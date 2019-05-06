Security: Microsoft Windows Ransom, Army Concerns, Phishing, Confluence and SCA
-
This marks the second time ransomware has hit Baltimore: In March 2018, a cyberattack infected the city's 911 dispatch system and took down automated dispatches for 911 and 311 calls. An Internet port was reportedly left unprotected and exploited by attackers, officials said.
-
Baltimore City agencies are scrambling this week to conduct business as normal amid a ransomware attack on government computers.
Here’s a list of city departments and agencies that have undergone operational changes since the attack: [...]
-
The FBI is investigating a ransomware attack on Baltimore City’s network, while city officials try to bring back the network to its full capacity.
Although city services are no longer are being affected, [intruders] are still accessing the system, according to Mayor Jack Young.
-
Security researcher Vitali Kremez, who recently reverse-engineered a sample of RobbinHood, told Ars that the [Windows] malware appears to target only files on a single system and does not spread through network shares. “It is believed to be spread directly to the individual machines via psexec and/or domain controller compromise,” Kremez said. “The reasoning behind it is that the ransomware itself does not have any network spreading capabilities and is meant to be deployed for each machine individually.”
That would mean that the attacker would need to already have gained administrative-level access to a system on the network “due to the way the ransomware interacts with C:\Windows\Temp directory,” Kremez explained.
-
The Joint Cyber Warfighting Architecture (JCWA), was established by Cyber Command within the last year to guide capability development priorities. Cyber is unique within the Department of Defense in that from an operational perspective nearly all aspects are joint. This means in the traditional warfighting realm, the services are responsible for manning, training and equipping for a certain function, infantry or fighter pilots, for example. While those forces are part of a theater-wide campaign plan beneath a combatant command, they are still deployed under their own services.
-
The Defense Department wants to publish its blacklist of software companies to better inform the industrial base.
"We will continue to not buy from sources that are not trusted," DOD Acquisition and Sustainment Undersecretary Ellen Lord told reporters during a May 10 briefing at the Pentagon.
-
“As the transition was made” from Army Cyber Command to MARFORCYBER, U.S. Cyber Command’s leader Gen. Paul Nakasone “thought it was important to expand that mission set,” Maj. Gen. Matthew Glavy, MARFORCYBER’s commander, told reporters May 7 during a first of its kind media briefing at its facilities at Fort Meade.
-
Noting that some private companies employ internal phishing campaigns and if an employee can be terminated if they take the bait a certain number of times, Modly said the Navy is looking at punitive measures for users to get them to take cybersecurity seriously.
-
Phishing is seen by more than one in four (44%) of Australian businesses as the biggest security threats they face, with ransomware, password and business email compromise continuing to beset organisations, according to a newly published survey.
-
There is also strong evidence to suggest that the attack vector was a known vulnerability published on Atlassian Confluence in March 2019.
-
Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.
SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).
How to SSH into a Raspberry Pi
Learn how to enable SSH in Raspberry Pi and then how to SSH into a Raspberry Pi device.
Today in Techrights
Server: OpenStack, Docker, Red Hat, CentOS and Fedora
-
OpenStack executive director Jonathan Bryce took to the stage of the open source outfit's shindig in Denver, Colorado this week with a message of collaboration, openness and... clowns.
Around 2,000 fans of the technology had gathered in the cavernous Colorado Convention Center to either listen to the emissions from the OpenStack Foundation (OSF) or shelter from the sudden return to winter in the mile-high city.
Bryce took the audience at the newly renamed Open Infrastructure Summit on a whimsical trip down his own personal memory lane, which ended up, unsurprisingly, with his time at Rackspace and OpenStack, but started with his dream of becoming a rodeo clown.
-
TechCrunch has learned that Docker CEO Steve Singh will be stepping down after two years at the helm, and former Hortonworks CEO Rob Bearden will be taking over. An email announcement went out this morning to Docker employees.
People close to the company confirmed that Singh will be leaving the CEO position, staying on the job for several months to help Bearden with the transition. He will then remain with the organization in his role as chairman of the board. They indicated that Bearden has been working closely with Singh over the last several months as a candidate to join the board and as a consultant to the executive team.
Singh clicked with him and viewed him as a possible successor, especially given his background with leadership positions at several open-source companies, including taking Hortonworks public before selling to Cloudera last year. Singh apparently saw someone who could take the company to the next level as he moved on. As one person put it, he was tired of working 75 hours a week, but he wanted to leave the company in the hands of a capable steward.
