2018年5月31日 星期四

TrendLabs: Malicious Edge and Chrome Extension Used to Deliver Backdoor


Figure 2. Screenshots of the malware-embedded documents, posing as an invoice (top) and another with a missive urging would-be victims to “enable editing” (bottom)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-edge-and-chrome-extension-used-to-deliver-backdoor/

Plex: Now featuring Podcasts!

Enjoy the art of storytelling
We’re thrilled to announce that one of our most-requested features is now available on Plex: Podcasts! With rich metadata and tons of features, like On Deck, personalized recommendations, variable speed playback, a customizable home screen, offline mode (coming soon!), and so much more, now you can enjoy a robust podcast-listening experience on Plex. Available in beta on Android, iOS, Roku, and Web (no Plex Media Server required). Best of all, the Podcasts feature is free for all users.

2018年5月29日 星期二

TrendLabs: Confucius Update: New Tools and Techniques, Further Connections with Patchwork

 Figure 3. Screenshot of the second fake website
Figure 3. Screenshot of the second fake website
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/confucius-update-new-tools-and-techniques-further-connections-with-patchwork/

2018年5月28日 星期一

Mobile Desktop Innovation

Purism, which is developing the free and secure Librem 5 phone, is keeping the product in the public’s awareness by regularly releasing partnership announcements. It’s a shrewd strategy, especially since the Librem 5 is over a year away from production. However, the latest announcement – that Ubuntu Touch will be available on the Librem 5 – is even more significant than earlier announcements. The news means that in addition to its other benefits, the Librem 5 will also offer one of the most innovative desktops for mobile devices available. Together, the Librem 5 and Ubuntu promise to show just how innovative free software can be.
REF: http://www.linux-magazine.com/Online/Features/Librem-5-and-Ubuntu-Touch

2018年5月27日 星期日

TrendLabs: GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities

 Figure 7. The distribution of HTTP-enabled attacker devices.
Figure 7. The distribution of HTTP-enabled attacker devices
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/gpon-vulnerabilities-exploited-for-mexico-based-mirai-like-scanning-activities/

2018年5月26日 星期六

GDPR user consent tools for publishers

---------- Forwarded message ---------
From: Google
Date: Fri, May 25, 2018 at 9:42 PM
Subject: Important update about the General Data Protection Regulation (GDPR) user consent tools for publishers

Google
Dear Partner,
In April we announced tools to help you comply with the GDPR and shared our plans to be a part of the IAB transparency & consent framework. Today we wanted to share a Help Center article (DFPAdSense) which provides more information about our IAB integration.
If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center.
Thanks,
The Google Team

2018年5月25日 星期五

Trello: The 'Coffee Shop Effect'

The 'Coffee Shop Effect': Why Changing Your Location Boosts Your Productivity

Coffee shop boosts work productivity
REF: https://blog.trello.com/coffee-shop-effect-boosts-productivity

2018年5月23日 星期三

Box: Five case studies in Cloud Content Management

Five industries. Five case studies in Cloud Content Management

 
THE BIG IDEA
Five industries. Five case studies in Cloud Content Management.

For some companies, the Cloud Content Management journey begins with small steps. For others, a radical shift in perspective is necessary in order to compete in a highly digitized environment, where information is everything and the customer king. Hear leaders from Farmers, Wiley, Procter and Gamble, and Vestas talk about how they’ve used Cloud Content Management to secure, manage and govern their information, with Box and other best-in-breed technology solutions.
REF: https://www.box.com/blueprint/Digital-processes-5-tips

