Tuesday, August 14, 2018

#DEFCON L0pht Reunite to Find Security Unimproved



----
#DEFCON L0pht Reunite to Find Security Unimproved
// Infosecurity - Latest News

#DEFCON L0pht Reunite to Find Security Unimproved

Despite security coming a long way from warnings of the internet being able to be taken down in fewer than 30 minutes, it has "still got a long way to go."

Reuniting six members of the L0pht hacker team at the DEFCON conference in Las Vegas, moderator Elinor Mills asked Dildog, Space Rogue, Mudge, John Tan, Weldpond and Kingpin, who used their hacker names as they had done 20 years ago when testifying to the US Senate and had done again when visiting again this year, whether they felt that the original testimony had worked.

Weldpond, aka CA Veracode CTO Chris Wysopal, said that their appearance was a "visceral representation of what the adversary viewpoint was" and their appearance made hacking a reality to the government, but it also "conveyed the poor state of software security."

Mudge, aka Cyber ITL director Peiter Zatko, said that the greatest achievement was that two years later it was leveraged to create Presidential Directive 63, "so if anyone got a scholarship, it was largely driven by that testimony."

Asked by Mills how things have changed since then, Dildog, CA Veracode co-founder and chief scientist Christian Rioux, said that exploits have got harder to create "and the cost associated has sky rocketed," while the profile of the attacker has changed and exploits are now turned around in months rather than weeks.

Mudge cited examples such as Windows 10 and Google Chrome as being "huge steps" about how hardened targets had become, while Weldpond said that the adversary is now more recognized as you "wouldn't ask about governments [attacking] in 1998, but in 2018 it is in the news everyday."

Kingpin, aka author, presenter and consultant Joe Grand - who was only 16 at the time of the testimony, said that bugs are now being named, and there is a conveyor belt of media frenzy about vulnerabilities. 

Asked if such a group could exist today, Kingpin said that we see hacker spaces now, and while L0pht were not completely private, they did have a physical location. Mudge cited the Chaos Computer Club and Google Project Zero as examples of hackers working together, and said: "Who doesn't want to be a part of that? It exists in organizations and it is much better than it used to be."

Concerning the well-cited comment about the internet being taken down in fewer than 30 minutes, Mudge said that the original Senate question was on why it had not been done, and the reason why it had not been done is because there "is no value in taking down all of the internet as you would take down all of the targets as well."

Space Rogue, aka Cris Thomas head of IBM'S X-Force Red, said that while IoT and electronic voting has shown how far technology has come, and we "are not dealing with the same doom and gloom, we have got a long way to go."

Weldpond said that despite the advances, there are still flaws and we still have problems, and this year's Senate meeting showed that we have become more and more dependent on the technical infrastructure. "No one going is going to fix the foundations."


----

Read in my feedly


Sent from my iPhone

DEF CON 26 Torrents!



----
DEF CON 26 Torrents!
// DEF CON Announcements!

DEF CON torrent image

Ready to ingest some more DEF CON 26 media? Go ahead and unhinge your cyber-jaws and fire up our new torrent and magnet links. We've got the DEF CON 26 Original Soundtrack, the DEF CON 26 Presentations and the additional material from the Workshops.

Grab a link, guzzle the content and enjoy it at your leisure.

DEF CON 26 Music Soundtrack
magnet:?xt=urn:btih:beedc5c36e8ba3981edfc946fac8c84e304ece9f&dn=DEF%20CON%2026%20music&tr=https://tracker.defcon.org/announce

DEF CON 26 Presentations
magnet:?xt=urn:btih:aafec09a5fa1c9fe75d062a1a39c5fa030a83f39&dn=DEF%20CON%2026%20presentations&tr=https://tracker.infocon.org/announce

DEF CON 26 Workshops
magnet:?xt=urn:btih:1d78f8158a4a505fbfc25e62c390e50358026aa7&dn=DEF%20CON%2026%20workshops&tr=https://tracker.defcon.org/announce

The regular, non-magnetic links are under DEF CON 26 on media.defcon.org.

We now return you to your regularly scheduled programming.


----

Read in my feedly


Sent from my iPhone

Microsoft ADFS Vulnerability Lets Attackers Bypass MFA



----
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
// Dark Reading: Threat Intelligence

The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
----

Read in my feedly


Sent from my iPhone

Provisioning Kubernetes clusters on AKS using HashiCorp Terraform | Azure Friday



----
Provisioning Kubernetes clusters on AKS using HashiCorp Terraform | Azure Friday
// Channel 9

Anubhav Mishra (Developer Advocate, HashiCorp), joins Scott Hanselman to discuss how to use HashiCorp Terraform to create & manage Kubernetes clusters in Azure using Azure Kubernetes Service (AKS). Mishra further explains the benefits of using Terraform to provision Azure infrastructure and demonstrates how to configure a Kubernetes cluster on AKS.

For more information:


----

Read in my feedly


Sent from my iPhone

Getting started with the Secure DevOps Kit for Azure (AzSK) | Azure Friday



----
Getting started with the Secure DevOps Kit for Azure (AzSK) | Azure Friday
// Channel 9

Mark Jacobs joins Scott Hanselman to discuss how Microsoft's internal enterprise increases compliance and creates a more trusted cloud environment using the Secure DevOps Kit for Azure (AzSK). Learn how Microsoft's DevOps teams leverage this tool to continuously keep their cloud applications secure and how you can use the same tool to reduce risk in your environment.

For more information:


----

Read in my feedly


Sent from my iPhone

Improved User Experience in Visual Studio Team Services (VSTS) & Azure DevOps Projects demo | Visual Studio Toolbox



----
Improved User Experience in Visual Studio Team Services (VSTS) & Azure DevOps Projects demo | Visual Studio Toolbox
// Channel 9

In this episode Dmitry is joined by Jeremy Epling to discuss and show demos of how the VSTS team is working to improve the products web-based user interface for things like home page, general navigation, "my work" and favorites and around specific feature areas like Build Status and Release Management (RM) editor pages.

We'll also demo Azure DevOps Projects, a great way to get started on learning how to setup full CI/CD pipelines powered by VSTS, Application Insights and Azure infrastructure such as Web Apps or Azure Kubernetes Service (AKS) and do this right from the Ibiza Portal.

