Tag Archives: puts

Okiru malware puts billions of connected devices at risk

A new variant of the Mirai malware puts ARC processors at risk of being exploited.

The Mirai variant, known as Okiru, is the first malware that is able to infect Argonaut RISC Core (ARC) processors, according to a researcher known as unixfreaxjp at the malware security group MalwareMustDie.

ARC processors are used in a wide range of internet-of-things (IoT) devices, such as cellphones, televisions, cameras and cars.

It’s thought that there are approximately 1.5 billion devices worldwide with ARC processors in them that could be vulnerable to Okiru.

In 2016, Mirai malware was used to create a botnet of 100,000 IoT devices that caused a series of problems, such as shutting down domain name system (DNS) provider Dyn.

However, in a tweet, security researcher Odisseus warned that Okiru could have a bigger impact than Mirai.

“The landscape of Linux IoT infection will change,” Odisseus said.

A Mirai malware variant called Satori, which was uncovered in December 2017, took down hundreds of thousands of Huawei routers. Satori was also sometimes called Okiru, but the two have significant differences, according to Security Affairs’ Pierluigi Paganini.

Okiru’s configuration is different because it “is encrypted in two parts,” but Satori’s is not, Paganini wrote in a blog post. “Also Okiru’s telnet attack login information is a bit longer,” Paganini explained, noting that the login information can be up to 114 credentials, but Satori has a “different and shorter database.”

At the time of this writing, the detection ratio on VirusTotal was 29-58. When Odisseus tweeted about the botnet threat earlier this week, it was only at 5-60.

In other news:

  • Google launched a new tool for enterprise security called G Suite Security Center. The tool will be available to G Suite Enterprise users and is automatically accessible in the admin console. In a blog post, Google stated the three objectives of the security center are to show a “snapshot” of security metrics, to help enterprises stay ahead of security threats and to recommend ways for enterprises to improve their security posture. “We want to make it easy for you to manage your organization’s data security,” Google product managers Chad Tyler and Reena Nadkarni wrote in a blog post. “A big part of this is making sure you and your admins can access a bird’s eye view of your security — and, more importantly, that you can take action based on timely insights.” The security center will consist of a dashboard that shows the security metrics and the “security health” recommendations.
  • A team of researchers discovered a way to hack the Android Pixel phone. The exploit involves combining two separate vulnerabilities. The first, which Google patched in September 2017, is a type confusion flaw in the V8 open source JavaScript engine. The second vulnerability is a privilege escalation flaw in Android’s libgralloc module. Google patched that one in December 2017. However, security researchers were able to exploit both vulnerabilities to inject arbitrary code into the system_server process. All they had to do to make the exploit successful was get the targeted user to click on a malicious link in Chrome. The research team received a total of $100,000 from Google for the find, through both the Android Security Rewards program and the Chrome bug bounty program.
  • The Internet Systems Consortium (ISC) put out a security advisory warning of a vulnerability in the Berkeley Internet Name Domain (BIND) DNS software. The vulnerability, with severity ranked “high,” was remotely exploitable and reportedly caused some DNS servers to crash. “BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named,” ISC said in its advisory. The vulnerability was found in BIND versions 9 and later, but not in earlier versions, so the ISC advised users to upgrade to the latest version. There have been no known active exploits, but the advisory stated that “crashes due to this bug have been reported by multiple parties.”

Scrutinize the Office 365 roadmap to steer clear of trouble

Microsoft wants Office 365 administrators tracking every new feature and update that it puts out, but that’s not as easy as it sounds.

The cadence of releases for a cloud-hosted product can be a perk, with a steady arrival of innovative tools and functionality. But it can also be a pain, particularly if Microsoft deprecates a component that a business needs.

On its Office 365 roadmap website, Microsoft lists more than 200 features in development, rolling out or recently launched. New or upcoming features range from Advanced Threat Protection Status — which reports on the malware that ATP catches — to an option for users to delay or choose when Office 365 sends their message. As Microsoft expands Office 365 into a security, collaboration, cloud storage, private branch exchange and communication suite, IT admins must stay updated on the latest changes on the platform and alert users on the availability of new apps and features.

