January 2019’s Most Wanted Malware: A Significant New Threat Speaks Up

Press release

Check Point’s researchers detect growth of ‘SpeakUp’ – a new Linux backdoor which is spreading the XMRig crypto-mining malware

SAN CARLOS, CA  —  Wed, 13 Feb 2019

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, has published its latest Global Threat Index for January 2019. The index reveals a new backdoor Trojan affecting Linux servers, which is distributing the XMRig crypto-miner. The new malware, dubbed SpeakUp, is capable of delivering any payload and executing it on compromised machines.

The new Trojan currently evades all security vendors’ anti-virus software. It has been propagated through a series of exploitations based on commands it receives from its control center, including the 8th most popular exploited vulnerability, “Command Injection over HTTP”. Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.

In January, the top 4 most prevalent malware variants were cryptominers. Coinhive remains the top malware, impacting 12% of organizations worldwide. XMRig was once again the second most prevalent malware with a global impact of 8%, followed by Cryptoloot miner with an impact of 6% of organizations globally. While there are four cryptominers in January’s index, half of all malware forms in the top ten can be used to download further malware to infected machines.

Maya Horowitz, Threat Intelligence Group Manager at Check Point commented:  “While January saw little change in the malware forms aimed at enterprises worldwide, we are beginning to see new ways to distribute malware. Threats like these are a stark warning of bigger threats to come. Backdoors like Speakup can evade detection and then distribute further, potentially more dangerous malware to compromised machines. Since Linux is used extensively in enterprise servers, we expect Speakup will be a threat that will grow in scale and severity throughout the year.”

January 2019’s Top 3 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

1. ↔ Coinhive – Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users’ machines to mine coins, and may crash the system.
2. ↔ XMRig– Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
3. ↑ Cryptoloot – Crypto-Miner that uses the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.

Hiddad, the modular backdoor for Android which grants privileges to downloaded malware, has replaced Triada at first place in the top mobile malware list. Lotoor follows in second place, while Triada has fallen to third place.

January’s Top 3 ‘Most Wanted’ Mobile Malware:

1. Hiddad – Modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes.
2. Lotoor– Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.
3. Triada – Modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Check Point researchers also analyzed the most exploited cyber vulnerabilities. CVE-2017-7269 remained in first place with a global impact of 47%. Following closely behind, Web Server Exposed Git Repository Information Disclosure was in second place and OpenSSL TLS DTLS Heartbeat Information Disclosure followed in third, impacting 46% and 45% of organizations around the world respectively.

January’s Top 3 ‘Most Exploited’ vulnerabilities:

1. ↔ Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) – By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request.
2. ↑ Web Server Exposed Git Repository Information Disclosure– An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.
3. ↓ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) – An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

* The complete list of the top 10 malware families in June can be found on the Check Point Blog:  http://blog.checkpoint.com/2019/02/13/january-2019s-most-wanted-malware-a-new-threat-speakup-linux-crypto-cryptomining/

Check Point’s Threat Prevention Resources are available at:  //www.checkpoint.com/threat-prevention-resources/index.html

https://www.checkpoint.com/press/2019/january-2019s-most-wanted-malware-a-significant-new-threat-speaks-up/

Singtel and Argus join forces to strengthen cyber security capabilities for Singapore’s transportation sector

Press release

• Argus cyber security solutions to be integrated with Singtel’s managed security services
• Research lab to be set up to develop and test cyber security solutions for autonomous vehicles

Singapore and Tel Aviv, Israel, January 28, 2019 – Singtel and Argus Cyber Security, a global leader in automotive cyber security, have signed a Memorandum of Understanding (MOU) to collaborate on several initiatives to strengthen the cyber security capabilities for Singapore’s transportation sector, facilitating the introduction of connected cars and new technologies such as autonomous vehicles. In addition, both parties will also work together on the research and development of next generation cyber security solutions for autonomous vehicles.

“This partnership is part of our broader vision to create an ecosystem to support the development of new technologies and solutions focusing on the transportation sector, both in Singapore and globally,” said Mr Bill Chang, Chief Executive Officer, Group Enterprise at Singtel. “With a secure ecosystem, automobile manufacturers and automotive equipment providers can safely collaborate and develop advanced solutions for commercial and industrial autonomous vehicles. By partnering with a global leader like Argus, we are committed to positioning Singapore at the forefront of connected and autonomous vehicle technologies for the next generation of smart and cyber secure vehicles.”

