The REvil ransomware gang, behind the Kaseya attack, has gone dark and its websites have gone offline.
REvil successfully pulled off the biggest ransomware attack in history, targeting Kaseya’s software used in managed services around the world. The gang originally demanded a $70 million ransom, later lowering it to $50 million in private talks.
Despite the gang’s success, or perhaps because of it, the REvil gang appears to have gone dark. Its websites, including the one used as its “leak site,” have all shut down.
As BleepingComputer points out, it’s not uncommon for some REvil servers to go down, but it’s highly irregular for all of them to go down at once. BleepingComputer also cites evidence to suggest REvil may have shut down and erased their servers in response to a government subpoena.
It’s believed REvil has been operating out of Russia, and the code in its ransomware seems to specifically avoid computer systems where Russian languages are primary. Nonetheless, President Joe Biden has been putting additional pressure on Vladimir Putin to take action against cybercriminals operating within Russia’s borders.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his — even though it’s not sponsored by the state — we expect him to act if we give him enough information to act on who that is,” Biden told reporters, regarding a call he had with Putin.
Software firm Kaseya had a history of security issues long before the latest one that allowed the biggest ransomware attack in history to occur.
Kaseya went from relative obscurity to being one of the most well-known software firms in the world, thanks to being ground zero for the worst ransomware attack in history. Kaseya makes software used for managed services. As such, it made for a prime target, since compromising its software would open the door to compromising all the companies that rely on its services. Indeed, as many as 1,500 customers were believed to have been impacted.
What has become more apparent since the attack, however, is that Kaseya had a history of security issues, issues that likely made it an even more appealing target. According to The Seattle Times, hackers managed to plant “cryptojacking” software in Kaseya’s tool in 2018, hijacking affected computers for crypto mining.
In 2019, the company’s software was used in another ransomware attack. Experts believe the perpetrators included individuals that later went on to form REvil, the group behind the latest attack. Their experience successfully compromising Kaseya two years ago may very well have played a part in their recent decision-making.
In 2014, the company’s founders sued the company over a dispute about who was responsible for another cryptocurrency scheme.
To make matters worse, none of the security issues Kaseya experienced were some obscure, hard-to-predict issues. In fact, they were all well-understood issues that could have been easily addressed sooner.
“Kaseya needs to shape up, as does the entire software industry,” Katie Moussouris, the founder and CEO of Luta Security, told The Seattle Times. “This is a failure to incorporate the lessons the bugs were teaching you. Kaseya, like a lot of companies, is failing to learn those lessons.”
As more companies continue to rely on cloud services, a single vulnerability can have profound repercussions, impacting thousands of companies. As a result, companies that provide managed services will need to make security their number one priority if they wish to avoid Kaseya’s pitfalls.
Microsoft has entered an agreement to purchase RiskIQ in an effort to improve hybrid work cybersecurity.
The COVID-19 pandemic has forever altered the workforce, leading many companies to speed up their adoption of remote and hybrid work strategies. Despite the benefits of this approach, cybersecurity can pose additional challenges as people work remotely, often using personal computers and devices.
Microsoft is acquiring RiskIQ to help address this shortcoming, as RiskIQ provides a cloud-based SaaS cybersecurity platform. The company helps companies provide security beyond the firewall, analyzing and assessing the overall attack surface of the entire organization. This includes a company’s cloud resources, on-premise resources and supply chains.
“The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs,” said RiskIQ Cofounder and CEO Elias Manousos. “We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact. Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”
Software company Kaseya, at the heart of the largest ransomware attack in history, says its services have now been fully restored.
Kaseya’s software was the target of a ransomware attack by the REvil group. Because Kaseya’s software is used in managed services around the world, as many as 1,500 customers were believed to have been impacted.
The company has been working hard to restore services, and today announced they have succeeded.
The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT. Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.
We will continue to post updates as new information becomes available.
The attack on Kaseya illustrates the growing cybersecurity issues involved in an ever-connected software industry, where thousands of companies rely on common frameworks, services and applications. Rather than attack each company one-by-one, attacking a common service allowed REvil to cripple far more companies than could be realistically targeted in the same time.
