Tag Archives: almost

WannaMine cryptojacker targets unpatched EternalBlue flaw

New research detailed successful cryptojacking attacks by WannaMine malware after almost one year of warnings about this specific cryptominer and more than a year and a half  of warnings about the EternalBlue exploit.

The Cybereason Nocturnus research team and Amit Serper, head of security research for the Boston-based cybersecurity company, discovered a new outbreak of the WannaMine cryptojacker, which the researchers said gains access to computer systems “through an unpatched [Server Message Block, or SMB] service and gains code execution with high privileges” to spread to more systems.

Serper noted in a blog post that neither WannaMine nor the EternalBlue exploit are new, but they are still taking advantage of those unpatched SMB services, even though Microsoft patched against EternalBlue in March 2017.

“Until organizations patch and update their computers, they’ll continue to see attackers use these exploits for a simple reason: they lead to successful campaigns,” Serper wrote in the blog post. “Part of giving the defenders an advantage means making the attacker’s job more difficult by taking steps to boost an organization’s security. Patching vulnerabilities, especially the ones associated with EternalBlue, falls into this category.”

It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware.
Jake Williamsfounder and CEO, Rendition Infosec

The EternalBlue exploit was famously part of the Shadow Brokers dump of National Security Agency cyberweapons in April 2017; less than one month later, the WannaCry ransomware was sweeping the globe and infecting unpatched systems. However, that was only the beginning for EternalBlue.

EternalBlue was added into other ransomware, like GandCrab, to help it spread faster. It was morphed into Petya. And there were constant warnings for IT to patch vulnerable systems.

WannaMine was first spotted in October 2017 by Panda Security. And in January 2018, Sophos warned users that WannaMine was still active and preying on unpatched systems. According to researchers at ESET, the EternalBlue exploit saw a spike in use in April 2018.

Jake Williams, founder and CEO of Rendition Infosec, based in Augusta, Ga., said there are many ways threat actors may use EternalBlue in attacks.

“It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware,” Williams wrote via Twitter direct message. “Cryptojackers are certainly one risk for these systems. These systems don’t have much power for crypto-mining (most lack dedicated GPUs), but when compromised en-masse they can generate some profit for the attacker. More concerning in some cases are the use of these systems for malware command and control servers and launching points for other attacks.”

For Sale – AMD FX8350, 16GB DDR3 and Coolermaster Evo212

CPU working like a dream, and has an EVO212 on it for almost silent use. 212 comes with all the bits I have with it.
No box but will be securely packaged. Buy it all and I’ll throw in a mobo for free that Im currently using.
The RAM is 4 matched sticks, I’ll get exact stats later tonight when Im home.

Price and currency: £55 for CPU, £65 for RAM, £5 for Coolermaster if sold with CPU
Delivery: Delivery cost is included within my country
Payment method: BT/PP F&F
Location: Barnsley
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Where the IBM Project Debater AI system may be headed

Last month, in almost real time and in front of a live audience in San Francisco, two humans debated facts and ethics with an AI system, IBM Project Debater.

The AI platform offered points and rebuttals during its first public debate, going first against Noa Ovadia, the 2016 Israeli national debate champion, on the issue of subsidizing space exploration, and then against Israeli professional debater Dan Zafrir on the topic of telemedicine. Debaters, human and machine, were not made aware of the subjects ahead of time.

According to a snap poll of the audience after each session, audiences felt that Project Debater, at least on the topic of space exploration, enriched their knowledge more than its human counterpart.

The humans, however, were largely found to be better, more persuasive speakers. Indeed, despite its digital prowess, some debate experts have noted that the AI debating system lacks a certain ability to deploy tonal effects, such as irony and sarcasm.

The debating system isn’t IBM’s first foray into machine-human jousting. In 2011, IBM’s Watson supercomputer beat trivia stars in a game of Jeopardy, and in 1997, IBM’s Deep Blue chess computer bested world chess champion Garry Kasparov.

[embedded content]

IBM Research teaser for Project Debater

The Project Debater engineers appear to be taking a more nuanced approach this time.

Ranit Aharonov, manager of the IBM Project Debater team, said members of the project team didn’t think of the system simply as something that could win a debate.

“When we look at a debate, we don’t only look at who swayed the audience more. There’s a lot more to it,” Aharonov said.

Building a debating machine

Developed over the past six years at the IBM Research lab in Haifa, Israel, IBM Project Debater uses sophisticated machine learning algorithms and millions of newspapers and articles to identify and organize facts relevant to a debate topic.

