Have had this since new but it has had very little use the last number of years. It has been upgraded to 8gb ram and ssd so it is still a great little machine. Outside of body has a number fine scores, but considering its age i’d say well below average. Keyboard and track pad are in excellent condition. Screen is unmarked but I have noticed a few dead pixels on the screen (highlighted in pics)
–– ADVERTISEMENT ––
Battery cycle is showing as 300 and state as Normal. The charger can be a bit picky sometimes, but has been working fine when i’ve powered it up the last number of weeks however so ive priced this to factor in a decent charger from amazon (around £20) should you end up needing one. Currently on El Capitan (the max it can officially support) but it can run the latest OSX Catalina through a patched loader.
Was originally going to trade this in at cex but as it wasnt the original apple hd they wouldnt take it, so it has sat unused again for the past number of months
I may also put this on ebay today as it is £1 final value fees
I took the cooler off to see what the CPU is, but put it back on. So you’ll want to take it off and reapply thermal paste before using. If you want, I can reapply some for free.
£15 £10 collected. I can post it for £5 extra.
Another old setup. Barebones unit. Just need a storage drive and PSU. The case and GPU heatsink are dusty and I lost the screws to hold to sides of the case, but it sort it stays in place. I have one 3.5″ drive holder, will have to have a look but I don’t think I have any others. Probably best to get a new case tbh.
NZXT Gamma Mid-Tower Case MSI P35 Neo2-FR Intel Core 2 Duo LGA775 E8200 2.66GHz Titan Fenrir OCZ Technology DDR2 2x1GB Platinum 800MHz Sapphire HD4850 512MB LG DVD Drive
While operators behind Maze ransomware have been exposing victims’ data through a public-facing website since November 2019, new information suggests ransomware gangs are now teaming up to share resources and extort their victims.
On June 5, information and files for an international architectural firm was posted to Maze’s data leak site; however, the data wasn’t stolen in a Maze ransomware attack. It came from another ransomware operation known as LockBit.
Bleeping Computer first reported the story and later received confirmation from the Maze operators that they are working with LockBit and allowed the group to share victim data on Maze’s “news site.” Maze operators also stated that another ransomware operation would be featured on the news site in the coming days.
Three days later, Maze added the data for a victim of another competing ransomware group named Ragnar Locker. The post on Maze’s website references “Maze Cartel provided by Ragnar.”
Maze operators were the first to popularize the tactic of stealing data and combining traditional extortion with the deployment of ransomware. Not only do they exfiltrate victims’ data, but they created the public-facing website to pressure victims into paying the ransom.
Data exposure along with victim shaming is a growing trend, according to Brian Hussey, Trustwave’s vice president of cyber threat detection & response. Threat actors exfiltrate all corporate data prior to encrypting it and then initiate a slow release of the data to the public, he said.
“Certainly, we’ve seen an increase in the threat — the actual carrying out of the threat not as much from what I’ve seen,” Hussey said. “But a lot of times, it does incentivize the victim to pay more often.”
There are dozens of victims listed by name on the Maze site, but only 10 “full dump” postings for the group’s ransomware victims; the implication is most organizations struck by Maze have paid the ransom demand in order to prevent the publication of their confidential data.
Rapid7 principal security researcher Wade Woolwine has also observed an increase in these shaming tactics. Both Woolwine and Hussey believe the shift in tactics for ransomware groups is a response to organizations investing more time and effort into backups.
“My impression is that few victims were paying the ransom because organizations have stepped up their ability to recover infected assets and restore data from backups quickly in response to ransomware,” Woolwine said in an email to SearchSecurity.
One of the primary things Trustwave advises as a managed security services provider, is to have intelligent, well-designed backup procedures, Hussey said.
“These new tactics are a response to companies that are mitigating ransomware risk by properly applying the backups. It has been effective. A lot of companies invested in backup solutions and design backup solutions to kind of protect from this ongoing scourge of ransomware. Now the response is even with backup data, if threat actors exfiltrate first and then threaten to release the private information, this is a new element of the threat,” Hussey said.
When threat actors make it past the perimeter to the endpoint and have access to the data, it makes sense to steal it as further incentive for organizations to pay to unencrypt the data, Woolwine said. And the threat actors pay particular attention to the most sensitive types of data inside a corporate network.
“Initially, we were seeing exploit kits like Cobalt Strike used by the attackers to look for specific files of interest manually. I say ‘look,’ but the Windows search function, especially if the endpoint is connected to a corporate file server, is largely sufficient to identify documents that say things like ‘NDA,’ ‘contract’ and ‘confidential,” Woolwine said. “More recently, we’ve seen these searches scripted so they can execute more quickly.”
