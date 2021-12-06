Proprietary Software and Security Issues
Chinese [Crackers] Reportedly Target India’s Power Grid [iophk: Windows TCO]
Over the last several months, the Insikt Group, the threat research division of Massachusetts-based Recorded Future, said it has collected evidence that hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area disputed by the two nuclear neighbors.
The group primarily used the trojan ShadowPad, which is believed to have been developed by contractors for China's Ministry of State Security, leading to the conclusion that this was a state-sponsored hacking effort, the group reported.
ShadowPad Malware Analysis [iophk: Windows TCO]
The majority of ShadowPad samples analyzed by CTU researchers were two-file execution chains: an encrypted ShadowPad payload embedded in a DLL loader. ShadowPad DLL loaders are [installed] by a legitimate executable vulnerable to DLL search order hijacking. The DLL loader then decrypts and executes the embedded ShadowPad payload in memory using a custom decryption algorithm specific to the malware version. Table 1 lists legitimate executable and malicious DLL pairs that CTU researchers observed in analyzed samples.
Electric vehicle chargepoints [cracked] to show porn
Screens on devices at the council’s car parks are meant to show its website, but some featured explicit images instead.
Security startup becomes Lithuania’s second unicorn
Founded in 2012, Nord Security is now valued at 1.6 billion dollars. This makes the company Lithuania’s second unicorn, after the clothing resale platform Vinted.
According to one of the founders, Eimantas Sabaliauskas, Nord Security is now striving to become the world’s biggest cybersecurity company.
Using Windows after 15 years on Linux
I am a software & web developer - and Linux is a toolbox, full of highly polished tools, crafted over decades by software developers, for software developers. Windows is… not that. It’s a commercial OS, aimed at users of Word, Excel & Outlook, pretty much. You can feel this difference all the time that you’re using it - it pervades everything.
Non-composable Software
The command line tools (echo, cat, grep, sed, awk, find, cut, sort, curl, ssh, etc…) which make up the standard Linux/Unix toolbox are all composable and general purpose. You can join them together like Lego bricks, in whatever combination you like, to make new tools on the fly. You do this on the command line, by piping streams of text from one tool to another and using them to transform it however you need.
Sadly, nobody has ever really figured out how to make GUI software like this - general purpose & composable. Windows has always focussed heavily on the GUI, to the almost complete exclusion of the command line - which means that it doesn’t have this foundation of composable software tools. Almost everything is a special purpose piece of GUI software. Which you have to go and find. And then download and install.
Why did you make that decision? AI systems learn to explain.
While AI scientists have no problem designing systems that make accurate predictions on all sorts of business outcomes, they are discovering that to make those tools more effective for human operators, the AI may need to explain itself through another algorithm.
The emerging field of “Explainable AI,” or XAI, has spurred big investment in Silicon Valley as startups and cloud giants compete to make opaque software more understandable and has stoked discussion in Washington and Brussels where regulators want to ensure automated decision-making is done fairly and transparently.
Finnish foreign affairs and defence ministry websites hit by cyber attacks [iophk: Windows TCO]
The websites of Finland's defence and foreign affairs ministries were out of service on Friday, the ministries announced in separate tweets at just before 1pm.
The defence ministry said its website was taken down by a denial of service (DoS) attack and that it was investigating the matter.
US Disrupts 'Cyclops Blink' Botnet by Hacking Infected Devices [iophk: Windows TCO]
The US blames Russia’s military intelligence, the GRU, for creating the botnet as a way to spy on company networks. Back in February, federal officials warned that a new strain of Linux-based malware, called Cyclops Blink, had been found targeting vulnerable routers and firewall devices from PC maker Asus and network security provider WatchGuard.
What is a botnet? When infected devices attack [iophk: Windows TCO]
A botnet is an example of a distributed computing system operating over the internet—a fairly early example of this idea's widespread real-world use. The people or teams who run a botnet, called controllers or herders, need to recruit unwilling computers into their army and then coordinate their activity for profit. There are a number of components to the architecture that helps botnets form and perpetuate themselves.
