Tuesday, December 3, 2024

Beyond Containers: Unveiling the Full Potential of Docker for Cloud-Native Development

As organizations strive to stay competitive in an increasingly complex digital world, the pressure to innovate quickly and securely is at an all-time high. Development teams face challenges that range from complex workflows and growing security concerns to ensuring seamless collaboration across distributed environments. Addressing these challenges requires tools that optimize every stage of the CI/CD pipeline, from the developer’s inner loop to production.

This is where Docker comes in. Initially known for revolutionizing containerization, Docker has evolved far beyond its roots to become a powerful suite of products that supports cloud-native development workflows. It’s not just about containers anymore; it’s about empowering developers to build and ship high-quality applications faster and more efficiently. Docker is about automating repetitive tasks, securing applications throughout the entire development lifecycle, and enabling collaboration at scale. By providing the right tools for developers, DevOps teams, and enterprise decision-makers, Docker drives innovation, streamlines processes, and creates measurable value for businesses.

Learn about what Docker does as a suite of software development tools to enhance productivity, improve security, and integrate seamlessly with CI/CD pipelines.

What does Docker do?

At its core, Docker provides a suite of software development tools that enhance productivity, improve security, and seamlessly integrate with your existing CI/CD pipeline. While still closely associated with containers, Docker has evolved into much more than just a containerization solution. Its products support the entire development lifecycle, empowering teams to automate key tasks, improve the consistency of their work, and ship applications faster and more securely.

Here’s how Docker’s suite of products benefits both individual developers and large-scale enterprises:

  • Automation: Docker automates repetitive tasks within the development process, allowing developers to focus on what matters most: writing code. Whether they’re building images, managing dependencies, or testing applications, developers can use Docker to streamline their workflows and accelerate development cycles.
  • Security: Security is built into Docker from the start. Docker provides features like proactive vulnerability monitoring with Docker Scout and robust access control mechanisms. These built-in security features help ensure your applications are secure, reducing risks from malicious actors, CVEs, or other vulnerabilities.
  • CI/CD integration: Docker’s seamless integration with existing CI/CD pipelines offers profound enhancements to ensure that teams can smoothly pass high-quality applications from local development through testing and into production.
  • Multi-cloud compatibility: Docker supports flexible, multi-cloud development, allowing teams to build applications in one environment and migrate them to the cloud with minimized risk. This flexibility is key for businesses looking to scale, increase cloud adoption, and even upgrade from legacy apps. 

The impact on team-based efficiency and enterprise value

Docker is designed not only to empower individual developers but also to elevate the entire team’s productivity while delivering tangible business value. By streamlining workflows, enhancing collaboration, and ensuring security, Docker makes it easier for teams to scale operations and deliver high-impact software with speed.

Streamlined development processes

One of Docker’s primary goals is to simplify development processes. Repetitive tasks such as environment setup, debugging, and dependency management have historically eaten up a lot of developers’ time. Docker removes these inefficiencies, allowing teams to focus on what really matters: building great software. Tools like Docker Desktop, Docker Hub, and Docker Build Cloud help accelerate build processes, while standardized environments ensure that developers spend less time dealing with system inconsistencies and more time coding. 

Enterprise-level security and governance

For enterprise decision-makers, security and governance are top priorities. Docker addresses these concerns by providing comprehensive security features that span the entire development lifecycle. Docker Scout proactively monitors for vulnerabilities, ensuring that potential security threats are identified early, before they make their way into production. Additionally, Docker offers fine-grained control over who can access resources within the platform, with features like Image Access Management (IAM) and Resource Access Management (RAM) that ensure the security of developer environments without impairing productivity.

Measurable impact on business value

The value Docker delivers isn’t just in improved developer experience — it directly impacts the bottom line. By automating repetitive tasks in the developer’s inner loop and enhancing integration with the CI/CD pipeline, Docker reduces operational costs while accelerating the delivery of high-quality applications. Developers are able to move faster, iterate quickly, and deliver more reliable software, all of which contribute to lower operational expenses and higher developer satisfaction.

In fact, Docker’s ability to simplify workflows and secure applications means that developers can spend less time troubleshooting and more time building new features. For businesses, this translates to higher productivity and, ultimately, greater profitability. 

Collaboration at scale: Empowering teams to work together more effectively

In modern development environments, teams are often distributed across different locations, sometimes even in different time zones. Docker enables effective collaboration at scale by providing standardized tools and environments that help teams work seamlessly together, regardless of where they are. Docker’s suite also helps ensure that teams are all on the same page when it comes to development, security, testing, and more.

Consistent environments for team workflows

One of Docker’s most powerful features is the ability to ensure consistency across different development environments. A Docker container encapsulates everything needed to run an application, including the code, libraries, and dependencies so that applications run the same way on every system. This means developers can work in a standardized environment, reducing the likelihood of errors caused by environment inconsistencies and making collaboration between team members smoother and more reliable. 

Simplified CI/CD pipelines

Docker enhances the developer’s inner loop by automating workflows and providing consistent environments, creating efficiencies that ripple through the entire software delivery pipeline. This ripple effect of efficiency can be seen in features like advanced caching with Docker Build Cloud, on-demand and consistent test environments with Testcontainers Cloud, embedded security with Docker Scout, and more. These tools, combined with Docker’s standardized environments, allow developers to collaborate effectively to move from code to production faster and with fewer errors.

GenAI and innovative development

Docker equips developers to meet the demands of today while exploring future possibilities, including streamlining workflows for emerging AI/ML and GenAI applications. By simplifying the adoption of new tools for AI/ML development, Docker empowers organizations to meet present-day demands while also tapping into emerging technologies. These innovations help developers write better code faster while reducing the complexity of their workflows, allowing them to focus more on innovation. 

A suite of tools for growth and innovation

Docker isn’t just a containerization tool — it’s a comprehensive suite of software development tools that empower cloud-native teams to streamline workflows, boost productivity, and deliver secure, scalable applications faster. Whether you’re an enterprise scaling workloads securely or a development team striving for speed and consistency, Docker’s integrated suite provides the tools to accelerate innovation while maintaining control. 

Ready to unlock the full potential of Docker? Start by exploring our range of solutions and discover how Docker can transform your development processes today. If you’re looking for hands-on guidance, our experts are here to help — contact us to see how Docker can drive success for your team.

Take the next step toward building smarter, more efficient applications. Let’s scale, secure, and simplify your workflows together.

Learn more



from Docker https://ift.tt/TkAGo0a
via IFTTT

Windows 365 Link PC

Microsoft continues push the envelope of the Windows PC cloud experience. As we recall, they unveiled the Windows 365 solution back in 2021. Ever since, the solution continues to evolve, adding new features and functionality. Now, they are doing something that is a departure from the software advances of the past few years. They are unveiling purpose-built hardware to take advantage of Windows 365. Windows 365 Link is billed by Microsoft as the first Cloud PC device that is purpose-built for the Windows 365 solution.

