Traduttore automatico - Read this site in another language

lunedì 25 febbraio 2019

Après Daech, un nouvel Irak



Qualche minuto dopo le 18 ha inizio la conferenza dal titolo: "Après Daech, un nouvel Irak". Conferenziere d'eccezione il Presidente dell'Irak Barham Saleh.

Il dibattito è guidato da Thierry de Montbrial, presidente dell'ifri, uno dei più influenti think tank al mondo.

Il Presidente Barham Saleh, eletto lo scorso 2 ottobre 2018, si presenta come una persona pacata, paziente, convinto delle sue idee ma aperto alla discussione.
Il suo paese, dice, è un paese che sta uscendo dalla distruzione dell'ultima guerra, mettendo davanti a tutto la voglia di creare qualcosa da lasciare ai giovani, mettendo da parte odio e risentimenti. Dalla sua elezione ha iniziato a visitare i suoi vicini, l'Iran, l'Afghanistan, la Russia... e con tutti si è parlato della volontà di cambiare corso, della necessità che l'Irak torni un paese stabile e sicuro, perché dalla stabilità e dalla sicurezza possono guadagnare tutti, non solo gli iracheni ma anche tutti coloro che hanno dei legami con l'Irak. 
Un esempio colpisce il nostro immaginario di occidentali, la distruzione delle due guerre mondiali, rievocata dal Presidente  Barham Saleh per paragonarla alla distruzione subita dal suo popolo. Se l'Europa è riuscita a risollevarsi dopo un simile massacro, beh, dice allora possiamo essere ottimisti e dire che possiamo riuscirci anche noi iracheni...
La politica è importante, afferma, ma anche il lavoro per i giovani, la crescita della popolazione, i guadagni, l'industria, la lotta alla corruzione, la cultura...
Ci sono ancora tante cose da fare, dice, tante sfide non da poco, sfide difficili, ma vogliamo tutti dare un segnale forte, che si può tornare alla normalità.
Un segnale di speranza dal Presidente di una terra distrutta dalla guerra ma che, almeno così si spera, ha voglia di andare avanti, superando gli ostacoli che ha davanti e ritornare a vivere.
Questi, in breve, i concetti espressi nella serata e per i quali mi sento di augurare al Presidente i migliori auguri per il futuro.

Alessandro RUGOLO

https://www.ifri.org/fr/debats/apres-daech-un-nouvel-irak



domenica 24 febbraio 2019

Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says


Oracle Press release 


Oracle and KPMG study finds that confusion over cloud security responsibilities, lack of visibility and shadow IT complicate corporate security

REDWOOD SHORES, Calif. and NEW YORK—Feb 20, 2019

Companies continue to move business critical workloads and their most sensitive data to the cloud, yet security challenges remain, according to the second annual Oracle and KPMG Cloud Threat Report 2019 released today. The report found that 72 percent of respondents feel the public cloud is more secure than what they can deliver in their own data center and are moving data to the cloud, but visibility gaps remain that can make it hard for businesses to understand where and how their critical data is handled in the cloud.
The survey also found a projected 3.5 times increase in the number of organizations with more than half of their data in the cloud from 2018 to 2020, and 71 percent of organizations indicated that a majority of this cloud data is sensitive, up from 50 percent last year. However, the vast majority (92 percent) noted they are concerned about employees following cloud policies designed to protect this data.
The report found that the mission-critical nature of cloud services has made cloud security a strategic imperative. Cloud services are no longer nice-to-have tertiary elements of IT—they serve core functions essential to all aspects of business operations. The 2019 report identified several key areas where the use of cloud service can present security challenges for many organizations.
  • Confusion about the shared responsibility security model has resulted in cybersecurity incidents. Eighty-two percent of cloud users have experienced security events due to confusion over the shared responsibility model. While 91 percent have formal methodologies for cloud usage, 71 percent are confident these policies are being violated by employees, leading to instances of malware and data compromise.
  • CISOs are too often on the cloud security sidelines. Ninety percent of CISOs surveyed are confused about their role in securing a Software as a Service (SaaS) versus the cloud service provider environment.
  • Visibility remains the top security challenge. The top security challenge identified in the survey is detecting and reacting to security incidents in the cloud, with 38 percent of respondents naming it as their top challenge today. Thirty percent cited the inability of existing network security controls to provide visibility into cloud-resident server workloads as a security challenge.
  • Rogue cloud application use and lack of security controls put data at risk. Ninety-three percent of respondents indicated they are still dealing with “shadow IT”—in which employees use unsanctioned personal devices and storage or file share software for corporate data. Half of organizations cited lack of security controls and misconfigurations as common reasons for fraud and data exposures. Twenty-six percent of organizations cited unauthorized use of cloud services as their biggest cybersecurity challenge today.