The AI is able to cluster that information into themes based on the topic of debate, and, using what IBM calls data-driven speech writing, delivers the information in a coherent sentence.

IBM Project Debater is essentially trained in the art of debate — to have a general idea of when and how to use factual and ethical arguments to support or dispute a point. To be able to debate in real time, the system employs natural language processing to identify the main components of an opponent’s speech and then give a rebuttal.

While pursuing this researching project, during the process, we are actually finding ourselves facing new problems we haven’t faced before.
Noam SlonimIBM

According to Noam Slonim, principal investigator for IBM Project Debater, the technology could have a number of applications. The most immediate one, he said, is advancing the field of science.

“While pursuing this researching project, during the process, we are actually finding ourselves facing new problems we haven’t faced before,” Slonim said

Real-life applications

Beyond advancing the field, Slonim said he sees “the underlying technology with the Debater being very, very aligned with technologies that help people make a better-informed decision,” noting that it could eventually have uses in the fields of politics or business.

“Just imagine giving Debater a topic and asking it to find everything of relevance to that topic and what that could mean,” he said.

Also, Slonim said he sees the technology being useful in the education field. Having a debating AI system “can help kids learn how to build better arguments and become more informed in a topic.”

Dan Zafrir and IBM Project Debater, San Francisco
Israeli debater Dan Zafrir poses with IBM’s Project Debater before a public debate in San Francisco last month

“IBM Project Debater, while still in development, could be brought into specific use cases, and is slated to be released in some form next year,” Slonim said. He declined to say what incarnation the technology might take.

As for bringing some of the technology behind IBM Project Debater to IBM’s well-publicized AI system, Watson, Slonim said: “The implication is that these will be incorporated into Watson and enhance its capabilities.”

Mixed review from an analyst

Adrian Bowles, vice president of research and lead analyst for artificial intelligence at Aragon Research, was at last month’s live debate in San Francisco.

Bowles, who said he first spoke with an IBM representative about the IBM Project Debater four years ago, said he was struck more by how IBM Project Debater identified arguments than how it expressed them.

“The natural language generational software is not nearly as impressive to me as what they’ve done with natural language understanding,” he said, adding that the AI system presented arguments more on a high school or college level than a professional one.

“Finding and representing the logical position and being able to identify the opposite of that is where the magic happens, if you will,” Bowles continued.

Bowles agreed that the technology could be useful when applied in a classroom setting, but noted that he would also like to see it used to help extract provable facts from bodies of text, like multiple sources of news.

Specifically, Bowles cited fake news and the political bias reflected by news sources. Technology in IBM Project Debater could be used to analyze multiple news sources on the same topic and help separate facts from bias or misreporting.

“What I would like to see is it being able to identify practical arguments and being able to map those out,” he said.

Due to the vast number of documents Debater has access to, Slonim said he would expect technology to be separated out before the system is commercialized, partitioning it out to get to the basic underlying technology and allowing users to input their own data to be analyzed.

“I think that would get people using it and experimenting in novel ways,” he said.

For Sale – ASUS Zenbook UX305CA 13.3 inch Notebook (Black) (Intel Core M3-6Y30, 8 GB RAM, 128 GB, W10)

I have a “Almost new”ASUS Zenbook UX305CA 13.3 inch Notebook in Black that I am looking to see.
Intel Core M3-6Y30, 8 GB RAM, 128 GB, Windows 10 and amazing QHD+ screen.

Bought this in March from Amazon Warehouse deals for £350 after discount and was “As new” item. The item came brand new and sealed in the box as most of the warehouse “as new” items come. I have only used it once since then and it has been lying in the box untouched as we normally use our ipads (not sure why I bought in the first place). Spoke to Amazon and this comes with 2 years warranty and knowing amazon, warranty should not be a prob. Looking to get the £350 I paid as I have not used it since buying and this is a great deal considering these still sell for over £400. Collection from London Liverpool street or Moorgate or Woodford (East London).

Will post pics soon but not much to see as laptop as new with original box. More details here – https://www.amazon.co.uk/gp/product/B019KZVESM/ref=od_aui_detailpages00?ie=UTF8&psc=1

Let me know if you have any questions.

Price and currency: £350
Delivery: Goods must be exchanged in person
Payment method: PPG
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – ASUS Zenbook UX305CA 13.3 inch Notebook (Black) (Intel Core M3-6Y30, 8 GB RAM, 128 GB, W10)

I have a “Almost new”ASUS Zenbook UX305CA 13.3 inch Notebook in Black that I am looking to see.
Intel Core M3-6Y30, 8 GB RAM, 128 GB, Windows 10 and amazing QHD+ screen.

