SG-3100 pfSense® Security Gateway Appliance

The SG-3100 pfSense Security Gateway Appliance can be configured as a firewall, LAN or WAN router, VPN appliance, DHCP Server, DNS Server, and IDS/IPS with optional packages to deliver a high performance, high throughput front-line security appliance at an excellent price in a compact footprint. With preloaded pfSense software, the SG-3100 is a fast networking security solution unencumbered by traditional annual contracts, licensing fees, or artificial limitations. Flexibility is built in to the SG-3100 with upgrade options such as a m.2 SATA SSD, LTE cellular, or mPCIe Wi-Fi.
REF: https://store.netgate.com/SG-3100.aspx

TrendLabs: New EMOTET Hijacks a Windows API

Figure 1. A CreateTimerQueueTimer API document (from CreateTimerQueueTimer function)

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/

Knoppix 8.1

The latest Knoppix comes with a new I/O scheduler, and the new hybrid ISO image format allows you to boot from either a DVD or USB stick. Klaus talks about the changes with the latest edition of Knoppix, and offers a glimpse at some of the problems he faces when producing a new Knoppix version.

REF: http://www.linux-magazine.com/Issues/2017/205/Professor-Knopper-s-Lab-Knoppix-8.1

TrendLabs: Daserf Backdoor Now Using Steganography

Figure 1: File properties of one of the decoy documents that REDBALDKNIGHT sends to Japanese targets
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/

Coinmon to monitor cryptocurrency with CLI

REF: https://github.com/bichenkk/coinmon

TrendLabs: November’s Patch Tuesday

Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/november-patch-tuesday-includes-update-attacks-abusing-dynamic-data-exchange/

Linux kernel (GCP) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not
properly keep track of nested levels in guest page tables. A local attacker
in a guest VM could use this to cause a denial of service (host OS crash)
or possibly execute arbitrary code in the host OS.
==========================================================================
Ubuntu Security Notice USN-3484-3
November 21, 2017

linux-gcp vulnerability
==========================================================================

TrendLabs: Spam Runs Against Russian Banks

Figure 2: Infection chain of Cobalt’s latest spear phishing campaign using malicious macro
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/

Veeam Agent for Linux backup

Back up Linux-based servers and workstations with ease.

As IT organizations look to run more Linux-based workloads in the public cloud, it is important to ensure they are backed up and can be recovered in order to avoid business disruption. However, backing up and recovering Linux instances is often cumbersome or expensive, requiring manual intervention and consuming an IT administrator’s valuable time.

REF: https://www.veeam.com/linux-cloud-server-backup-agent.html

Check_MK: stable release 1.4.0p19

This maintenance release ships with 6 changes affecing all editions of Check_MK,
1 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

* 5244 FIX: Activate Changes: Fixed "Has never been activated" status message
* 5478 FIX: fileinfo: fix globbing pattern expansion
* 5443 FIX: cisco_redundancy: Discover 'Redundancy Framework Status' service if device supports that.
* 5445 FIX: apc_symmetra_output: Fixed exception 'could not convert string to float' during discovery
* 5410 FIX: Windows agent: handle section Skype correctly
* 5227 FIX: Checkgroup humidity: Fix swapped lower levels and definition of only one kind of levels

REF: http://mathias-kettner.de/check_mk_download.html

Bring Remote Teams Together Without A Big Offsite Budget

The Trello team is distributed across the world, some co-located and some remote. So how do we bring everyone together to bond over a shared social experience when 65% of our team is not in the same office? The answer might surprise you.

REF: https://blog.trello.com/how-to-host-a-remote-team-offsite-budget

Official OpenBSD 6.2 CD set up for auction

---------- Forwarded message ----------
From: Bob Beck
Date: Sun, Nov 19, 2017 at 3:00 AM

So, the only 6.2 set to be produced is up for auction, featuring hand-drawn
artwork by Theo. Artisanally Made in Canada! All proceeds of the sale to fund OpenBSD development.

Go have a look at
http://www.ebay.ca/itm/Official-OpenBSD-6-2-CD-Set/253265944606

TrendLabs: ChessMaster’s New Strategy

Figure: 1 ChessMaster infection chain.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/

Dell Precision Machines Available With Ubuntu Pre-Installed

Dell Precision 5720

REF: https://insights.ubuntu.com/2017/11/14/new-dell-precision-machines-available-with-ubuntu-pre-installed/

Updates on Netflix’s Container Management Platform

REF: https://medium.com/netflix-techblog/updates-on-netflixs-container-management-platform-a91738360bd8

We have found three categories of collaborators that are looking for unique values from Titus. Specifically, those who are looking for battle hardened:

Natively integrated container solution within Amazon Web Services (AWS)

NetflixOSS integrated container management platform, specifically one that works well with Spinnaker (our continuous delivery platform) or our cloud RPC frameworks based on Eureka

A modern Apache Mesos unified batch and service container scheduler that works well on an elastic cloud with Docker containers

Check_MK: stable release 1.4.0p17

REF: http://mathias-kettner.de/check_mk_download.html

...the new stable release 1.4.0p17 of Check_MK is ready for download.

This maintenance release ships with 18 changes affecing all editions of Check_MK,
2 Enterprise Edition specific changes and 1 Managed Services Edition specific changes.

TrendLabs: Toast Overlay Weaponized

Figure 1: An illustration of how the Toast overlay attack works: an apparently benign image (left) is superimposed over actual actions the malware triggers, such as requesting for Accessibility 

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/toast-overlay-weaponized-install-android-malware-single-attack-chain/

Google Cloud Organization

The Cloud Organization allows Google Cloud Platform admins to centrally manage all the Cloud Platform resources associated with their domain, apply IAM policies, consolidate Billing, and much more.