“The world’s most important workloads are moving to the cloud, heightening the need for a coordinated, integrated and layered security strategy,” said Kyle York, vice president of product strategy, Oracle Cloud Infrastructure. “Starting with a cloud platform built for security and applying AI to safeguard data while also removing the burden of administrative tasks and patching removes complexity and helps organizations safeguard their most critical asset—their data.”
“As organizations continue to transition their cyber security thinking from strictly risk management to more of a focus on business innovation and growth, it is important that enterprise leaders align their business and cyber security strategies,” said Tony Buffomante, U.S. Leader of KPMG LLP’s Cyber Security Services. “With cloud services becoming an integral part of business operations, there is an intensified need to improve the security of the cloud and to integrate cloud security into the organization’s broader strategic risk mitigation plans.”
Oracle Press release

sabato 23 febbraio 2019

ExxonMobil to increase Permian profitability through digital partnership with Microsoft

Microsoft News Center

  • Permian application to generate billions of dollars in value over the next decade and drive capital efficiency
  • Potential to expand production by as much as 50,000 oil-equivalent barrels a day by 2025
  • Largest-ever oil and gas acreage to use cloud technology
IRVING, Texas — February 22, 2019 — ExxonMobil said today a new partnership with Microsoft Corp. will make its Permian Basin operations the largest-ever oil and gas acreage to use cloud technology and is expected to generate billions in net cash flow over the next decade through improvements in analyses and enhancements to operational efficiencies.
The application of Microsoft technologies by ExxonMobil’s XTO Energy subsidiary – including Dynamics 365, Microsoft Azure, Machine Learning and the Internet of Things – is anticipated to improve capital efficiency and support Permian production growth by as much as 50,000 oil-equivalent barrels per day by 2025.
“The combination of Microsoft’s technologies with our unique strengths in oilfield technologies, production efficiency and integration will help drive growth in the Permian and serve as a model for additional implementation across the U.S. and abroad,” said Staale Gjervik, senior vice president, Permian Integrated Development for XTO. “The unconventional business is fast moving, complex and data rich, which makes it well suited for the application of digital technologies to strengthen our operations and help deliver greater value.”
ExxonMobil’s partnership with Microsoft includes an integrated cloud environment that securely and reliably collects real-time data from oil field assets spanning hundreds of miles. The data will enable ExxonMobil to make faster and better decisions on drilling optimization, well completions and prioritization of personnel deployment. Importantly, leak detection and repair response times could be further reduced with enhanced access to emissions data, strengthening XTO’s voluntary actions to manage methane emissions.
ExxonMobil’s application of these technologies in its Permian Basin acreage, which covers a 9.5 billion oil-equivalent barrel resource base and more than 1.6 million acres, represents industry’s largest acreage position using cloud technology.
Alysa Taylor, corporate vice president of Microsoft Business Applications and Industry, said ExxonMobil is taking a leadership approach in its digital strategy.
“ExxonMobil is leading the way for industry, grounding its goals in making data-driven decisions that will result in safer operations for its employees and more profitable activities for the company,” said Taylor. “Our cloud infrastructure and business applications will continue to support ExxonMobil as it fully realizes its strategy across the Permian.”
Microsoft’s platforms, including Azure Data Lake, will enable ExxonMobil to rapidly incorporate third-party solutions at scale across the Permian. Examples include mobile field data apps to optimize well performance, and AI algorithms for analyzing drilling and completions data to improve performance.
With the additional layer of Microsoft’s intelligent business applications, such as Dynamics 365, ExxonMobil and XTO will have a complete, end-to-end view of the Permian operations.
“Digital technology is a fundamental enabler for our Permian development,” said Gjervik. “Through our partnership with Microsoft, we’re combining our technical and engineering expertise with cloud and data analytics capabilities to develop the Permian resource in the most capital-efficient manner. Collaboration with Microsoft is key to our future development efforts, which include predictive maintenance capacities, innovative tools for employees, and artificial intelligence and machine learning integration.”
Press release

venerdì 22 febbraio 2019

Sophos Central Management Platform Now Features All Next-Gen Cybersecurity Protection from Sophos