Under the MOU, both parties will launch a suite of solutions which includes Argus’ in-vehicle solutions and technologies, and Argus’ stand-alone cyber security backend platform. This platform collects, correlates and analyses data derived from vehicles, mobile apps, cellular networks, cloud platforms and other sources, and will be integrated with the managed security services portfolio of Trustwave, Singtel’s cyber security arm. The platform helps automakers and fleet managers to quickly protect vehicles that are already on the road without making any modifications to them. It will be delivered through Trustwave’s global network of 10 Advanced Security Operations Centers, further enhancing its capabilities as a leading global managed security services provider.  

“We are delighted to partner with Singtel, a global technology leader and a trusted cyber security partner of the world’s leading business organizations. This partnership is another important leap forward towards delivering multi-layered, security solutions and services that make mobility intelligent and secure – in Singapore and around the world”, says Mr Ofer Ben-Noon, co-founder and Chief Executive Officer of Argus Cyber Security. “We look forward to broadening our scope of partnership with Singtel to include co-creating next generation of cyber security solutions and services for the autonomous vehicle industry”.

As part of the collaboration, Singtel and Argus will conduct cyber security research and development at the Singtel Cyber Security Institute (CSI) to help defend autonomous vehicles against sophisticated, evolving cyber threats. The partners could also use CSI’s advanced cyber range platform to subject their solutions to rigorous testing and prototyping. This augments Singtel’s ongoing collaboration with the National University of Singapore to develop advanced cyber security solutions for next generation cyber threats.

The partnership comes in the wake of the recent launch of 5G Garage – Singapore’s first live 5G facility at Singapore Polytechnic. The facility, which is connected to Singtel’s latest pilot 5G network, allows students to incubate, develop and trial 5G solutions for enterprises. Among the students’ projects is an autonomous vehicle which is being trialled for use on campus. The initiative and Singtel’s involvement in the development of Singapore’s next generation Electronic Road Pricing system demonstrate the company’s drive towards shaping and securing Singapore’s future transportation landscape.

The announcement of the partnership is timely as the introduction of autonomous vehicles in Singapore is one of the initiatives which the government has set out as part of the Smart Nation plan.

https://argus-sec.com/singtel-and-argus-join-forces/

Alibaba Cloud Unveils New Products to Empower Data Intelligence for Enterprises and Internet Companies

Press release 25 febbraio 2019

Global cloud computing leader offers proven solutions used by Alibaba Group to empower businesses with actionable insights

Barcelona, February 25, 2019 – Alibaba Cloud, the cloud computing arm of Alibaba Group, today launched seven new solutions, and two new features for the international markets at the Mobile World Congress. The launches range from serverless computing, data analytics, global networking, high performance storage, and enterprise database that let customers easily and reliably derive actionable business insight to thrive in the age of intelligent business. These new services are part of the technology backbone underpinning Alibaba Group’s various business units including retail, fin-tech, logistics, media and entertainment, and digital branding and marketing. With these new capabilities, global customers can take advantage of the proven, scalable, and secure technologies and accelerate business growth.

Nowadays, global enterprises and internet startups alike need to quickly derive insights from data and make intelligent business decisions in timely manner. They typically face challenges managing and analyzing data at massive scale and processing real-time streaming data. To solve these for the customers, Alibaba Cloud launched Realtime Compute that can easily process millions of events/sec and support real-time decision making, such as for fraud detection, social analytics, and QoS monitoring of Telco networks. To help customers manage and analyze large corps of data, Alibaba Cloud introduced the improved DataWorks and MaxCompute 2.0 that can handle processing 100PB/day. For customers who want to explore unstructured, heterogeneous data sets on-demand, Data Lake Analytics allows them to easily query petabytes of data in serverless fashion with standard SQL and only pay for the amount of data scanned.