2018年5月22日 星期二

Practical Python 3.6


This workshop introduces the Python language, progressing rapidly to the real-world examples spread across 4 modules and with a final test to ensure that you retained the knowledge. We cover all the basis, from working with local files to the usage of external APIs, working with CSV and JSON.
Module 1: How to get started with Python.
What you will learn …
  • Python’s philosophy.
  • How to install Python
  • How to use the python interpreter.
  • How Python imports work.
  • How to work on a virtual environment.
  • How to create and run a Python script.
  • Using text editors for coding.
  • Standards and PEP8.
  • Various modules which Python comes bundled with.
INSIDE
  • Why Python?
  • Introduction about python programming language
  • Learning the strengths of the language and what’s good with python
  • Learning where to use Python and why
  • Python as an interpreted language
  • How to choose correct interpreter, install it, run it
  • Python virtual environments
  • Text editor (kate, gedit, brackets)
  • How to create Hello world, from interpreter and with .py script
  • Standards and batteries included
  • Standards and PEP8
  • Batteries included
Module 2: Python Basics
What you will learn …
  • Python flow control statements
  • List, dictionaries and advanced operations on them (slicing and iterating)
  • The difference between classes and instances of an object
  • How Python initialises new objects
  • How to override Python’s built-in methods and types
  • How to login to Twitter through Python
  • How to get an instance’s attributes using the Python shell
INSIDE
  • Python data types and flow control statements
  • If / elif / else
  • For loops
  • While loops
  • Lists (slices), dictionaries (loop over items), sets
  • Lists
  • List slices
  • Dictionaries
  • Python Internals
  • Classes and object instances
  • Everything is an object (docs strings, getters, setters, override)
  • Practical example
Module 3: Files
What you will learn …
  • What the concept of duck typing is.
  • How files work.
  • The CSV Python module.
  • How to use the JSON Python module.
  • How to use these modules in a real life example to extract, process and save data.
INSIDE
  • Files
  • Duck typing
  • CSV files and CSVreader
  • Read
  • Write
  • SimpleJSON
  • Practical exercise
  • Read file with a sentence per line
  • Manipulate and gather metrics on each sentence
  • Output a file with the metrics obtained
Module 4: Practical Project – Weather forecast!
In this module, you will apply all the knowledge from the previous chapters in order to implement a Python module to read data from an API, process the information and display it, using Python plotting library. You need to do these steps in any development so that you will learn how to define what the module works:
  • Read data from an API (http://openweathermap.org)
  • Save the raw data in a file for safekeeping
  • Transform the data, so that it can be fed to the plot module
  • Plot a graph with the weather forecast
You will learn …
  • How to get data from an external API
  • How to transform data to suit your needs
  • How to work with the Python plotting
INSIDE
  • Get information from API
  • Data transformation
  • Plotting the data
Module 5: Final Tests
This test is made up of 20 questions in total. You can take as long as you need to answer each question.
Sample question:
Question 15:
What library can you use to create an object to store content in memory that behave like a file?
A – math
B – json
C – csv
D – StringIO
Meet the Instructor
Rui Silva is a computer Scientist from Portugal (http://alfasite.org/) He is a Python developer who loves open-source. He started working as a freelancer in 2008, while he finished his graduation in Computer Science in Universidade do Minho. After his graduation, he started pursuing a master’s degree, choosing the field of parallel computation, mobile and ubiquitous computing. He completed the mobile and ubiquitous computing course. In his 3 years of freelancing, he worked mostly with Python, developing Django websites, Drupal websites and some Magento stores. He also had to do some system administration. After that, he started working in Eurotux Informática, S.A. where he developed websites using Plone, Django and Drupal. He is also an IOS developer and sometimes he performs some system administration tasks. Besides his job, he works as a freelancer using mainly Django and other Python frameworks.
Course Format
The course is self-paced – you can visit the training whenever you want and your content will be there. Once you’re in, you keep access forever, even when you finish the course. There are no deadlines, except for the ones you set for yourself. We designed the course so that a diligent student will need about 18 hours of work to complete the training. Your time will be filled with reading, videos, and exercises.
REF: https://bsdmag.org/course/learn-to-program-using-python-practical-python-3-6/

2018年5月21日 星期一

Ubuntu 18.04 Released

Apr 30, 2018
“Bionic Beaver” comes with hardware-focused improvements and Gnome as the default shell.

,,,Ubuntu 18.04 comes with a customized version of Linux kernel 4.15 that adds support for the latest hardware and peripherals. Some of the hardware-focused improvements that this kernel brings to Ubuntu include CPU controller for the cgroup v2 interface, AMD secure memory encryption support, the latest MD driver with software RAID enhancements, and management for systems with SATA Link Power Management.
Java users will continue to use OpenJDK 8, which has moved to universe and will remain available for the life of 18.04...
REF: http://www.linux-magazine.com/Online/News/Ubuntu-18.04-Released

2018年5月20日 星期日

Proxmox VE 5.2 released

Here are the highlights of the new version 5.2:

  • Based on Debian 9.4 and Linux Kernel 4.15
  • You can create clusters easily via the GUI
  • New certificate management with Let's Encrypt
  • Cloud-Init for VM provisioning
  • New Samba/CIFS storage plugin for shared storage
  • LXC: move disk and create templates now also possible with containers
  • Xterm.js console
  • I/O limits for restore

and much more...