What is Windows 365 Link?

The new Windows 365 Link is a lightweight device that is designed to provide a streamlined connection experience into the Windows 365 Cloud PC environment. You can think of the device as a “thin client” that connects you to the Windows 365 Cloud environment.

The device has several appealing qualities when it comes to using it as a daily driver to connect into your Windows 365 environment. It has a quick boot time and, according to Microsoft, wakes from sleep almost instantly. You also have the ability with the Link to run dual 4K monitors for pros that need the screen real estate for running their applications and multi-tasking.

Windows 365 Link

Windows 365 Link

Microsoft is heavily targeting organizations that have many desk-based workers that use Windows 365. It will provide the hardware needed to make sure connectivity to Windows 365 is secure and productive, including situations where hot desks are used, like in call centers.

Use cases and deployment

When looking at where the Windows 365 Link may fit in terms of deployment scenarios, there are a few target use cases they serve well. These include the following:

Shared stations and hot desks – If there are environments where multiple users need to access the same workstation, the Link device connects users to their Cloud PC environment in a secure way

Remote Work – For home or remote locations and teleworkers, the Windows 365 Link provides a consistent and will allow users to have a secure connection to their work environment in Windows 365 Cloud PC, and provide hardware that is easily managed by IT staff and secure by design

Temporary workers or contractors – Contractors and other temporary workers can be provided with a Windows 365 Link allowing them to access their secure environment in Windows 365. It will allow organizations to provide secure access to resources without sending over full-fledged laptops or workstations which will reduce the overhead for providing hardware to these types of temporary positions

Connectivity options and peripherals

The Windows 365 Link device has several connectivity and I/O options. These include (4) USB ports, ethernet port, Wi-Fi 6E capability, Bluetooth 5.3, and can connect to a wide range of peripherals. The modern Wi-Fi 6E and Bluetooth capabilities mean you can transfer data between devices very quickly. This will be a welcome capability with those who use modern peripherals and devices.

Windows 365 Link has good I/O connectivity for peripherals, etc

Windows 365 Link has good I/O connectivity for peripherals, etc

Also processes things locally

You may think that Windows 365 Link would be quite anemic in terms of processing power locally. However, that is not the case. Link has the hardware capabilities to process things like video playback and video conferencing over platforms like Microsoft Teams. Microsoft has also stated that it is cooperating with other video conferencing vendors and solutions like Webex by Cisco and working to make sure the device provides high performance streaming capabilities for various other platforms.

Secure by design

Microsoft has thought through the security design of the Windows 365 Link device. By default Link has no local admin users, no local data storage or apps. Users can’t execute or install any software on the device which greatly helps to protect the environment from malware.

Also, users of the device do not have administrative privileges and they are able to login using passwordless authentication with Microsoft Entra ID. This allows organizations to take advantage of the additional protection of multifactor authentication made possible using the Microsoft Authenticator app, passkeys or FIDO USB security keys.

By default, you don’t have to worry about hardening the device as it already has the default security baseline policies applied. These default policies include features like the following:

Secure Boot

Trusted Platform Module (TPM)

Hypervisor Code Integrity

BitLocker encryption enabled

Microsoft Defender for Endpoint detection and response sensor

These default security settings cannot be disabled by users.

Easier management by IT staff

One of the primary reasons that organizations may lean towards using the Windows 365 Link device is the simplified management process. It allows IT staff to configure and manage the Link devices with their other traditional workstations in the environment.

Devices appear under the name “WCPC” for Windows Cloud PC and can easily be identified with other client devices.

Windows 365 Link will help with management challenges for IT staff

Windows 365 Link will help with management challenges for IT staff

Managing endpoints can be a complex task for IT departments. The Windows 365 Link simplifies this process by integrating seamlessly with Microsoft Intune, allowing IT administrators to configure and manage the devices alongside other PCs using existing knowledge and policies. Devices are named with a prefix “WCPC” (Windows Cloud PC) for easy identification. The device also ensures it stays up to date by downloading updates in the background and applying them during periods of inactivity, minimizing disruptions to users.

Energy and cost efficient

One of the additional benefits of the Windows 365 Link is that it is energy efficient. Since it doesn’t have the hardware footprint of a full desktop workstation, the components are energy efficient and minimalistic to help reduce power consumption. This in turn helps organizations to lower their carbon footprint. With energy costs rising worldwide and this becoming more of a consideration, the Windows 365 Link device will help businesses achieve their sustainability goals. It will also lead to less e-waste over time.

What’s next?

Microsoft is certainly continuing to evolve the capabilities and benefits of Windows 365. However, the Windows 365 Link is a unique new offering that introduces the purpose-built hardware needed to fully take advantage of the capabilities of Windows 365, while at the same time benefiting from the efficiency it makes possible.

The Windows 365 Link looks to strike a good balance between local performance for video streaming and other needs and efficiency for a low-power footprint that helps businesses meet their sustainability goals and save on energy costs.

Future updates to the Windows 365 Link may include further integrations with Microsoft’s suite of productivity tools. It will be interesting to see the feedback from early adopters as this will no doubt help to shape future enhancements to the hardware and capabilities.

Wrapping up

It is interesting to see Microsoft entering the hardware game with Windows 365 Link. However, the device is certainly complementary hardware to the capabilities provided by Windows 365. Microsoft’s vision of Windows 365 cloud PC continues to evolve as they look to modernize endpoints. With its strong security features and connectivity options along with the local performance it provides, it strikes a really good balance between performance and efficiency.

For more detailed information, you can refer to the official Microsoft announcement.



from StarWind Blog https://ift.tt/PRcw85U
via IFTTT

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Dec 03, 2024Ravie LakshmananVulnerability / Network Security

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).

The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.

"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2024.

As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.

The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware.

The malicious activity is also notable for the integration of the Mozi botnet, which allows the botnet to further expand in size and scope.

As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog last month, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate it by December 3, 2024.

Users of Cisco ASA are highly recommended to keep their installations up-to-date for optimal protection and to safeguard against potential cyber threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



from The Hacker News https://ift.tt/gGih25k
via IFTTT

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Dec 03, 2024Ravie LakshmananEndpoint Security / Vulnerability

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.

"By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access with minimal effort," AmberWolf said in an analysis.

In a hypothetical attack scenario, this plays out in the form of a rogue VPN server that can trick the clients into downloading malicious updates that can cause unintended consequences.

The result of the investigation is a proof-of-concept (PoC) attack tool called NachoVPN that can simulate such VPN servers and exploit the vulnerabilities to achieve privileged code execution.