“Businesses around the world are increasingly relying on data intelligence to drive innovation, digitalize operations, and delight customers,” said Henry Zhang, Senior Staff Product Manager of Alibaba Cloud International. “We work with customers from many industries along this digital transformation journey. We are keen to turn our proven in-house technology into broadly applicable services and pass the benefits on to customers globally so they can quickly build applications on top, such as for 5G, edge computing, and IOT, and shorten the time-to-market.”

In addition to new products for data analytics, Alibaba Cloud also introduced a number of powerful infrastructure enhancements to support intelligent businesses at a global scale. Customers can now deploy enterprise-grade database applications on ApsaraDB for MariaDB TX and take advantage of SQL Server Enterprise Always On to deploy enterprise level high availability and disaster recovery plans. Customers developing file based High Performance Computing workloads such as autonomous driving and scientific discovery can now use Cloud Parallel File System for first-class concurrency and bandwidth. Finally, Elastic Container Instance allows customers to easily run containers without the hassle of managing servers and clusters; and Global Connection Solution help businesses easily deploy a reliable, low latency global network to support their international business operations.

“We believe in a virtuous cycle of building world-class infrastructure, deploying intelligent applications on that architecture, and using real-time analytics to make data-driven decisions,” said Yeming Wang, General Manager, Alibaba Cloud EMEA. “In addition, we offer robust cross-border solutions for enterprises and ecosystem partners who are looking to expand globally and into the rapidly growing Asian markets. These proven and compliant solutions are already used by Alibaba Group and we hope our customers can leverage our expertise to create more differentiated value for their end-customers.”

These solutions and services have already generated positive results for customers in China and are now becoming available to more international customers.

About Alibaba Cloud
Established in 2009, Alibaba Cloud (www.alibabacloud.com), the cloud computing arm of Alibaba Group, is among the world’s top three IaaS providers, according to Gartner, and the largest provider of public cloud services in China, according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations and government organizations. Alibaba Cloud is the official Cloud Services Partner of the International Olympic Committee.

https://www.alibabagroup.com/en/news/article?news=p190225

Updating F-35 Electronic Warfare Systems

Press release 28 Feb 2019

AN/ASQ-239 system updates improve warfighters’ ability to conduct critical missions in contested airspace

BAE Systems, a leader in electronic warfare (EW) technology, today announced a critical program milestone with the successful insertion of new technology into its EW systems for the global fleet of fifth-generation F-35 Lightning II fighter aircraft. Upgrades to the AN/ASQ-239 system position it to meet future capability requirements and improve warfighters’ ability to conduct critical missions in contested airspace.

The improved EW system delivers the world-class functionality of the previous system in a smaller footprint, reducing volume and power requirements – creating space for Block IV modernization upgrades. The system update also resolves issues with manufacturing obsolescence that would have otherwise required costly redesign work.

The company’s capacity expansion strategy – including a $100 million investment in 80,000 square feet of state-of-the-art manufacturing space, process automation, and the growth of its highly skilled electronic warfare workforce by more than 23 percent – enabled BAE Systems to become the first F-35 supplier to insert updated technology into its systems at full production speeds – delivering 11 systems monthly and ramping production to match aircraft production. The Digital Channelized Receiver/Techniques Generator and Tuner Insertion Program (DTIP) technology was introduced into BAE Systems’ manufacturing process in 2018, with the first deliveries starting in July. The team is consistently providing 11 shipsets per month, enabling the company to continue on-time delivery to its customer.

“We’ve delivered almost 400 EW systems to date, and now we’ve updated the architecture and are manufacturing it at a high rate of production. This technology insertion gives the EW system room to grow, and will help the F-35 maintain its dominance of the electromagnetic spectrum,” said Deborah Norton, VP of F-35 Solutions at BAE Systems. “The successful insertion of DTIP was the result of the outstanding focus, dedication, and teamwork of our engineering and production teams working in close coordination with our customer.”

The advanced F-35 EW system is a proven digital electronic warfare/countermeasures suite that provides pilots with real-time battlespace situational awareness and rapid-response capabilities. The ASQ-239 system provides fully integrated radar warning, targeting support, and self-protection capabilities to engage, counter, jam, or evade threats to improve survivability and mission effectiveness. The system builds on BAE Systems 60-plus years of EW experience and legacy of providing 13,500 tactical systems for more than 80 different platforms, including F-22, F-16, F-15, B-1, B-2, and classified platforms. For more information, visit: www.baesystems.com/f-35ew.