Microsoft has disclosed the results of its bug bounty program, including the fact that it paid $13.6 million in bounties over the last year.
Most major companies offer bounties for security researchers who find and report major bugs. Microsoft has long made use of bug bounties as a way to secure its products and services.
According to the Microsoft Security Response Center (MSRC) Team, the company paid $13.6 million to dozens of researchers around the globe.
Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program. With an average of more than $10,000 USD per award across all programs, each of the over 1,200 eligible reports reflect the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment.
The MSRC Team credits the success of the last year to a revamping of the program that puts greater emphasis on the highest impact bugs.
Kaseya has acknowledged as many as 1,500 businesses may have been impacted by the ransomware attack targeting its software.
On July 2, Kaseya began learning of a coordinated attack against its software. Kaseya makes IT management software, and its customers provide managed IT services to somewhere between 800,000 and 1,000,000 small businesses.
The company says it immediately shut down the software being targeted, although an estimated 800 to 1,500 businesses have been compromised.
“Our global teams are working around the clock to get our customers back up and running,” said Fred Voccola, CEO, Kaseya. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
The perpetrators appear to be the REvil gang, most recently responsible for the ransomware attack on meat processor JBS. That attack resulted in JSB paying an $11 million ransom to prevent excessive strain on the world’s meat supply.
In this case, the group initially demanded a $70 million ransom. According to CNBC, REvil has privately lowered the demand to $50 million.
McDonald’s now joins an ever-growing list of major companies impacted by data breaches.
On the same day that VW announced it was impacted by a data breach, fast-food leader McDonald’s announced it too has suffered a breach. The company says private information was accessed for both employees and customers in South Korea and Taiwan.
According to CNN Business, McDonald’s says it’s cybersecurity investments were to thank for helping the company identify the breach as fast as it did, preventing additional harm.
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”
It seems the damage could have been far worse had McDonald’s not contained the breach so fast. According to The Wall Street Journal, the hackers also gained access to some US employees’ business contact information, as well minor logistical information on some US restaurants, such as seating capacity. No sensitive or personal information was leaked for US employees or customers.
Avaddon ransomware group appears to be closing shop and has sent all its decryption keys to BleepingComputer.
Avaddon had previously announced they were shutting down operations, and it’s not uncommon for a group to release decryption keys when that happens, as there’s no longer any financial incentive to keep victims locked out of their files.
BleepingComputer made the announcement via Twitter.
Today, BleepingComputer was anonymously sent the decryption keys for Avaddon ransomware, likely by the threat actors themselves.
All told, there 2,934 decryption keys, each one associated with a victim. Given that experts previously only had proof of 88 Avaddon victims, the number of keys suggest the group was far more successful than anyone realized. It also highlights how few companies actually disclose an attack.
Fabian Wosar, an expert that helped BleepingComputer verify the decryption keys, told ZDNet that negotiations with Avaddon had recently taken on a new intensity, likely indicating the shutdown was planned and negotiators were trying to get whatever they could before the shutdown date.
The shutdown likely resulted from the group making all the money they wanted.
“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.
“Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”
Volkswagen has disclosed a data breach with one of its vendors, impacting some 3.3 million North American customers and prospective buyers.
Volkswagen is currently the largest auto maker in the world, and has been for several years. Like many companies, however, VW uses outside vendors to help handle sales and marketing data, and it appears one of those vendors is responsible for a massive data breach.
According to Reuters, the breach involved sales and marketing data collected between 2014 and 2019, primarily for VW’s Audi brand. The vendor responsible for the data had left it unsecured on the internet from August 2019 to May 2021 when it was accessed by an unauthorized third party.
VW told regulators that phone numbers and email addresses comprised the bulk of the data accessed, although vehicle information may also have been involved. Of sensitive data accessed, 95% of it involved driver license numbers, with a small amount also including birth dates, Social Security number and account numbers.
JBS Foods has said it paid roughly $11 million to resolve a ransomware attack that crippled the company.
JBS Foods is the world’s largest meat producer, with operations in the us, Canada and Australia. The company experienced a cyberattack on May 30 that crippled operations. At the time, company officials were not commenting on the kind of attack it suffered, although many suspected it was ransomware.