Press Release Sophos  19 feb 2019

Addition of Sophos XG Firewall provides advanced Synchronized Security capabilities for accelerated response to cyberattacks from a single cloud-based management console
OXFORD, U.K. – Feb. 19, 2019 – Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that the next-gen Sophos XG Firewall is now available through Sophos Central, bringing Sophos’ complete portfolio of cybersecurity solutions into a single, cloud-based management platform. Sophos partners and customers are now able to manage their next-gen endpoint and network protection from a single pane of glass.
In addition to the efficiency of managing multiple products through a single, cloud management platform, threat detection and response times are improved by the Security Heartbeat in Sophos’ Synchronized Security technology. This advanced approach shares security incident alerts directly between Sophos network and endpoint protection products. The XG Firewall will automatically communicate with Sophos’ endpoint products to proactively protect against threats, interrupt the attack chain by isolating machines, and take steps to remediate the attack. Sophos Central effectively creates a system of security that can leverage the artificial intelligence in Intercept X with EDR to respond faster and more effectively than individual products alone.
“IT organizations do not have the resources to respond to the volume of constant and constantly shifting cyberattacks. Sophisticated threats require intelligent security solutions that are predictive, multi-layered, and can work together as a system. With Sophos Central, partners and their customers have access to all Sophos next-generation security technologies and can benefit from the advances in Synchronized Security from one single location,” said Dan Schiappa, senior vice president and general manager, Products, Sophos. “The threat landscape has evolved and now our approach to protecting the IT infrastructure that supports our businesses must evolve. Every IT organization, large or small, needs security that is innovative, integrated and scalable. Sophos Central provides all of this, plus vital visibility into what’s happening and where.”
First launched in 2015, Sophos Central now processes more than 8 million transactions a minute for more than 82,000 customers worldwide.
In addition to XG Firewall and artificial intelligence-driven endpoint security, partners and customers can manage web, email, wireless, server, and mobile device protection through Sophos Central. A dedicated partner dashboard simplifies business management for Sophos partners and enables streamlined multi-customer management for MSPs.
“By completing its vision to unify XG Firewall and Intercept X endpoint protection in Sophos Central, Sophos is putting us ahead of our competition. The platform is now even more powerful because of the added benefits of synchronized security in an easy-to-manage cloud-based platform that seamlessly integrates with the entire Sophos security products portfolio,” said Ryan Lipschitz, vice president of engineering, Virtual Graffiti, Inc., a Sophos partner based in Irvine, Calif. “We are also excited about the lateral movement protection added to XG Firewall. We see a lot of cybercriminals trying to harvest credentials, which would allow them to move undetected through a network to steal and exfiltrate high-value data. With XG Firewall on Sophos Central, Sophos has made game-changing advancements no one else offers.”
Recent threats like Emotet and targeted ransomware, such as Matrix and SamSam, demonstrate the ways cybercriminals are constantly changing their tactics to stay effective and profitable. The next-gen advancements of XG Firewall and Intercept X, combined with the intelligence of Synchronized Security and easy management of all products within Sophos Central, are essential for maintaining protection and responding quickly to any attack.
“Our goal at Opus is to provide customers with simplicity and features that add layers of protection, so every area of their environment is secure. With XG Firewall now on Sophos Central, Sophos is providing complete ‘edge to end security’ that is managed centrally in a cloud. This is the simplicity customers are looking for, and the addition of the XG Firewall means they have the benefit of Sophos’ security heartbeat technology for bilateral communication between the endpoint and firewall,” said Mehernosh (Nosh) Chemi, senior account manager at OPUS Consulting Group Ltd., a Sophos partner in Vancouver, Canada. “Moving forward, we are focusing our customers on Intercept X with EDR and XG Firewall. The two go hand-in-hand. Having these next-gen products integrated with Sophos’ complete portfolio in Sophos Central is the protection customers need to stay secure. Conventional security doesn’t cut it anymore because today’s threat landscape is too fast-paced and complex.”
free trial of XG Firewall is available for Sophos’ customers and partners worldwide. Additional information about XG Firewall Sophos Central is available on Sophos.com.




https://www.sophos.com/en-us/press-office/press-releases/2019/02/sophos-central-management-platform-now-features-all-next-gen-cybersecurity-protection.aspx