ALERT: Malware targeting routers, Windows PCs in circulation, NCC warns [iophk: Windows TCO]
“To hide the malicious activity, the ransomware displays a fake window update screen, cancels specific processes and services, and completely disables the task manager, windows error reporting, machine firewall and windows defender of the compromised system.
NCC Uncovers Cyber Threats to Windows Platforms, Routers [iophk: Windows TCO]
The first cyber threat is ransomware ‘Lokilocker’, capable of wiping data from all versions of Windows systems or platforms. It causes data loss and denial of service (DoS) which reduces user productivity.
DirtyMoe modules expand the bot using worm-like techniques
The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The DirtyMoe rootkit was delivered via malspam campaigns or served by malicious sites hosting the PurpleFox exploit kit that triggers vulnerabilities in Internet Explorer, such as the CVE-2020-0674 scripting engine memory corruption vulnerability.
The operations behind the DirtyMoe botnet rapidly changed since the end of 2020, when the malware authors added a worm module that could increase their activity by spread via the internet to other Windows systems.
Microsoft hikes prices for non-profit customers, ends on-prem software grants [Ed: Clown computing is a bait-and-switch trap; Microsoft is a bunch of criminals, preying on the poorest]
Atlassian outage lingers, sparking data loss fears
Atlassian is still scrambling to recover from a recent software script fiasco and is hoping no customer data gets lost, which may be more than Microsoft can manage if OneDrive, as some have reported, has been intermittently corrupting large uploads for at least two months.
Four days after some Atlassian customers began encountering problems with the cloud giant's collaboration software, recovery efforts continue and a few folks are worried they may not get their data back.
One wrote to The Register wondering about that possibility after the company, via Twitter, responded to a request to confirm that customer data is backed up and failed to actually do so.
"We expect most site recoveries to occur with minimal or no data loss," the biz said on Thursday.
Maybe Passwords are the Future
A wide variety of new approaches are vying for popularity. WebAuthn removes passwords and instead uses keys that are managed by the browser. Email “magic links” use the ability to receive email as authentication. SSO delegates the problem to another provider. However these approaches all have major downsides. Let’s take a quick look at some of these and try to squeeze them into a pass/fail score, ignoring most of the nuance.
WatchGuard Plays The Ostrich, Patches Exploit Without Informing Customers
Firewalls. You know, boring old IT stuff. So why are we talking about them at Techdirt? Well, one thing we regularly talk about is how companies tend to respond to exploits and breaches that are uncovered and, far too often, how horrifically bad they are in those responses. Often times, breaches and exploits end up being far more severe than originally reported, and there are some companies that actually try to go after those reporting on breaches and exploits legally.
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022.
4 Best Free and Open Source Web Application Firewalls
A web application firewall (WAF) is a type of application firewall that lets you see and analyze HTTP traffic to and from a web application. It has the objective of preventing attacks that seek to deny service and steal data. It gives the administrator direct control over the requests and the responses passing through the system without needing to modify backend code. A WAF differs from a standard firewall by protecting a specific web application or set of web applications. And it does this without actually touching web applications. Unprotected web applications are the easiest entry point for criminals and vulnerable to a number of attack types. Once a web application security vulnerability is discovered, it must be promptly fixed. Virtual patching using a WAF or patching the web application code directly are two solutions. Preventing attacks in application code can be difficult and may need painstaking maintenance, patching and monitoring at multiple layers of the application topology. And web application attacks are the main cause of data breaches. About 75% of all attacks are focused at the web application level. Most websites suffer dozens of attacks every day and some popular sites suffer, on average, a thousand attacks per hour. WAFs are deployed to add an external security layer; this improves a system’s security. They detect and prevent attacks before they reach web applications.
Today in Techrights
today's leftovers
Open Hardware/Modding: Raspberry Pi, Retro, and Sailfish OS