Resources:

Follow us on Twitter:


----

Read in my feedly


Sent from my iPhone

The Total Economic Impact of Red Hat Ansible Tower



----
The Total Economic Impact of Red Hat Ansible Tower
// Ansible Blog

RH-Ansible-Tower-Header

The Total Economic Impact of Red Hat Ansible Tower is a Red Hat commissioned Forrester Consulting study published in June 2018. This study demonstrates the cost savings and business benefits enabled by Ansible. Let's dive into the what Ansible Tower enables, the efficiencies gained, the acceleration of revenue recognition, and other tangible benefits.

Faster Revenue Recognition

Revenue recognition is a critical aspect of business operations. Quickening the pace of revenue recognition is something every organization has their eye on. Forrester's TEI of Ansible Tower observed a company cutting delivery lead times by 66%. Imagine the pace of feature deployment an organization experiences when cutting lead times from days to hours!

System reconfiguration times fell as well. Automating changes due to new bugs or policy changes across systems helps mitigate the costly impact of reconfiguration. This company found that the total time savings of being able to reconfigure a fleet of systems through Ansible automation reduced staff hours by 94% for this type of work.

The TEI also measured the security and compliance gains of Ansible Tower. Ansible Tower reduced staff hours spent patching systems by 80%. This also meant that patching systems could occur more often. This helped reduce the number of known vulnerabilities in customer environments at any given moment.

Improving Security and Compliance

Ansible Tower also helps enable the adoption and automation of CIS Benchmarks across systems. CIS Benchmarks are, "guidelines for various technology groups to safeguard systems against today's evolving cyber threats." This enabled the customer interviewed for the study to navigate an ever changing security landscape. Using trusted automation workflows that "maintain the latest and greatest standards" created a more secure environment.

Additionally, the study found Ansible Tower reduced response times to security incidents by 94%. When you consider something as impactful as Heartbleed or WannaCry, being able to rapidly patch systems could prevent a catastrophic impact to business continuity. Ansible Tower helped enable GDPR compliance as well. The laborious tasks for patching systems became significantly easier  thanks to Ansible Tower. "The organization moved to a monthly patching cycle, increasing the frequency of updates."  The best part, for the company surveyed, Red Hat Ansible Tower enabled these security and compliance gains with no extra staff.

Empower Staff to Do More

One of the key benefits observed in the TEI, was better staff enablement. Not only were existing staff accomplishing more tasks in less time but, junior staff could be empowered to take on higher level tasks. Complex tasks could be delegated to greener team members. Ansible Tower eliminated dull, boring, and repetitive tasks through automation.

Red Hat Ansible Tower's ease of use shined in this study. The lead infrastructure architect said, "We had the ability for Tower to be used within our environment in under a week with the tools provided out of the box." Ansible Tower democratizes the flexibility and power of Ansible. Infrastructure staff built functionality to enable end users to act safely in their own environments. End users of Ansible Tower functionality required only one hour of training to be qualified and productive.

Hiring is an increasingly difficult task for IT organizations. The time it takes to find and recruit talent, onboard, and train new hires comes at a cost. The gains made by implementing Ansible Tower reduced the urgency of onboarding more staff for this company. Forrester's TEI indicated Red Hat's customer, "saved 48,000 hours of staff time by automating the process of bringing servers online, stress testing resources and deleting nodes." When assuming a typical, salaried US employee's work hours to be 2,000 hours per year, implementing Ansible Tower has a potential staff hours savings of eight full time employees per year.

No Expensive Hardware Needed

According to the TEI, "Rather than purchase name-brand appliances for its data centers, the interviewed organization created an Ansible Playbook and ran the automated functionality using generic Linux systems Rather than purchase name-brand appliances for cloud configuration, backups, etc. in its data centers, the customer stood up Ansible Tower and ran the automated functionality using generic Linux systems." The organization avoided purchasing 10 name brand infrastructure appliances, representing a three-year present value of $389,707."

In conclusion, we believe that Red Hat Ansible Tower can enable organizations to do what they've done successfully for years at scale. Ansible Tower helps organizations accelerate revenue recognition. Automation with Ansible can improve the safety and surety of IT infrastructure by automating patching and compliance tasks. Ansible can free up staff time and raise the capabilities of all staff to take part in a greater velocity of improvements. What do you want to Ansible today?

Ready to try Ansible Tower? Download a free Tower trial.


----

Read in my feedly


Sent from my iPhone

Threat Roundup for August 3-10



----
Threat Roundup for August 3-10
// Talos Blog


Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between Aug. 3 - 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, we will summarize the threats we've observed by highlighting key behavioral characteristics and indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

The most prevalent threats highlighted in this round up are:

  • Win.Malware.Dbzx-6628757-0
    Malware
    This is a variant of the Tspy family. It is able to execute after every reboot, making it persistent. It contacts domains that are related to RATs and are generally command and control (C2) servers to upload data, and receives additional commands. The samples are often packed and contain anti-debug tricks to complicate the manual analysis.
     
  • Win.Malware.Emotet-6628754-0
    Malware
    This cluster provides generic detection for the Emotet trojan that's downloaded onto a targets machine. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products.
     
  • Win.Malware.Zerber-6629234-0
    Malware
    This is a malware identification for a ransomware variant of Cerber.
     
  • Win.Malware.Startsurf-6628791-0
    Malware
    Strtsurf is a trojan targeted at collecting personal information, and sometimes labeled as a potentially unwanted application (PUA) in other coverage signatures.
     
  • Win.Packed.Eorezo-6629326-0
    Packed
    This malware is known to enable the display of advertisements in Internet Explorer. It's also downloads several pieces of software and installs them in the background.
     

