TrendLabs: Cyberespionage Campaign Sphinx Goes Mobile

Figure 1: Structure of AnubisSpy’s modules
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cyberespionage-campaign-sphinx-goes-mobile-anubisspy/

The Pomodoro Technique

Chris admits to being a former workaholic who regularly clocked in 60 to 80 hour workweeks. Despite the excessive hours he put into co-founding one of his companies, a marketing agency, things didn’t go exactly as planned. Many of Chris’ worst fears came true as an entrepreneur, and in his own words “the company completely imploded.”

REF: https://blog.trello.com/how-to-pomodoro-your-way-to-productivity

TrendLabs: Better Built-in Security in IoT Devices

Through an Nmap scan, we observed that the application running the Sonos Play:1 test device communicated with TCP/1400. 

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/iot-devices-need-better-builtin-security/

Country-Wide Sports Production With TriCaster

Southfields Centralizes Country-Wide Sports Production With TriCaster® by Ellen Camloh When one in four of your nation’s citizens actively plays the world’s most popular sport, and in another sport your national women’s team is the most successful team in World Cup history, chances are you have a lot of fans eager to watch competitions. This is true for the Netherlands, a small country that’s home to 17 million people, more than 4.5 million of whom are registered soccer players at its 35,000 sports clubs. That’s a quarter of the country’s population. Read more

TrendLabs: a Cracked Version of the Loki Infostealer

Figure 1: Loki’s infection chain
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-11882-exploited-deliver-cracked-version-loki-infostealer/

Find Work-Life Focus

REF: https://blog.trello.com/work-life-focus-trello-insider-guide-personal-productivity

In 2011, Justin Gallagher and Bobby Grace co-wrote a web application prototype that provided a visual perspective of what people were working on. That application became Trello. Here is Justin's story of how he uses it today.

Studio INVATE Super Powers Esports Video Production

REF:  https://www.newtek.com/

TrendLabs: Dissecting ATM Malware Families

Figure 2. Cutlet Maker being offered on the deep web

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/

MediaDS™ Saves Award-Winning High School Media Program

REF: https://www.newtek.com/

Azure Media Services Standard Streaming Endpoint in preview

Now in preview, Streaming Endpoint and Streaming Units are Media Services components that deliver content directly to a media player app or to Azure Content Delivery Network for further distribution. Customers can select between Standard Endpoint and Premium Streaming Units. Standard Streaming Endpoint scales outbound bandwidth automatically where Premium Units (endpoints) customers control and manage the scale operations. Moving forward: 

✓	All new Media Services accounts will be created with Standard Streaming Endpoint in a stopped state by default.
✓	All new Media Services accounts come with 15 days of free Standard Streaming Endpoint.
✓	Existing Media Services accounts with classic Streaming Endpoint won’t be automatically migrated to Standard Streaming Endpoint, but customers will have the option to migrate manually.
✓	Customers with Premium Streaming Units can migrate their streaming endpoints to Standard Streaming Endpoint.

REF: https://docs.microsoft.com/en-us/azure/media-services/media-services-streaming-endpoints-overview

TrendLabs: New Mirai Attack

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/

HDF5 for efficient I/O

HDF5 is a flexible, self-describing, and portable hierarchical filesystem supported by a number of languages and tools, with the ability to run processes in parallel.

REF: http://www.linux-magazine.com/Issues/2017/205/HDF5

TrendLabs: CONFICKER/ DOWNAD 9 Years After

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/conficker-downad-9-years-examining-impact-legacy-systems/

Introducing Roku OS 8

REF: https://sdkdocs.roku.com/display/sdkdoc/Roku+OS+Release+Notes

TrendLabs: Untangling the Patchwork Cyberespionage Group

Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/

NewTek Connect Spark - Get any source into any setup

REF: https://www.newtek.com/

TrendLabs: December Patch Tuesday

Overall, Patch Tuesday addressed 12 Critical-rated vulnerabilities and 10 rated as Important, of which two were disclosed via Trend Micro’s Zero Day Initiative. In addition to the MMPE vulnerability updates, some of the other noteworthy fixes include:

• CVE-2017-11899: A security feature bypass that exists when Device Guard incorrectly validates an untrusted file. An attacker successfully exploiting this vulnerability could make untrusted files appear to be trusted once, causing Device Guard to allow a malicious file to execute.
• CVE-2017-11927: An information disclosure vulnerability that exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provided URL. Attackers exploiting this vulnerability can use various tactics such as phishing to lure users into browsing a malicious website or to an SMB or UNC path destination. A successful attack can potentially lead to the disclosure of sensitive information to a malicious site.