THALES TO HIGHLIGHT COMMITMENT TO ‘MAKE IN INDIA’ AND DEFENCE MODERNISATION AT AERO INDIA 2019

  • Thales will demonstrate its ‘Make in India’ plans and endeavors to support the modernization plans of the Indian armed forces at its stand AB2.21
  • At Aero India 2019, Thales will provide a digital experience of its cutting-edge technologies that are crucial for safeguarding the nation
  • Thales will also be present at the Aero Skills Pavillion at Hall F and share various job opportunities it is creating through its footprint in the country
Thales is all set to participate in the upcoming 12th edition of Aero India - India’s premier Aerospace and Aviation exhibition - from 20-24 February 2019 in Bengaluru. With a focus on “Make in India”, Thales will reaffirm its commitment towards the development and modernisation of the Indian Armed Forces.
Through a series of demonstrations, Thales will showcase cutting-edge capabilities across civil and defence aerospace at its booth AB2.21.
Thales ‘Makes in India’: As a major player in the Indian defence and aerospace sector, Thales has been continuously supporting the Indian armed forces and the government’s flagship ‘Make in India’ programme. Thales has a rich experience in liaising with numerous local players who are part of its global supply chain. It takes pride in onboarding Indian solutions in several worldwide product lines and creating employment opportunities for hundreds of people. The solutions being developed through several Indian companies – joint venture partners, global supply chain partners – will be under the spotlight at Thales’ stand at Aero India this year.
Digital experience at the booth: Thales’ strong innovation capabilities prepare its customers to achieve their big ambitions and master every decisive moment. The company has been on the cutting edge of connectivity and a driving force in the digitalisation of the defence, aerospace and space markets. At Aero India, the Thales stand will highlight all these efforts and provide an insight into its extraordinary high-technology solutions across airborne solutions, air defence, radars, optronics, radio communications, among others through special digital experiences.
Some of the main highlights at Aero India this year would be Thales’ optronic pod - TALIOS; latest generation mini-UAS - Spy’Ranger; high-velocity missile - STARStreak; tracking and illumination radar - STIR; airborne rockets and a range of products from Radio Communications among others.
“Aero India is a prestigious event providing us with an opportunity to showcase how our word-class technology and solutions help our customers achieve their big ambitions. This year, we would also take a step further and present our efforts supporting the “Make in India” initiative of the Indian government. We would have solutions being manufactured in the country through our local partners – global supply chain partners and joint ventures, among others. In addition, we will also be highlighting our hiring plans, and skilling and upskilling endeavours through our presence at the Aero Skills Pavillion this year.”
Emmanuel de Roquefeuil, VP and Country Director, Thales in India
Thales Press Release 12 feb 2019

Osint: una introduzione.


Cyber e Intelligence sono diventati, con gli anni, due termini strettamente correlati.
Se un tempo lo spionaggio e il monitoraggio di azioni governative o industriali veniva effettuato in modo diretto, attraverso l’utilizzo di personale vicino, in senso fisico, al soggetto di indagine, negli ultimi anni nuove branche di spionaggio e allo stesso tempo di sicurezza ( trattandosi di due facce della stessa medaglia) sono venute a crearsi.
Con OSINT si intende una delle varie metodologie di acquisizione di informazioni.
Il termine stesso è composto da due part, OS e INT. OS è l’acronimo di open source, ossia fonte aperta, pubblica, le fonti di indagini riguardanti l’OSINT non sono documenti privati, classificati e non disponibili, ma giornali, riviste, media e sopra tutti questi, l’internet.
INT è acronimo di intelligence, quindi informazione. OSINT è la branca dell’intelligence che raccoglie, analizza e filtra le informazioni che possono essere reperite da fonti pubbliche.
Il punto di partenza quando si utilizza l'OSINT consiste nel visualizzare correttamente l’obiettivo sul quale si desidera reperire informazioni. Pensiamo, per esempio, all’interesse di una società nel monitorare i suoi dipendenti con lo scopo di difendere i propri interessi e segreti industriali.
L'OSINT può essere impiegato per monitorare i software usati dai propri dipendenti, oppure monitorando le loro ricerche su browser, i loro blog, le loro attività nei social media, la loro posizione, i loro indirizzi ip ed altro ancora.
Attraverso quali strumenti possiamo ottenere informazioni pubbliche ?
Vi sono numerosi software che ci permettono di monitorare le azioni online di utenti connessi ad una rete che possono fornire preziose informazioni, per quanto riguarda invece dati personali, Internet è una fonte praticamente infinita di informazioni, se si sa dove cercare.
Motori di ricerca, social media, giornali online, siti di intelligence, wayback machine, siti di image sharing, deep web ecc… queste sono solo alcune delle fonti da prendere in considerazione.
La raccolta di informazioni è solo uno dei passi da effettuare, le informazioni devono essere analizzate e filtrate al fine di ottenere un risultato tangibile ed utile ai fini dell’investigazione.
OSINT è uno dei vari metodi di intelligence, vi sono anche altri metodi basati su altre fonti di informazione, tra i quali l’Imint ( raccolta di informazione attraverso l ‘analisi di immagini e fotografie satellitari), l’Humint ( raccolta di dati mediante contatti con persone), il Techint ( raccolta di informazioni riguardanti equipaggiamenti militari), Sigint ( raccolta di informazioni tramite l’intercettazioni di segnali) e Masint (informazioni provenienti da altre fonti).
Vi sono numerose società che attraverso l’uso di osint ed altre metodologie forniscono servizi ed informazioni a corporazioni e privati, sono le Private Intelligence agencies.