Threats

Win.Malware.Dbzx-6628757-0


Indicators of Compromise


Registry Keys
  • <HKLM>\Software\Wow6432Node\Microsoft\Tracing
Mutexes
  • QSR_MUTEX_HnRHWDxWQnveBdUtWT
IP Addresses
  • N/A
Domain Names
  • ip-api[.]com
Files and or directories created
  • N/A
File Hashes
  • 25430a357d53aec77dd1f119b838ceae79a22bb3a60c7a002cb7328b098546a7
  • 54279416f864d374f33fe9a2fe2998db3976c4ff43e8b0da006548489a50bbdd
  • 5ce812ebf77f6d63de37a1e3d261b9688d595aaeadaef3388f4214896bb64892
  • 810fb35557e051a7be3f03b37247c90796595a2d5afa1b2c3034187de2a3f0bc
  • 8f08bcadd3a44055a70dbae3308cf18c8d1824e424100eda03ddc71e9417fb5e
  • 9435b87c7c91ac98f9f461aeaa6b1630e2270e2d2ccdf6a05d46fa02de91d1eb
  • 9634a2afb40139e39da8c8ef0da8f5104229d7bb4c3b95faee5a4396713f528e
  • a137c89d2c6f0ae74217724e1cb56aea726e285d0e6e98adfda16617ad51d176
  • a2907c7011b20373fd47e03a0f4679fdd51b982b973bb37d1d45bfa4a618bc5a
  • b3c6a0883d9ed8bcf1bf162c0ade8b16f2cd4ae890e30ba9e9540f4bdf5f5ba1
  • ba5afe1245d10f72637d34a96bf6e365c2f4326da69dcd440beacf421b634133
  • cd3a4783c2795a16c82518c56f955c9b56f415d59ef5bc77e143f6124123364b
  • d0dbd75a4d8716ba7ca7d025ee1c772aa4ff554214a993b4b874a0a26dcf5a6c
  • e2116a9a176ff765f1c5ec23003266bfe0f1592e46e41236482ad4c3520ea53a
  • e2846881f6127d99222144e4ece509bd18522fdd7791bf84d7697b37ffa40919
  • efc3e1b1d6c13c3624160edc36f678dd92f172339bfde598ad1a95b02b474981
  • f7df8c9e36cf3440709111a33721e7ac7268a2a80057df08843ba95a72c222eb
  • fdd4cce37fd524f99e096d0e45f95ac4dac696c8d7e8eb493bb485c63409c7b3

Coverage


Screenshots of Detection

AMP



ThreatGrid




Umbrella


Win.Malware.Emotet-6628754-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • PEMB2C
  • PEM944
  • PEM80C
  • PEMA10
IP Addresses
  • 67[.]68[.]235[.]25
  • 187[.]192[.]180[.]144
Domain Names
  • N/A
Files and or directories created
  • %WinDir%\SysWOW64\TO5sH5uBMit.exe
File Hashes
  • 0406ad0fe90d371b02742e6821486abbfbf2bbd72a7593e8ddb650f0b97673b3
  • 0604aa87706cb7890075b494f026c88b2f03b621367f1bb62a87f5c5deb87870
  • 086af92d83279f5792c15a762a70e158de54b67c1a96bfc14c4ad52a24468f32
  • 10f13af2a3591efa3d58c47bb0635e3a653e14ec7726493bb4595b4dd8cd51cb
  • 127c316e7a10579e61369d6a8154e3e34726209b3cc075ddd6d9875c439c583e
  • 1fc9fda1b0c868dc7cb0cf6d8867b7aefc202436fe9e41cba5b2b35bb1ce9e9f
  • 23ba67cf24c95f3bfd36b66f822feb3d2fd0f72617921550fee034a1b7b8cc74
  • 27e37ac7cc8b48573a8345223399ce6b0ab9432ee977acf02c09bcf64cf6622d
  • 2bf1192e5200b6f8d25586908b05912a5fa6e06e87540dbb914200446a3deb10
  • 2ee83958eb1e8cb622ca833c38e51b53548d299b6574e5b7203741a2d27963f5
  • 2fca527cf8ebf4576e982118e22dfe3fd8e445749a5403dafed36089666f2357
  • 30bbfb79d26a172975e9482204f06423eff6948b1732384e7b6d23f9932ec08d
  • 30bf6e1a41dea6e4024853f9b7a6a878e4f5e4141dba4b0fe7686159925fe6cf
  • 42fca9d196c668747b74f80ca996aee9ae38bed96956b42436949a8d4d33ecf1
  • 45e6356ca3b373da3a80a72a1b64f1254f4426949598b8877abd6de99e379166
  • 4ac5db87bc83dcbf1399f4fc0fede3c5ecee5b8ef2a2500fd79b1588ef033429
  • 4b2f6d80bf78ad165c2f07d914cb4137ba31918f3f8f03f812b20715c3451f56
  • 4d7d9d73dad989590860178530dd8848d9b79a23f1cb379bc1ca5545cb196eca
  • 4e81241256ab4adb5bb96b21633d95773cc34ee72e499659064db0d32046dabf
  • 4ea92195bc159e268c7a348f2649010cb01a3e67c315d2f0b8115eaf2c879692
  • 5639d3af9cf530a057aebf3cbf92061b58539b2c311491a26d8f404a211d66bb
  • 59644dcd34cce275ff5d72c022fa76ac42a422b038d816909281e01e392d3b40
  • 599e4e8130e4a1f3f3777c6f9f088cc03c2781f4e802e0e16e417a43ec58c518
  • 5eef8b5433ebc22e4c9ea3c1462d525192a4bda8d20be4e7b09fe7d03fb9d119
  • 6238c7a704baa8771812e4f3452acb042c6475913db4cd57cfaf17a7454d4d22