JBS has now confirmed the attack was, indeed, a ransomware attack and that it paid $11 million to end it. At the time the decision was made to pay the ransom, a majority of the company’s facilities were already operational. The ransom was paid, however, to keep data from being taken and ensure there were no lingering issues.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
The company is continuing to work with government officials and investigators and the investigation has confirmed “that no company, customer or employee data was compromised.”
“We are really seeing the impact of this hybrid work model,” says Cisco CEO Chuck Robbins. “We are seeing the preparation for hybrid work and the return to the office. Customers are absolutely believing this is going to occur and they’re investing in it. Customers are turning to us to help them create the trusted workplace of the future.”
Chuck Robbins, CEO of Cisco, discusses on CNBC and in their quarterly earnings call how customers absolutely believe that the hybrid work model is in their future:
Customers Are Preparing For Hybrid Work Environment
Over the last couple of quarters, we’ve seen significant investment in next-generation wireless infrastructure to be ready for their employees to come to the office. As you load these wireless networks they are going to need campus refresh underneath them, and we’ve seen exactly that. The Catalyst 9000 platform has had four consecutive quarters of increasing growth sequentially.
We are really seeing the impact of this hybrid work model. We are seeing the preparation for hybrid work and the return to the office. Customers are absolutely believing this is going to occur and they’re investing in it.
Trusted Workplace of the Future
Let me now touch on Infrastructure Platforms. We saw strong demand across a majority of our portfolio, led by our next-generation Enterprise Networking and Service Provider solutions, as companies accelerate the modernization of their infrastructure. This modern infrastructure delivers higher performance and faster access to data while offering the best user experience in an increasingly distributed environment.
Customers are turning to us to help them create the trusted workplace of the future, with Wi-Fi access points, video endpoints, cameras and IoT sensors feeding data into DNA Center and DNA spaces. We’re enabling operations teams to remotely monitor workplace conditions for a safe return to office.
We’re also working to provide visibility beyond corporate networks, which is increasingly critical as our customers accelerate their adoption of SaaS and cloud solutions for hybrid work. At Cisco Live, we launched the industry’s first enterprise-wide full stack observability offering by integrating ThousandEyes cloud intelligence with our Catalyst switching portfolio and AppDynamics. This provides IT with visibility and actionable insights across both external and internal networks to provide a seamless digital experience for users. And with users more distributed than ever, it is vital that they have the most efficient and secure connection to the cloud.
Building the Internet of the Future
Our deep partnerships with Google, Amazon, and Microsoft allow native connectivity from our SD-WAN fabric to each of these cloud offerings. With our technology, customers can reduce deployment times and connect branch offices to cloud workloads in minutes. In our Webscale business, we delivered our sixth consecutive quarter of strong order growth, which increased over 25% in the quarter, and over 50% on a trailing 12-month basis.
Our Webscale customers are starting their 400 gig upgrade cycles and aggressively pursuing long-haul build-outs while our Carrier customers are exploring new architectures to realize the full potential of 5G. We are building the internet for the future by creating breakthrough innovation with our routing, optical and automation technologies to deliver significant economic benefits.
Customers Consuming Cisco Technology In New Ways
Recently, we launched a new routed optical networking solution, integrating our scalable, high-performance routers and Acacia’s pluggable optics, which offers significant cost savings. Last week, we announced our intent to acquire Sedona Systems to extend our cross-work automation platform to build on these capabilities. We also expanded our Silicon One platform, from a routing-focused solution to one which addresses the Webscale switching market, offering 10 networking chips ranging from 3.2 terabits to 25.6 terabits per second, making it the highest performance programmable routing and switching silicon on the market. We know our customers increasingly want to consume Cisco’s technology in new and more flexible ways.
At Cisco Live, we launched our new As a Service portfolio, Cisco Plus, and our first offer, Cisco Plus Hybrid Cloud, combining our data center compute, networking and storage portfolio. Cisco Plus includes our plans to deliver networking as a service, which will unify networking, Security, and observability across Access, WAN and Cloud domains to deliver an unparalleled experience for our customers.