-
Radio amateur Limor Fried AC2SN, founder of Adafruit Industries, was one of the winners of the 2019 Women in Open Source Awards
In its fifth year, the Women in Open Source Awards were created and sponsored by Red Hat to honor women who make important contributions to open source projects and communities, or those making innovative use of open source methodology. Nominations for this year’s awards were accepted for two categories: academic (those currently enrolled in a college or university) and community (those working on or volunteering with projects related to open source). A panel of judges determined finalists based on nomination criteria, and the public voted to determine the award winners who were:
-
Open source software and its associated culture of innovation and collaboration are now proving the difference in digital transformation, according to Jim Whitehurst, CEO and president of Red Hat.
Indeed he told media and analysts at the company’s annual conference in Boston this morning that open source is where innovation happens and and that enterprises are starting to work it out, creating a boom period in the market.
-
At Red Hat Summit 2019 here this week, the company shared Ansible roadmap details, many of which underscored a prominent and running theme around the tool -- namely, that it's broadening its reach beyond the core IT ops and development domains, and into areas such as IT security, compliance and networking.
In addition, Red Hat unveiled plans to shake up its delivery and distribution model for Ansible content, as well as provide expanded reporting and analytics capabilities in Ansible Tower, the tool's enterprise-level web-based management console.
-
A lot of companies are ditching proprietary technology products in favor of open-source software. Others find they’re not quite ready to forgo vendor support. This is where the open-source as a service business model comes in.
The difference between open-source projects and plug-and-play products can sometimes confuse customers, according to Paul Cormier (pictured), president of products and technologies at Red Hat Inc. For example, the open-source Kubernetes platform for orchestrating containers (a virtualized method for running distributed applications).
-
With the latest release of Red Hat Enterprise Linux and OpenShift being packed with Kubernetes-friendly features, Red Hat is looking to create what its CTO Chris Wright calls the "autonomic computing platform".
Here at the Red Hat Summit in Boston - the first since IBM's acquisition plans for the open source company were made public - Computerworld UK sat down with Wright to talk the major new announcements, trends, open source's apparent victory, and what contributors might need to have their guard up about in light of increasing interest in open source communities.
-
From his position as the chief technology officer for Red Hat Inc., Chris Wright (pictured) can see a future when self-tuning platforms will scale as the need grows. This is autonomic computing or autonomous clouds, and it’s not as far away as it might seem.
“We’ve been working towards autonomic computing for decades,” Wright said. “Things like having this holy grail of a self-healing, self-optimizing, self-driving cluster is not as science fiction as it felt 20 years ago. We are tapping into the next generation of what’s possible.”
-
David Egts, chief technologist of Red Hat‘s (NYSE: RHT) North American public sector business, said open source and hybrid cloud platforms will be key to federal agencies’ adoption of high-performance computing, ExecutiveBiz reported April 25.
Egts wrote in a GCN guest piece published April 24 that the combination of open source and hybrid cloud will work to enable even agencies with small budgets and few resources to utilize HPC technologies and explore new possibilities in using data science to update operations and address emerging business needs.
-
Red Hat unveils OpenShift 4, its first new major version of the Kubernetes platform since rebuilding it around the open-source container orchestration system...
-
High performing and secure ICT solutions provider Datacentrix has intensified its focus on open source technology, recently reaching Advanced Solution Partner status with Red Hat South Africa.
In a partnership that has been just over a year in the making, Datacentrix's achievement speaks of its dedication to improve support of open source technology locally, says Graeme Dendy, service manager for Converged Solutions at Datacentrix.
-
Red Hat released RHEL version 8.0 on May 7, 2019 so lots of folks are looking where is the equivalent build of CentOS. Well long story short, looking at the history it takes about a month to spin out a production release of CentOS after RHEL is released. Red Hat released RHEL7 on June 10 (2014) and CENTOS7 was released officially on July 7 (2014) almost a month later. So you should expect, rough and tough to see CetnOS8 released in the month June of 2019.
Once CentOS8 is released you can download it from the official project download site.
If you are clamoring to track the blow by blow status of the release progress, keep an eye on the project status page for the creation of CentOS 8.
-
The kernel team is working on final integration for kernel 5.1. This version was just recently released, and will arrive soon in Fedora. This version has many security fixes included. As a result, the Fedora kernel and QA teams have organized a test week from Monday, May 13, 2019 through Saturday, May 18, 2019. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.