The identified flaws are listed below -

  • CVE-2024-5921 (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, and Linux that allows the app to be connected to arbitrary servers, leading to the deployment of malicious software (Addressed in version 6.2.6 for Windows)
  • CVE-2024-29014 (CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute arbitrary code when processing an End Point Control (EPC) Client update. (Affects versions 10.2.339 and earlier, addressed in version 10.2.341)

Palo Alto Networks has emphasized that the attacker needs to either have access as a local non-administrative operating system user or be on the same subnet so as to install malicious root certificates on the endpoint and install malicious software signed by the malicious root certificates on that endpoint.

In doing so, the GlobalProtect app could be weaponized to steal a victim's VPN credentials, execute arbitrary code with elevated privileges, and install malicious root certificates that could be used to facilitate other attacks.

Similarly, an attacker could trick a user to connect their NetExtender client to a malicious VPN server and then deliver a counterfeit EPC Client update that's signed with a valid-but-stolen certificate to ultimately execute code with SYSTEM privileges.

"Attackers can exploit a custom URI handler to force the NetExtender client to connect to their server," AmberWolf said. "Users only need to visit a malicious website and accept a browser prompt, or open a malicious document for the attack to succeed."

While there is no evidence that these shortcomings have been exploited in the wild, users of Palo Alto Networks GlobalProtect and SonicWall NetExtender are advised to apply the latest patches to safeguard against potential threats.

The development comes as researchers from Bishop Fox detailed its approach to decrypting and analyzing the firmware embedded in SonicWall firewalls to further aid in vulnerability research and build fingerprinting capabilities in order to assess the current state of SonicWall firewall security based on internet-facing exposures.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



from The Hacker News https://ift.tt/fEKFgGn
via IFTTT

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Dec 03, 2024Ravie LakshmananThreat Intelligence / Email Security

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.

"Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September, some phishing emails disguised as if they were sent from Russia were observed."

This entails the abuse of VK's Mail.ru email service, which supports five different alias domains, including mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru.

Genians said it has observed the Kimsuky actors leveraging all the aforementioned sender domains for phishing campaigns that masquerade as financial institutions and internet portals like Naver.

Other phishing attacks have entailed sending messages that mimic Naver's MYBOX cloud storage service and aim to trick users into clicking on links by inducing a false sense of urgency that malicious files had been detected in their accounts and that they need to delete them.

Variants of MYBOX-themed phishing emails have been recorded since late April 2024, with the early waves employing Japanese, South Korea, and U.S. domains for sender addresses.

While these messages were ostensibly sent from domains such as "mmbox[.]ru" and "ncloud[.]ru," further analysis has revealed that the threat actor leveraged a compromised email server belonging to Evangelia University (evangelia[.]edu) to send the messages using a PHP-based mailer service called Star.

It's worth noting that Kimsuky's use of legitimate email tools like PHPMailer and Star was previously documented by enterprise security firm Proofpoint in November 2021.

The end goal of these attacks, per Genians, is to carry out credential theft, which could then be used to hijack victim accounts and use them to launch follow-on attacks against other employees or acquaintances.

Over the years, Kimsuky has proven to be adept at conducting email-oriented social engineering campaigns, employing techniques to spoof email senders to appear as if they are from trusted parties, thus evading security checks.

Earlier this year, the U.S. government called out the cyber actor for exploiting "improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



from The Hacker News https://ift.tt/nFpwxYB
via IFTTT

Monday, December 2, 2024

Simplify policy adoption in Terraform with pre-written Sentinel policies for AWS

We are excited to announce the public beta of pre-written Sentinel policy sets for AWS, now available for use in the Terraform registry. These new policies are co-created and co-owned by HashiCorp and AWS. They are written specifically to help organizations comply with industry standards and lower the barrier of adoption for infrastructure policy enforcement.

With this release, we aim to provide a turnkey solution to complex governance challenges and empower organizations to move faster without trade-offs between speed and security. This joint effort highlights the unique value of pairing AWS’s cloud infrastructure with HashiCorp’s automation and security capabilities.

Challenges in policy adoption

Sentinel is an embeddable policy as code framework that provides logic-based policy enforcement over infrastructure configurations in HashiCorp Terraform and other HashiCorp product configurations. This approach lets organizations treat policies like application code, meaning the code can be version controlled, audited, tested, and understood by stakeholders across the organization.

Sentinel policies help organizations control what Terraform users are allowed to do, ensuring that certain thresholds for infrastructure provisioning are not exceeded, and blocking insecure or non-compliant configurations.

See how Fannie Mae, a well-known and highly regulated financial institution, uses Sentinel policies to enforce 400+ preventative security, architectural, and financial guardrails to make sure its infrastructure meets compliance requirements.

While Sentinel can be used as a powerful tool to ensure cloud governance at scale, we understand that adopting policy as code workflows may be a daunting and time-consuming process. This is especially true for organizations that lack the resources and expertise to write policies from scratch. Starting from the ground up can lead to significant delays in the development and implementation of policies, and increase the risk of human error and misconfigurations.

Introducing co-owned pre-written policy sets with AWS

To address these challenges, HashiCorp and AWS co-developed a library of pre-written policies that cover a wide range of use cases, including security, compliance, and operational efficiency. These policies have been written by experts with years of experience in the industry, and have been tested and validated to ensure their reliability and efficiency. The policies are also customizable, allowing organizations to quickly adjust them to meet their specific needs.

These policies are written specifically for AWS services in compliance with the Center for Internet Security (CIS). CIS is a non-profit organization that provides prescriptive configuration recommendations that represent the consensus-based effort of cybersecurity globally. Our pre-written policy sets help with CIS AWS Foundation Benchmarks v1.2, v1.4, and v3.0, with supported services including:

  • EC2
  • KMS
  • Cloudtrail
  • S3
  • IAM
  • VPC
  • RDS
  • EFS

Users can now browse the Terraform Registry policy library to discover and reference the pre-built policies. With Sentinel’s native integration, users can quickly deploy the policy sets into their HCP Terraform organizations.

After deploying these policies, administrators can set three different enforcement levels:

  • Hard mandatory - If a policy fails, the run stops. You must resolve the failure to proceed.
  • Soft mandatory - Lets an organization owner or a user with override privileges proceed with the run in the event of failure.
  • Advisory - Will notify you of policy failures, but proceed with the operation.

The example Terraform run below shows two advisory-level CIS policies that were triggered.

Advisory

With this solution, organizations can consistently enforce policies of varying strictness across all of their infrastructure efficiently at scale. These pre-written policies should help organizations using AWS jumpstart their policy as code adoption — unlocking more speed and more security with no trade-offs.

