TrendLabs: Cyberespionage Campaign Sphinx Goes Mobile

Figure 1: Structure of AnubisSpy’s modules
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cyberespionage-campaign-sphinx-goes-mobile-anubisspy/

The Pomodoro Technique

Chris admits to being a former workaholic who regularly clocked in 60 to 80 hour workweeks. Despite the excessive hours he put into co-founding one of his companies, a marketing agency, things didn’t go exactly as planned. Many of Chris’ worst fears came true as an entrepreneur, and in his own words “the company completely imploded.”

REF: https://blog.trello.com/how-to-pomodoro-your-way-to-productivity

TrendLabs: Better Built-in Security in IoT Devices

Through an Nmap scan, we observed that the application running the Sonos Play:1 test device communicated with TCP/1400. 

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/iot-devices-need-better-builtin-security/

Country-Wide Sports Production With TriCaster

Southfields Centralizes Country-Wide Sports Production With TriCaster® by Ellen Camloh When one in four of your nation’s citizens actively plays the world’s most popular sport, and in another sport your national women’s team is the most successful team in World Cup history, chances are you have a lot of fans eager to watch competitions. This is true for the Netherlands, a small country that’s home to 17 million people, more than 4.5 million of whom are registered soccer players at its 35,000 sports clubs. That’s a quarter of the country’s population. Read more

TrendLabs: a Cracked Version of the Loki Infostealer

Figure 1: Loki’s infection chain
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-11882-exploited-deliver-cracked-version-loki-infostealer/

Find Work-Life Focus

REF: https://blog.trello.com/work-life-focus-trello-insider-guide-personal-productivity

In 2011, Justin Gallagher and Bobby Grace co-wrote a web application prototype that provided a visual perspective of what people were working on. That application became Trello. Here is Justin's story of how he uses it today.

Studio INVATE Super Powers Esports Video Production

REF:  https://www.newtek.com/

TrendLabs: Dissecting ATM Malware Families

Figure 2. Cutlet Maker being offered on the deep web

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/

MediaDS™ Saves Award-Winning High School Media Program

REF: https://www.newtek.com/

Azure Media Services Standard Streaming Endpoint in preview

Now in preview, Streaming Endpoint and Streaming Units are Media Services components that deliver content directly to a media player app or to Azure Content Delivery Network for further distribution. Customers can select between Standard Endpoint and Premium Streaming Units. Standard Streaming Endpoint scales outbound bandwidth automatically where Premium Units (endpoints) customers control and manage the scale operations. Moving forward: 

✓	All new Media Services accounts will be created with Standard Streaming Endpoint in a stopped state by default.
✓	All new Media Services accounts come with 15 days of free Standard Streaming Endpoint.
✓	Existing Media Services accounts with classic Streaming Endpoint won’t be automatically migrated to Standard Streaming Endpoint, but customers will have the option to migrate manually.
✓	Customers with Premium Streaming Units can migrate their streaming endpoints to Standard Streaming Endpoint.

REF: https://docs.microsoft.com/en-us/azure/media-services/media-services-streaming-endpoints-overview

TrendLabs: New Mirai Attack

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/

HDF5 for efficient I/O

HDF5 is a flexible, self-describing, and portable hierarchical filesystem supported by a number of languages and tools, with the ability to run processes in parallel.

REF: http://www.linux-magazine.com/Issues/2017/205/HDF5

TrendLabs: CONFICKER/ DOWNAD 9 Years After

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/conficker-downad-9-years-examining-impact-legacy-systems/

Introducing Roku OS 8

REF: https://sdkdocs.roku.com/display/sdkdoc/Roku+OS+Release+Notes

TrendLabs: Untangling the Patchwork Cyberespionage Group

Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/

NewTek Connect Spark - Get any source into any setup

REF: https://www.newtek.com/

TrendLabs: December Patch Tuesday

Overall, Patch Tuesday addressed 12 Critical-rated vulnerabilities and 10 rated as Important, of which two were disclosed via Trend Micro’s Zero Day Initiative. In addition to the MMPE vulnerability updates, some of the other noteworthy fixes include:

• CVE-2017-11899: A security feature bypass that exists when Device Guard incorrectly validates an untrusted file. An attacker successfully exploiting this vulnerability could make untrusted files appear to be trusted once, causing Device Guard to allow a malicious file to execute.
• CVE-2017-11927: An information disclosure vulnerability that exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provided URL. Attackers exploiting this vulnerability can use various tactics such as phishing to lure users into browsing a malicious website or to an SMB or UNC path destination. A successful attack can potentially lead to the disclosure of sensitive information to a malicious site.

REF:  http://blog.trendmicro.com/trendlabs-security-intelligence/december-patch-tuesday-yearender-includes-updates-mmpe-vulnerabilities/

The many ways of running firefox on OpenBSD

First, and this has been the case for a few years already, these days I only target amd64 and i386. It's been "fun" for a while but now it's impossible to keep up with macppc and sparc64, although Martin Husemann from NetBSD still manages to run recent firefox on sparc64, i gave up on this - even *running* firefox on an i386 netbook with 1Gb of memory is unbearable. Sad state of affairs.. and on top of this, the recent dependency on rust also limits the amount of platforms firefox could run on, since rust only works on amd64 and i386 for now (thanks to the insane amount of work by semarie@ !).