Coverage


Screenshots of Detection

AMP




ThreatGrid


Win.Malware.Zerber-6629234-0


Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: FlashPlayerApp
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
    • Value Name: Run
  • <HKCU>\SOFTWARE\MICROSOFT\COMMAND PROCESSOR
    • Value Name: AutoRun
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS
    • Value Name: DefaultConnectionSettings
Mutexes
  • shell.{381828AA-8B28-3374-1B67-35680555C5EF}
IP Addresses
  • N/A
Domain Names
  • N/A
Files and or directories created
  • %AppData%\Microsoft\Windows\Start Menu\Programs\StartUp\FlashPlayerApp.lnk
  • %AppData%\{6F885251-E36F-0FE6-9629-63208157D7A2}\FlashPlayerApp.exe
File Hashes
  • 25f8455b83b98f38809af120e35c3eda189a05538f7aa2d527a265520bc3c75e
  • 342a9470e5d3dd522c17cf0a5bc588d87a84689d90362c0b18c320385b2e908d
  • 41ebdf1d4a210f395d5ee32bf55c6b07ee1e0a0bdf939bd081f6d751323c643c
  • 54be105a129d959359107d7dff6b379cd366e32bf7be9ac9a06bc2141d3ca7fa
  • 5dce0e7e0a1807d2804f28c5d5afd4ac282a022acd1945786bd118e1caf4050c
  • 5fe244200c9367e1b132ccc13df6daaba5479d2491db8fe95658f43981567c5a
  • 6292ddf51023ccca84211ed4f33944b4c3df1b694d102d90d3dd2a5a080ed2b9
  • 649c52d7b9a58837e6ccd308665d63971e424d29480c44448ddbef15e91649a6
  • 6dd74f0816f8b24a6f93c2dae0c69d33689e4baba632605d138216d9c7aab2ba
  • 7322fb7767b733ef5a279720f581d54edae9ea4af69d39aaa3e79fc443e2bb33
  • 76be26ac77aa81a5fb7d78135adb05b579cecc2173ffef5f5ab6b484e37f9e6e
  • 793b978af24469a77490ea609de0142ff817e557ad78a688dd5d65c2fe49a8db
  • 7c0e65092e8786d9052bbd74f4dc7b26567e150efb25d1503c4bfd9b3895b8ab
  • 8815e1daad1f9cb4ff4243ff485218e3a0be93e2afef07048852ba79fdd9294e
  • 8e84fbc38403f1516447b73b73b5051777314089f0d1fefcfae004b1ef615641
  • a0e3bd64d556ce80b85b7d328bb61beeaf2da297dc09058211150617d6a83b8b
  • b6b3b53b1001b6de24797a89d61bd825760574ab4cb60f7a5971115acb53c8e4
  • ef66d0161200d413bb8a577a517fe03f325f2fd2f0df778f6297a8658ca0abc8
  • f25d03efc63cba1a262034382f809aaa5918f218b965164897df0c989a08dd04
  • f8ee14337fe367aded0aee32c6c84ce404eaef53a6f75d86c6c08235f55ec303

Coverage


Screenshots of Detection

AMP




ThreatGrid




Umbrella




Win.Malware.Startsurf-6628791-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • Local\MSCTF.Asm.MutexDefault1
IP Addresses
  • N/A
Domain Names
  • lip[.]healthcakes[.]men
Files and or directories created
  • N/A
File Hashes
  • 00cc9438408d1b22b0afc57e3b233ff62774cbcb92e58b392403d8c794d988ed
  • 118e08c379b0035cef2a155d59d97c6e8cae94b6f46c5e77f58d84c88c689d2c
  • 1f270dc860158d63bb400e08f12bce40a9a50494368ea6e44cfd89f7e0dc23f4
  • 3e49b3e58eec40b735124509bafcf434904f5945c9d65a5a860b0950850a979d
  • 4348a4b50eba73d6eb5d0d254241d0e44fc63c975b589ac5276d6dc5cf8bab13
  • 4a1c1cf9c70b127cc514fa6cdbb0e286ee33bf19f6ff41ca02951c9947dac55e
  • 4ae8cf675d6517b7989391fc653e8ddc96aa81cec4802e7e66de30adf0e96d2e
  • 527eac30113eb365330ec5c35591fe9ae69d4e1beca8b0ae24666e97d8773e36
  • 53366f90f59348b8de81bdc04652200d2dcf8bad5cfc46a533c3b20cd0e200b2
  • 5f98685ee9098a31ced944840670772bb972db31ac5d1690974e59f566d1adae
  • 61e7c5b6a7f1608cf0bf728d15f8cdfc0f9f5c7c3748ee28452cfa2a496e54cc
  • 70ebc88b9a71c661b68325dd92d0945ea1927e4d115da217640a4efefcf0c730
  • 722e86b32635a1cace77ceee414761f28e386743fd2c513650e55814179bdac5
  • 91bb8eb10e0aa88ea1e33d1ec23893d5a45e01e8ab69081b96835b4aff3b906a
  • 97645bb27e056b282a0aa46dbbc79ed03bdc29c6f96e369d7537ee2bb1c8dd6e
  • 9b36f0e70d5f7b4795b1278e052356484d4f2374f49563195f224ade6ce08c71
  • ac86cafcc7062a389e25a4e26dd15df7ce2e64b7a6890bf5712189ab9ec81c8c
  • c3883ba74230604d38a638a1b8d0673cc3c91e01b482e6b83a6e6bbd4edd3b10
  • c56e3ca164803c5668cf0b8228c97626c486f5a7063d4b3109840137b67c8f98
  • c82eaf2f1f156b95b43b2a984867e486911f6ceb329daea6ac9a6c53fae42685
  • ca544eaedd654782fa6b7a130bdc58869c2124a59754ed1baf9a5c00fafae12a
  • d4ab2cc67c707cab8f7aab0fde94b50670f1b787b049f45564fe5368205ed642
  • eac8c3c76e954d8e2be7a5d1570643b4ce6a856e8143faf6263ad50cf53aceb2
  • f0a9c1c2fc19b4abd905e8a2f187f94e74dfe1e7de2d9a5328b13893b301488d
  • fb2aa3891cc9383631ddcca4076ae800d67d701a7ffb83d48240cc1d72372175