Next steps

Try HCP Terraform out for free and see the benefits of policy as code workflows in action. For more information on Sentinel language and specifications, visit the Sentinel documentation page. If you would like to engage with the community to discuss information related to Sentinel use cases and best practices, visit the HashiCorp Community Forum.

Don’t forget to link your HCP Terraform and HashiCorp Cloud Platform (HCP) accounts for a seamless sign-in experience.



from HashiCorp Blog https://bit.ly/49m4z04
via IFTTT

A Beginner’s Guide to Building Outdoor Light Shows Synchronized to Music with Open Source Tools

Outdoor light displays are a fun holiday tradition — from simple light strings hung from the eaves to elaborate scenes that bring out your competitive spirit. If using open source tools, thousands of feet of electrical cables, custom controllers, and your favorite music to build complex projects appeals to you, then the holiday season offers the perfect opportunity to indulge your creative passion. 

I personally run home light shows at Halloween and Christmas that feature up to 30,000 individually addressable LED lights synchronized with dozens of different songs. It’s been an interesting learning journey over the past five years, but it is also one that almost anyone can pursue, regardless of technical ability. Read on for tips on how to make a display that’s the highlight of your neighborhood. 

A blue cube covered in a green string of holiday lights that are red and yellow.

Getting started with outdoor light shows

As you might expect, light shows are built using a combination of hardware and software. The hardware includes the lights, props, controllers, and cabling. On the software side, there are different tools for the programming, also called sequencing, of the lights as well as the playback of the show. 

coleman holiday lights f1
Figure 1: Light show hardware includes the lights, props, controllers, and cabling.

Hardware requirements

Lights

Let’s look more closely at the hardware behind the scenes starting with the lights. Multiple types of lights can be used in displays, but I’ll keep it simple and focus on the most popular choice. Most shows are built around 12mm RGB LED lights that support the WS2811 protocol, often referred to as pixels or nodes. Generally, these are not available at retail stores. That means you’ll need to order them online, and I recommend choosing a vendor that specializes in light displays. I have purchased lights from a few different vendors, but recently I’ve been using Wally’s Lights, Visionary Light Shows, and Your Pixel Store.  

Props

The lights are mounted into different props — such as a spider for Halloween or a snowflake for the winter holidays. You can either purchase these props, which are usually made out of the same plastic cardboard material used in yard signs, or you can make them yourself. Very few vendors sell pre-built props, so be ready to push the pixels by hand — yes, in my display either I or someone in my family pushed each of the 30,000 lights into place when we initially built the props. I get most of my props from EFL Designs, Gilbert Engineering, or Boscoyo Studio

coleman holiday lights f2
Figure 2: The lights are mounted into different props, which you can purchase or make yourself.

Controllers

Once your props are ready to go, you’ll need something to drive them. This is where controllers come in (Figure 3). Like the props and lights, you can get your controllers from various specialized vendors and, to a large extent, you can mix and match different brands in the same show because they all speak the same protocols to control the pixels (usually E1.31 or DDP). 

You can purchase controllers that are ready to run, or you can buy the individual components and build your own boxes — I grew up building PCs, so I love this degree of flexibility. However, I do tend to buy pre-configured controllers, because I like having a warranty from the manufacturer. My controllers all come from HolidayCoro, but Falcon controllers are also popular.

coleman holiday lights f3
Figure 3: Once your props are ready to go, you’ll need a controller.

The number of controllers you need depends on the number of lights in your show. Most controllers have multiple outputs, and each output can drive a certain number of lights. I typically plan for about 400 lights per output. Plus, I use about three main controllers and four receiver boxes. Note that long-range receivers are a way of extending the distance you can place lights from the main controller, but this is more of an advanced topic and not one I’ll cover in this introductory article.

Cables

Although controllers are powered by standard household outlets, the connection from the controllers to the lights happens over specialized cabling. These extension cables contain three wires. Two are used to send power to the lights (either 5v or 12v), and a third is used to send data. Basically, this third wire sends instructions like “light 1,232 turn green for .5 seconds then fade to off over .25 seconds.” You can get these extension cables from any vendor that sells pixels. 

Additionally, all of the controllers need to be on the same Ethernet network. Many folks run their shows on wireless networks, but I prefer a wired setup for increased performance and reliability. 

Software and music

At this point, you have a bunch of props with lights connected to networked controllers via specialized cabling. But, how do you make them dance? That’s where the software comes in.

xLights

Many hobbyists use xLights to program their lights. This software is open source and available for Mac, Windows, and Linux, and it works with three basic primitives: props, effects, and time. You can choose what effect you want to apply to a given prop at a given time (Figure 4). The timing of the effect is almost always aligned with the song you’ve chosen. For example, you might flash snowflakes off and on in synchronization with the drum beat of a song. 

Screenshot of light sequencing software, showing an array of options for turning specific lights on and off.
Figure 4: Programming lights.

Music

If this step sounds overwhelming to you, you’re not alone. In fact, I don’t sequence my own songs. I purchase them from different vendors, who create sequences for generic setups with a wide variety of props. I then import them and map them to the different elements that I actually use in my show. In terms of time, professionals can spend many hours to animate one minute of a song. I generally spend about two hours mapping an existing sequence to my show’s layout. My favorite sequence vendors include BF Light Shows, xTreme Sequences, and Magical Light Shows

Falcon Player

Once you have a sequence built, you use another piece of software to send that sequence to your show controllers. Some controllers have this software built in, but most people I know use another open source application, Falcon Player (FPP), to perform this task. Not only can FPP be run on a Raspberry Pi, but it also is shipped as a Docker image! FPP includes the ability to play back your sequence as well as to build playlists and set up a show schedule for automated playback. 

Put it all together and flip the switch

When everything is put together, you should have a system similar to Figure 5:

Illustration of system setup, showing connection of elements, from xLights to FPP to Controllers to Lights.
Figure 5: System overview.

This example shows a light display in action. 

xLights community support

Although building your own light show may seem like a daunting task, fear not; you are not alone. I have yet to mention the most important part of this whole process: the community. The xLights community is one of the most helpful I’ve ever been part of. You can get questions answered via the official Facebook group as well through as other groups dedicated to specific sequence and controller vendors. Additionally, a Zoom support meeting runs 24×7 and is staffed by hobbyists from across the globe. So, what are you waiting for? Go ahead and start planning your first holiday light show!

Learn more



from Docker https://bit.ly/3Vl0CCR
via IFTTT

Apache CloudStack 4.20

Apache CloudStack 4.20 introduces exciting new features and enhancements, marking another milestone in cloud infrastructure management. As an LTS (Long Term Support) release, it will be maintained for 18 months, providing long-term stability and support to CloudStack deployments.

Below is a summary of the major new features introduced in this version:

ARM64 Support and Multi-Architecture Zones

Adds ARM64 support, enabling deployment across ARM64 and x86_64 Hosts in the same Zone, optimizing workload performance.