REF:  http://blog.trendmicro.com/trendlabs-security-intelligence/december-patch-tuesday-yearender-includes-updates-mmpe-vulnerabilities/

The many ways of running firefox on OpenBSD

First, and this has been the case for a few years already, these days I only target amd64 and i386. It's been "fun" for a while but now it's impossible to keep up with macppc and sparc64, although Martin Husemann from NetBSD still manages to run recent firefox on sparc64, i gave up on this - even *running* firefox on an i386 netbook with 1Gb of memory is unbearable. Sad state of affairs.. and on top of this, the recent dependency on rust also limits the amount of platforms firefox could run on, since rust only works on amd64 and i386 for now (thanks to the insane amount of work by semarie@ !).

REF: https://undeadly.org/cgi?action=article&sid=20170425173917

Providers that protect against DDoS attacks

AWS Shield

The Amazon Web Services (AWS) Shield [8] provides protection against DDoS attacks (Figure 1). The Standard protection is available to any AWS customer. The product includes detection of network flow data and automatic mitigation of DDoS attacks against SYN flooding or UDP reflection attacks. However, you do not receive information about a successful defense. If you choose the AWS Shield Advanced product, you receive the following additional features for around $3,025 per month plus charges for data transfer:

• In addition to connection data at the network level, Amazon collects and analyzes transaction logs at the application level.
• Access to advanced scrubbing capacities.
• Notification of attacks on ISO Layers 3 and 4, as well as data about the type of attack.
• Reports for ISO Layers 3, 4, and 7.
• Incident management by the Amazon DDoS response team.
• If necessary, manual mitigation.
• Manual analysis after the attack.
• Reimbursement for costs incurred by the attack associated with CloudFront, Route 53, and ELB services.

Figure 1: Amazon protects customers against DDoS attacks – to an extent. For more protection, you will have to dig very deeply into your pockets.

Of import is that Amazon only protects what runs on Amazon. Although it is possible to protect data traffic on your own servers using services such as CloudFront or a reverse proxy and to protect your own network connection in another way, you cannot fight off targeted attacks.

REF: http://www.linux-magazine.com/Issues/2018/206/DDoS-Defense/(offset)/6

Linux Kernel 4.14 Released

Linus Torvalds, the creator of Linux, announced the release of Linux kernel 4.14 on November 12, 2017. The release was due earlier but was delayed because of an AppArmor patch that caused regression. Torvalds lashed out at a Canonical developer who found the AppArmor regression but said that it was not a big deal.

Torvalds responded and said, “As far as the kernel is concerned, a regression is THE KERNEL NOT GIVING THE SAME END RESULT WITH THE SAME USER SPACE. The regression was in the kernel. You trying to shift the regressions somewhere else is bogus SHIT. And seriously, it's the kind of garbage that makes me think your opinion and your code cannot be relied on. If you are not willing to admit that your commit 651e28c5537a ("apparmor: add base infrastructure for socket mediation") caused a regression, then honestly, I don't want to get commits from you.”

REF: http://www.linux-magazine.com/Online/News/Linux-Kernel-4.14-Released

Roku Streaming Stick+ at 40% off.

Announcing CrossOver 17.0.0

CrossOver 17 supports Microsoft Office 2016: the latest and greatest
Microsoft Office suite.  You can install Office 2016 Home and Office
2016 Business from your Office 365 account and use the full featured
versions of these products.

CrossOver 17 also supports Quicken 2017 for your home financial
needs. 

On Linux, CrossOver 17 will run the popular game League of
Legends.

You will benefit from a full upgrade of our Wine compatibility layer,
giving CrossOver 17 thousands of improvements in our core technology
over our previous version. 