Turning to Security, we had a record quarter, surpassing $875 million in revenue, up 13% as we expanded our reach with customers around the world. Our Security strategy is focused on delivering a simple and secure experience. We have an unrivaled ability to provide end-to-end Security capabilities across users, devices, applications and data, on any network or any cloud.
Powering Business Transformation
Wellbeing is top of mind for so many right now as we face a new way of working. This is why we launched People Insights to help people monitor and manage their wellbeing. These new features, devices and capabilities combined with Cloud Calling and Cloud Contact Center provide our customers with the most comprehensive and inclusive hybrid work platform.
Last week, we announced our intent to acquire Socio Labs. By integrating Slido and Socio Labs into our WebEx platform, we will also be able to provide the most comprehensive internal and external event management solution on the market. In summary, we had a very good quarter. I’m so proud of the continued success of the business transformation our teams are driving.
Cisco CEO Chuck Robbins: Customers Preparing For Hybrid Work Model
VMware has launched VMware Anywhere Workspace in an effort to help companies and employees thrive in a remote work environment.
VMware’s virtualization platform already powers some of the biggest names in tech, and now the company is turning its expertise toward helping companies succeed with their remote workforce.
“Work is what you do, not where you do it. As businesses reimagine where and how teams collaborate and innovate, they must do more than transform. They must reform their mindset to create a digital-first culture that puts employee experience first,” said Sanjay Poonen, chief operating officer, customer operations, VMware. “We developed VMware Anywhere Workspace with this new way of working in mind. It will play an important role in creating stronger, more focused, and more resilient businesses.”
VMware Anywhere Workspace is designed to provide robust security and make it easier for IT to support remote employees. To achieve this, the platform combines three solutions in one: VMware Workspace One, VMware Carbon Black Cloud and VMware SASE.
Together the three solutions provide unified endpoint management, desktop and app virtualization, cloud-native endpoint and workload protection, cloud-delivered security functions, and a host of employee productivity, experience and security solutions.
“A truly hybrid workforce is one that is enabled to work in any location, across any network and device, and with no trade-offs when it comes to employee productivity. However, delivering against this ideal has proven challenging for businesses that often rely on a complex set of legacy security practices and technologies,” said Adam Holtby, Principal Analyst, Omdia. “New security, management, and employee productivity solutions and practices are needed if businesses are to optimally enable and secure a more hybrid, anywhere workforce. This value proposition is at the core of VMware’s new solution, and it is one that has great potential to help the vendor become an important partner for businesses looking to embrace the Future of Work.”
A new report shows that AI is increasingly being used in a defensive capacity, to combat AI-powered cyberattacks.
While AI promises to revolutionize many industries, it’s already creating significant problems in the realm of cybersecurity. A new report by MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, shows just how much AI is impacting the field.
Offensive AI risks and developments in the cyberthreat landscape are redefining enterprise security, as humans already struggle to keep pace with advanced attacks.
In fact, 60% of respondents said that human response measures were already falling behind automated attacks. As a result, 96% of respondents are deploying AI to help defend against AI attacks.
Of the various types of threats, email and phishing attacks were the most troubling. Some 40% found email and phishing attacks “very concerning,” with 34% viewing them as “somewhat concerning.” A staggering 94% of detected malware is spread via email. AI makes the problem even worse by creating emails that are almost indistinguishable from legitimate ones.
Max Heinemeyer, director of threat hunting for Darktrace, saw email phishing attempts adapt as a result of the pandemic. “We saw a lot of emails saying things like, ‘Click here to see which people in your area are infected,’” he says.
Based on MIT and Darktrace’s report, it appears the industry is entering an AI arms race, one that will have significant implications on the future of cybersecurity.
A National Security Agency (NSA) hacking tool was stolen by Chinese hackers in 2014 and used against US targets, according to researchers.
The NSA is tasked with protecting US digital communications and resources, as well as trying to crack the communications of entities the US considers hostile. The agency also engages in signal intelligence gathering, both foreign and domestic. As part of its activities, the NSA develops tools to help it crack encryption and hack into systems. The Tailored Access Operations (TAO) NSA unit, also known as the “Equation Group,” is primarily responsible for the latter realm of operations.