Shared File Systems

Introduces a Shared File System feature for Instances, supporting NFS with XFS or EXT4, simplifying high-availability storage.

VMware NSX-T Support

Integrates with NSX-T v4, enabling advanced network features like dynamic routing and security services in VMware environments.

Usage Management UI

New graphical interface for tracking, reporting, and managing usage data, improving resource utilization and transparency.

CloudStack Webhooks

Adds a Webhook Framework for real-time notifications and integration with third-party tools based on system events.

Implicit Hardware-Based Host Tags

Automatically tags Hosts based on hardware specifications, optimizing resource allocation for KVM Hosts.

NAS Backup and Recovery Plugin

Extends backup options to support NAS-based storage for better cloud resource protection.

CEPH RGW Plugin for Object Storage

Adds CEPH RGW to the Object Storage Framework, offering scalable storage for unstructured data.

Granular Resource Limits

It allows Administrators to set precise Compute and Storage limits, managing specialized resources like GPU Servers, ARM/x86 Hosts, and different Primary Storage types.

Dynamic & Static Routing

Supports BGP-based dynamic routing and IPv4/IPv6 static routing, eliminating NAT overhead and providing efficient traffic management.

Security Groups for Shared Networks in Advanced Zones

Enables Security Groups in Shared Networks, providing Instance-level security in Advanced Zones that wasn’t previously supported.

 

These new features in Apache CloudStack 4.20 make the platform even more robust and flexible, delivering advanced capabilities to meet the demands of modern cloud environments. Now, let’s delve deeper into each feature to understand the enhancements introduced in this release.

 

ARM64 Support and Multi-Architecture Zones

Apache CloudStack 4.20 introduces full support for ARM64 architecture, providing Users with the flexibility to deploy Instances across both ARM64 and traditional x86_64 systems. This feature enables the use of ARM64 and x86_64 hosts within the same Zone, but each cluster must maintain a homogeneous CPU architecture.

ARM64 has gained popularity for its power efficiency and cost-effectiveness, especially in scenarios like mobile backend services, cloud-native applications, and large-scale compute environments where ARM architecture provides tangible benefits in terms of reduced power consumption and lower operational costs. With CloudStack 4.20, Administrators can now take advantage of these benefits by creating Zones that support both ARM64 and x86_64 Clusters, allowing workloads to be strategically allocated based on specific requirements.

The architecture can be explicitly defined when creating Templates, ISOs, or Kubernetes ISOs, ensuring that each resource is compatible with the underlying hardware. Additionally, when deploying Instances or Kubernetes Clusters, CloudStack automatically ensures that the right architecture is selected, matching them with the appropriate Host hardware.

 

 

 

Shared Filesystem

Apache CloudStack 4.20 introduces the Shared Filesystem feature, which allows multiple Instances in the same Network to access the same NAS file system simultaneously. This functionality brings CloudStack in line with similar offerings from other cloud providers, such as AWS’s Elastic File System (EFS), providing a flexible, scalable solution for applications that require shared data access across multiple Instances.

The Shared Filesystem feature is particularly useful in scenarios where data consistency and accessibility are critical. High-availability clusters, distributed applications, and services requiring shared file storage, such as webservers, media servers, database clusters, and containerized workloads, can greatly benefit from this functionality. By centralizing the storage in a single shared filesystem, multiple Instances can access and modify the same data in real time without the need for complex data replication or synchronization mechanisms.

The initial implementation of the Shared Filesystem feature supports NFS (Network File System), with the use of XFS or EXT4 as the file system. NFS is a widely adopted protocol for sharing files across a network, and its integration with CloudStack ensures broad compatibility and reliability for enterprise-level deployments. Users can configure shared file systems directly within CloudStack, managing file shares through the CloudStack UI and API.

This feature simplifies storage architectures by eliminating the need for redundant data stores for applications that require shared data access. It reduces the complexity of managing distributed data systems and improves the efficiency of shared access to large datasets, media content, or application logs. Additionally, CloudStack’s Shared Filesystem is designed to scale up, enabling users to expand Disk and Compute Offerings as needed to accommodate increasing demands as their cloud environments grow.

 

Support for VMware NSX

Apache CloudStack 4.20 enhances its networking capabilities by integrating support for VMware NSX-T v4, a powerful network virtualization platform specifically designed for VMware vSphere environments. This feature allows CloudStack Users to leverage NSX-T’s advanced networking functions, such as dynamic routing, micro-segmentation, load balancing, and enhanced network security.

NSX-T allows CloudStack to provide comprehensive network services, including dynamic routing protocols like BGP, firewall rules, and NAT (Network Address Translation). Micro-segmentation, enabled through NSX-T, allows Administrators to control east-west traffic between Instances with precision, enhancing security by isolating workloads and reducing the risk of lateral movement of threats within the network.

A major advantage of NSX-T integration is that it allows CloudStack to offload critical network functions—such as routing, firewalling, and load balancing—from CloudStack’s Virtual Routers to NSX-T. NSX-T integration continue using CloudStack’s Virtual Routers to delivery services such as DHCP server, DNS and user-data for automation based on cloud-init. This improves performance and scalability, allowing NSX-T to manage network traffic more efficiently. With NSX-T’s distributed architecture, CloudStack can handle network traffic more seamlessly, particularly in large-scale deployments.

The management traffic must be kept outside of NSX-T, using a separate VLAN as usual, along with a dedicated Public IP Address range for CloudStack’s Virtual Routers and System VMs. In summary, the VMware NSX-T Support introduced in CloudStack 4.20 brings enterprise-grade networking capabilities to CloudStack environments based on the VMware vSphere hypervisor.

 

Usage Management UI

CloudStack 4.20 introduces a new Usage Management UI, making it easier for Administrators to track, view, and manage resource consumption across cloud environments. This feature provides detailed insights into the usage of cloud resources per Account and Domain basis, simplifying the process of monitoring resource utilization. Administrators can now search, filter, and export usage data directly through the CloudStack UI, streamlining billing and reporting tasks. This new UI replaces the previously manual process of retrieving usage data via APIs or command-line tools, significantly enhancing usability.

Additionally, the Usage Management UI enables Administrators to purge old usage data, improving database performance by removing outdated records. By providing better visibility into historical usage patterns, this feature helps operators optimize resource allocation, reduce waste, and control costs more effectively.

 

CloudStack Webhooks

CloudStack 4.20 introduces Webhook support, allowing Users to configure real-time notifications and interactions with external systems when specific cloud events occur. Webhooks can be triggered by various predefined events, such as Instance state changes (start, stop, reboot), user login, resource creation, resource scaling, or backup completion. When triggered, webhooks send HTTP POST requests to external endpoints, enabling integration with external systems and services in real time.