REF: https://www.codeweavers.com/support/forums/announce/?t=24;mhl=203321;msg=203321#msg203321

Debian Contributors list

This is a list of all the 1808 people and 21 teams whose most recent contribution to Debian was in 2017.
The information is based on our current knowledge, which you can help us improve.
REF: https://contributors.debian.org/

TrendLabs: October macOS Patch

Figure 1. Error message when a malicious USB device is inserted (Click to enlarge)

REF:  http://blog.trendmicro.com/trendlabs-security-intelligence/october-macos-patch-fixes-fatusb-vulnerability/

Telestream Vantage

Dynamically scale your media processing capability with virtualized infrastructure Vantage version 7.1, our media processing platform, adds support for Vantage Elastic Domain, a virtualized version of Vantage to run on premises, in private data centers or on recognized cloud providers. This powerful new capability allows you to have a number of permanent Vantage licenses to cover your run-rate needs, while allowing you to take advantage of the virtualized infrastructure to “burst” a number of additional nodes as your workload needs dictate. Vantage 7.1 also introduces an all-new 64-bit transcoding engine, designed with the latest high-density formats in mind.

TrendLabs: qkG Filecoder

Figure 3: The ransom note displayed to the victim after the document is encrypted
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/

Samsung is testing Linux desktop

REF: http://www.linux-magazine.com/Online/News/Samsung-to-Bring-Linux-to-Desktop

The same year Canonical decide to pull out of the consumer space, Samsung is bringing a pure desktop Linux experience to PCs. Unlike Apple, Google, or Microsoft, Samsung doesn’t have any tightly integrated offering for professionals who need a desktop to get work done. Samsung came out with DeX, an accessory for Samsung Galaxy phones that connected with a monitor and offers a desktop-like interface. It’s an experience similar to Ubuntu Dock or Motorola Atrix Webtop.

TrendLabs: systemd Vulnerability

Figure 3. Packet capture of specially crafted DNS reply

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerability-leads-to-denial-of-service-on-linux/

NewTek NDI PTZ Camera

NEWTEK CONNECT SPARK HDMI $499  NOW IN STOCK! NEWTEK CONNECT SPARK SDI $799  NOW IN STOCK! NEWTEK NDI/HX PTZ1 CAMERA $2799  NOW IN STOCK!

TrendLabs: Physical Theft Meets Cybercrime

Figure 1: Attack chain of the fraudsters’ modus
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/physical-theft-meets-cybercrime-illicit-business-selling-stolen-apple-devices/

SG-3100 pfSense® Security Gateway Appliance

The SG-3100 pfSense Security Gateway Appliance can be configured as a firewall, LAN or WAN router, VPN appliance, DHCP Server, DNS Server, and IDS/IPS with optional packages to deliver a high performance, high throughput front-line security appliance at an excellent price in a compact footprint. With preloaded pfSense software, the SG-3100 is a fast networking security solution unencumbered by traditional annual contracts, licensing fees, or artificial limitations. Flexibility is built in to the SG-3100 with upgrade options such as a m.2 SATA SSD, LTE cellular, or mPCIe Wi-Fi.
REF: https://store.netgate.com/SG-3100.aspx

TrendLabs: New EMOTET Hijacks a Windows API

Figure 1. A CreateTimerQueueTimer API document (from CreateTimerQueueTimer function)

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/

Knoppix 8.1

The latest Knoppix comes with a new I/O scheduler, and the new hybrid ISO image format allows you to boot from either a DVD or USB stick. Klaus talks about the changes with the latest edition of Knoppix, and offers a glimpse at some of the problems he faces when producing a new Knoppix version.

REF: http://www.linux-magazine.com/Issues/2017/205/Professor-Knopper-s-Lab-Knoppix-8.1

TrendLabs: Daserf Backdoor Now Using Steganography

Figure 1: File properties of one of the decoy documents that REDBALDKNIGHT sends to Japanese targets
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/

Coinmon to monitor cryptocurrency with CLI

REF: https://github.com/bichenkk/coinmon

TrendLabs: November’s Patch Tuesday

Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/november-patch-tuesday-includes-update-attacks-abusing-dynamic-data-exchange/

Linux kernel (GCP) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not
properly keep track of nested levels in guest page tables. A local attacker
in a guest VM could use this to cause a denial of service (host OS crash)
or possibly execute arbitrary code in the host OS.
==========================================================================
Ubuntu Security Notice USN-3484-3
November 21, 2017

linux-gcp vulnerability
==========================================================================

TrendLabs: Spam Runs Against Russian Banks

Figure 2: Infection chain of Cobalt’s latest spear phishing campaign using malicious macro
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/

Veeam Agent for Linux backup

Back up Linux-based servers and workstations with ease.