Ref. No. /2019

Avast Threat Labs Debuts apklab.io - an Intelligence-driven Threat Hunting Platform for the Security Analyst Community

Press release : 26 Feb 2019

apklab.io Provides Deep Intelligence on Android Malware from Over 145 Million Devices to Aid in the Detection, Discovery, and Eradication of Threats

Mobile World Congress, Barcelona, February 26, 2019 – Avast (LSE:AVST), a leading global cybersecurity provider, today announced the launch of apklab.io, a mobile threat intelligence platform (MTIP) designed to provide real-time intelligence for Android™ security researchers.

Apklab.io is the first platform of its kind to collect and make available intelligence from Avast’s global network of over 145 million mobile users to help researchers fight the growing threat of mobile malware. Apklab.io uses machine learning techniques originally developed to help Avast Threat Labs better hunt and track mobile threats and is now available to external threat researchers to improve the detection, discovery, and eradication of mobile malware.

“Fighting mobile malware in today's highly connected world is a tough challenge that cannot be solved by a single company alone,” said Nikolaos Chrysaidos, Head, Mobile Threat Intelligence & Security for Avast Threat Labs. “The industry needs a coordinated approach, where security vendors and the broader security community unite in their mission to beat cybercrime, so the cost and benefit ratio stays in our favor, and that's why we're making ApkLab.io widely available."

The insight from apklab.io has already lead to the discovery and delisting of more than 130 malicious applications from the Google Play Store. For example, in the case of the BankBot Trojan, the malware family tracking feature in apklab.io enabled Avast to identify and detect every sample of the virus that was being uploaded to Google Play within a matter of hours of them appearing.

Avast has developed reliable and real-time classifiers that examine every strain of malware, categorizing like with like, and creating a more complete picture of each particular malware family. The platform is designed to deliver coherent analysis of both static and dynamic flow, meaning it can study the behavior of every malware strain while it’s dormant as well as active. The platform currently analyses 20,000 samples every day.

In the last year, the Avast Threat Labs has tracked a 375 percent growth in Adware as a malware category; it now makes up more than 52 percent of all mobile threats today. Aggressive adware is malware that pushes or spams user devices with a large number of advertisements. The Avast Threat Labs saw an increase of 78 percent year over year growth in the category of mobile banking threats that try to trick the user into giving up their bank account details by pretending to be a legitimate banking application.

Qualified researchers, analysts, and incident response professionals are all eligible to apply for access to the apklab.io platform - all applications to join the platform are individually reviewed to maintain the integrity of the platform. The data feeding the platform comes from the devices that Avast protects as well as third parties and partners. These sources generate file samples which feed the apklab.io platform, whose first task is to assess if they are suspect or not.

https://press.avast.com/avast-threat-labs-debuts-apklab.io-an-intelligence-driven-threat-hunting-platform-for-the-security-analyst-community

Wipro to offer Advanced Cybersecurity Services layered with Microsoft Security Capabilities

Press Release Wipro, Bangalore, India – February 26, 2019

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting and business process services company, is announcing the expansion of its global relationship with Microsoft Corp. to offer digital security services to their clients across the globe. As part of this relationship, Wipro will offer integrated digital security services, including Microsoft Azure and Microsoft 365 based security services.

Wipro is helping global clients in their journey of digital innovation, optimization and transformation, and enabling business to be more secure and compliant to regulatory requirements. This initiative will focus on various security services integrating Microsoft Azure and Microsoft advanced security capabilities, including Identity and Access Management, Data Protection and Threat Protection.

Sheetal Mehta, Senior Vice President and Global Head, Cybersecurity & Risk Services, Wipro Limited said, "Wipro has been investing in building security capabilities for the cloud and digital areas and we have seen a good amount of success. We have bet big on cloud security and digital risk management capabilities to secure our clients' business. Our innovative Cyber Defense Platform, that integrates with multiple cloud environments can assist customers with security operations, security monitoring and risk governance in their cloud migration journey. This relationship with Microsoft will offer a unique value proposition for our customers, as it will provide differentiated digital security capabilities coupled with unmatched risk governance-based digital services."