Users can create and manage webhooks through the CloudStack UI or API, defining the events that will trigger the webhook. This functionality is valuable for integrating CloudStack with external monitoring tools, automation platforms, or notification services. For example, when an Instance scales up, a webhook could notify a monitoring system, trigger a capacity adjustment, or alert relevant teams.

Webhooks provide a mechanism for external systems to stay informed and react to cloud events, making CloudStack environments more adaptable and ensuring that external tools and services receive timely updates on important cloud operations.

 

Implicit Hardware-Based Host Tags

Starting with Apache CloudStack 4.20, Implicit Host Tags allow CloudStack Administrators to automatically assign tags to KVM Hosts based on their server configurations. This is an enhancement over earlier versions, where tags could only be set manually via the CloudStack API or UI. With implicit host tagging, the tags are generated dynamically based on hardware and software attributes such as CPU architecture, network card type and speed, hard disk type, GPU model, and OS distribution and version.

To enable implicit host tagging, Administrators need to modify the KVM host configuration by adding the relevant tags to the /etc/cloudstack/agent/agent.properties file and then restarting the CloudStack agent. This process allows CloudStack to automatically recognize the Host’s capabilities and assign appropriate tags. Additionally, implicit tags can be managed using automation tools like Chef, Ansible, or Puppet, further simplifying the process for large-scale environments.

It’s important to note that Implicit Host Tags are only supported on KVM hosts and are not managed through the CloudStack API. Moreover, they are not compatible with flexible host tags, which are manually assigned explicit tags. However, both explicit and implicit tags function similarly in terms of Instance deployment and migration, ensuring proper workload allocation based on Host capabilities.

Granular Resource Limits

CloudStack 4.20 introduces Granular Resource Limit Management, allowing Administrators to set precise limits for compute and storage resources. These limits are applied to Domain and Account level, covering resources such as Instances, CPU, memory, Volumes, and Primary Storage. Administrators can control specialized Compute resources like ARM and x86 hosts, GPU-enabled servers, and different types of storage, including high-performance SSDs and lower-performance SAS/SATA disks.

For Compute resources, administrators can apply granular limits to CPU architectures or hardware configurations, ensuring that each compute resource is used appropriately based on workload demands. Similarly, for Storage, limits can be set to manage the allocation of high-performance SSD storage for critical applications, while restricting fewer demanding workloads to SAS/SATA disks. This granular control helps optimize resource allocation according to specific performance requirements, ensuring that specialized resources are used efficiently.

Through CloudStack’s API and UI, Administrators can dynamically manage resource limits, list capacities, and monitor usage in real-time. During deployments, CloudStack enforces both overall and granular limits, ensuring that Instances are deployed according to these resource constraints, preventing overutilization, and maximizing resource efficiency across the infrastructure.

 

Dynamic & Static Routing

CloudStack 4.20 introduces support for both Dynamic and Static Routing, offering Administrators enhanced control over network traffic in complex cloud environments. This feature allows the integration of dynamic routing using BGP (Border Gateway Protocol), as well as manual static route configuration, providing the flexibility to adapt to diverse networking needs.

Dynamic routing is achieved through BGP Peers, which are configured at the Zone level. Administrators can set up BGP peers to automatically exchange route information between networks. CloudStack allows the configuration of multiple peers with different metrics, enabling efficient route propagation across the network. This is particularly useful in large or multi-Zone environments where networks need to adapt to frequent changes in topology, improving both scalability and resiliency.

A key aspect of dynamic routing is the management of Autonomous System (AS) Numbers, which Administrators can configure using the Create AS Range form. Administrators need to define the AS Number Range that will be used in BGP. This configuration simplifies BGP management by automating the allocation of AS numbers as networks are created, ensuring efficient and seamless dynamic routing across cloud environments.

For Static Routing, CloudStack introduces the ability to manage IPv4 subnets for networks operating in routed mode, extending the existing IPv6 static routing support. Administrators can allocate specific subnets for Isolated and VPC Networks, defining static routes that create fixed paths for network traffic. This ensures predictable traffic flow between network segments, beneficial for environments requiring specific routing policies or compliance standards. The Virtual Routers (VRs) act as gateways in routed mode, making guest Instance IPs publicly accessible while maintaining control over traffic through static routes.

Considering IPv4 addresses, this feature eliminates the overhead related to NAT translations, allowing Instances to have direct public IP addresses. This setup avoids the complexities of source NAT and port forwarding, providing a more straightforward path for traffic.

 

NAS Backup and Recovery Plugin

CloudStack 4.20 introduces the NAS Backup and Recovery Plugin, expanding the existing backup framework to support network-attached storage (NAS) as a backup destination. This plugin works alongside current solutions like Veeam, Dell, and Backroll, giving administrators a flexible way to integrate NAS into their backup strategies. By supporting NAS, CloudStack provides a straightforward and effective method for handling backups within diverse infrastructure setups.

The plugin is designed specifically for KVM environments, allowing Users to schedule backups and perform restore tasks directly from the CloudStack UI. It integrates seamlessly with NAS storage systems, enabling efficient copying of both Instances and data volumes to the designated NAS. Currently, the plugin supports NFS as the primary NAS protocol, with future plans to add support for other shared storage options like CephFS and CIFS/Samba.

 

CEPH RGW Plugin for Object Storage Framework

CloudStack 4.20 introduces the CEPH RGW Plugin to its existing Object Storage Framework, complementing the current MinIO integration. The CEPH RGW (RADOS Gateway) provides a scalable, distributed, and resilient object storage solution, making it an ideal choice for managing unstructured data like backups, media files, and logs in large-scale cloud environments.

With CEPH RGW, CloudStack administrators can take advantage of an enterprise-grade object storage platform that supports massive scalability and high availability, ensuring that data can be stored, retrieved, and managed efficiently. This plugin integrates directly with the Object Storage Framework, enabling users to utilize CEPH RGW as a first-class object storage provider. The integration allows for seamless storage of large volumes of data with low operational overhead, making it particularly beneficial for organizations with growing storage needs.

The addition of CEPH RGW enhances CloudStack’s flexibility by offering another robust option for object storage, alongside MinIO. By supporting multiple storage backends, CloudStack gives administrators the freedom to select the best solution based on their specific infrastructure requirements, ensuring both performance and reliability in data management.

 

Security Group for Shared Networks in Advanced Zones

CloudStack 4.20 introduces support for Security Groups on Shared Networks within Advanced Zones, enabling users to apply Instance-level security policies in Shared Network environments. Administrators must first configure routing on the underlying network router and define the network’s VLAN. Then, during the creation of the Shared Network in CloudStack, they configure the associated VLAN, IPv4 and/or IPv6 settings, and specify the scope (e.g., ALL, Domain, Account, or Project).