As IT organizations look to run more Linux-based workloads in the public cloud, it is important to ensure they are backed up and can be recovered in order to avoid business disruption. However, backing up and recovering Linux instances is often cumbersome or expensive, requiring manual intervention and consuming an IT administrator’s valuable time.

REF: https://www.veeam.com/linux-cloud-server-backup-agent.html

Check_MK: stable release 1.4.0p19

This maintenance release ships with 6 changes affecing all editions of Check_MK,
1 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

* 5244 FIX: Activate Changes: Fixed "Has never been activated" status message
* 5478 FIX: fileinfo: fix globbing pattern expansion
* 5443 FIX: cisco_redundancy: Discover 'Redundancy Framework Status' service if device supports that.
* 5445 FIX: apc_symmetra_output: Fixed exception 'could not convert string to float' during discovery
* 5410 FIX: Windows agent: handle section Skype correctly
* 5227 FIX: Checkgroup humidity: Fix swapped lower levels and definition of only one kind of levels

REF: http://mathias-kettner.de/check_mk_download.html

Bring Remote Teams Together Without A Big Offsite Budget

The Trello team is distributed across the world, some co-located and some remote. So how do we bring everyone together to bond over a shared social experience when 65% of our team is not in the same office? The answer might surprise you.

REF: https://blog.trello.com/how-to-host-a-remote-team-offsite-budget

Official OpenBSD 6.2 CD set up for auction

---------- Forwarded message ----------
From: Bob Beck
Date: Sun, Nov 19, 2017 at 3:00 AM

So, the only 6.2 set to be produced is up for auction, featuring hand-drawn
artwork by Theo. Artisanally Made in Canada! All proceeds of the sale to fund OpenBSD development.

Go have a look at
http://www.ebay.ca/itm/Official-OpenBSD-6-2-CD-Set/253265944606

TrendLabs: ChessMaster’s New Strategy

Figure: 1 ChessMaster infection chain.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/

Dell Precision Machines Available With Ubuntu Pre-Installed

Dell Precision 5720

REF: https://insights.ubuntu.com/2017/11/14/new-dell-precision-machines-available-with-ubuntu-pre-installed/

Updates on Netflix’s Container Management Platform

REF: https://medium.com/netflix-techblog/updates-on-netflixs-container-management-platform-a91738360bd8

We have found three categories of collaborators that are looking for unique values from Titus. Specifically, those who are looking for battle hardened:

Natively integrated container solution within Amazon Web Services (AWS)

NetflixOSS integrated container management platform, specifically one that works well with Spinnaker (our continuous delivery platform) or our cloud RPC frameworks based on Eureka

A modern Apache Mesos unified batch and service container scheduler that works well on an elastic cloud with Docker containers

Check_MK: stable release 1.4.0p17

REF: http://mathias-kettner.de/check_mk_download.html

...the new stable release 1.4.0p17 of Check_MK is ready for download.

This maintenance release ships with 18 changes affecing all editions of Check_MK,
2 Enterprise Edition specific changes and 1 Managed Services Edition specific changes.

TrendLabs: Toast Overlay Weaponized

Figure 1: An illustration of how the Toast overlay attack works: an apparently benign image (left) is superimposed over actual actions the malware triggers, such as requesting for Accessibility 

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/toast-overlay-weaponized-install-android-malware-single-attack-chain/

Google Cloud Organization

The Cloud Organization allows Google Cloud Platform admins to centrally manage all the Cloud Platform resources associated with their domain, apply IAM policies, consolidate Billing, and much more.

REF: https://cloud.google.com/resource-manager/

CrossOver on Chrome OS Beta

CrossOver on Chrome OS runs an enormous variety of Windows
applications.  You can install applications from the same vast
compatibility database which we have built for years in CrossOver on
other platforms.  CrossOver on Chrome OS integrates your Windows
applications with the native Chrome OS desktop.  For users in the
enterprise, CrossOver Chrome OS also includes tools to integrate with
the Google Admin Console.  CrossOver on Chrome OS helps enterprise
customers manage deployment of Windows applications to Chromebooks.

REF: https://play.google.com/store/apps/details?id=com.codeweavers.cxoffice

Telestream Lightspeed Live Capture

Save time by capturing and checking in assets directly into your Avid Interplay environments With Lightspeed Live Capture 2.1, our scalable, multi-channel, video capture solution, you can save time by capturing and checking assets directly into your Avid Interplay environments. Your editors can now access and edit real-time, growing files in Media Composer without waiting for the complete file. What’s more, Lightspeed Live Capture also offers error-resistant, whole tape capture, meaning you can ingest tape-based media with damaged or missing information without interrupting the capture process.