According to Woolwine, phishing and drive-by continue to be preferred vectors of delivery for most ransomware attacks, but those techniques are shifting too.
“We also see attackers target specific internet-facing systems that have been unpatched, as well as targeting RDP servers with brute-force authentication attempts. In either case, once the vulnerability is exploited or the credentials guessed, the attackers will install ransomware before disconnecting,” Woolwine said. “The rise in tactics is very likely due to the shift from ransom to data exposure. It’s no longer about how many machines you can infect but infecting the machines that have access to the most data.”
Hussey said these new tactics were unexpected at the time; they are the next logical step in the ransomware progression, and he expects more threat actors to adopt them in the future.
For sale a Lenovo Thinkpad E545 15.6″ HD widescreen Laptop- not been used so for sale,
15.6″ WideScreen HD Screen AMD A8-5550M 4-Core CPU @2.10Ghz Radeon HD8550G Graphics 4gb Memory 250gb HD Inbuilt 720p webcam USB 3.0 x 3 USB 2.0 x 1 – Always on fast charge for mobile phones Hdmi/VGA video out ports Gigabit ethernet Wifi Card Optical DVD RW drive 4-in-1 Card reader Stereo Dolby enhanced speakers Built in Mic
No dead pixels, usual minor wear and tear marks – Overall in good condition.
Windows 10 pro Licenced, built in key. Microsoft Office 2016 Professional Plus Licenced, key provided.
I have an incomplete HTPC that has not been used for a few years. It will need a PSU and HDD/SSD. Untested because I don’t have a spare PSU, but was working fine when last used and made an excellent HTPC for playing HD movies off Plex.
– Silverstone GD04 case, cost was nearly £100 new. In good cosmetic condition with only a few tiny marks on the brushed aluminium front panel.
– Asus AT3IONT-I motherboard. Intel Atom 330 CPU and Nvidia ION GPU. The GPU does accelerated h.264 encoding so can play 1080p content with ultra-low CPU/GPU usage. These were £99 new and still fetch around £50 used.
– 2GB of Kingston RAM is fitted to the board
– optical drive, which I am sure is DVD (not Bluray).
There are no boxes or manuals available, so collection in person please from just outside of Chorley, Lancashire.
Thanks, it’s been a while since I worked with these HP Servers, this would be for use in my home rack which is tucked away but still in the vicinity of living space. All my servers I’ve modded to be quiet but being an HP it’s more difficult. How loud is this in reality? Also do you have the rack kit for it too?
Hey guys, I am selling my Dell XPS 13 2in1 as I have been supplied with a works laptop, so this is no longer required. This is the top of the range model from Dell and includes Dell Premium Plus Warranty (on-site service and includes damage by accident cover) which expires 1st January 2024 worth £360!
As production Kubernetes clusters grow, a standard Linux kernel utility that’s been reinvented for the cloud era may offer a fix for container networking scalability challenges.
The utility, extended Berkeley Packet Filter (eBPF), traces its origins back to a paper published by computer scientists in 1992. It’s a widely adopted tool that uses a mini-VM inside the Linux kernel to perform network routing functions. Over the last four years, as Kubernetes became popular, open source projects such as Cilium began to use eBPF data to route and filter Kubernetes network traffic without requiring Linux kernel changes.
In the last two years, demand for such tools rose among enterprises as their Kubernetes production environments grew, and they encountered new kinds of thorny bottlenecks and difficult tradeoffs between complexity and efficiency.
IT monitoring vendor Datadog saw eBPF-based tooling as the answer to its Kubernetes scaling issues after a series of experiments with other approaches.
“Right now, there are a lot more people running Kubernetes at smaller scale,” said Ara Pulido, a developer relations specialist at Datadog, in an online presentation last month. “When you start running Kubernetes at bigger scale, you run into issues that just a handful of people have found before, or maybe you are the first one.”
As Datadog’s environment expanded to dozens of Kubernetes clusters and hundreds of nodes, it quickly outgrew the default Kubernetes networking architecture, Pulido said.
Among the scalability issues Datadog encountered was the way the native Kubernetes load balancer component called kube-proxy handles service networking data. In microservices environments, application services comprised of Kubernetes Pods communicate through load balancers; by default, kube-proxy performs this role and is deployed to every Kubernetes cluster node. Kube-proxy then monitors the Kubernetes API for any changes. When changes are made, by default, kube-proxy updates Iptables to keep track of service routing information.