Coverage


Screenshots of Detection

AMP




ThreatGrid




Umbrella



Win.Packed.Eorezo-6629326-0


Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: 6518673
Mutexes
  • Amazonassistant2018
  • Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_2c8
  • Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_2c8
  • WmiApRpl_Perf_Library_Lock_PID_2c8
IP Addresses
  • N/A
Domain Names
  • www[.]wizzmonetize[.]com
  • ionesystemcare[.]info
  • www[.]rothsideadome[.]pw
  • www[.]usatdkeyboardhelper[.]pw
Files and or directories created
  • %ProgramFiles%\WJTLINYZUI\cast.config
  • %LocalAppData%\Temp\DaGXhZc6w\Nursehealth.exe
  • %System32%\Tasks\One System Care Monitor
  • %ProgramFiles% (x86)\OneSystemCare
  • %SystemDrive%\TEMP\config.conf
  • %LocalAppData%\Temp\U8R09Z5FM2\OneTwo.exe
  • %LocalAppData%\Temp\U8R09Z5FM2\up.exe
  • %WinDir%\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new
  • %ProgramFiles%\WJTLINYZUI\GCOMQP0KN.exe
File Hashes
  • 002d9959f5e7417cc2cbc657243f2dab82fac3d2e94fa2d0c8e45eda10889b08
  • 03c948623cf78efe90258d894ab0e793bca7009bd73d0be0f652575f81bda621
  • 0f8d729821902252b7f7a1c0d51004d3770356969e7181548126f13f1e2ebf2a
  • 1e64134ff7358ea6e632fd2377532491235cf089f33095a72552e150088b42f1
  • 1eed9456e69a80cb4e8444ad0356d71e09a073715f92e51afa008e80d2a0352a
  • 26f928ef89fde0e3e3fa996073c7c0bba00c2cbfe280de338de15367f4c8f76b
  • 2b0c6557b39ad8cca97ea6975aa3f4a8341774461b1bacab05d04ab20a9463eb
  • 3a5ac5c5ee7985367349d84d60be2c5f94f876c56cf73acbae6fc680ebbdb3c6
  • 47bcf1f1bca23a36e291a0ac4cb8d1cd59c0c80d6a8e3b2cc3d646284cc531d5
  • 4ae3efb9a9cca68c098dcdba33d2aef39888cf229cd02be64cbf59a0b68dae30
  • 5112edf0351d70ad31152f67e8996c9c4ad062f0023cfd43b4baecb8aa7b16b4
  • 52544303a89f2c4e3eedd64c000504a2ef4c920c20361961fc81cae3f520244f
  • 55e181f0e0e88efccf6534949ad8dd93a179e2b94b71e76a9e7db4d938ea2bd2
  • 56982cc1f4b4e92aea28a30684bdfc752122eb78fc545ccc3f4169a1597233cc
  • 5c3982a206d40ec00b2029d4bdde1bb37192341583e803556872b97a609411ae
  • 61ee5c724a4c9408e9c8120eabac1babea8e91bf5719b02c78ce129f68239ff6
  • 63cc723ad7e85798e9126f5cc933c48d0e3cdfa7504579ef0b0b3cced9cb19c8
  • 65a0bb3fd94ec888696598703ed111471bd47962278a5f1006e7e0716bd5b58e
  • 71d6d1ed9a5bd71e8dbd03a91151a2965ac12198fa1825366bf19c4b14106cb7
  • 71e3009284ae35a3087ef041162a2ada636b388738033ea62faefc2bbfca9dfc
  • 7e17ee126754a9306b4ffcf536f384abe5c718672807de1e27e7c7f3846d9e74
  • 85b36ab50aeb452822886815076c7c90c30273854496dde7fd3473e62119f672
  • 877b9a03f0b8763c265ecbc4be76ffafc9eb26c4b618c2827ce1e200797ca876
  • 885718a7bd95c44d14dec7f0efa101147b671e60a7ecac2622ac86061dab17f2
  • 9583c8f1f3c9982a45ed56fbc30f8be06708cfaa8557aa7f5b6117847018cd4f

Coverage


Screenshots of Detection

ThreatGrid



Umbrella




----

Read in my feedly


Sent from my iPhone

Playback: A TLS 1.3 Story



----
Playback: A TLS 1.3 Story
// Talos Blog


Introduction


Secure communications are one of the most important topics in information security, and the Transport Layer Security (TLS) protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking application, your favorite instant message application or social networks, all those communications are being transmitted using TLS. With TLS, the information sent by the browser and the service is secured and encrypted, meaning that the information cannot be modified or tampered with by an attacker. The communications are also verified to ensure that the browser is connected to the right endpoint (e.g. Wikipedia).

This week at Black Hat and DEF CON, Cisco security consultants Alfonso Garcia Alguacil and Alejo Murillo Moya will deliver a presentation, called "Playback: A TLS 1.3 Story," about some of the known security implications of using 0-RTT and will show proof of concepts of some attacks that have been seen in real-world environments. The intent is to raise awareness across the security community about that new feature. The presentation will be presented at Black Hat USA 18 and DEF CON 26. Attendees will learn about TLS 1.3 0-RTT, see some examples about how an attacker could take advantage of that new feature and get an understanding of the security implications of enabling the feature and how it could be used safely minimizing any potential security impacts.


Playback: A TLS 1.3 Story

TLS was born as a substitute of the ancient secure sockets layer (SSL) protocol, which was starting to show its age and was open to multiple types of attacks. The first version of TLS, 1.0, was created in 1999 and it was based on SSLv3. Since then, TLS 1.1 (2006) and TLS 1.2 (2008) were created to improve previous versions of the protocol, solving some of the security weaknesses that security researchers discovered in the past two decades.

TLS 1.3 is the new protocol version. It is not officially released yet, but it is in the final stage, just waiting for the final approval. In any case, some important vendors and open-source projects are currently supporting it. The TLS 1.3 Working Group released multiple iterations (drafts) that refined and improved the protocol in the past four years. One of the outcomes of that hard work is that TLS 1.3 has been simplified, and several vulnerabilities were fixed. For example, in TLS 1.2, the number of ciphers supported was high — maybe there were too many — and the working group decided to limit this new version to support only five ciphers.

TLS 1.3 has also introduced a new feature to improve the performance of new connections. The name of this feature is "0-RTT" (zero round trip time resumption) and it resumes sessions faster that can push data to the server without needing to wait for a server confirmation. 0-RTT makes this possible, as it reuses cryptographic information obtained in the first connection to the server. The following diagram shows how TLS 1.3 0-RTT resumption works:



This can improve performance, but it has some known security implications.

For all of the Talos-related fun at Black Hat and DEF CON, be sure to read our complete guide here.

We are looking forward to meeting and seeing everyone at Black Hat and DEF CON. Be sure to come by booth #504 and say hello. And, of course, pick up a new, limited-edition Snort pig for your collection.


----

Read in my feedly


Sent from my iPhone

Microsoft Tuesday August 2018



----
Microsoft Tuesday August 2018
// Talos Blog


Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated "critical," 38 that are rated "important," one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.

In addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.

Critical Vulnerabilities


This month, Microsoft is addressing 20 vulnerabilities that are rated "critical." Talos believes 10 of these are notable and require prompt attention.