Once the Shared Network is created, Users can define and apply Security Group policies to individual Instances. These policies provide granular control over inbound and outbound traffic using parameters such as IP addresses, protocols, and port ranges. Leveraging Security Groups on Shared Networks ensures tighter control over network access and traffic flow, even when resources are shared on a flat network among multiple Accounts and Domains.

The post Apache CloudStack 4.20 appeared first on ShapeBlue.



from CloudStack Consultancy & CloudStack... https://bit.ly/4iibhrK
via IFTTT

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

Dec 02, 2024Ravie LakshmananCyber Threats / Weekly Recap

THN Recap

Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds.

And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity experts have trouble spotting them. What's even crazier? Some of the latest malware is like a digital chameleon - it literally watches how you try to catch it and changes its behavior to slip right past your defenses.

Pretty mind-bending stuff, right? This week's roundup is packed with eye-opening developments that'll make you see your laptop in a whole new light.

⚡ Threat of the Week

T-Mobile Spots Hackers Trying to Break In: U.S. telecom service provider T-Mobile caught some suspicious activity on their network recently - basically, someone was trying to sneak into their systems. The good news? They spotted it early and no customer data was stolen. While T-Mobile isn't pointing fingers directly, cybersecurity experts think they know who's behind it - a hacking group nicknamed 'Salt Typhoon,' which apparently has ties to China. What makes this really interesting is that these hackers have a brand new trick up their sleeve: they're using a previously unknown backdoor tool called GHOSTSPIDER. Think of it as a skeleton key that no one knew existed until now. They've been using this same tool to target telecom companies across Southeast Asia.

Phish Kit TeardownPhish Kit Teardown

Webinar: Phish Kit Teardown — How AitM phish kits evade detection

Do your employees keep getting phished with adversary-in-the-middle (AitM) kits like Evilginx, Nakedpages, and Tycoon? You aren't the only one… Ride along with Push Security as they tear down popular AitM phishing kits to demonstrate how attackers are finding ways through your detection controls.

Register Now

🔔 Top News

  • Prototype UEFI Bootkit Targeting Linux Detected: Bootkits refer to a type of malware that is designed to infect a computer's boot loader or boot process. In doing so, the idea is to execute malicious code before even initializing the operating system and bypass security measures, effectively granting the attackers absolute control over the system. While bootkits discovered to date have only targeted Windows machines, the discovery of Bootkitty indicates that it's no longer the case. That said, it's assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.
  • Avast Anti-Rootkit Driver Used to Disarm Security Software: A new malware campaign is leveraging a technique called Bring Your Own Vulnerable Driver (BYOVD) to obtain elevated privileges and terminate security-related processes by making use of the legitimate Avast Anti-Rootkit driver (aswArPot.sys). The exact initial access vector used to drop the malware is currently not clear. It's also not known what the end goal of these attacks are, who are the targets, or how widespread they are.
  • RomCom Exploits Mozilla Fire and Windows 0-Days: The Russia-aligned threat actor known as RomCom chained two zero-day security flaws in Mozilla Firefox (CVE-2024-9680, CVSS score: 9.8) and Microsoft Windows (CVE-2024-49039, CVSS score: 8.8) as part of attacks designed to deliver the eponymous backdoor on victim systems without requiring any user interaction. The vulnerabilities were fixed by Mozilla and Microsoft in October and November 2024, respectively.
  • LockBit and Hive Ransomware Operator Arrested in Russia: Mikhail Pavlovich Matveev, a Russian national who is wanted in the U.S. in connection with LockBit and Hive ransomware operations, has been arrested and charged in the country for developing malicious programs that can encrypt files and for seeking ransom payments in exchange for a decryption key. While he is unlikely to be extradited to the U.S., the development comes a little over a month after four members of the now-defunct REvil ransomware operation were sentenced to several years in prison in Russia.
  • New Botnet Linked to DDoS Campaign: A script kiddie likely of Russian origin has been using publicly available malware tools from GitHub and exploits targeting weak credentials, configurations, and known security flaws to assemble a distributed denial-of-service (DDoS) botnet capable of disruption on a global scale. The threat actor has established a store of sorts on Telegram, where customers can buy different DDoS plans and services in exchange for a cryptocurrency payment.

‎️‍🔥 Trending CVEs

We've spotted some big security issues in popular software this week. Whether you're running a business or just managing a personal site, these could affect you. The fix? Keep your software updated. Most of these problems are solved with the latest security patches from the vendors.

The list includes:: CVE-2024-11680 (ProjectSend), CVE-2023-28461 (Array Networks AG and vxAG), CVE-2024-10542, CVE-2024-10781 (Spam protection, Anti-Spam, and FireWall plugin), CVE-2024-49035 (Microsoft Partner Center), CVE-2024-49806, CVE-2024-49803, CVE-2024-49805 (IBM Security Verify Access Appliance), CVE-2024-50357 (FutureNet NXR routers), CVE-2024-52338 (Apache Arrow R package), CVE-2024-52490 (Pathomation), CVE-2024-8672 (Widget Options – The #1 WordPress Widget & Block Control plugin), CVE-2024-11103 (Contest Gallery plugin), CVE-2024-42327 (Zabbix), and CVE-2024-53676 (Hewlett Packard Enterprise Insight Remote Support).