REF: https://cloud.google.com/resource-manager/

CrossOver on Chrome OS Beta

CrossOver on Chrome OS runs an enormous variety of Windows
applications.  You can install applications from the same vast
compatibility database which we have built for years in CrossOver on
other platforms.  CrossOver on Chrome OS integrates your Windows
applications with the native Chrome OS desktop.  For users in the
enterprise, CrossOver Chrome OS also includes tools to integrate with
the Google Admin Console.  CrossOver on Chrome OS helps enterprise
customers manage deployment of Windows applications to Chromebooks.

REF: https://play.google.com/store/apps/details?id=com.codeweavers.cxoffice

Telestream Lightspeed Live Capture

Save time by capturing and checking in assets directly into your Avid Interplay environments With Lightspeed Live Capture 2.1, our scalable, multi-channel, video capture solution, you can save time by capturing and checking assets directly into your Avid Interplay environments. Your editors can now access and edit real-time, growing files in Media Composer without waiting for the complete file. What’s more, Lightspeed Live Capture also offers error-resistant, whole tape capture, meaning you can ingest tape-based media with damaged or missing information without interrupting the capture process.

REF: http://www.telestream.net/lightspeed-live/lightspeed-live-capture.htm

ResourceSpace: MAM for museums

REF: https://www.resourcespace.com/

Mozilla adds multiprocessing with Electrolysis in Firefox 54

REF: http://www.linux-magazine.com/Issues/2017/204/Firefox-54-with-Electrolysis

Developers are praising Firefox 54 as the "best Firefox ever." The revamped web browser adds multiprocessing and promises a significant boost in speed.

Video Control Room With NDI and Connect Spark

High School Centralizes Video Control Room With NDI® and Connect Spark™ By Claudia Kienzle Weighing only seven ounces, the NewTek Connect Spark is revolutionizing the video production workflow for the Louis Riel Arts & Technology Centre (ATC) Broadcast Media Program, one of the trade skills taught at this vocational high school in Winnipeg, Canada. In fact, Spark is the most revolutionary solution this budget-conscious school has come across since, well, NDI® itself.

TrendLabs: New Malicious Macro Evasion

Figure 1. Infection diagram for EMOTET malware showing Macro-PowerShell use

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/

System76 Releases Pop!_OS

REF: http://www.linux-magazine.com/Online/News/System76-Releases-Pop!_OS

System76, one of the few hardware vendors that sell systems preloaded with Linux, has released the final version of Pop!_OS, their own Ubuntu-based distribution.

System76 CEO and founder Carl Richell told us in an interview that the OS is the result of the feedback that they received from their customers. What makes Pop!_OS different from many other Linux distributions is that System76 sells Linux hardware, so they do have a very trusted channel of feedback from customers.

The Planning Fallacy

REF: https://blog.trello.com/planning-fallacy-overloaded-at-work

You look down at your to-do list and your heart starts racing. Why? You’ve just had that brutal realization that there is absolutely no way you’re going to be able to get everything done.

ResourceSpace: new search & workflow

TrendLabs: ZNIU Found Distributing New Variant

Figure 1. Screenshot of an unsigned profile (left) and a signed profile (right). In English translation, the right photo describes 51 Apple Helper, an iOS app store that provides games, software, and wallpaper.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/app-stores-formerly-coddled-zniu-found-distributing-new-ixintpwnyjsnpi-variant/

Overlooked Biases That Creep Into Your Work

REF: https://blog.trello.com/7-overlooked-biases-that-creep-into-your-work-and-undermine-its-success

From cooking dinner to deciding which new project to tackle at work, you make a lot of decisions throughout the day. Some of these decisions are so automatic that you don’t even think about them. And the decisions that you do think about (and put hours of research into) may not be as objective and rational as you may think.

About WPA2 compromised protocol

  OpenBSD was notified of the vulnerability on 15 July 2017, before
  CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt
  replied and critiqued the tentative disclosure deadline: In the open
  source world, if a person writes a diff and has to sit on it for a
  month, that is very discouraging. Note that I wrote and included a
  suggested diff for OpenBSD already, and that at the time the tentative
  disclosure deadline was around the end of August. As a compromise, I
  allowed them to silently patch the vulnerability. In hindsight this was
  a bad decision, since others might rediscover the vulnerability by
  inspecting their silent patch. To avoid this problem in the future,
  OpenBSD will now receive vulnerability notifications closer to the end
  of an embargo.

REF: https://marc.info/?l=openbsd-misc&m=150815942414653&w=2

TrendLabs: Coin Miner Mobile Malware

The following malicious apps were found on Google Play and are connected to this threat:

SHA256 hash	App name	Package name	Detection name
22581e7e76a09d404d093ab755888743b4c908518c47af66225e2da991d112f0	Recitiamo Santo Rosario Free	prsolutions.rosariofacileads	ANDROIDOS_JSMINER
440cc9913d623ed42563e90eec352da9438a9fdac331017af2ab9b87a5eee4af	SafetyNet Wireless App	com.freemo.safetynet	ANDROIDOS_JSMINER
d3c0bed627edab9ac1bbc2bcc6e8c3ff45b4708afa527790e42a4a6fe2c045f0	Car Wallpaper HD: mercedes, ferrari, bmw and audi	com.yrchkor.newwallpapers	ANDROIDOS_CPUMINER

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/