CVE-2018-8273 is a remote code execution vulnerability in the Microsoft SQL Server that could allow an attacker who successfully exploits the vulnerability to execute code in the context of the SQL Server Database Engine Service account.

CVE-2018-8302 is a remote code execution vulnerability in the Microsoft Exchange email and calendar software that could allow an attacker who successfully exploits the vulnerability to run arbitrary code in the context of the system user when the software fails to properly handle objects in memory.

CVE-2018-8344 is a remote code execution vulnerability that exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. This vulnerability can be exploited in multiple ways. By leveraging a web-based attack, an attacker can convince a user to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements. An attacker can also provide a specially crafted document that is designed to exploit the vulnerability, and then convince users to open the document file.

CVE-2018-8350 is a remote code execution vulnerability that exists when the Microsoft Windows PDF Library improperly handles objects in memory. An attacker who successfully exploits the vulnerability could gain the same user rights as the current user. The vulnerability can be exploited simply by viewing a website that hosts a malicious PDF file on a Windows 10 system with Microsoft Edge set as the default browser. On other affected systems, that do not render PDF content automatically, an attacker would have to convince users to open a specially crafted PDF document, such as a PDF attachment to an email message.

CVE-2018-8266, CVE-2018-8355, CVE-2018-8380,  CVE-2018-8381 and CVE-2018-8384 are remote code execution vulnerabilities that exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker who successfully exploits the vulnerability can potentially gain the same user rights as the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements.

CVE-2018-8397 is a remote code execution vulnerability that exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. This vulnerability can be exploited in multiple ways. By leveraging a web-based attack, an attacker can convince a user to visit a webpage that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements. An attacker can also provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.
Other vulnerabilities deemed "critical" are listed below:

CVE-2018-8345    LNK Remote Code Execution Vulnerability
CVE-2018-8359    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8371    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8372    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8373    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8377    Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8385    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8387    Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8390    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8403    Microsoft Browser Memory Corruption Vulnerability

Important Vulnerabilities


This month, Microsoft is addressing 38 vulnerabilities that are rated "important." Talos believes two of these are notable and require prompt attention.

CVE-2018-8200 is a vulnerability that exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploits this vulnerability can potentially inject code into a trusted PowerShell process to bypass the Device Guard code integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine and then inject malicious code into a script that is trusted by the policy. The injected code would then run with the same trust level as the script and bypass the policy.

CVE-2018-8340 is a vulnerability in the Windows Authentication Methods, and enables an Active Directory Federation Services (AD FS)  Security Bypass vulnerability. An attacker who successfully exploits this vulnerability could bypass some, but not all, of the authentication factors.

Other vulnerabilities deemed "important" are listed below:

CVE-2018-0952    Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability
CVE-2018-8204    Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8253    Cortana Elevation of Privilege Vulnerability
CVE-2018-8316    Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8339    Windows Installer Elevation of Privilege Vulnerability
CVE-2018-8341    Windows Kernel Information Disclosure Vulnerability
CVE-2018-8342    Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8343    Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8346    LNK Remote Code Execution Vulnerability
CVE-2018-8347    Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8348     Windows Kernel Information Disclosure Vulnerability
CVE-2018-8349    Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-8351    Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8353    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8357    Microsoft Browser Elevation of Privilege Vulnerability
CVE-2018-8358    Microsoft Browser Security Feature Bypass Vulnerability
CVE-2018-8360    .NET Framework Information Disclosure Vulnerability
CVE-2018-8370    Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8375    Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8376    Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2018-8378    Microsoft Office Information Disclosure Vulnerability
CVE-2018-8379    Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8382    Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8383    Microsoft Edge Spoofing Vulnerability
CVE-2018-8389    Scripting Engine Memory Corruption Vulnerability
CVE-2018-8394    Windows GDI Information Disclosure Vulnerability
CVE-2018-8396    Windows GDI Information Disclosure Vulnerability
CVE-2018-8398    Windows GDI Information Disclosure Vulnerability
CVE-2018-8399    Win32k Elevation of Privilege Vulnerability
CVE-2018-8400    DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8401    DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8404    Win32k Elevation of Privilege Vulnerability
CVE-2018-8405    DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8406    DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8412    Microsoft (MAU) Office Elevation of Privilege Vulnerability
CVE-2018-8414    Windows Shell Remote Code Execution Vulnerability

 Coverage


In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:

45877-45878, 46548-46549, 46999-47002, 47474-47493, 47495-47496, 47503-47504, 47512-47513, 47515-47520


----

Read in my feedly


Sent from my iPhone

VMware OS Optimization Tool (OSOT) – Free tool for Virtual and Physical systems



----
VMware OS Optimization Tool (OSOT) – Free tool for Virtual and Physical systems
// StarWind Blog

VMware OS Optimization Tool (OSOT) is a free tool provided by VMware Labs website. A website which is well known for the "Flings", which are free utilities which helps IT admins in their day-to-day administration tasks.

The utility uses templates which provides an easy way to disable windows services which aren't mostly necessary. By disabling unnecessary services you're basically make the system run more "light" so you're saving resources which can be used for other programs.

Most Windows services are enabled by default and this optimization tool can disable unnecessary services. The system also provides a Roll-back feature allowing you to revert your changes and leave the system as it was in the beginning, before any optimization.

While you might think that this tool is only capable and usable for VMware Horizon View desktops, this is not correct. In fact, VMware OSOT is universal and can act on any (physical or virtual) systems supported optimizations can be applied also to RDSH servers.

Note: The OSOT does not support optimizing Windows Server 2008 or 2012 when those operating systems are used as single-session desktops.

The supported systems are:

You can optimize those systems below:

  • Windows 7
  • Windows 8/8.1
  • Windows Server 2008 (and R2)
  • Windows Server 2012 (and R2)
  • Windows 10
  • Windows Server 2016

Caution:

Please note that before using and downloading you must first accept the Technical preview license which makes you understand that this tool is experimental and should not be run on production systems.

What are the Requirements to Install and use the Tool?

Windows 7/8/10, Windows Server 2008 R2/2012/2016

NET Framework 3.5, SP1.

