2018年1月31日 星期三

AWS re:INVENT 2017 recap

  • Everything is everything
  • After winter, must come spring
  • EKS kubernetes
  • aws farnet
  • aws lambda
  • aws Aurora
  • aws IoT
  • aws Sumerian
  • aws cloud9
  • stop and resume on spot
  • save up to 90% on spot fleet

TrendLabs: Digital Extortion: A Forward-looking View

Digital Extortion: A Forward-looking View
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/digital-extortion-forward-looking-view/

2018年1月29日 星期一

Plex: Virtual Reality on Daydream

You can now experience your movies and shows in dazzling virtual reality with Plex on Google Daydream. From an upscale condo to an enchanting drive-in, you’ve never experienced your media like this before AND you can share the love! Interact with different scenes and chat with friends while you Watch Together (available with Plex Passbut free for the first week!). Click for more details about virtual reality, device requirements, and co-watching.

2018年1月28日 星期日

TrendLabs: Malvertising Campaign Abuses Google’s DoubleClick

Figure 1. Activity of the malvertising campaign from January 18-24
Figure 1. Activity of the malvertising campaign from January 18-24
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/

2018年1月27日 星期六

ResourceSpace: DAM vs. Dropbox

2018年1月26日 星期五

TrendLabs: Lazarus Campaign Targeting Cryptocurrencies

Figure 2: Malicious CHM file used as RATANKBA lure
Figure 2: Malicious CHM file used as RATANKBA lure
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/

2018年1月25日 星期四

Plex: New year, new Xbox One

The newest update to Plex for Xbox One brings so many improvements under the hood, you'd think it was a completely new app! We've brought the heat with new audio, video, and photo players. What else? How about direct streaming HEVC for Xbox One S and One X! Enjoy an even smoother, more beautiful experience using Plex and update right from your Xbox.
GET THE DETAILS

2018年1月24日 星期三

Puppet highlights in 2017

New year, exciting new products, resources and more!

Puppet
2017 was an incredible year!
Let’s take a look back at some highlights from
Puppet’s best year yet.

2018年1月23日 星期二

TrendLabs: Motivations and Methods of Web Defacement

Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement—the act of compromising and vandalizing a website. Typically, these attackers—known as web defacers—replace the original page with their own content, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. We’ve analyzed data that goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/hacktivism-web-defacement/

2018年1月22日 星期一

NewTek: Capture Without a Card: Using NDI® with OBS

Capture Without a Card: Using NDI® with OBS

2018年1月21日 星期日

TrendLabs: Server Exploits Used For Cryptocurrency Mining

Figure 3. Number of hits in November – December
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-server-exploits-used-cryptocurrency-mining/

ResourceSpace: how AI will change the future of DAM

FSF: Intel Management Engine – Take Action

If there is an event at your university or in your community addressing the Intel chip bugs, we urge you to distribute printed copies of our report on the Intel ME by Denis GNUtoo Carikli, with the following foreword by Free Software Foundation president Richard Stallman:
Meltdown and Spectre are errors. Grave errors, to be sure, but not evidently malicious. Everyone makes mistakes.
Intel has done far worse with its CPUs than make a mistake. It has built in an intentional back door called the Management Engine.
Important as these bugs are, don't let Intel's mistakes distract you from Intel's deliberate attack!

2018年1月19日 星期五

TrendLabs: GhostTeam Adware can Steal Facebook Credentials


Figure 1: Top countries most affected by GhostTeam
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/ghostteam-adware-can-steal-facebook-credentials/

2018年1月18日 星期四

ADMIN: First Malware for macOS in 2018

“OSX/MaMi isn't particular advanced - but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads),” wrote Wardle.
REF: http://www.admin-magazine.com/News/First-Malware-for-macOS-in-2018

2018年1月17日 星期三

TrendLabs: UK Conviction Arises out of Trend Micro and NCA Partnership

Figure 1. Advertisement for Cryptex listing many of its features
Figure 1. Advertisement for Cryptex listing many of its features
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/uk-conviction-arises-out-of-trend-micro-and-nca-partnership/

DNS resolution change for Google Compute Engine

In the coming months, all VMs in newly created Compute Engine projects will use zonal DNS names by default. These VMs' DNS configuration will differ from current VMs in the following ways:
  • The "search" entry in resolv.conf ("c.[PROJECT_ID].internal") will be changed to "[ZONE].c.[PROJECT_ID].internal"
  • The VM domain name ("c.[project-id].internal") will be changed to "[zone].c.[project-id].internal"
  • The VM fully-qualified domain name ("[vm-name].c.[project-id].internal") will change to "[vm-name].[zone].c.[project-id].internal"