According to researchers at Check Point Research, it appears that one of the Equation Group’s tools was stolen by Chinese hackers in 2014. The group, APT31, is a state-sponsored hacking group.
This isn’t the first time NSA tools have been suspected of being stolen and used. In 2017, a group called the “Shadow Brokers” managed to gain access to and leak Equation Group tools. What makes this latest revelation so interesting, and disturbing, is that it predates the Shadow Brokers leak by more than two years.
APT31 used the NSA’s code and modified it to create their own version of the exploit called “Jian.”
We began with analyzing “Jian”, the Chinese (APT31 / Zirconium) exploit for CVE-2017-0005, which was reported by Lockheed Martin’s Computer Incident Response Team. To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called “EpMe”. This means that an Equation Group exploit was eventually used by a Chinese-affiliated group, probably against American targets.
Check Point Research came to some disturbing conclusions regarding exactly how APT31 gained access to the NSA code.
The case of EpMe / Jian is different, as we clearly showed that Jian was constructed from the actual 32-bits and 64-bits versions of the Equation Group exploit. This means that in this scenario, the Chinese APT acquired the exploit samples themselves, in all of their supported versions. Having dated APT31’s samples to 3 years prior to the Shadow Broker’s “Lost in Translation” leak, our estimate is that these Equation Group exploit samples could have been acquired by the Chinese APT in one of these ways:
Captured during an Equation Group network operation on a Chinese target.
Captured during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT.
Captured by the Chinese APT during an attack on Equation Group infrastructure.
Needless to say, it’s disconcerting that an agency with the goal of protecting US communications seems to have such an issue keeping its most dangerous tools secure — tools that end up being used against the very targets its tasked with protecting.
A groups of hackers has gained access to roughly 150,000 Verkada security cameras, exposing a slew of customer live feeds.
Verkada is a Silicon Valley startup that specializes in security systems. The company’s cameras are used by a wide range of companies and organizations, including Tesla, police departments, hospitals, clinics, schools and prisons.
The group responsible is an international collective of hackers. They claim to have hacked Verkada to shed light on how pervasive surveillance has become.
In one of the videos, seen by Bloomberg, eight hospital staffers are seen tackling a man and restraining him. Other video feeds include women’s clinics, as well as psychiatric hospitals. What’s more, some of the feeds — including those of some hospitals — use facial recognition to identify and categorize people.
The feeds from the Madison Country Jail in Huntsville, Alabama were particularly telling. Of the 330 cameras in the jail, some were “hidden inside vents, thermostats and defibrillators.”
The entire case is disturbing on multiple fronts. It’s deeply concerning that a company specializing in security, and selling that security to other organizations, would suffer such a devastating breach. It’s equally concerning, however, to see the depth of surveillance being conducted, as well as the lengths being taken to hide the surveillance.
Senator Edward J. Markey and Congressman Ted W. Lieu have reintroduced the Cyber Shield Act legislation to tackle Internet of Things (IoT) security.
The Cyber Shield Act will create a voluntary certification program for IoT devices, ensuring they meet a certain security standard. The installed base of IoT devices is expected to hit 75.44 billion by 2025. Those devices include baby monitors, smart locks, cameras, home assistants, cell phones, laptops and much more.
Unfortunately, it’s estimated that 98% of IoT data is unencrypted, leaving important data vulnerable to attack. IoT security is also one of the leading issues the enterprise faces, with 50% listing security and data privacy as their top concern.
The Cyber Shield Act attempts to address those issues by establishing an advisory committee of cybersecurity experts from a wide range of industries. The committee will establish cybersecurity benchmarks for the myriad of IoT devices, giving the industry a clear goal and set of parameters to work within.
The legislation would also allow for a “Cyber Shield” badge that certified products could display, serving as a way for consumers to make educated choices about what devices to purchase.
“The IoT will also stand for the Internet of Threats until we put in place appropriate cybersecurity safeguards,” said Senator Markey. “With as many as 75 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, personal privacy, and global security. By creating a cybersecurity certification program, the Cyber Shield Act will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety. I thank Congressman Lieu for his partnership on this essential legislation.”