“Customers tell us they need security solutions that offer deeper technical expertise, greater flexibility and the ability to stay ahead of emerging threats as the marketplace evolves,” said Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group, Microsoft Corp. “By extending our relationship with Wipro, customers can better secure their environment with integrated, end-to-end protection, through new options in security that combine Microsoft’s advanced cybersecurity capabilities with Wipro’s extensive IT services.”

Press Release

https://www.wipro.com/newsroom/press-releases/2019/wipro-to-offer-advanced-cybersecurity-services-layered-with-microsoft-security-capabilities/

Red Hat Launches New Certification Program to Support the Future of Telecommunications Innovations

Press release RALEIGH, N.C. — February 27, 2019 — Red Hat, Inc. 

Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced a new training and certification program emphasizing the next-generation of telecommunications innovation. The Red Hat Certified Architect Program in Telco Cloud focuses on the skills that telecommunications engineers need to build network functions virtualization (NFV) clouds, critical technologies that can help drive advanced services like 5G. Used by Rakuten Mobile Network, Inc., as part of their collaboration with Red Hat in building a fully virtualized core-to-edge NFV cloud, the program is designed to help Red Hat Certified Engineers and Red Hat Certified Architects gain the knowledge needed to effectively use virtualized and cloud-native functions in building telecommunications infrastructure and services.

Through the Red Hat Certified Architect Program in Telco Cloud, our engineers have been able to develop the skills to build and maintain the network, bringing us one step closer to making our vision of creating the world’s first fully-virtualized, end-to-end cloud-native network a reality.

TAREQ AMINCTO, RAKUTEN MOBILE NETWORK, INC.

Red Hat Certified Architect in Infrastructure and Red Hat Certified Architect in Enterprise Applications are Red Hat’s highest certifications, representing both depth and breadth of skills and knowledge. The Telco Cloud Program consists of a certification path specifically recommended for professionals in the telecom industry that will lead to RHCA in Infrastructure. Available now, engineers taking the program can gain the skills needed to build open, innovative next-generation infrastructure that covers core to edge processes and technologies, enabling them to more effectively create full-scale NFV clouds.

Participants must first become certified as Red Hat Certified Engineers, and then must earn the following additional certifications:

Supporting Quotes

Red Hat Certified Architect Program in Telco Cloud

• Red Hat Certified System Administrator in Red Hat OpenStack
• Red Hat Certified Engineer in Red Hat OpenStack
• Red Hat Certified Specialist in Ceph Storage Administration
• Red Hat Certified Specialist in Ansible Automation
• Red Hat Certified Specialist in Configuration Management

Red Hat offers training aligned to all these certifications, available worldwide in a variety of self-paced and instructor-led options and languages. The Red Hat Learning Subscription provides the most flexible, cost-effective means of achieving RHCA.

Randy Russell, director, Certification, Red Hat

"To deliver the future of telco innovation, engineers and architects need the proper skillsets to use emerging technologies like cloud-enabled NFV and Linux containers to their fullest. The Red Hat Certified Architect Program in Telco Cloud is designed to help these individuals gain a greater understanding of the technologies and processes underpinning next-generation telecommunications infrastructure and provide them with the knowledge to bring these advancements to their respective organizations. We’re pleased to have Rakuten Mobile Network as the first organization taking advantage of this program as they work to launch a fully virtualized, end-to-end cloud-native mobile network."

Tareq Amin, CTO, Rakuten Mobile Network, Inc.

"The infrastructure of our new, innovative mobile network leverages complete virtualization of network functions across a telco cloud. This differs dramatically from traditional networks, and requires an entirely new set of skills and knowledge. Through the Red Hat Certified Architect Program in Telco Cloud, our engineers have been able to develop the skills to build and maintain the network, bringing us one step closer to making our vision of creating the world’s first fully-virtualized, end-to-end cloud-native network a reality."

Press release

https://www.redhat.com/en/about/press-releases/red-hat-launches-new-certification-program-support-future-telecommunications-innovations?source=pressreleaselisting

Immagine tratta da : https://ttboj.wordpress.com/2014/04/02/working-at-redhat/