REF: http://www.telestream.net/lightspeed-live/lightspeed-live-capture.htm

ResourceSpace: MAM for museums

REF: https://www.resourcespace.com/

Mozilla adds multiprocessing with Electrolysis in Firefox 54

REF: http://www.linux-magazine.com/Issues/2017/204/Firefox-54-with-Electrolysis

Developers are praising Firefox 54 as the "best Firefox ever." The revamped web browser adds multiprocessing and promises a significant boost in speed.

Video Control Room With NDI and Connect Spark

High School Centralizes Video Control Room With NDI® and Connect Spark™ By Claudia Kienzle Weighing only seven ounces, the NewTek Connect Spark is revolutionizing the video production workflow for the Louis Riel Arts & Technology Centre (ATC) Broadcast Media Program, one of the trade skills taught at this vocational high school in Winnipeg, Canada. In fact, Spark is the most revolutionary solution this budget-conscious school has come across since, well, NDI® itself.

TrendLabs: New Malicious Macro Evasion

Figure 1. Infection diagram for EMOTET malware showing Macro-PowerShell use

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/

System76 Releases Pop!_OS

REF: http://www.linux-magazine.com/Online/News/System76-Releases-Pop!_OS

System76, one of the few hardware vendors that sell systems preloaded with Linux, has released the final version of Pop!_OS, their own Ubuntu-based distribution.

System76 CEO and founder Carl Richell told us in an interview that the OS is the result of the feedback that they received from their customers. What makes Pop!_OS different from many other Linux distributions is that System76 sells Linux hardware, so they do have a very trusted channel of feedback from customers.

The Planning Fallacy

REF: https://blog.trello.com/planning-fallacy-overloaded-at-work

You look down at your to-do list and your heart starts racing. Why? You’ve just had that brutal realization that there is absolutely no way you’re going to be able to get everything done.

ResourceSpace: new search & workflow

TrendLabs: ZNIU Found Distributing New Variant

Figure 1. Screenshot of an unsigned profile (left) and a signed profile (right). In English translation, the right photo describes 51 Apple Helper, an iOS app store that provides games, software, and wallpaper.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/app-stores-formerly-coddled-zniu-found-distributing-new-ixintpwnyjsnpi-variant/

Overlooked Biases That Creep Into Your Work

REF: https://blog.trello.com/7-overlooked-biases-that-creep-into-your-work-and-undermine-its-success

From cooking dinner to deciding which new project to tackle at work, you make a lot of decisions throughout the day. Some of these decisions are so automatic that you don’t even think about them. And the decisions that you do think about (and put hours of research into) may not be as objective and rational as you may think.

About WPA2 compromised protocol

  OpenBSD was notified of the vulnerability on 15 July 2017, before
  CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt
  replied and critiqued the tentative disclosure deadline: In the open
  source world, if a person writes a diff and has to sit on it for a
  month, that is very discouraging. Note that I wrote and included a
  suggested diff for OpenBSD already, and that at the time the tentative
  disclosure deadline was around the end of August. As a compromise, I
  allowed them to silently patch the vulnerability. In hindsight this was
  a bad decision, since others might rediscover the vulnerability by
  inspecting their silent patch. To avoid this problem in the future,
  OpenBSD will now receive vulnerability notifications closer to the end
  of an embargo.

REF: https://marc.info/?l=openbsd-misc&m=150815942414653&w=2

TrendLabs: Coin Miner Mobile Malware

The following malicious apps were found on Google Play and are connected to this threat:

SHA256 hash	App name	Package name	Detection name
22581e7e76a09d404d093ab755888743b4c908518c47af66225e2da991d112f0	Recitiamo Santo Rosario Free	prsolutions.rosariofacileads	ANDROIDOS_JSMINER
440cc9913d623ed42563e90eec352da9438a9fdac331017af2ab9b87a5eee4af	SafetyNet Wireless App	com.freemo.safetynet	ANDROIDOS_JSMINER
d3c0bed627edab9ac1bbc2bcc6e8c3ff45b4708afa527790e42a4a6fe2c045f0	Car Wallpaper HD: mercedes, ferrari, bmw and audi	com.yrchkor.newwallpapers	ANDROIDOS_CPUMINER

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/