These Exchange and Office 365 experts — all TechTarget contributors — offered their insights on how Office 365 administrators can adapt to Microsoft’s constant changes and their experiences with how businesses handle the twists and turns of the Office 365 roadmap.

Perils of constant change

Michel de RooijMichel de Rooij

Many organizations use IT Infrastructure Library-based processes to implement new Office 365 features, which can be problematic because of the service’s rapid rollouts. Instead, look to Microsoft’s Office Insider program, with its fast and slow update rings, to bring updates into your business at the right pace.

Editor’s note: Microsoft’s Office Insider program allows Office 365 subscribers to receive early access to new features that they can test out and provide feedback on.

Let a few power users and IT operate on the fast ring to try out new features, but remember that those updates might never arrive based on your region. For example, I still haven’t received Focused Inbox in Outlook 2016, despite running First Release in Office 365 and Insider Fast for Office 2016. Microsoft sometimes pulls features, which happened to the automatic creation of groups for delegates. Also, Microsoft can turn new features on by default, often without administrative controls. An organization that signs up for these early releases needs to be comfortable with a certain amount of unpredictability.

Finally, Microsoft seems to push for certain features that its customers do not care for, such as the option to create Office 365 Groups when you actually want to create distribution groups.

It’s difficult for email and collaboration tool admins to act proactively against the sudden changes in Office 365’s roadmap, but they should always provide feedback to Microsoft when they have strong opinions about features. Administrator pushback caused Microsoft to pull the change for automatic creation of groups for delegates. There will be discrepancies between what the software provider develops and what customers are comfortable with or actually use.

Keep track of the Office 365 roadmap for changes, both for planned updates and those in development — the latter might arrive sooner than you think.

For more from Michel de Rooij, please visit his contributor page.

Users want the latest and greatest

Reda ChouffaniReda Chouffani

Office 365 changes constantly. Users will hear about new features and demand training for them. Administrators have to adapt, and they might even block new features from end users until IT can thoroughly test these updates. But admins cannot restrict the flow of enhancements as a long-term solution; users will still want to get what’s new. The IT staff needs to consider what users want while it evaluates whether these features provide a tangible benefit to the company.

New features can also be disruptive after organizations adopt and master them, if the service changes. For example, Microsoft offered a free version of its cloud-based business analytics Power BI feature, but some of its capabilities — such as dashboard sharing — disappeared when a new edition superseded the old. Early adopters of Power BI had to choose between a trial or the paid version — or lose the capability altogether.

Office 365 changes constantly. Users will hear about new features and demand training for them.

There are risks, but Office 365’s constant updates can benefit those who plan ahead. Microsoft helps IT departments implement and adopt platform features with its free FastTrack service. FastTrack ensures the IT team uses best practices with Office 365 and also provides technical assistance with implementation of its services.

For more from Reda Chouffani, please visit his contributor page.

Keep an eye on the roadmap

Neil HobsonNeil Hobson

Microsoft’s Office 365 roadmap site lets administrators understand what lies ahead for significant service and feature updates. This roadmap is split into five categories: in development, rolling out, launched, previously released or canceled. To avoid issues, administrators need to check the roadmap regularly for new items that might affect their Office 365 deployment. This gives them the early visibility required to commence high-level planning.

As new features on the roadmap near rollout, Microsoft posts announcements to the Message Center, which can be found within the main Office 365 administration portal. The Message Center also contains dated announcements about changes and actions that prevent or fix issues. Announcements contain a short description of the feature or issue, information on how it will affect the organization, actions to prepare for the update and a link to more detailed information. It is vital that administrators check Message Center posts often to be fully prepared for the imminent changes. Some actions must be completed by a specific date to avoid problems.

Admins can configure Office 365’s tenant release option to manage how the platform pushes out new features. An organization selects the First Release option to receive new features early. Admins can then choose to release those features to the entire organization or just specific users. Alternatively, the Standard Release option means that new features come via the default release schedule.

For more from Neil Hobson, please visit his contributor page.

Powered by WPeMatico