VMware OSOT – The Features

  • Analyze – You analyze all registry entries, services and scheduled tasks of the system that you're trying to optimize.
  • History – Checks the optimization history and allows you to roll-back to a state before the optimization. You can have several history points-in-time to where you can roll-back.
  • Remote Analysis – possibility to browse a list of remote systems or VMs and do the analysis.
  • Templates – Easy to use OSOT pre-built templates, make changes and save as your own templates.

Getting Started 

In fact, you don't need to install this tool as there is only executable package, not installation package. So, after executing the first time, it detects the underlying system automatically and analyzes the system.

You are presented with an overview screen which is divided into few parts. The top part shows the Analysis summary allowing you to check which optimization choose.

Here is the overall view.

VMware

The details of the optimization vs non-optimized system show the benefits on the close-up image below.

wp-image-9592

So, as I said, after executing for the first time, the system does the analyze. The next step would be the optimization phase.

When you first click the Optimize Button, there will appear a new TAB right after the Analyze Tab.

VMware tools

This new tab is called simply Optimize and provides a recapitulation of what's been done. You can browse the results and see in details if every optimization was successful or not.

This prevents of false optimization (you think that you have done an optimization, but in reality the system did not apply a tweak for some reason).

wp-image-9594

The Revert back can be done from the History TAB. You'll nee to select a roll-back checkpoint and then click the Rollback button. Very easy.

wp-image-9595

When you look closely you'll notice that you can check/uncheck individual optimizations as well. So when you don't want a special tweak to be applied you simply uncheck it. And this works the other way around.

Then you can save it as a personalized (your own) OSOT template.

The templates are accessible through a drop-down menu on the left. You have many predefined templates prepared by VMware. Some of them are dedicated for VDI as those were prepared with collaboration with LoginVSI, but others are more general and not targeting VDI infrastructures only.

This gives you an opportunity to chose your system from the template and apply it to your system without it being a VDI desktop.

wp-image-9596

Community templates

You can download templates from the community by clicking a button on each template. You'll notice a small disclaimer informing you that this is a community template. Not from VMware. So it's up to you to take some cautions.

The tool has few public repositories registered, but you can add more repositories via the gear icon.

wp-image-9597

StarWind Virtual SAN eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows StarWind Virtual SAN to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.

Learn more about ➡ StarWind Virtual SAN.

How do I create my own template?

The best way is to make a copy of the existing template. Click the Copy and Edit button to do so.

wp-image-9598

You can also export your template as an XML file which allows your tweaks to become even more transportable.

First, chose the template and click the Export Template button. This will export the existing template as XML. Chose some folder (My documents or USB key, etc)

Then on another system, go and click Import template button to Import this template, which will now appear in the "My Templates" folder.

Link: VMware Labs OSOT page

Wrap Up:

Small tool with some enormous possibilities, but providing top notch revert back option which I really like. Again, this is a "Fling" and so you should always take a backup of your production system. Other then that I can only recommend as it can make you VDI or RDSH systems only more responsive and your users happier.

Related materials:


----

Read in my feedly


Sent from my iPhone

The DevOps & AWS Certification Training Bundle for $29



----
The DevOps & AWS Certification Training Bundle for $29
// StackSocial

Expires November 06, 2018 23:59 PST
Buy now and get 95% off

AWS Technical Essentials Certification Training


KEY FEATURES

This AWS Technical Essentials course is designed to train participants on various AWS products, services, and solutions. This course, prepared in line with the latest AWS syllabus will help you become proficient in identifying and efficiently using AWS services. The two live projects included in this course ensure that you are well versed in using the AWS platform. The course also contains a live demo that helps you learn how to use the AWS console to create instances, S3 buckets, and more.

  • Access 7 hours of high-quality e-learning content 24/7
  • Recognize terminology & concepts as they relate to the AWS platform
  • Navigate the AWS Management Console
  • Understand the security measures AWS provides
  • Differentiate AWS Storage options & create Amazon S3 bucket
  • Recognize AWS Compute & Networking options and use EC2 and EBS
  • Describe Managed Services & Database options
  • Use Amazon Relational Database Service (RDS) to launch an applicaton
  • Identify Deployment & Management options

PRODUCT SPECS

Important Details

  • Length of time users can access this course: 1 year
  • Access options: web streaming, mobile streaming
  • Certificate of completion included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels
  • Exam fees not included

Requirements

  • Internet required

THE EXPERT

Instructor

The online courses at Certs School give folks the chance to throw their careers into overdrive without ever leaving their cubicle. Designed to let students learn at their own pace, the courses give people the chance to learn everything from analyzing big data to using business tools such as Salesforce. Every course is designed by industry insiders with years of experience. For more details on this course and instructor, click here.

DevOps Practitioner Certification Training


KEY FEATURES

This 21-hour course is designed to help you apply the latest in DevOps methodology to automate a software development lifecycle. You'll master Configuration Management, Continuous Integration and Continuous Deployment, Continuous Delivery, and Continuous Monitoring using DevOps tools like Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. These technologies are revolutionizing the way apps are deployed on the cloud today and is a critical skillset in the cloud age.

  • Access 21 hours of high-quality e-learning content 24/7
  • Unleash the power of automation to SDLC process
  • Get proficiency in identifying terminologies & concepts in the AWS platform
  • Navigate the AWS Management Console
  • Gain expertise in using services like EC2, S3, RDS, & EBS

PRODUCT SPECS

Important Details

  • Length of time users can access this course: 1 year
  • Access options: web streaming, mobile streaming
  • Certificate of completion included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels
  • Exam fees not included

Requirements

  • Internet required

THE EXPERT

Instructor

The online courses at Certs School give folks the chance to throw their careers into overdrive without ever leaving their cubicle. Designed to let students learn at their own pace, the courses give people the chance to learn everything from analyzing big data to using business tools such as Salesforce. Every course is designed by industry insiders with years of experience. For more details on this course and instructor, click here.

----

Read in my feedly


Sent from my iPhone

Google Cloud Mastery Bundle for $39



----
Google Cloud Mastery Bundle for $39
// StackSocial

Expires August 13, 2023 23:59 PST
Buy now and get 90% off

Google DialogFlow For Chatbots


KEY FEATURES

Chatbots are designed to simulate human conversations with users; and from collecting feedback to providing customer support, they're utilized in a number of different industries. While they might seem complicated, building them is actually much easier than you think with Dialogflow, Google's conversational interface for bots, devices and applications. Dive into this course, and you'll get up to speed with this streamlined tool.