“Championing innovation is important, because technological advancement can make our lives easier and more efficient. But, for every smart refrigerator or wifi-enabled baby monitor, there comes increased cybersecurity risks that make consumers vulnerable to hacking and invasions of privacy. As we connect more parts of our lives to the internet, we have to make sure we’re doing it safely. That’s where Sen. Markey and my Cyber Shield Act comes in,” said Representative Lieu. “By creating a voluntary program allowing IoT manufacturers to certify the security of their devices, we’re encouraging the idea that cybersecurity should be top of mind for industry and consumers alike. It’s a great solution to an ever-increasing problem, and I’m grateful to have Sen. Markey as a partner on this bill.”
A copy of the legislation can be viewed here (PDF).
Police are reporting that white supremacists and other fringe groups are increasingly targeting cell phone towers.
A report by the New York City Police Department, obtained by The Intercept, found that white supremacists and conspiracy theorists “increasingly target critical infrastructure to incite fear, disrupt essential services, and cause economic damage with the United States and abroad.”
In addition to the high-profile case of Anthony Quinn Warner, who bombed the AT&T building in Nashville, The Intercept also cited a case where individuals broke into a cell tower in Tennessee, cutting fiber-optic cables and destroying other equipment.
According to the NYPD’s Intelligence Bureau, infrastructure sites are increasingly high-profile targets for these groups.
“In recent months, white supremacist extremists, neo-Nazis, far-right Telegram groups, and online conspiracy theorists have all emphasized attacking valuable critical infrastructure targets.”
The attacks come at a time when carriers are racing to deploy 5G and when companies and individuals are relying on internet connectivity more than ever.
Any hopes Huawei had of the Biden administration easing up on restrictions were dashed, as the new administration is doubling down.
The Trump administration took a hard stance against the Chinese telecommunications firm, claiming it was a threat to national security. The US ultimately banned Huawei, and engaged in a determined effort to convince allies to do the same, many of whom followed suit. Intelligence agencies around the world joined in, calling Huawei a security threat.
Throughout it all, Huawei has continued to maintain its innocence and claim to be the victim of unfair persecution. Some critics have also wondered if the company truly posed the threat the administration and intelligence agencies claimed, or if the restrictions were merely part of the Trump administration’s trade war against China. As a result, Huawei hoped a change in administration would bring a more favorable climate.
It appears those hopes were unfounded, as the Biden administration has imposed further restrictions, according to Reuters, modifying existing licenses that permitted some companies to do business with the Chinese firm. The administration is adding additional limitations to what components companies can sell to Huawei, specifically components that can be used for 5G.
In particular, the new restrictions are aimed at bringing older licenses, that were more lenient, in line with the more stringent restrictions the Trump administration later imposed, essentially ending the “grandfathered” status of the older licenses.
Huawei has already been reeling from the sanctions and restrictions, forcing it to consider alternative businesses. It now appears things are poised to get even worse.
Linux Mint is considering measures to keep users up-to-date, including Windows 10-style forced updates.
Linux Mint is a popular, community-driven distribution (distro) based on Ubuntu. Unfortunately, like users of other operating systems (OS), many Linux Mint users are slow to update, both applications and the OS itself.
In a blog post detailing the problem, the Linux Mint teams notes that only 30% of users updated to the latest version of their web browser in less than a week. Similarly, while acknowledging it is hard to get an exact figure, between 5% and 30% of users are running Linux 17.x.
0% of users should run Linux Mint 17.x! Anything above is not good, whether it’s 5% or 30%.
Linux Mint 17.x reached EOL (End-Of-Life) in April 2019. In other words it stopped receiving security updates for almost 2 years now!
In another blog post, posted Sunday, the Linux Mint team discusses some of the options on the table, including forced updates.
In some cases the Update Manager will be able to remind you to apply updates. In a few of them it might even insist. We don’t want it to be dumb and get in your way though. It’s here to help. If you are handling things your way, it will detect smart patterns and usages. It will also be configurable and let you change the way it’s set up.
It remains to be seen how the community will respond. Forced updates have been one of Windows 10’s most unpopular features. The Linux Mint team may be playing with fire venturing into forced update territory.