2018年1月15日 星期一

International Shopping in Amazon App

Amazon's International Mobile App
REF: https://www.amazon.com/gp/b/ref=pe_3518040_264868100_pe_btn/?node=17052338011

2018年1月14日 星期日

TrendLabs: Patch Tuesday Fixes Meltdown and Spectre

This year’s first Patch Tuesday is a busy one. Microsoft released 56 updates that include patches for the Meltdown and Spectre vulnerabilities. The patches also addressed security issues in Windows OS, Internet Explorer, Edge, Office, ChakraCore, ASP.NET, and .NET Framework. Sixteen were rated critical and 38 important, 20 of which can result in remote code execution (RCE).
REF:  http://blog.trendmicro.com/trendlabs-security-intelligence/januarys-patch-tuesday-fixes-56-security-issues-including-meltdown-spectre/

2018年1月13日 星期六

2018年1月11日 星期四

The Best Advice For Remote Work Success From 10 Global Teams

How To Embrace Remote Work: Ultimate Guide Tips and Tricks
REF: https://blog.trello.com/remote-work-team-success-guide

2018年1月10日 星期三

TrendLabs: Malicious App Signs Users Up for Premium SMS Services

Figure 1
Figure 1. Swift Cleaner, the malicious app posing as an Android cleaning app
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/first-kotlin-developed-malicious-app-signs-users-premium-sms-services/

2018年1月8日 星期一

Multitasking: How To Do It The Right Way

2017-09-20_In-Defense-of-Multitasking_01_cover_r01TP.png
Multitasking: is it actually a good thing? Scientific research suggests there are ways to manage multiple tasks effectively. 
REF: https://blog.trello.com/why-multitasking-is-good-for-you

2018年1月7日 星期日

TrendLabs: Understanding Meltdown and Spectre

Solutions and best practices
Users have no way to mitigate this threat; the responsibility of doing so ultimately falls on vendors who have released multiple patches to mitigate Meltdown. Microsoft has released documents that cover both server and client versions of Windows:
Note that in order to receive automatic updates from Microsoft, a registry key must be in place on the affected system. Details can be found in this article.
Apple’s December updates for macOS (released last December 2017) already resolved this vulnerability as well. As noted earlier, patches for Meltdown have been merged into the Linux kernel. It is up to individual vendors to release this update for their distribution; some vendors such as DebianRed Hat, and SUSE have released bulletins and patches as appropriate.
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/speculation-risky-understanding-meltdown-spectre/

2018年1月6日 星期六

Graylog v2.4.0 of 2018

QuickValue Widget Improvements: 
  • Stack data with another field, such as a source address to get a new result set with all destination addresses of this field. This is a top method for threat hunting!
  • Sort the result set based on the field value or count, which is useful if you want to find the most common or uncommon values.
  • Build a chart of a result set over time to detect important changes or past outliers. 
We have also moved four plugins from Graylog Labs into Core: AWS, Threat Intelligence, NetFlow, and CEF. Download Now

2018年1月5日 星期五

TrendLabs: Apps Disguised as Security Tools

Figure 1. Malicious apps found on Google Play, detected by Trend Micro Mobile Security
Figure 1. Malicious apps found on Google Play, detected by Trend Micro Mobile Security
We notified Google of these apps, and at the time of writing all the apps have been removed from Google Play.
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/apps-disguised-security-tools-bombard-users-ads-track-users-location/

2018年1月4日 星期四

Diving Into Deep Work Theory

REF: https://blog.trello.com/deep-work-productivity-interview-with-cal-newport

cal_newport_blockquote (1).png
Many think that focusing without distraction is a habit, like flossing their teeth—something they know how to do but simply need to make time to do more often. The reality, however, is that deep work is a skill, like playing the guitar—something that you shouldn’t expect to be good at if you haven’t been practicing.

2018年1月3日 星期三

NewTek LivePanel for controlling

NewTek LivePanel
REF: https://www.newtek.com/store/

2018年1月2日 星期二

Plexivus for the rest of us!


REF: https://www.plex.tv/blog/catch-restart-android/

2018年1月1日 星期一

TrendLabs: New GnatSpy Mobile Malware Family Discovered

Figures 1 and 2. Old and new receivers and services
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-gnatspy-mobile-malware-family-discovered/

Does Remote Work Increase Our Risk Of Impostor Syndrome?

remote_work_impostor.png
The impostor phenomenon, also known as impostor syndrome, has been generating buzz in psychology and business circles since the 1970s. Common symptoms of impostor syndrome include feeling under-qualified for (or unworthy of) your job, even though success after success proves your abilities. Although you and everyone in your network considers you high-performing, you live with a persistent fear of being exposed as a fraud.
REF: https://blog.trello.com/does-remote-work-increase-impostor-syndrome-risk