Bought this in March from Amazon Warehouse deals for £350 after discount and was “As new” item. The item came brand new and sealed in the box as most of the warehouse “as new” items come. I have only used it once since then and it has been lying in the box untouched as we normally use our ipads (not sure why I bought in the first place). Spoke to Amazon and this comes with 2 years warranty and knowing amazon, warranty should not be a prob. Looking to get the £350 I paid as I have not used it since buying and this is a great deal considering these still sell for over £400. Collection from London Liverpool street or Moorgate or Woodford (East London).

Will post pics soon but not much to see as laptop as new with original box. More details here – https://www.amazon.co.uk/gp/product/B019KZVESM/ref=od_aui_detailpages00?ie=UTF8&psc=1

Let me know if you have any questions.

Price and currency: £350
Delivery: Goods must be exchanged in person
Payment method: PPG
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

5G networks advance in U.S. with expanded trials

In recent telecom news, the subject is 5G networks almost all the time, whether that means fixed broadband 5G mobile services trials. Telecom operators and equipment vendors have almost daily updates about 5G trials and rollout plans. AT&T and Verizon 5G have recently announced more specifics about their paths to 5G services in the U.S.

Beyond next-generation wireless, public Wi-Fi networks will get shored-up security with the release of the new WPA3 standard later this year. And on the subject of security, Verizon recently acquired a threat detection startup that uses machine learning to detect compromised equipment within an organization.

Here’s a closer look at the details.

Operators move forward on 5G networks

Verizon plans to launch 5G fixed wireless service in three to five cities later this year, but the launch is only “one slice” of its broad 5G and overall network plans, Verizon CTO Hans Vestberg said at a recent investor relations event. 

The 5G networks economics of Verizon’s fixed broadband service are good because the company is planning to move from operating seven vertical networks to one horizontal network that will work with a unified core, transport and fiber transport. Vestberg said Verizon will deploy an intelligent edge network that will be able to serve a particular customer whether the customer is on Verizon’s FiOS fiber service or its wireless LTE network. That will make the economics of Verizon’s 5G fixed broadband services better because most of the 5G network assets will be shared, Vestberg said.

The network evolution at Verizon will take years to complete, but it will be a major part of how Verizon reaches its target of saving $10 billion over the next four years, Vestberg added.

Looking toward 5G mobile services, AT&T plans to launch what it describes as mobile 5G services this year in 12 U.S. cities by using small cells deployed closer to the ground than the radios that support LTE placed at the top of towers. According to RCRWireless, AT&T’s first round of mobile 5G will use millimeter wave spectrum (between 30 GHz and 300 GHz) that offers higher capacity rates than low-band spectrum doesn’t propagate over long distances, so the radios need to be closer together than in LTE deployments. AT&T’s VP of network architecture Hank Kafka said millimeter wave can be placed on telephone poles, building rooftops or on towers but at a lower height than a macrocell because of the propagation characteristics. Out of 23 cities slated to receive AT&T’s 5G Evolution infrastructure — described as a foundation to AT&T’s evolution to full 5G while 5G standards are being finalized — AT&T hasn’t specified which cities will roll out the mobile services this year. Kafka said the rollouts will require significant zoning and permit negotiations.

Wi-Fi security upgrade incoming in 2018

Wi-Fi security is getting a long-awaited upgrade in 2018 later this year. The Wi-Fi Alliance recently announced plans for WPA3, a new security standard that will replace WPA2, a security protocol almost two decades old that is built in to protect almost every wireless device.

According to ZDNet, the move to WPA3 will make open Wi-Fi networks found in places like airports and coffee shops safer by applying individualized data encryption that will scramble the connection between each device and the router. The security will also block an attacker after excessive failed password guesses.

Verizon acquires autonomous threat detection startup

Verizon recently acquired Niddel, an autonomous threat detection service company that uses machine-learning to detect compromised or infected devices inside an organization. The acquisition price of the company was not disclosed. Founded in 2014, the company’s primary product, Niddel Magnet, is a subscription-based automated service that reduces the need for organizations to hire qualified security analysts when dealing with compromised machines.

According to TechCrunch (a publication owned by Verizon), Niddel uses a variety of information from more than 50 internal and external sources to track security threats that could affect machines in customer organizations.