REF: https://www.proxmox.com/en/news/press-releases

2018年5月19日 星期六

TrendLabs: Operators of Counter Antivirus Service Scan4You Convicted


Comparison of URL scans by Scan4You (S4Y), VirusCheckMate (VCM), and AVDetect (AVD) in 2015; there is no vertical scale as we only have sampled data
(Source: Trend Micro™ Smart Protection Network™).

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/operators-of-counter-antivirus-service-scan4you-convicted/

New Check_MK stable release 1.4.0p33

---------- Forwarded message ----------
From: Check_mk Announcements
Date: Fri, May 18, 2018 at 12:54 AM
Subject: [Check_mk Announce] New Check_MK stable release 1.4.0p33
To: checkmk-announce@lists.mathias-kettner.de
...
Core & setup:
* 6100 FIX: Fixed broken active checks (Regression in 1.4.0p32, werk #6063)

Checks & agents:
* 6080 FIX: fortigate_sessions: Removed useless include statement which cause an OSError
...
You can download Check_MK from our download page:
 * http://mathias-kettner.de/check_mk_download.html

NewTek at NAB 2018

NDI
  •  Industry standard for sharing IP video over Ethernet networks
  •  Hundreds of companies, thousands of products, millions of users
  •  Coming soon to Microsoft Skype's 300 million monthly users
  •  Coming soon in Avid Media Composer, the global standard of editing software
  •  Panasonic – “We’re all N” with NDI®-enabled cameras and switcher
  • Everywhere at NAB Show 2018 and spreading like wild fire

2018年5月16日 星期三

Kali Linux Comes to Windows

The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
Kali Linux, a penetration testing distro that you may have seen in Mr. Robot, is now available in Windows Store. The Kali Linux team has been working with the Microsoft WSL team to bring the distro to the platform that still dominates the PC landscape. By doing so, Kali has brought some of the best penetration testing tools to the biggest PC user-base.
“This is especially exciting news for penetration testers and security professionals who have limited toolsets due to enterprise compliance standards,” wrote Mati Aharoni, lead Kali developer, in a blog post.
REF: http://www.linux-magazine.com/Online/News/Kali-Linux-Comes-to-Windows

Google: improvements to our Privacy Policy and Privacy Controls

Making our Privacy Policy easier to understand
Simpler structure & clearer language
We’ve improved the navigation and organization of the policy to make it easier to find what you’re looking for. We’ve also explained our practices in more detail and with clearer language....

2018年5月14日 星期一

BackBox Linux for security analysis

© Lead Image © Andrea De Martin, 123RF.com
© Lead Image © Andrea De Martin, 123RF.com
Article from Issue 208/2018
Author(s): 
Specializing in security and forensics, BackBox Linux is not only good for a vulnerability assessment, but thanks to its lean substructure, it is also suitable as a desktop distribution.
Many security-related Linux derivatives focus on a specific area of IT security and only take other problems into account marginally, or not at all. In contrast, the Italian Ubuntu derivative BackBox Linux, which has been in continuously development for several years, addresses most of the security-relevant issues faced by administrators of small and medium-sized networks.
REF: http://www.linux-magazine.com/Issues/2018/208/BackBox-Linux

2018年5月13日 星期日

TrendLabs: Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

Figure 1. Malicious traffic on April 27-May 9 was detected from several ports, mostly coming from 7001/TCP.
Figure 1. Malicious traffic on April 27-May 9 was detected from several ports, mostly coming from 7001/TCP.
REF: http://newsroom.trendmicro.com/blog/security-intelligence/malicious-traffic-port-7001-surges-cryptominers-target-patched-2017-oracl

2018年5月12日 星期六

Plex for Sonos is here!