In Europa, in particolare in Francia vi è la sede di Groupe GEOS che si occupa prevalentemente di Risk Management per grosse società in numerosi paesi.
GEOS Group ha iniziato la sua attività nel 1998 , secondo il loro sito ha un valore di 30 milioni di dollari e impiega 330 dipendenti e collaboratori.
Un'altra agenzia di intelligence privata è la Black Cube con sede a Londra, Parigi e Tel Aviv, fondata da membri dell’ intelligence Israeliano nel 2010. Nel passato si è occupata di smascherare numerose frodi e casi di corruzione in diversi paesi.
Per quanto riguarda le agenzie italiane, non esiste un albo ufficiale per cui è difficile rintracciare compagnie che si occupano di fornire servizi in questo campo, e ancora più difficili da rintracciare in caso di piccole o medie agenzie.
Vi sono istituti di ricerca italiani, come l’Alpha institute of Geopolitics and Intelligence, che si basa su attività Osint ma non possono essere definite società di intelligence ma fonti su cui basare il lavoro di intelligence.

Francesco RUGOLO

Immagine: https://medium.com/@z3roTrust/open-source-intelligence-osint-reconnaissance-75edd7f7dada
http://fr.groupegeos.com/
https://www.blackcube.com/
https://www.alphainstitute.it/

giovedì 21 febbraio 2019

19 febbraio 2019: nasce la USA SPACE FORCE


Ora è ufficiale!

Il Presidente Trump ha firmato. La Space Force Directive- 4, questo il nome, contiene l'ordine per il Pentagono per la creazione della sesta branca delle Forze Armate USA.
Dopo Army, Navy, Air Force, Marines e Coast Guard arriva la Space Force.
Certo, ci vorrà del tempo, ma la direttiva è una pietra miliare, anche se ancora non è detta l'ultima parola, che spetta infatti al Congresso.
La mia opinione in merito è che non sarà un problema. E' chiaro che le spese per creare la Space Force saranno immense ma è altrettanto vero che la recente impresa cinese (allunaggio sulla faccia oscura della Luna) e il rischio di perdere il primato mondiale nel mondo tecnologico e digitale (vedi Huawei e 5G) non sono certo passati inosservati a chi siede nel Congresso degli Stati Uniti.
Quali saranno i compiti della Space Force ce lo dice chiaro un articolo di Mike Wall pubblicato su Space.com: "The main goal of the Space Force is to secure and extent American dominance of the space domain...".  
Il primo obiettivo sarà tornare sulla Luna e quindi fare il salto verso Marte, possibilmente prima di Cina, Russia e India.

Riuscirà agli americani ciò che gli riuscì negli anni '60?

Alessandro RUGOLO


https://www.space.com/president-trump-space-force-directive.html?utm_source=sdc-newsletter&utm_medium=email&utm_campaign=20190221-sdc
http://www.difesaonline.it/mondo-militare/space-force-trump-vuole-la-sesta-forza-armata
http://www.difesaonline.it/mondo-militare/united-states-space-force-alla-conquista-dello-spazio

Ancora l'Italia sotto attacco!

Questa volta è toccato al Ministero dell'Ambiente e della Tutela del Territorio e del Mare.

Risultato?

Sito irraggiungibile!

Ecco come si presentava il sito qualche ora fa


e come invece si presenta adesso


Qualche giorno fa è stata la volta di Host.it, sotto attacco DDOS dall'11 febbraio al 18 febbraio. 
Un attacco di potenza molto superiore a quelli soliti.

Che dire, ce l'hanno con noi?

Può darsi di si, può darsi di no. 
Ma noi cosa stiamo facendo per metterci al riparo?

Chiediamocelo...
e se non troviamo una risposta soddisfacente vuol dire che dobbiamo fare di più. 

Ecco perché scrivo questo articolo e lo pubblico, perché parlarne fa crescere!