“One of the issues is that with every change, you have to resync the whole table, and as you scale the number of pods and services, that’s going to have a cost,” Pulido added.
Since Kubernetes 1.11, kube-proxy can also use the Linux IP Virtual Server instead of Iptables, which doesn’t require a full resync when changes are made to the cluster, among other improvements. However, this required Datadog engineers to become upstream contributors to IPVS to ensure it worked well in their environment, Pulido said.
Ara PulidoDeveloper relations, Datadog
Datadog then began to explore eBPF tools from Cilium for granular container security features and found it could serve as wholesale replacement for kube-proxy.
Cilium provides identity-based connections via Kubernetes labels, rather than connections based on IP addresses, which may not be fine-grained enough to accommodate individual workload permissions in security-sensitive environments, Pulido said in an interview following her presentation. “As we moved to Cilium in our newer clusters, we realized we could also remove kube-proxy, as Cilium already implements a replacement.”
Cilium updates eBPF for Kubernetes networking
Cilium, launched four years ago, and its commercial backer, Isovalent, have developed Kubernetes networking and security tools based on eBPF, as have other vendors such as Weaveworks, whose Weave Scope network monitoring tool uses eBPF data to perform granular tracking of Kubernetes TCP connections. Another company, Kinvolk, created the cgnet open source utility to collect detailed pod and node statistics via eBPF and export them to Prometheus.
Cilium’s eBPF-based tools replace Kubernetes networking elements including kube-proxy to provide network and load balancing services and to secure connections within them. Users say the Cilium tools perform better than kube-proxy, especially the IPtables version, and offer a more straightforward approach to Kubernetes service network routing than overlay tools such as Flannel.
“The IPtables approach [with kube-proxy] was always kind of kludgy,” said Dale Ragan, principal software design engineer at SAP’s Concur Technologies Inc., an expense management SaaS provider based in Bellevue, Wash.
Ragan also encountered some known issues between Flannel and Kubernetes NodePort connections as of late 2018, which he discovered that Cilium could potentially avoid. Concur has since swapped out Flannel Container Network Interface (CNI) plugins for Cilium in its production clusters, and is also testing Isovalent’s proprietary SecOps add-ons, such as intrusion detection and forensic incident investigation.
“The other [appeal of eBPF] was from a security perspective, that we could apply policies both cluster-wide and to individual services,” Ragan said.
eBPF vs service mesh
Cilium contributors also contribute to Envoy, the sidecar proxy used with Istio and other service meshes, and eBPF isn’t a complete replacement for service mesh features such as advanced layer 7 application routing. Cilium can be used with a service mesh to accelerate its performance, said Isovalent’s CEO, Dan Wendlandt.
“CNIs are at a lower layer of Kubernetes networking — service mesh still depends on that core networking and security layer within Kubernetes,” Wendlandt said. “Cilium is a good networking foundation for service mesh that can get data in and out of any service mesh proxy efficiently.”
However, at lower layers of the network stack, there’s significant overlap between the two technologies, and Concur’s engineers will consider whether eBPF might support multi-cluster connectivity and mutual TLS authentication more simply than a service mesh.
“We want to get the networking layer correct, and from there add service mesh,” Ragan said. “From a TLS perspective, it could be very transparent for the user, where Cilium is inspecting traffic at the system level — there are all kinds of opportunities around intrusion detection without a lot of overhead and work for [IT ops] teams to do to allow visibility for SecOps.”
Still, Cilium and other eBPF-based tools represent just one approach that may gain traction as more users encounter problems with Kubernetes networking at scale. For some truly bleeding-edge Linux experts, eBPF may be eclipsed in network performance enhancement by the io_uring subsystem introduced in the Linux kernel a year ago, for example.
“eBPF is going through a bit of a hype cycle right now,” said John Mitchell, an independent digital transformation consultant in San Francisco. “From the VC perspective, it’s a super-techy ‘special sauce’, and the eBPF ecosystem has gotten some good push from influential uber-geeks.”
However, eBPF has real potential to add advanced Kubernetes network security features without requiring changes to application code, Mitchell said.
As more of the workforce connects from their homes, there has been a spike in usage for remote productivity services. Many organizations are giving Microsoft Office 365 subscriptions to all of their staff, using more collaboration tools from Outlook, OneDrive, SharePoint, and Teams.
Unfortunately, this is creating new security vulnerabilities with more untrained workers being attacked by malware or ransomware through attachments, links, or phishing attacks.