Plex for Sonos is now available to everyone, making it easy to fill every room in your house with your favorite tunes. Even if you are at the office or at a friend’s place, Plex for Sonos makes it faster and easier than ever to access your Plex music library. You can even Direct Play just about any file type (you heard that right, audiophiles!). Plex is the absolute best way to access and play your ENTIRE personal music collection (not just what you can fit on your phone) from any device, anywhere in the world.

TrendLabs: Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities

For May 2018, Microsoft's monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patch-tuesday-for-may-includes-updates-for-actively-exploited-vulnerabilities-2/

2018年5月10日 星期四

TeamViewer Commitment to Data Privacy

TeamViewer GDPR Readiness programme update for our customers

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, reflecting the importance of data protection in our increasingly digital world. TeamViewer is a global organisation and for us it is important that the personal information of our customers and our own people is handled in accordance with GDPR. As part of our continuous focus on information security and data privacy we are getting ready for GDPR through a managed programme of activities.

REF: https://content.teamviewer.com/en/GDPR/

2018年5月9日 星期三

Sysdig, the system diagnostic tool

Charly’s Column – Sysdig

Article from Issue 209/2018
Author(s): 
In this issue, sys admin columnist and tool veterinarian Charly Kühnast invites Sysdig, the jack-of-all-trades among system diagnostic tools, into his surgery for a quick checkup. The project promises to unite the functionality of lsof, iftop, netstat, tcpdump, and others.
REF: http://www.linux-magazine.com/Issues/2018/209/The-sys-admin-s-daily-grind-Sysdig

2018年5月8日 星期二

TrendLabs: Cryptocurrency-Mining Malware: 2018’s New Menace?


Figure 1. In 2017, cryptocurrency mining was the most detected network event in devices connected to home routers (based on Trend Micro Smart Home Network feedback)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-2018-new-menace/

BSD Magazine: Shadowsocks Proxy Server On FreeBSD


TABLE OF CONTENTS
In Brief
Ewa & The BSD Team
Quickstart with Kubernetes and GKE (Part 2/2)
Leonardo Neves
Shadowsocks Proxy Server On FreeBSD
Abdorrahman Homaei
Introduction to MDB
Carlos Neira
OpenBSD 6.3
Albert Hui
Interview with Sanel Zukan, Founder & CEO of Hedron
The BSD Team
Expert Speak by E.G.Nadhan
5 Imperatives for Catalysts of Change
E.G. Nadhan
Column
The doves and the hawks are gathering for a showdown, be it in geopolitics or the Internet. Facebook and Cambridge Analytica, the West, and Russia are all walking on a tightrope. Brinkmanship is the current name of the game. Who is going to come out on top?
Rob Somerville

TrendLabs: Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More

Figure 1. IoT device life cycle
Figure 1. IoT device life cycle
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/device-vulnerabilities-connected-home-remote-code-execution-and-more/

2018年5月5日 星期六

Ad Technology Provider Controls launching ahead of the GDPR

---------- Forwarded message ----------
From: Google
Date: 2018-05-05 7:35 GMT+08:00
Subject: Updates about the Ad Technology Provider Controls launching ahead of the GDPR

Within these controls, you will also have the ability to:

  • Present users a choice between personalized and non-personalized ads. We have already made documentation (DFP, AdSense) available for you to pass a non-personalized signal in our tags. App developer guides are available for passing this signal (DFP Android, DFP iOS, AdMob Android, AdMob iOS).
  • Select to serve only non-personalized ads to all users in the EEA, if you wish.
  • Choose which reservation line items are eligible to serve in personalized and non-personalized mode.

Finally, to further clarify requirements under our updated EU Consent policy, as well as Google’s controller position, we have published additional information on our Help Center to fully address your questions (DFP/AdX, AdSense, AdMob).
If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center.
Sincerely,
The Google Team

2018年5月4日 星期五

TrendLabs: FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation


Figure 1. FacexWorm’s infection chain
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/

2018年5月3日 星期四

Plex VR now on Oculus Go


TrendLabs: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Figure 1. Posting for silent Monero miner for smartphones
Figure 1. Posting for silent Monero miner for smartphones
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-targeting-iot-being-offered-in-the-underground/

2018年5月1日 星期二

Azure DDoS Protection generally available


REF: https://azure.microsoft.com/en-us/services/ddos-protection/