Alessandro RUGOLO


mercoledì 20 febbraio 2019

A volte ritornano !!!

di Carlo Mauceli
Dopo un'assenza di due anni, il malware distruttivo Shamoon (W32. Disttrack. B) è riemersa il 10 dicembre in una nuova ondata di attacchi contro bersagli in Medio Oriente. Questi ultimi attacchi Shamoon sono stati doppiamente distruttivi dal momento che hanno coinvolto un nuovo “wiper” (Trojan. Filerase) che ha il compito di eliminare i file dai computer infetti prima che il malware Shamoon modifichi il Master Boot Record.
La notizia degli attacchi è emersa per la prima volta il 10 dicembre quando diverse aziende del mondo Oil&Gas hanno dichiarato di essere stati colpiti da un attacco informatico contro le loro infrastrutture in Medio Oriente.
A differenza dei precedenti attacchi Shamoon, questi ultimi attacchi coinvolgono un nuovo, secondo pezzo wiping malware (Trojan. filerase). Questo malware, come detto, elimina e sovrascrive i file sul computer infetto. Nel frattempo, Shamoon cancella il master boot record del computer, rendendolo inutilizzabile.
L'aggiunta del wiper Filerase rende questi attacchi più distruttivi rispetto all'uso del solo malware Shamoon. Mentre un computer infettato da Shamoon potrebbe essere inutilizzabile, i file sul disco rigido possono essere recuperabili. Tuttavia, se i file vengono prima cancellati dal malware Filerase, il recupero diventa impossibile.
Filerase è diffuso attraverso la rete della vittima da un computer iniziale utilizzando un elenco di computer remoti. Questo elenco è presente sotto forma di un file di testo ed è unico per ogni vittima, il che significa che gli attaccanti sono in grado di raccogliere queste informazioni durante una fase di ricognizione precedente al'intrusione. Questo elenco viene prima copiato da un componente denominato OCLC.exe e trasmesso, successivamente, a un altro strumento denominato spreader.exe.
Non va mai dimenticato che la metodologia di attacco segue, comunque, sempre la classica catena di attacco:

La storia:
Shamoon (W32.Disttrack) è emerso per la prima volta in 2012 quando è stato utilizzato in una serie di attacchi dirompenti contro il settore energetico Saudita.
Microsoft Threat Intelligence ha identificato notevoli similitudini tra questo attacco recente ed un attacco avvenuto nel lontano 2012 che colpì decine di migliaia di macchine di aziende appartenenti al settore energetico.
Dietro questi attacchi, Microsoft Threat Intelligence ha identificato un gruppo noto come TERBIUM, nome assegnato da Microsoft stessa secondo un criterio per cui la terminologia utilizzata si riferisce a nomi di elementi chimici.
Microsoft Threat Intelligence ha osservato che il malware utilizzato da TERBIUM, soprannominato "Depriz", riutilizza diversi componenti e tecniche già viste negli attacchi del 2012 ed è stato altamente personalizzato per ogni organizzazione.
I componenti del malware, in ogni caso, sono 3 e sono stati così decodificati:
  • PKCS12 – a destructive disk wiper component
  • PKCS7 – a communication module
  • X509 – 64-bit variant of the Trojan/implant
Dal momento che le credenziali sono state incorporate nel malware, ovviamente, si sospetta che le credenziali stesse siano state rubate in precedenza.

Una volta che TERBIUM ha accesso all’organizzazione, la catena di infezione inizia scrivendo un file eseguibile su disco che contiene tutti i componenti necessari per eseguire l'operazione di cancellazione dei dati. Questi componenti sono codificati negli eseguibili sotto forma di immagini false.
Anche se l'entità dei danni causati da questo attacco, a livello mondiale, è ancora sconosciuta, come per tanti altri casi è possibile mitigare il rischio di attacco utilizzando sistemi, processi e soluzioni che sfruttano nuove tecnologie e che garantiscono di alzare il livello di security e di conoscere in tempo reale cosa sta accadendo sui sistemi.