  • Access 35 lectures & 4 hours of content 24/7
  • Look at the big picture & understand how conversation works in Dialogflow
  • Learn how to handle the flow of conversation using linear & non-linear dialogs
  • Explore third-party integration & learn how to integrate a bot w/ Slack

PRODUCT SPECS

Important Details

  • Length of time users can access this course: lifetime
  • Access options: web and mobile
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Requirements

  • Internet required

THE EXPERT

Instructor

Loonycorn is comprised of a couple of individuals —Janani Ravi and Vitthal Srinivasan—who have honed their tech expertises at Google and Stanford. The team believes it has distilled the instruction of complicated tech concepts into funny, practical, engaging courses, and is excited to be sharing its content with eager students.

TensorFlow & The Google Cloud ML Engine For Deep Learning


KEY FEATURES

From colorizing black-and-white images to automatically translating phrases in a foreign language, Deep Learning has paved the way for some pretty magical breakthroughs, and we have TensorFlow to thank for that. This course takes a beginner-friendly look at this tool and how it can be used to design, build, and train deep learning models. You'll start by understanding the anatomy of a simple Tensorflow program. Next, you'll move on to regression models and ultimately neural networks.

  • Access 132 lectures & 16 hours of content 24/7
  • Examine the anatomy of a simple Tensorflow program & basic constructs like graphs, tensors & constants
  • Learn how to build regression models in Tensorflow & explore both linear and logistic regression
  • Dive into neural networks & how layers of neurons come together to function

PRODUCT SPECS

Important Details

  • Length of time users can access this course: lifetime
  • Access options: web and mobile
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Requirements

  • Internet required

THE EXPERT

Instructor

Loonycorn is comprised of a couple of individuals —Janani Ravi and Vitthal Srinivasan—who have honed their tech expertises at Google and Stanford. The team believes it has distilled the instruction of complicated tech concepts into funny, practical, engaging courses, and is excited to be sharing its content with eager students.

Google Cloud Platform: Data Engineering Track


KEY FEATURES

There are plenty of options out there for cloud computing, but the Google Cloud Platform is king for high-end machine learning applications. This course looks at how Google Cloud can be used for machine learning along with TensorFlow and Hadoop, taking you through neural networks, stream processing, and more. Your foray into the world of data engineering starts here.

  • Access 153 lectures & 19 hours of content 24/7
  • Get an in-depth look at storage on the Google Cloud Platform
  • Discover what neural networks are, how neurons work & how neural networks are trained
  • Learn more about stream processing w/ Dataflow & Pub/Sub

PRODUCT SPECS

Important Details

  • Length of time users can access this course: lifetime
  • Access options: web and mobile
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Requirements

  • Internet required

THE EXPERT

Instructor

Loonycorn is comprised of a couple of individuals —Janani Ravi and Vitthal Srinivasan—who have honed their tech expertises at Google and Stanford. The team believes it has distilled the instruction of complicated tech concepts into funny, practical, engaging courses, and is excited to be sharing its content with eager students.

Google Cloud Platform: Cloud Architecture Track


KEY FEATURES

More companies are heading to the Cloud, which means demand is high for experts versed in this revolutionary technology. The Google Cloud Platform is quickly emerging as one of the premier tools in the industry, and this course will walk you through concepts and elements key to getting certified, particularly for Google's Cloud Architect track.

  • Access 85 lectures & 11.5 hours of content 24/7
  • Sharpen your networking knowledge w/ instruction on Virtual Private Clouds, shared VPCs & more
  • Familiarize yourself w/ key elements of Google's Cloud Architect track
  • Explore security concepts, like identity & access management, identity-aware proxying, API Keys and more

PRODUCT SPECS

Important Details

  • Length of time users can access this course: lifetime
  • Access options: web and mobile
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Requirements

  • Internet required

THE EXPERT

Instructor

Loonycorn is comprised of a couple of individuals —Janani Ravi and Vitthal Srinivasan—who have honed their tech expertises at Google and Stanford. The team believes it has distilled the instruction of complicated tech concepts into funny, practical, engaging courses, and is excited to be sharing its content with eager students.

----

Read in my feedly


Sent from my iPhone

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability



----
ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability
// The Hacker News

Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application

----

Read in my feedly


Sent from my iPhone

Adobe releases important security patches for its 4 popular software



----
Adobe releases important security patches for its 4 popular software
// The Hacker News

Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software. The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications. None of the security

----

Read in my feedly


Sent from my iPhone

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack



----
Microsoft Releases Patches for 60 Flaws—Two Under Active Attack
// The Hacker News

Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio. Two of these

----

Read in my feedly


Sent from my iPhone

Monday, August 13, 2018

XCP-ng 7.5 upgrade



----
XCP-ng 7.5 upgrade
// XCP-ng

If you use XenServer or XCP-ng 7.4, follow our guide to upgrade to our latest XCP-ng 7.5!

Upgrade from XCP-ng 7.4

Warnings:

  • Always upgrade and reboot the pool master FIRST
  • If HA is enabled, disable it before upgrading

Recommended way: using the installation ISO

  • Download the installation ISO from https://xcp-ng.org/download/
  • Check the integrity of the downloaded ISO, using the MD5 sum or better yet the SHA256 sum if available.
  • Follow installation procedure on our download page.

Experimental way: from command line

This method is still experimental, because there are more things that can go wrong when you upgrade 500 packages one by one than when you reinstall from scratch (which is what the installation ISO does, without losing your data of course). Upgrade via installation ISO is also the only upgrade method that creates a backup of the old system to a backup partition before installing the new version.

Here are the steps, as root:

wget https://updates.xcp-ng.org/7/xcp-ng-7.5.repo -O /etc/yum.repos.d/xcp-ng.repo
yum install xcp-ng-deps
yum update

Now reboot the host. ALWAYS REBOOT THE POOL MASTER FIRST.

Upgrade from XenServer

This is exactly like upgrading from a previous XenServer version. Just insert the ISO and follow instructions! More details are available on the download page.


----

Read in my feedly


Sent from my iPhone