A new malware discovered on some 30,000 Macs — both Intel and Apple’s M1 variety — has researchers stumped.
Malware is a relatively rare thing in the Mac community. For decades, the Mac enjoyed “security through obscurity,” meaning that its low market share made it a low-priority target for most hackers. In addition, macOS is based on UNIX, giving it relatively secure underpinnings. Apple has also taken a number of major steps to further harden macOS, all of which make it a very secure operating system (OS).
Nonetheless, researchers at Red Canary have discovered two variants of a macOS malware they have dubbed “Silver Sparrow.” According to the researchers, the only real difference between the two variants is that one targets Intel-based Macs exclusively, while the second is a universal binary, meaning it is compiled to run on Intel and M1-based Macs.
The latter is especially significant, since Apple’s custom M1 chip is based on Arm designs, and is essentially a desktop-class version of the chip used in the iPhone and iPad. As of the time of writing, Silver Sparrow has infected some 29,139 Macs in 153 countries. High numbers of infected machines were found in the US, UK, Canada, France and Germany.
What’s even more suspicious, however, is there doesn’t appear to be a payload in the malware. A payload is the final goal the malware is programmed with, such as locking files for ransom, deleting files, stealing information, etc. With Silver Sparrow, researchers have yet to find its payload. They know the malware checks every hour to see what new content its creators want it to download but, as of yet, no payload has been downloaded by the infected machines.
“After observing the malware for over a week, neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow activity a mystery,” writes Red Canary’s Tony Lambert.
Red Canary also found the malware was “distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates,” adds Lambert. “In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg.”
It remains to be seen what the ultimate goal of Silver Sparrow’s creators is. In the meantime, macOS users should update their antivirus software and check out Red Canary’s blog for detection and mitigation information.
“COVID has really impacted the aerospace industry in this nation and nations around the world disproportionately to other industries… and the Air Force has not been exempt from these impacts,” says former Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Dr. Will Roper:
COVID Has Really Impacted Aerospace… and the Air Force
COVID has really impacted the aerospace industry in this nation and nations around the world disproportionately to other industries. The Air Force has not been exempt from these impacts. We have had to go into a wartime posture and engage with exceptional authorities and funding to keep the aerospace industry, which allows us to go to war, whole.
But aside from the crisis response that we’ve all been in it’s forced us to do some serious reflection about how we engage with production and supply chains going forward. How does the Air Force need to change the way it views its future self so that we’re not just more ready for a crisis when it occurs but we’re actually designing better systems, doing better engineering, and using technology more effectively? Systems that we need to go to war are going to be hidden behind doors where their vulnerabilities are never going to be exposed because of secrecy.
Secrecy Hinders Our Ability To Digitally Go To War
We’re moving into an era where we’re leveraging commercial technology more frequently. Because of that, we can no longer hope that secrecy, keeping our systems classified, will be the sole means for us to be secure. We need to find a new paradigm where openness is also part of our security posture. Now we’re not going to be able to copy commercial industry one for one. Our systems in many cases don’t have a commercial analog. We can’t quickly replace them.
We’re not in a competition where spirals occur in years. Many of our aerospace breakthroughs, especially those in technologies like stealth, take time to do. Secrecy is going to continue to be part of the equation. But secrecy can’t be the catch-all approach to how we ensure systems are able to digitally go to war and be ready to fight in a cyber environment against an adversary as capable as we are.
Containerization Solves The Secrecy Problem
The software development capabilities that technologies like Kubernetes or containerization and Istio bring in to the Air Force. It’s amazing that companies like Google that have now transitioned this to an open-source driven initiative have solved a lot of what we would have to solve as a military. How do you write code in a development environment, in that tech stack that may also represent the physical aspects of your system, but it certainly represents the software components?
How do you go from your development environment out to the edge securely and know your code will run the same way. Containerization solves that problem for us. The military is behind and adopting it. It’s not old but this technology is moving through industry as fast as Linux did. If we don’t get off the dime we will be left behind. Keep pushing the Air Force and Space Force on this. Do not let us get comfortable.
COVID Has Really Impacted Aerospace… and the Air Force