È necessario, pertanto, definire una strategia di sicurezza che copra ognuna delle aree della Kill Chain Attack e, soprattutto, non pensare di difendersi con sistemi che non sfruttino soluzioni di Threat Intelligence basate su Artificial Intelligence e Machine Learning. In uno scenario profondamente mutato in cui gli attaccanti sfruttano tecnologie nuove ed avanzate, non si può più fare a meno di difendersi utilizzando sistemi dalla potenza analoga.
Dal momento che gli attacchi sono stati effettuati su architetture basate su sistemi Microsoft, mi sento in dovere di fornire le soluzioni che come Microsoft suggeriamo in questi casi. Ovviamente, ognuno può utilizzare soluzioni analoghe di altri vendor. La cosa importante, però, è ricordarsi sempre di
  • proteggere dell’identità, abilitando almeno la multi factor authentication;
  • proteggere i servizi di autenticazione utilizzando sistemi di analisi comportamentale;
  • proteggere gli endpoint con sistemi che siano in grado di controllare i tentativi di lateral movement, di privilege escalation, di identity e ticket theft;
  • aggiornare i sistemi operativi all’ultima versione di modello Enterprise abilitando tutte le funzionalità di scurezza;
  • proteggere la mail attraverso l’utilizzo di soluzioni anti phishing basate sul concetto di sandboxing;
  • laddove ci fossero architetture ibride, utilizzare sistemi CASB (Cloud Access Broker).
Resta chiaro che non bastano le soluzioni ed i prodotti ma serve anche e soprattutto la formazione, la sensibilità ad un tema che, ormai, purtroppo, è presente nella vita di tutti i giorni e la disponibilità a cambiare un approccio al problema più consono allo scenario attuale.

Carlo Mauceli





martedì 19 febbraio 2019

IBM To Acquire Red Hat, Completely Changing The Cloud Landscape And Becoming World's #1 Hybrid Cloud Provider

Press release London, UK - 28 Oct 2018:

 IBM and Red Hat, the world's leading provider of open source cloud software, announced today that the companies have reached a definitive agreement under which IBM will acquire all of the issued and outstanding common shares of Red Hat for $190.00 per share in cash, representing a total enterprise value of approximately $34 billion.
"The acquisition of Red Hat is a game-changer. It changes everything about the cloud market," said Ginni Rometty, IBM Chairman, President and Chief Executive Officer. "IBM will become the world's #1 hybrid cloud provider, offering companies the only open cloud solution that will unlock the full value of the cloud for their businesses.
"Most companies today are only 20 percent along their cloud journey, renting compute power to cut costs," she said. "The next 80 percent is about unlocking real business value and driving growth. This is the next chapter of the cloud. It requires shifting business applications to hybrid cloud, extracting more data and optimizing every part of the business, from supply chains to sales."
"Open source is the default choice for modern IT solutions, and I'm incredibly proud of the role Red Hat has played in making that a reality in the enterprise," said Jim Whitehurst, President and CEO, Red Hat. "Joining forces with IBM will provide us with a greater level of scale, resources and capabilities to accelerate the impact of open source as the basis for digital transformation and bring Red Hat to an even wider audience –  all while preserving our unique culture and unwavering commitment to open source innovation."
This acquisition brings together the best-in-class hybrid cloud providers and will enable companies to securely move all business applications to the cloud. Companies today are already using multiple clouds. However, research shows that 80 percent of business workloads have yet to move to the cloud, held back by the proprietary nature of today's cloud market. This prevents portability of data and applications across multiple clouds, data security in a multi-cloud environment and consistent cloud management.
IBM and Red Hat will be strongly positioned to address this issue and accelerate hybrid multi-cloud adoption. Together, they will help clients create cloud-native business applications faster, drive greater portability and security of data and applications across multiple public and private clouds, all with consistent cloud management. In doing so, they will draw on their shared leadership in key technologies, such as Linux, containers, Kubernetes, multi-cloud management, and cloud management and automation. 
IBM's and Red Hat's partnership has spanned 20 years, with IBM serving as an early supporter of Linux, collaborating with Red Hat to help develop and grow enterprise-grade Linux and more recently to bring enterprise Kubernetes and hybrid cloud solutions to customers. These innovations have become core technologies within IBM's $19 billion hybrid cloud business. Between them, IBM and Red Hat have contributed more to the open source community than any other organization.
"Today's announcement is the evolution of our long-standing partnership," said Rometty. "This includes our joint Hybrid Cloud collaboration announcement in May, a key precursor in our journey to this day."
With this acquisition, IBM will remain committed to Red Hat's open governance, open source contributions, participation in the open source community and development model, and fostering its widespread developer ecosystem. In addition, IBM and Red Hat will remain committed to the continued freedom of open source, via such efforts as Patent Promise, GPL Cooperation Commitment, the Open Invention Network and the LOT Network.
IBM and Red Hat also will continue to build and enhance Red Hat partnerships, including those with major cloud providers, such as Amazon Web Services, Microsoft Azure, Google Cloud, Alibaba and more, in addition to the IBM Cloud. At the same time, Red Hat will benefit from IBM's hybrid cloud and enterprise IT scale in helping expand their open source technology portfolio to businesses globally.
"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds" said Arvind Krishna, Senior Vice President, IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."
Upon closing of the acquisition, Red Hat will join IBM's Hybrid Cloud team as a distinct unit, preserving the independence and neutrality of Red Hat's open source development heritage and commitment, current product portfolio and go-to-market strategy, and unique development culture. Red Hat will continue to be led by Jim Whitehurst and Red Hat's current management team. Jim Whitehurst also will join IBM's senior management team and report to Ginni Rometty. IBM intends to maintain Red Hat's headquarters, facilities, brands and practices.
"IBM's commitment to keeping the things that have made Red Hat successful - always thinking about the customer and the open source community first – make this a tremendous opportunity for not only Red Hat but also open source more broadly," said Paul Cormier, President, Products and Technologies, Red Hat. "Since the day we decided to bring open source to the enterprise, our mission has remained unchanged. And now, one of the biggest enterprise technology companies on the planet has agreed to partner with us to scale and accelerate our efforts, bringing open source innovation to an even greater swath of the enterprise."
Financial Details
The acquisition of Red Hat reinforces IBM's high-value model. It will accelerate IBM's revenue growth, gross margin and free cash flow within 12 months of closing. It also will support a solid and growing dividend.
The company will continue with a disciplined financial policy and is committed to maintaining strong investment grade credit ratings. The company will target a leverage profile consistent with a mid to high single A credit rating. The company intends to suspend its share repurchase program in 2020 and 2021.
At signing, the company has ample cash, credit and bridge lines to secure the transaction financing. The company intends to close the transaction through a combination of cash and debt. 
The acquisition has been approved by the boards of directors of both IBM and Red Hat. It is subject to Red Hat shareholder approval. It also is subject to regulatory approvals and other customary closing conditions. It is expected to close in the latter half of 2019.
Investor conference call details