📰 Around the Cyber World

  • Five Unpatched NTLM Flaws Detailed: While Microsoft may have confirmed its plans to deprecate NTLM in favor of Kerberos, the technology continues to harbor security weaknesses that could enable attackers to obtain NTLM hashes and stage pass-the-hash attacks that allow them to authenticate themselves as a victim user. Cybersecurity firm Morphisec said it identified five significant NTLM vulnerabilities that could be exploited to leak the credentials via Malicious RTF Document Auto Link in Microsoft Word, Remote Image Tag in Microsoft Outlook, Remote Table Refresh in Microsoft Access, Legacy Player Files in Microsoft Media Player, and Remote Recipient List in Microsoft Publisher. Microsoft has acknowledged these flaws but noted that they are either by design or do not meet the bar for immediate servicing. It's recommended to restrict NTLM usage, enable SMB signing and encryption, block outbound SMB connections to untrusted networks, and switch to Kerberos-only authentication.
  • Raspberry Robin's Anti-Analysis Methods Revealed: Cybersecurity researchers have detailed the several binary-obfuscation and techniques Raspberry Robin, a malware downloader also known as Roshtyak, has incorporated to fly under the radar. "When Raspberry Robin detects an analysis environment, it responds by deploying a decoy payload to mislead researchers and security tools," Zscaler ThreatLabz said. "Raspberry Robin is protected and unwrapped by several code layers. All code layers use a set of obfuscation techniques, such as control flow flattening and Mixed Boolean-Arithmetic (MBA) obfuscation." Obfuscation and encryption have also been hallmarks of another malware family tracked as XWorm, highlighting the threat actor's ability to adapt and bypass detection effects. The disclosure comes as Rapid7 detailed the technical similarities and differences between AsyncRAT and Venom RAT, two open-source trojans that have been widely adopted by several threat actors over the years. "While they indeed belong to the Quasar RAT family, they are still different RATs," it noted. "Venom RAT presents more advanced evasion techniques, making it a more sophisticated threat."
  • BianLian Ransomware Shifts to Pure Extortion: U.S. and Australian cybersecurity agencies have revealed that the developers of the BianLian ransomware are likely based in Russia and that they "shifted primarily to exfiltration-based extortion around January 2023 and shifted to exclusively exfiltration-based extortion around January 2024." The change follows the release of a free BianLian decryptor in early 2023. Besides using PowerShell scripts to conduct reconnaissance, the attacks are notable for printing ransom notes on printers connected to the compromised network and placing threatening calls to employees of the victim companies to apply pressure. According to data collected by Corvus, RansomHub, Play, LockBit 3.0, MEOW, and Hunters International have accounted for 40% of all attacks observed in Q3 2024. A total of 1,257 victims were posted on data leak sites, up from 1,248 in Q2 2024. "The number of active ransomware groups increased to 59, continuing the trend of new groups entering the landscape, with activity overall becoming more distributed across numerous smaller groups," the company said.
  • VietCredCare and Ducktail Campaigns Compared: Both VietCredCare and Ducktail are information stealers that are specifically designed to target Facebook Business accounts. They are believed to be operated by threat actors within Vietnam. A law enforcement exercise undertaken by Vietnamese law enforcement agencies in May 2024 led to the arrest of more than 20 individuals likely involved in these activities, resulting in a substantial reduction in campaigns distributing VietCredCare. However, Ducktail-related campaigns appear to be ongoing. "While both target Facebook business accounts, they differ significantly in their code structures," Group-IB said. "Threat actors use different methods of malware proliferation and approaches to monetizing stolen credentials. This makes us think that the operators behind both campaigns are not related to each other." Despite these differences, it has been discovered that the threat actors behind the different malware families share the same Vietnamese-speaking communities to sell the stolen credentials for follow-on malvertising campaigns.
  • CyberVolk, a Pro-Russian Hacktivist Collective Originating from India: The threat actors behind CyberVolk (aka GLORIAMIST) have been observed launching ransomware and DDoS attacks against public and government entities that it perceives as opposed to Russian interests. It's allegedly led by a threat actor, who goes by the online alias Hacker-K. But it's unclear where the group is currently based or who its other members are. Since at least May 2024, the group has been found to quickly embrace and modify existing ransomware builders such as AzzaSec, Diamond, Doubleface (aka Invisible), LockBit, Chaos, and Babuk to launch its attacks. It's worth noting that the source code of AzzaSec and Doubleface have suffered leaks of their own in recent months. "Additionally, CyberVolk has promoted other ransomware families like HexaLocker and Parano," SentinelOne said, while distributing info stealer malware and webshells. "These groups and the tools they leverage are all closely intertwined." As of early November 2024, CyberVolk has had its Telegram channel banned, prompting it to shift to X.

🎥 Expert Webinar

  • 🤖 Building Secure AI Apps—No More Guesswork — AI is taking the world by storm, but are your apps ready for the risks? Whether it's guarding against data leaks or preventing costly operational chaos, we've got you covered. In this webinar, we'll show you how to bake security right into your AI apps, protect your data, and dodge common pitfalls. You'll walk away with practical tips and tools to keep your AI projects safe and sound. Ready to future-proof your development game? Save your spot today!
  • 🔑 Protect What Matters Most: Master Privileged Access Security — Privileged accounts are prime targets for cyberattacks, and traditional PAM solutions often leave critical gaps. Join our webinar to uncover blind spots, gain full visibility, enforce least privilege and Just-in-Time policies, and secure your organization against evolving threats. Strengthen your defenses—register now!

🔧 Cybersecurity Tools

  • Sigma Rule Converter An open-source tool that simplifies translating Sigma rules into query formats compatible with various SIEM systems like Splunk and Elastic. Ideal for threat hunting, incident response, and security operations, it streamlines integration, ensures rapid deployment of updated detection rules, and supports multiple backends via pySigma. With its user-friendly interface and regular updates, it enables security teams to adapt quickly to evolving threats.
  • CodeQL Vulnerability Detection Tool: CodeQL is a powerful tool that helps developers and security researchers find bugs in codebases like Chrome. It works by creating a database with detailed information about the code, allowing you to run advanced searches to spot vulnerabilities. Pre-built Chromium CodeQL databases make it easy to dive into Chrome's massive codebase of over 85 million lines. With its ability to track data flow, explore code structures, and detect similar bugs, CodeQL is perfect for improving security. Google's collaboration with the CodeQL team ensures continuous updates for better performance.

🔒 Tip of the Week

Your Screenshots Are Secretly Talking Behind Your Back — Every screenshot you share could reveal your device info, location, OS version, username, and even internal system paths without your knowledge. Last month, a tech company accidentally leaked their project codenames through screenshot metadata! Here's your 30-second fix: On Windows, right-click → Properties → Details → Remove Properties before sharing. Mac users can use Preview's export feature (uncheck "More Options"), while mobile users should use built-in editing tools before sharing. For automation, grab ImageOptim (free) - it strips metadata with a simple drag-and-drop. Quick verification: Upload any screenshot to exif.app and prepare to be surprised at how much hidden data you've been sharing. Pro tip: Create a designated 'sanitized screenshots' folder with automated metadata stripping for your sensitive work-related captures. Remember, in 2023, screenshot metadata became a primary reconnaissance tool for targeted attacks - don't let your images do the attackers' work for them.

Conclusion

So here's the thing that keeps security folks up at night - some of today's smartest malware can actually hide inside your computer's memory without ever touching the hard drive (spooky, right?). It's like a ghost in your machine.

But don't worry, it's not all doom and gloom. The good guys are cooking up some seriously cool defenses too. Think AI systems that can predict attacks before they happen (kind of like Minority Report, but for cyber crimes), and new ways to encrypt data that even quantum computers can't crack. Wild stuff!

Before you head back to your digital life, remember this fun fact: your smartphone today has more computing power than all of NASA had when they first put humans on the moon - and yes, that means both the good guys and the bad guys have that same power at their fingertips. Stay safe out there, keep your updates running, and we'll see you next week with more fascinating tales from the cyber frontier.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



from The Hacker News https://bit.ly/3ZeUPjs
via IFTTT