REF: https://undeadly.org/cgi?action=article&sid=20170425173917

Providers that protect against DDoS attacks

AWS Shield

The Amazon Web Services (AWS) Shield [8] provides protection against DDoS attacks (Figure 1). The Standard protection is available to any AWS customer. The product includes detection of network flow data and automatic mitigation of DDoS attacks against SYN flooding or UDP reflection attacks. However, you do not receive information about a successful defense. If you choose the AWS Shield Advanced product, you receive the following additional features for around $3,025 per month plus charges for data transfer:

• In addition to connection data at the network level, Amazon collects and analyzes transaction logs at the application level.
• Access to advanced scrubbing capacities.
• Notification of attacks on ISO Layers 3 and 4, as well as data about the type of attack.
• Reports for ISO Layers 3, 4, and 7.
• Incident management by the Amazon DDoS response team.
• If necessary, manual mitigation.
• Manual analysis after the attack.
• Reimbursement for costs incurred by the attack associated with CloudFront, Route 53, and ELB services.

Figure 1: Amazon protects customers against DDoS attacks – to an extent. For more protection, you will have to dig very deeply into your pockets.

Of import is that Amazon only protects what runs on Amazon. Although it is possible to protect data traffic on your own servers using services such as CloudFront or a reverse proxy and to protect your own network connection in another way, you cannot fight off targeted attacks.

REF: http://www.linux-magazine.com/Issues/2018/206/DDoS-Defense/(offset)/6

Linux Kernel 4.14 Released

Linus Torvalds, the creator of Linux, announced the release of Linux kernel 4.14 on November 12, 2017. The release was due earlier but was delayed because of an AppArmor patch that caused regression. Torvalds lashed out at a Canonical developer who found the AppArmor regression but said that it was not a big deal.

Torvalds responded and said, “As far as the kernel is concerned, a regression is THE KERNEL NOT GIVING THE SAME END RESULT WITH THE SAME USER SPACE. The regression was in the kernel. You trying to shift the regressions somewhere else is bogus SHIT. And seriously, it's the kind of garbage that makes me think your opinion and your code cannot be relied on. If you are not willing to admit that your commit 651e28c5537a ("apparmor: add base infrastructure for socket mediation") caused a regression, then honestly, I don't want to get commits from you.”

REF: http://www.linux-magazine.com/Online/News/Linux-Kernel-4.14-Released

Roku Streaming Stick+ at 40% off.

Announcing CrossOver 17.0.0

CrossOver 17 supports Microsoft Office 2016: the latest and greatest
Microsoft Office suite.  You can install Office 2016 Home and Office
2016 Business from your Office 365 account and use the full featured
versions of these products.

CrossOver 17 also supports Quicken 2017 for your home financial
needs. 

On Linux, CrossOver 17 will run the popular game League of
Legends.

You will benefit from a full upgrade of our Wine compatibility layer,
giving CrossOver 17 thousands of improvements in our core technology
over our previous version. 

REF: https://www.codeweavers.com/support/forums/announce/?t=24;mhl=203321;msg=203321#msg203321

Debian Contributors list

This is a list of all the 1808 people and 21 teams whose most recent contribution to Debian was in 2017.
The information is based on our current knowledge, which you can help us improve.
REF: https://contributors.debian.org/

TrendLabs: October macOS Patch

Figure 1. Error message when a malicious USB device is inserted (Click to enlarge)

REF:  http://blog.trendmicro.com/trendlabs-security-intelligence/october-macos-patch-fixes-fatusb-vulnerability/

Telestream Vantage

Dynamically scale your media processing capability with virtualized infrastructure Vantage version 7.1, our media processing platform, adds support for Vantage Elastic Domain, a virtualized version of Vantage to run on premises, in private data centers or on recognized cloud providers. This powerful new capability allows you to have a number of permanent Vantage licenses to cover your run-rate needs, while allowing you to take advantage of the virtualized infrastructure to “burst” a number of additional nodes as your workload needs dictate. Vantage 7.1 also introduces an all-new 64-bit transcoding engine, designed with the latest high-density formats in mind.

TrendLabs: qkG Filecoder

Figure 3: The ransom note displayed to the victim after the document is encrypted
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/

Samsung is testing Linux desktop

REF: http://www.linux-magazine.com/Online/News/Samsung-to-Bring-Linux-to-Desktop

The same year Canonical decide to pull out of the consumer space, Samsung is bringing a pure desktop Linux experience to PCs. Unlike Apple, Google, or Microsoft, Samsung doesn’t have any tightly integrated offering for professionals who need a desktop to get work done. Samsung came out with DeX, an accessory for Samsung Galaxy phones that connected with a monitor and offers a desktop-like interface. It’s an experience similar to Ubuntu Dock or Motorola Atrix Webtop.

TrendLabs: systemd Vulnerability

Figure 3. Packet capture of specially crafted DNS reply

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerability-leads-to-denial-of-service-on-linux/

NewTek NDI PTZ Camera

NEWTEK CONNECT SPARK HDMI $499  NOW IN STOCK! NEWTEK CONNECT SPARK SDI $799  NOW IN STOCK! NEWTEK NDI/HX PTZ1 CAMERA $2799  NOW IN STOCK!

TrendLabs: Physical Theft Meets Cybercrime

Figure 1: Attack chain of the fraudsters’ modus
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/physical-theft-meets-cybercrime-illicit-business-selling-stolen-apple-devices/