IBM will host an investor conference call beginning at 8:30 a.m. EDTMonday, October 29, 2018. The Webcast may be accessed via a link at https://www.ibm.com/investor/events/ibm-acquires-redhat102018.html. Presentation charts will be available shortly before the Webcast.

Atos delivers one of the most powerful quantum simulators in the world to Hartree Centre in the UK

Press release Paris, London, 5 February 2019

Atos, a global leader in digital transformation, today announces an agreement with the Science and Technology Facilities Council’s (STFC) Hartree Centre that will see one of the UK’s leading high-performance computing research facility take the first UK delivery of an Atos Quantum Learning Machine, the highest performing quantum simulator in the world.
This Quantum Learning Machine will be one of the highest-performing ever deployed by Atos and will be used to develop new quantum-based services designed to help researchers and industry prepare for the coming quantum computing revolution. These include quantum algorithm development and the first UK repository for quantum algorithms, collaborative research projects on quantum computing applications and specialist training.
This new collaboration builds on an established partnership between Atos and the Hartree Centre, which began with the UK’s first Bull Sequana X1000 supercomputer being hosted at the facility in 2017. The Hartree Centre, based at Daresbury Laboratory and part of the Sci-Tech Daresbury Campus in Cheshire, UK, also hosts the JADE national deep learning service.
Commenting on the partnership announcement, Andy Grant, Vice President, HPC & Big Data, Atos UK and Ireland said, “We are delighted to deepen our existing relationship with the Hartree Centre, which we believe will help UK industry future-proof itself for the arrival of quantum computing. Our Quantum Learning Machine as a service will be made available to any organisation wanting to learn about, and experiment, with quantum computing and understand the key opportunities and challenges this technology presents. Quantum is the future of computing and it is crucial that organisations are ready to harness the coming revolution.”
Alison Kennedy, Director of the STFC Hartree Centre, said: “We’re thrilled to be enabling UK companies to explore and prepare for the future of quantum computing. This collaboration will build on our growing expertise in this exciting area of computing and result in more resilient technology solutions being developed for industry.”
Leigh Lapworth, Head of Computational Sciences at Rolls-Royce, which will be one of the first organisations to use the quantum simulator, said: “The Quantum Learning Machine will provide a platform on which we can develop new quantum algorithms with potential impacts across our business. We have a long track-record of successful collaborations with the Hartree Centre and with the support of Atos we look forward to research that takes us in new and exciting directions.”
In November 2016, Atos launched an ambitious program to anticipate the future of quantum computing and to be prepared for the opportunities as well as the risks that come with it. As a result of this initiative, Atos was the first to successfully model quantum noise. To date, the company has installed Quantum Learning Machines in numerous countries including AustriaDenmarkFranceGermany, the Netherlands, and the United States empowering major research programs in various sectors.