the Internet, that info is broken up into chunks of data called ‘packets’. Packets sent on…
-
Russian Hackers Abusing VPNs to Hijack Accounts, U.S. and British Officials Say
According to an article in Reuters, Russian hackers are accused of abusing VPNs. US and British authorities identify Unit 26165, the arm of Russia’s military spy agency, also accused of interfering in the 2016 US presidential election, as a source behind “widespread, distributed and anonymized brute force access attempts against hundreds of government and private sector targets”. None of the targets, mostly in the United States and Europe, were identified by name, but “included government offices, political parties, energy companies, law firms and media organizations”. “Russian hackers are abusing VPNs to hijack accounts, US and UK officials say” via Reuters
-
News & Notes–June 30, 2021
Data for 700 million Linked In Users Posted for Sale: Linked In says that no public breach occurred so the next likely theory for the source went to the scraping of public profiles, according to the Cybersecurity Headlines podcast. Or more probably the publicly available info of each user. For instance, you can set your profile to be fully open to the public, or private with certain information set to be publicly available. So that info could be publicly available to search engines and the wider internet. (Always check your settings.) This comes after the loss of 500 million records in April. No financial info was released. But the raw…
-
What is Softwarization?
Softwarization is appearing under the form of diverse technologies and models (Cloud Computing, Edge-Fog Computing, SDN, NFV) sharing the same common denominator: all network and service functions can be virtualized and dynamically allocated onto logical resources hosted onto an underneath physical infrastructure, fully decoupled. It concerns to develop in software any functions, logics, and methods capable of processing huge amounts of data by executed on (low cost) powerful hardware. via Softwarization: A Shift of Paradigm
-
What is Moore’s Law, Gilder’s Law and Metcalfe’s Law: 3 Laws to Know…
Three laws to know: Moore’s Law: Moore’s Law states that the processing power of chipset is doubling every 24 months (likewise the cost halves for the same level of processing power). Gilder’s Law: Gilder’s Law states that the bandwidth of communication systems triples every 12 months (likewise costs decrease). Bandwidth grows at least 3 times faster than computer power. (If compute power doubles every 18 months, as per Moore’s Law, then communications power doubles every 6 months.) Metcalfe’s Law: Metcalfe’s Law (the network effect) states that the value of a network is proportional to the square of the number of nodes (likewise the cost of getting connected decrease, but the…
-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
4). Intro to Hypervisor, Docker & Container Basics–(VMs) Virtual Machines [VIDEO]
There’s a great series of videos on YouTube giving a quick intro to telecommunication cloud basics. The videos feature Vikas Shokeen and are available in short 4-video series. The fourth one is below with some basic notes. 4). Intro to Hypervisor, Docker & Container Basics–(VMs) Virtual Machines [VIDEO] Docker Architecture See also: 1). Intro to Telco (Telecommunications Company) Cloud Basics, NFV, SDN, Architecture of Cloud Networks [VIDEO] 2). Intro to NFV (Network Function Virtualization) Basics–NFV Architecture, ETSI, NFV ManO [VIDEO] 3). Intro to SDN (Software Defined Networking) Basics–SDN & Openflow Architecture [VIDEO] Biblio: [1] vCloud NFV Reference Architecture [2] Tech Tutorial–Introduction to NFV: Network Function Virtualization [3] Introduction to Network…