“Using machine learning to improve information accuracy significantly reduces false positives and significantly improves our detection and response capabilities,” Alexander Schlager, Verizon’s executive director of security services, said in a statement. Verizon has said it will look to incorporate this Niddel’s technology into Verizon products and services in the coming months.

Mike McCarter: lean, mean, hacking machine – Microsoft Life

About four years ago, I almost quit.

I was getting restless and decided that I wanted to launch a startup. Soon after that, I told my manager that I planned to leave within the next year.

I told her that I needed autonomy and creativity. I wanted a job with greater purpose and world-changing impact. I wanted rapid growth, not just of my products, but also of myself.

Her response caught me off guard. She said she’d support me either way and offered a few suggestions for ways I could get all those things at Microsoft, should I consider staying. She could give me more room for creativity and risk-taking, more help gaining access to all of Microsoft’s resources, and a lot of other things that I’d not considered doing before.

I stayed, and I never looked back.

I’ve always looked for creative ways to solve problems, ideally without involving a ton of waste. As a rural kid growing up three miles away from a very small town, I didn’t have much to do other than figure out how to entertain myself. I had to be independent and resourceful. So I got into fixing and building and creating things—treehouses, go carts, you name it.

Once I got my uncle’s ancient dune buggy up and running again with very few tools and even less adult supervision; for a brief moment I may have been the only eighth grader with wheels. I was always redesigning things that were broken and giving them a new purpose.

Although I didn’t know what to call it at the time, I now realize that was lean hacking (experimenting with new ideas and testing them—quickly), and it turns out I’d been doing it for a while.

Instead of leaving the company, I decided to bring more of this mindset to my job at Microsoft. I turned an old lab into a collaboration space where my team and I can experiment constantly. I love that space. In it, our vetting and forensic services team (translation: we protect Microsoft and its customers from a variety of risks) have developed products—sometimes with the help of The Garage, and other times as volunteers supported by Microsoft Philanthropies.

Together, we built a state-of-the-art identity-vetting platform. We found that our skills translated well to areas with great societal value too; our lean hacking tactics have helped us address major global challenges through solutions like PhotoDNA, a product used to fight child exploitation on the internet; Child Finder Service, which helps find missing children; and Content Moderator, which helps organizations identify high-risk text, images, or video on their platforms.

Mike McCarter

Instead of leaving the company four years ago, Mike McCarter decided to bring more of lean hacking mindset to his job at Microsoft. “So far, there’s nowhere else I’ve found where I can have a greater, global impact than at Microsoft,” said McCarter.

Other hacks are fun, and our team engages in small experiments constantly; we’ve created a four-in-one programmable-height ping-pong scrum table, a custom-designed lab layout with a bell for big wins, and a community snack cart for sharing healthy treats. In a team survey, 100 percent of our people said that their jobs are more than just jobs—they have real meaning. I think this is due to our hacking culture.

Since that conversation with my manager four years ago, I’ve gone through a transformation—I used to think that I needed to start my own company, make a fortune, and then have a positive impact on the world afterward. But I’ve realized that life is too short to defer one’s calling.

I still often wonder about other opportunities. But the question I ask myself is how much impact can I make somewhere else versus where I am at. So far, there’s nowhere else I’ve found where I can have a greater, global impact than at Microsoft.

Are you a Microsoft employee with a journey to share? Drop us a line from your work email at MicrosoftLife (at) microsoft.com.

Wanted – Macbook Air 13″

Hi there,

I have one that I’m almost certainly going to sell, as long as my new tablet shows up tomorrow, and it works as expected, I’ll be wanting to offload.

It’s an A1466, i7, 8Gb RAM, 250Gb SSD, High Sierra. Battery lasts about 7 hours in my use. Just need to see what it’s worth first before I decide on a price.

Let me know if this might be any good.

Paul

Wanted – Macbook Air 13″

Hi there,

I have one that I’m almost certainly going to sell, as long as my new tablet shows up tomorrow, and it works as expected, I’ll be wanting to offload.

It’s an A1466, i7, 8Gb RAM, 250Gb SSD, High Sierra. Battery lasts about 7 hours in my use. Just need to see what it’s worth first before I decide on a price.

Let me know if this might be any good.

Paul

Wanted – Macbook Air 13″

Hi there,

I have one that I’m almost certainly going to sell, as long as my new tablet shows up tomorrow, and it works as expected, I’ll be wanting to offload.

It’s an A1466, i7, 8Gb RAM, 250Gb SSD, High Sierra. Battery lasts about 7 hours in my use. Just need to see what it’s worth first before I decide on a price.

Let me know if this might be any good.

Paul