This article will provide you with an overview of how Microsoft Office 365 Advanced Threat Protection (ATP) can help protect your organization, along with links to help you enable each service.
Microsoft Office 365 now comes with the Advanced Threat Protection service which secures emails, attachments, and files by scanning them for threats. This cloud service uses the latest in machine learning from the millions of mailboxes it protects to proactively detect and resolve common attacks. This technology has also been extended beyond just email to protect many other components of the Microsoft Office suite. In addition to ATP leveraging Microsoft’s global knowledge base, your organization can use ATP to create your own policies, investigate unusual activity, simulate threats, automate responses, and view reports.
Microsoft Office 365 ATP helps your users determine if a link is safe when using Outlook, Teams, OneNote, Word, Excel, PowerPoint and Visio. Malicious or misleading links are a common method for hackers to direct unsuspecting users to a site that can steal their information. These emails are often disguised to look like they are coming from a manager or the IT staff within the company. ATP will automatically scan links in emails and cross-reference them to a public or customized list of dangerous URLs. If a user tries to click on the malicious link, it will give them a warning so that they understand the risk if they continue to visit the website.
One of the most common ways which your users will get attacked is by opening an attachment that is infected with malware. When the file is opened, it could execute a script that could steal passwords or lock up the computer unless a bounty is paid, in what is commonly known as a ransomware attack. ATP will automatically scan all attachments to determine if any known virus is detected. You and your users will be notified about anything suspicious to help you avoid any type of infection.
When ATP anti-phishing is enabled, all incoming messages will be analyzed for possible phishing attacks. Microsoft Office 365 uses cloud-based AI to look for unusual or suspicious message elements, such as mismatched descriptions, links, or domains. Whenever an alert is triggered, the user is immediately warned, and the alert is logged so that it can be reviewed by an admin.
Approved users will have access to the ATP dashboard along with reports about recent threats. These reports contain detailed information about malware, phishing attacks, and submissions. A Malware Status Report will allow you to see malware detected by type, method, and the status of each message with a threat. The URL Protection Status Report will display the number of threats discovered for each hyperlink or application and the resulting action taken a user. The ATP Message Disposition report shows the different types of malicious file attachments actions in messages. The Email Security Reports include details about the top senders, recipients, spoofed mail, and spam detection.
Another important component of ATP is the Threat Explorer which allows admins or authorized users to get real-time information about active threats in the environment through a GUI console. It allows you to preview an email header and download an email body, and for privacy reasons, this is only permitted if permission is granted through role-based access control (RBAC). You can then trace any copies of this email throughout your environment to see whether it has been routed, delivered, blocked, replaced, failed, dropped, or junked. You can even view a timeline of the email to see how it has been accessed over time by recipients in your organization. Some users can even report suspicious emails and you can use this dashboard to view these messages.
Microsoft Office 365 leverages its broad network of endpoints to identify and report on global attacks. Administrators can add any Threat Tracker widgets which they want to follow to their dashboard through the ATP interface. This allows you to track major threats attacking your region, industry, or service type.
Another great security feature from Microsoft Office 365 ATP is the ability to automatically investigate well-known threats. Once a threat is detected, the Automated Incident Response (AIR) feature will try to categorize it and start remediating the issue based on the industry-standard best practices. This could include providing recommendations, quarantining, or deleting the infected file or message.
One challenge that many organizations experience when developing a protection policy is their inability to test how their users would actually respond to an attempted attack. The ATP Attack Simulator is a utility that authorized administrators can use to create artificial phishing and password attacks. These fake email campaigns try to identify and then educate vulnerable users by convincing them to perform an action that could expose them to a hacker. This utility can run a Spear Phishing Campaign, Brute Force Attack, and a Password Spray Attack.
This diverse suite of tools, widgets, and simulators can help admins protect their remote workforce from the latest attacks. Microsoft has taken its artificial intelligence capabilities to learn how millions of mailboxes are sharing information, and use this to harden the security of their entire platform.
If you want to learn more about Microsoft Office 365 ATP and Microsoft Office 365 in general, attend the upcoming Altaro webinar on May 27. I will be presenting that along with Microsoft MVP Andy Syrewicze so it’s your chance to ask me any questions you might have about ATP or other Microsoft Office 365 security features live! It’s a must-attend for all admins – save your seat now
Is Your Office 365 Data Secure?
Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they’re not. Secure your Office 365 data today using Altaro Office 365 Backup – the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs.