Седмицата в „Тоест“ (1–5 ноември)

Post Syndicated from Тоест original https://toest.bg/editorial-1-5-november-2021/

Следващата седмица по същото време ще е т.нар. ден за размисъл преди поредните избори тази година. А предизборната кампания продължава да е лишена от смисъл, послания и идеи за бъдещето ни. Междувременно през току-що отминалия месец COVID-19 отне живота на 7 пъти повече българи спрямо миналогодишния октомври, когато пак бяхме в пандемична вълна. Ноември се очертава да бъде още по-черен, след като само за първите му пет дни починалите надхвърлиха 750.

Емилия Милчева

В коментара си Емилия Милчева размишлява за племето и мишките, простете… лидерите. „За близо 20 месеца не се намери лидер от „партиите на статуквото“ или от „партиите на промяната“, или от която и да е партия изобщо, който последователно, твърдо и на висок глас да говори за необходимостта от ваксинация, да призовава и да следва тази линия по време на цялата предизборна кампания, не само чрез спорадични възклицания. А тези партии ще излъчат правителство след изборите на 14 ноември, което да се справя с пандемията още от първия си ден“, коментира Емилия. Нейният текст тази седмица носи тежкото заглавие „Измирането на българското племе“.


Йоанна Елми

Въпреки незавидното ни челно място по смъртност от ковид, у нас продължава и разпространението на невярна информация, свързана с ваксините и заболяването като цяло. Мерките за ограничаване на заболеваемостта са критикувани, че нарушават правата на гражданите, а широко разпространена е тезата, че никой не носи отговорност за здравето на хората след прилагане на ваксина. Йоанна Елми провери дали това е така, в разговор с адвокат Мария Шаркова, специалистка в областта на медицинското право.


Светла Енчева

Друга важна тема, която политическият ни елит проспива от години и отново не събра кураж да адресира в нито една от многото предизборни кампании през 2021 г., е за престъпленията от омраза срещу ЛГБТИ хората. Един криминален акт от миналия уикенд напомня колко неотложна е тази тема. Повече от Светла Енчева – в нейния материал „Слонът в стаята и как (не) се говори за него“.


Венелина Попова

Неотдавна политологът Иван Кръстев коментира, че ако и след тези избори не бъде съставено правителство, това ще бъде равносилно на „колективно самоубийство на българската политическа система“. Мнение, споделяно и подкрепено и от други анализатори. Това е темата и на тазседмичния вътрешнополитически коментар на Венелина Попова – „След изборите“.


Зорница Христова

Трите нови книжни заглавия, които Зорница Христова ни препоръчва в рубриката „По буквите“, този път са „Разкази“ на Наталия Мешчанинова, „За писането“ на Лев Толстой, както и сборникът с разкази на Елена Алексиева „Прекъсването на самсара“, отличена в края на октомври с голямата награда на конкурса „Йордан Радичков“, а само преди дни – и с награда „Перото“ в категория „Проза“.


Николета Атанасова

🎙 Време е и за нов епизод от подкаст поредицата ни „Създатели и мечтатели“. В третия епизод, озаглавен „Светлописница“, Николета Атанасова разказва за първите български фотографи още от времето преди Освобождението – за Атанас Йованович, фамилията Карастоянови, Георги Данчов – Зографина, Никола и Тома Хитрови и техните чудати истории. И за фотографията като възможност за свързване и посредник за емпатия.

Приятен брой и до следващата събота! Пазете се и се ваксинирайте, ако все още не сте! #отнасзависи

Източник

Friday Squid Blogging: Squid Game Cryptocurrency Was a Scam

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2021/11/friday-squid-blogging-squid-game-cryptocurrency-was-a-scam.html

The Squid Game cryptocurrency was a complete scam:

The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This kind of theft, commonly called a “rug pull” by crypto investors, happens when the creators of the crypto quickly cash out their coins for real money, draining the liquidity pool from the exchange.

I don’t know why anyone would trust an investment — any investment — that you could buy but not sell.

Wired story.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Metasploit Wrap-Up

Post Syndicated from Spencer McIntyre original https://blog.rapid7.com/2021/11/05/metasploit-wrap-up-137/

GitLab RCE

Metasploit Wrap-Up

New Rapid7 team member jbaines-r7 wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to achieve this desired effect. The first vulnerability is in GitLab itself that can be leveraged to pass invalid image files to the ExifTool parser which contained the second vulnerability whereby a specially-constructed image could be used to execute code. For even more information on these vulnerabilities, check out Rapid7’s post.

Less Than BulletProof

This week community member h00die submitted another WordPress module. This one leverages an information disclosure vulnerability in the WordPress BulletProof Security plugin that can disclose user credentials from a backup file. These credentials could then be used by a malicious attacker to login to WordPress if the hashed password is able to be cracked in an offline attack.

Metasploit Masterfully Manages Meterpreter Metadata

Each Meterpreter implementation is a unique snowflake that often incorporates API commands that others may not. A great example of this are all the missing Kiwi commands in the Linux Meterpreter. Metasploit now has much better support for modules to identify the functionality they require a Meterpreter session to have in order to run. This will help alleviate frustration encountered by users when they try to run a post module with a Meterpreter type that doesn’t offer functionality that is needed. This furthers the Metasploit project goal of providing more meaningful error information regarding post module incompatibilities which has been an ongoing effort this year.

New module content (3)

  • WordPress BulletProof Security Backup Disclosure by Ron Jost (Hacker5preme) and h00die, which exploits CVE-2021-39327 – This adds an auxiliary module that leverages an information disclosure vulnerability in the BulletproofSecurity plugin for WordPress. This vulnerability is identified as CVE-2021-39327. The module retrieves a backup file, which is publicly accessible, and extracts user credentials from the database backup.
  • GitLab Unauthenticated Remote ExifTool Command Injection by William Bowling and jbaines-r7, which exploits CVE-2021-22204 and CVE-2021-22205 – This adds an exploit for an unauthenticated remote command injection in GitLab via a separate vulnerability within ExifTool. The vulnerabilities are identified as CVE-2021-22204 and CVE-2021-22205.
  • WordPress Plugin Pie Register Auth Bypass to RCE by Lotfi13-DZ and h00die – This exploits an authentication bypass which leads to arbitrary code execution in versions 3.7.1.4 and below of the WordPress plugin, pie-register. Supplying a valid admin id to the user_id_social_site parameter in a POST request now returns a valid session cookie. With that session cookie, a PHP payload as a plugin is uploaded and requested, resulting in code execution.

Enhancements and features

  • #15665 from adfoster-r7 – This adds additional metadata to exploit modules to specify Meterpreter command requirements. Metadata information is used to add a descriptive warning when running modules with a Meterpreter implementation that doesn’t support the required command functionality.
  • #15782 from k0pak4 – This updates the iis_internal_ip module to include coverage for the PROPFIND internal IP address disclosure as described by CVE-2002-0422.

Bugs fixed

  • #15805 from timwr – This bumps the metasploit-payloads version to include two bug fixes for the Python Meterpreter.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).

Ryabitsev: lore+lei: part 1, getting started

Post Syndicated from original https://lwn.net/Articles/875239/rss

Konstantin Ryabitsev introduces
the “local email interface” (lei) functionality for the lore archive of
kernel mailing lists.

Even though it started out as merely a list archival service, it
quickly became obvious that lore could be used for a lot more. Many
developers ended up using its search features to quickly locate
emails of interest, which in turn raised a simple question — what
if there was a way to “save a search” and have it deliver all new
incoming mail matching certain parameters straight to the
developers’ inbox?

You can now do this with lei.

New NPM library hijacks (coa and rc)

Post Syndicated from Caitlin Condon original https://blog.rapid7.com/2021/11/05/new-npm-library-hijacks-coa-and-rc/

New NPM library hijacks (coa and rc)

On Thursday, November 4, 2021, barely more than a week after ua-parser-js was hijacked, another popular NPM library called coa (Command-Option-Argument), which is used in React packages around the world, was hijacked to distribute credential-stealing malware. The developer community noticed something was amiss when strange new versions of coa appeared on npm, breaking software builds.

Another popular NPM component, rc, was also evidently hijacked to run malicious code in Windows environments. According to NPM, the malware identified in the rc hijack was identical to the malware distributed in the coa hijack.

Both coa and rc are used by millions of developers and projects. As of Friday, November 5, several developers and users had called for NPM to implement stricter security measures, including MFA on developer accounts.

Mitigation Guidance

NPM has reportedly removed compromised versions of coa. The maintainers said on Thursday:

“Users of affected versions (2.0.3 and above) should downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold.

"Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.”

Mitigation instructions for rc are identical to above. The affected versions of rc are 1.2.9, 1.3.9, and 2.3.9. Those users should downgrade to 1.2.8 as soon as possible and check their systems for suspicious activity, taking care to rotate secrets.

All users of coa and rc should look for compile.js, compile.bat, sdd.dll files and delete or investigate those files. Version pinning may help mitigate risk against future attacks of this nature. BleepingComputer has more information on the attack and the malware’s behavior here.

Should I Hire a MSP?

Post Syndicated from Jeremy Milk original https://www.backblaze.com/blog/should-i-hire-a-msp/

Every business faces an ongoing IT question—when to manage some or all IT services or projects in-house and when to outsource them. Maybe you’re facing a new challenge, be it safeguarding against next-gen threats or deploying a new tech stack. Maybe a windfall of growth makes small IT problems bigger. Maybe your IT manager leaves suddenly, and you’re left in the lurch (true story). Or it may just be a desire to focus headcount elsewhere, difficulty finding the right talent, or a push for more efficiency.

If you’re nodding your head yes to any of the above, the answer may be to consider outsourcing a part of the project, or all of it, to a managed service provider. Especially as technologies and threats evolve, how you manage IT resources matters.

In this post, we explain why businesses should be thinking about IT management early on, and when and why hiring a managed service provider (MSP) makes sense when you don’t want to resource IT in-house.

What Is a MSP?

MSPs are companies that provide outsourced IT services to businesses. These services can range from offering light support as needed to installing and running new workflows and scalable systems ongoing. They can even help by leading technical build-outs as companies grow and move into new facilities.

A business can hire a MSP to provide help with one task that they would prefer not to be handled in-house, like data backup or disaster recovery, or they can outsource to an MSP to run their entire IT infrastructure.

When You Need More Than a Band-aid to Fix the Problem

Back to that true story I hinted at above, here’s a personal example from my past when I decided to hire a MSP: Many years ago, I was director of strategy and operations for a boutique management consulting firm when our sole IT manager rather abruptly decided to exit the organization. Before leaving, he emailed me—a fairly non-technical person at the time—instructions for maintaining on-premises servers and laptops in various states of readiness, along with advice that I shouldn’t let company leadership switch from PCs to Macs because it would wreak havoc. At this time, we had also recently deployed Microsoft Sharepoint for document management and storage, but the team hadn’t gotten used to it yet—they still relied on hard drives and emailing copies of important documents to themselves to back them up. What could we do?

My first thought had been to backfill IT management. Yet the team and I didn’t feel we had the knowledge to effectively assess candidates’ skills. We also saw the need and skillset evolving over time, so calling upon a trusted advisor to help vet candidates likely wasn’t the solution. Here were our key criteria:

  • Competence to solve immediate problems.
  • Vision to plan and execute for the future.
  • Internal customer orientation.
  • Cultural fit.
  • Willingness to be called upon nights and weekends.

It was a big ask.

And we also weren’t sure if we needed a full-time resource forever. So instead of going that route, I started to explore outsourcing our IT infrastructure management and was happy to find MSPs that could effectively handle the organization’s requirements. The MSP that we ultimately chose brought executional excellence, strategic thinking, and high-quality service. I heard nothing but positive feedback from the greater consulting team—team members felt more supported and confident in using technology solutions. As a bonus, choosing a MSP to handle our IT management yielded around 25% IT budget savings compared to hiring a full-time employee and buying or deploying tools ourselves.

The MSP support model is a great choice both in the short or long term depending on a company’s needs, but it might not be right for every business. How do you know if hiring a MSP is right for you?

What to Consider When Hiring a MSP

There are a number of reasons that a company could outsource their IT management to a MSP. When weighing the options, consider the following:

  • What services do you need?
  • What skills do you have or wish to have in-house?
  • How important are the services and skills you need (e.g. security versus less consequential services)?
  • How long will you need support for these services and skills (e.g. ongoing versus one time)?
  • What are your other considerations (e.g. budget, headcount, etc.)?

Services and Skills

MSPs offer a wide range of services and specialties, from isolated tasks like disaster recovery to ongoing projects like IT infrastructure management. The scope of your needs can help you decide whether hiring or relying on internal support can provide you with appropriate coverage, or whether outsourcing to a MSP will provide the necessary expertise. Some MSPs also specialize in specific industries with specific IT needs.

Security

Data security has never been more important, and the consequences of recovering from a cybersecurity attack are costly. If you already have a ransomware protection and disaster recovery system covered in-house, then you’re all set. On the other hand, if you’re not entirely confident that there is a system in place protecting your company data and backing it up, or if you feel that you or your team aren’t able to keep up with threats as they are evolving, a MSP can help take over that effort for you.

A MSP can identify any preventative or maintenance issues and address them before any data loss occurs. MSPs can also offer ongoing security monitoring and scan for vulnerabilities in your network, keeping your business ahead of a possible attack. Additionally, MSPs can help with regularly maintaining a company’s network so these important security measures don’t fall to the wayside.

MSPs in Action

Continuity Centers is a New York area-based MSP specializing in business continuity and disaster recovery.

In 2020, Continuity Centers implemented Veeam backup software to offer their customers added security and recovery support. They chose to implement Backblaze’s immutable backups feature with Veeam, so they are able to protect data in Backblaze B2 Cloud Storage from ransomware attacks or data loss. The savings that Continuity Centers gained from choosing Backblaze B2 as their cloud provider allowed them to offer enhanced data protection services without raising prices for their customers.

Support Duration

A MSP can provide one-time assistance or setup for a specific service you need, or longer-term management depending on the scope of the project. If your business requires 24/7 support, some remote MSP services are available for continuous assistance. Many MSPs offer real-time monitoring and management to ensure that any issues can be identified and fixed before they pose a threat to business operations.

Budget

Hiring an expert to handle IT management in-house can be costly—not to mention building and maintaining a team. Hiring a MSP can free up resources and save money in the long run with predictable, fixed prices.

Another important budgetary factor to consider is the cost of downtime in the case of a ransomware attack. While ransom payments continue to be one of the highest costs to businesses, the true cost of ransomware includes downtime, people hours, device costs, network costs, lost opportunities, and more. MSPs that provide business continuity services can help minimize these costs and ensure they’re avoided in the future.

MSPs in Action

Clicpomme is a Montréal, Québec-based MSP specializing in IT services and solutions for Apple products.

Their solutions range from device and IT infrastructure management to server deployment and off-site backup. Clicpomme uses the Backblaze mass deployment feature to easily deploy Backblaze software on customers’ endpoints at scale, so customers don’t have to handle deployment or backup management themselves.

Is a MSP Right for Your Business?

Are you considering getting help from a MSP with your IT management, or have you turned to one in the past? Comment with your questions or experience working with a MSP below.

The post Should I Hire a MSP? appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Migrate your Applications to Containers at Scale

Post Syndicated from John O'Donnell original https://aws.amazon.com/blogs/architecture/migrate-your-applications-to-containers-at-scale/

AWS App2Container is a command line tool that you can install on a server to automate the containerization of applications. This simplifies the process of migrating a single server to containers. But if you have a fleet of servers, the process of migrating all of them could be quite time-consuming. In this situation, you can automate the process using App2Container. You’ll then be able to leverage configuration management tools such as Chef, Ansible, or AWS Systems Manager. In this blog, we will illustrate an architecture to scale out App2Container, using AWS Systems Manager.

Why migrate to containers?

Organizations can move to secure, low-touch services with Containers on AWS. A container is a lightweight, standalone collection of software that includes everything needed to run an application. This can include code, runtime, system tools, system libraries, and settings. Containers provide logical isolation and will always run the same, regardless of the host environment.

If you are running a .NET application hosted on Windows Internet Information Server (IIS), when it reaches end of life (EOL) you have two options. Either migrate entire server platforms, or re-host websites on other hosting platforms. Both options require manual effort and are often too complex to implement for legacy workloads. Once workloads have been migrated, you must still perform costly ongoing patching and maintenance.

Modernize with AWS App2Container

Containers can be used for these legacy workloads via AWS App2Container. AWS App2Container is a command line interface (CLI) tool for modernizing .NET and Java applications into containerized applications. App2Container analyzes and builds an inventory of all applications running in virtual machines, on-premises, or in the cloud. App2Container reduces the need to migrate the entire server OS, and moves only the specific workloads needed.

After you select the application you want to containerize, App2Container does the following:

  • Packages the application artifact and identified dependencies into container images
  • Configures the network ports
  • Generates the infrastructure, Amazon Elastic Container Service (ECS) tasks, and Kubernetes pod definitions

App2Container has a specific set of steps and requirements you must follow to create container images:

  1. Create an Amazon Simple Storage Service (S3) bucket to store your artifacts generated from each server.
  2. Create an AWS Identity and Access Management (IAM) user that has access to the Amazon S3 buckets and a designated Amazon Elastic Container Registry (ECR).
  3. Deploy a worker node as an Amazon Elastic Compute Cloud (Amazon EC2) instance. This will include a compatible operating system, which will take the artifacts and convert them into containers.
  4. Install the App2Container agent on each server that you want to migrate.
  5. Run a set of commands on each server for each application that you want to convert into a container.
  6. Run the commands on your worker node to perform the containerization and deployment.

Following, we will introduce a way to automate App2Container to reduce the time needed to deploy and scale this functionality throughout your environment.

Scaling App2Container

AWS App2Container streamlines the process of containerizing applications on a single server. For each server you must install the App2Container agent, initialize it, run an inventory, and run an analysis. But you can save time when containerizing a fleet of machines by automation, using AWS Systems Manager. AWS Systems Manager enables you to create documents with a set of command line steps that can be applied to one or more servers.

App2Container also supports setting up a worker node that can consume the output of the App2Container analysis step. This can be deployed to the new containerized version of the applications. This allows you to follow the security best practice of least privilege. Only the worker node will have permissions to deploy containerized applications. The migrating servers will need permissions to write the analysis output into an S3 bucket.

Separate the App2Container process into two parts to use the worker node.

  • Analysis. This runs on the target server we are migrating. The results are output into S3.
  • Deployment. This runs on the worker node. It pushes the container image to Amazon ECR. It can deploy a running container to either Amazon ECS or Amazon Elastic Kubernetes Service (EKS).
Figure 1. App2Container scaling architecture overview

Figure 1. App2Container scaling architecture overview

Architectural walkthrough

As you can see in Figure 1, we need to set up an Amazon EC2 instance as the worker node, an S3 bucket for the analysis output, and two AWS Systems Manager documents. The first document is run on the target server. It will install App2Container and run the analysis steps. The second document is run on the worker node and handles the deployment of the container image.
The AWS Systems Manager targets one or many hosts, enabling you to run the analysis step in parallel for multiple servers. Results and artifacts such as files or .Net assembly code, are sent to the preconfigured Amazon S3 bucket for processing as shown in Figure 2.

Figure 2. Container migration target servers

Figure 2. Container migration target servers

After the artifacts have been generated, a second document can be run against the worker node. This scans all files in the Amazon S3 bucket, and workloads are automatically containerized. The resulting images are pushed to Amazon ECR, as shown in Figure 3.

Figure 3. Container migration conversion

Figure 3. Container migration conversion

When this process is completed, you can then choose how to deploy these images, using Amazon ECS and/or Amazon EKS. Once the images and deployments are tested and the migration is completed, target servers and migration factory resources can be safely decommissioned.

This architecture demonstrates an automated approach to containerizing .NET web applications. AWS Systems Manager is used for discovery, package creation, and posting to an Amazon S3 bucket. An EC2 instance converts the package into a container so it is ready to use. The final step is to push the converted container to a scalable container repository (Amazon ECR). This way it can easily be integrated into our container platforms (ECS and EKS).

Summary

This solution offers many benefits to migrating legacy .Net based websites directly to containers. This proposed architecture is powered by AWS App2Container and automates the tooling on many targets in a secure manner. It is important to keep in mind that every customer portfolio and application requirements are unique. Therefore, it’s essential to validate and review any migration plans with business and application owners. With the right planning, engagement, and implementation, you should have a smooth and rapid journey to AWS Containers.

If you have any questions, post your thoughts in the comments section.

For further reading:

2022 Planning: The Path to Effective Cybersecurity Maturity

Post Syndicated from Jesse Mack original https://blog.rapid7.com/2021/11/05/2022-planning-the-path-to-effective-cybersecurity-maturity/

2022 Planning: The Path to Effective Cybersecurity Maturity

When it comes to bringing cyber safety and resilience to all parts of your organization, there is no silver bullet. Achieving cybersecurity maturity isn’t something you can do overnight — it requires a significant amount of planning, prioritizing, and coordinating across the business.

While this might sound daunting, just remember that gaining maturity in your organization’s security program is a journey, not a destination. It’s something you need to whittle away at by building a strong path and adapting to the ever-evolving threat and regulatory landscapes. And you don’t have to do it alone.

On Thursday, November 4, three members of Rapid7’s team — Wade Woolwine, Principal, Information Security; Erick Galinkin, Principal Artificial Intelligence Researcher; and Bob Rudis, Senior Director – Chief Security Data Scientist — sat down to discuss the path to effective cybersecurity maturity, including how organizations can start that journey and how to measure progress along the way.

Begin With a Plan

Bob started the discussion with apt advice, “You’re not going to make progress if you don’t have a plan.”

In other words, you can’t throw money at your security program and hope to achieve well-rounded, comprehensive results. Even the most well-funded organizations still have room to grow and learn when it comes to security, because the threat landscape is constantly changing. While you might have a strong endpoint security program today, a new threat may emerge tomorrow that you haven’t prepared for, or a new technology could crest the horizon and change your entire approach to locking down devices.

While it’s nice to have the shiniest toys to play with, you may not need to invest in the priciest or fanciest security tools on the market to achieve a mature cybersecurity program. Instead, develop a plan that brings the right people, processes, and technology together to achieve maturity across the organization.

And that all starts with prioritization.

Identify What Matters to Your Organization and Prioritize Accordingly

If you haven’t started your security journey yet or you’re still in an early stage of development, you may not know where to begin. Wade suggested the following: “Begin with a threat.”

What is your organization worried about the most? What threat is specifically endangering your organization? For example, if you’re in the healthcare or financial services industry, you may be particularly concerned about someone accessing and stealing personally identifiable information.

Identify the risks facing your business and shape your security plan around it. As Wade said, “Whittle down the list of things you want to implement. You need to prioritize and refine the list of controls you need to put in place, focusing on the data that matters most to the business and is most attractive to attackers.”

Doing this will help you get started, and as your security strategy grows in maturity, you can reassess your objectives accordingly. It should adapt with the landscape, never staying stagnant, to keep up with the latest threats.

Keep Track of Your Progress

When it comes to measuring your progress, it can be difficult to assess what specific metrics provide value. Once you start optimizing for one particular thing, it can become the sole focus, which means you may lose sight of other important factors.

Erick and Wade talked about this at length. “You want a variety of metrics,” Erick said. “Your metrics need to reflect something important and valuable for your security maturity program.”

Continuing this line of thought, Erick touched on how this ties into your security culture: “In security, it is so important to breed a culture that values honesty over metrics.” Things will go wrong, and when they do, it needs to be marked down, even if it may affect how positive your metrics are at the end of the year.

Wade had similar advice about metrics, saying that you need to decorate certain metrics, like mean time to respond (MTTR), with others to paint a better picture. Security metrics are often complex and intricate — one positive measurement is not emblematic of the success or maturity of your entire security program, and it’s important to communicate this fact to leadership who may get overly focused on single values.




2022 Planning: The Path to Effective Cybersecurity Maturity

Head to our 2022 Planning series page for more – full replay available soon!

Base Your Plan on Existing Frameworks

Finally, if you don’t have particular regulations or compliance standards to adhere to in your industry, Wade and Erick suggest basing your security maturity program on the National Institute of Standards and Technology’s Cybersecurity Framework.

As Wade said, “It’s a good guide to help you make decisions on which of the components of the framework you can use to accomplish the security goals and requirements you need to achieve for your organization.”

When in doubt, focus on risk reduction for the business. Once you have achieved risk reduction to the point where the business is accepting the remainder of the risk, then you can focus on efficiency. These are the two core phases of security maturity, and organizations will continually go back and forth between these stages as new threats, technologies, and regulations emerge.

If you haven’t embarked on your cybersecurity maturity journey yet, you should start it. Make it a priority for your business to protect against attacks and the evolving cyberthreat landscape, and use these tips to help you along the way.

For the full discussion that goes in-depth on all of the above and more, visit this link. The on-demand recording of this session will be available soon, and the first webinar recording is available now.

Stay tuned for the third and final installment in our 2022 Planning webcast series! Next up, we’ll be discussing how an experienced CISO approaches planning, from thinking about priorities and allocating resources to getting buy-in from leadership and the entire business. Sign up today!

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

[$] The balance between features and performance in the block layer

Post Syndicated from original https://lwn.net/Articles/874643/rss

Back in September, LWN reported on a series
of block-layer optimizations that enabled a suitably equipped system to
sustain 3.5 million I/O operations per second (IOPS). That
optimization work has continued since then, and those 3.5 million IOPS
would be a deeply disappointing result now. A recent disagreement over the
addition of a new feature has highlighted the potential cost of a heavily
optimized block layer, though; when is a feature deemed important enough to
outweigh the drive for maximum performance?

Security updates for Friday

Post Syndicated from original https://lwn.net/Articles/875212/rss

Security updates have been issued by Debian (python3.5, redis, and udisks2), Fedora (rust), openSUSE (binutils, java-1_8_0-openj9, and qemu), Oracle (firefox and httpd), Red Hat (thunderbird), Scientific Linux (thunderbird), and SUSE (binutils, qemu, and systemd).

Conill: an inside look into the illicit ad industry

Post Syndicated from original https://lwn.net/Articles/875189/rss

Ariadne Conill shares
some experience
of working in the online advertising industry.

The cycle of patching on both sides is ongoing to this day. A
friend of mine on Twitter referred to this tug-of-war as “core
war,” which is an apt description: all of the involved actors are
trying to patch each other out of being able to commit or detect
subterfuge, and your browser gets slower and slower as more
mitigations and countermeasures are layered on. If you’re not using
an ad blocker yet, stop reading this, and install one: your browser
will suddenly be a lot more performant.

When students go back to school mobile usage goes down

Post Syndicated from João Tomé original https://blog.cloudflare.com/when-students-go-back-to-school-mobile-usage-goes-down/

When students go back to school mobile usage goes down

For many (especially in the Northern Hemisphere, where about 87% of humans live), September is the “get back to school” (or work) month after a summer break and that also reflects changes in the Internet traffic, particularly in mobile usage.

Looking at our data (you can see many of these insights in Cloudflare Radar) there’s a global trend: mobile traffic lost importance (compared with desktop traffic) in September. The next chart shows there was less percentage of Internet traffic from mobile devices after Monday, September 6, 2021, with a difference of -2% in some days, compared with the previous four weeks (August), and in late September it’s more than -3%.

When students go back to school mobile usage goes down

We can also see that the percentage of desktop traffic increased in September compared to August (we compare here to complete weeks between both months because there are significant differences between weekdays and weekends).

When students go back to school mobile usage goes down

A few of weeks ago, we  saw there are considerable differences between countries regarding the importance of mobile usage. Getting back to work (or office hours) usually means an increase in desktop traffic. In that blog we highlighted the advantages that mobile devices brought to developing countries — many had their first contact with the Internet via a smartphone.

Different calendars to consider

Looking at September 2021, those shifts in Internet trends are more dependent on countries that start their school period at this time of the year and also there are the COVID lockdowns effects (more limited this year) to consider.

In the Northern Hemisphere, many countries start school in September after a break during the summer.

Europe: Back to school brings less time to be mobile

Europe is mostly coherent, and it is easier to check for mobile traffic patterns there. Most countries start school in the first 14 days of September, although Finland, Norway, Sweden and Denmark start in late August (like some states in the US, for example).

There are some countries in Europe where the mobile traffic went down in September more clearly (the overall picture in the continent is similar to the worldwide situation we described). Poland, Malta, Portugal, Italy, Spain registered a drop in specific periods of a few days in September of more than 5% in the mobile traffic percentage of the total Internet traffic.

Let’s ‘travel’ to Spain, a country where mobile traffic usually represents 45% of Internet traffic (in August this number was higher). Spanish schools officially opened for the new school year on Monday, September 6, and mobile traffic percentage lost more than 5% of its importance in some days of that week, a trend that grew the following week.

When students go back to school mobile usage goes down

Portugal: A public holiday makes mobile usage go up

Portugal shows the same trend as other European countries but as shown in the following chart there was an apparent increase in mobile traffic percentage on October 5, 2021.

That Tuesday, Cloudflare’s Lisbon office was closed; the same happened across the country because it happens to be a public holiday, Republic Day. With most people not having to work in the middle of the week, the percentage of mobile traffic has risen (most visible at 19:00 local time).

When students go back to school mobile usage goes down

Downs and ups

In Italy, we can see the same pattern, and it was also in the second week of school that mobile traffic percentage went down up to 8%. But by the end of September, it began to normalise to the values of the end of August.

When students go back to school mobile usage goes down

The trend of mobile traffic going back to having the same level as late August is more clear in the Netherlands.

When students go back to school mobile usage goes down

Japan, where the school year starts in April, but there’s a summer break through July and August (this year there were changes related to COVID), also shows the same trend of a decrease in mobile traffic that we saw in the Netherlands after school returned on September 6, 2021.

When students go back to school mobile usage goes down

US: Start of the school year influenced by COVID

The United States had an atypical start of the school year because of COVID. Many states pushed the return to school from August to September (New York City started on September 13), and there were several schools with online classes because of the pandemic, but there’s also a drop in mobile traffic percentage, especially after Monday, September 6.

When students go back to school mobile usage goes down

Further north of the continent, Canada (the school year officially started on September 1) saw mobile traffic lose more of its importance after September 6, a trend that grew by the end of the month.

When students go back to school mobile usage goes down

China saw a decrease in mobile traffic percentage right away in the beginning of September (when the school year started), but mobile recovered in the last week of the month.

When students go back to school mobile usage goes down

Russia with different patterns

Then there are countries with trends that go the other way around. Russia saw an increase (and not a decrease like in most countries of the Northern Hemisphere) in mobile traffic percentage a few days before the school year. But news reports show that many schools were closed because of COVID and only started to open by September 20 (the next chart shows precisely a decrease of mobile traffic percentage in that week.

When students go back to school mobile usage goes down

The same trend is observed in Cyprus — the only EU country where mobile traffic percentage increases after the first week of school. That could be related with some school closures in the past few weeks COVID related.

When students go back to school mobile usage goes down

Nigeria: COVID impact

When we go to Africa, Nigeria is just above the Earth’s equator line and is the most populous country on the continent (population: 206 million), and the school year was officially scheduled to start on September 13. But reports from UNICEF show that school reopening was postponed a few weeks because of the pandemic situation in Nigeria.

This seems to go along the same lines as our data shows: mobile traffic percentage grew on the week of September 13 and only started to come down by the end of September and the beginning of October.

When students go back to school mobile usage goes down

Conclusion: September, September, the back to school/work centre

September brings shifts in the Internet traffic trends that seem to have an impact on the way people access the Internet and that goes beyond mobile usage, we can also see that worldwide: the Internet traffic percentage grew significantly — some days more than 10% — in September compared to August (like the graph shows).

When students go back to school mobile usage goes down

It’s not that surprising when you realise that most people on Earth live in the Northern Hemisphere, where August is a summer and vacation month for many – although countries like India have the rainy monsoon season in August and Mid-September before autumn, for example. So September is not only the month wherein some countries students go back to school, but also when many go back to work.

Тракинг

Post Syndicated from original http://dni.li/2021/11/05/tracking/

В петък поръчвахме онлайн.

  1. Храна от кварталния супер. Пристигна след по-малко от ден, в събота сутринта.
  2. Витамини и добавки от софийски магазин. Получени в понеделник.
  3. Филтри за климатици от Хонконг. Доставиха ги с DHL във вторник! От Китай!!! Другият край на света!
  4. Храна за котката от Германия. Дойде днес, след 1 седмица точно, като мина през Румъния за по-напряко.
  5. Зимна екипировка за детето от Декатлон. Още не са потвърдили поръчката, камо ли да са изпратили стоката…

За протокола да отбележа, че Декатлон са на 6 километра от нас.

От друга страна… Миналият месец поръчвах сурови ядки от магазин, чийто редовен клиент съм от почти 2 години. Две седмици чакахме, ни вопъл, ни мъц, накрая им звъннахме по телефона да питаме какво става, а те: „Временно не правим доставки, обърнете се към конкурентите ни“. Та може и по-зле да са търговците, да.

GitLab servers are being exploited in DDoS attacks (The Record)

Post Syndicated from original https://lwn.net/Articles/875154/rss

The Record is reporting
on massive exploitation of an oldish vulnerability in GitLab instances.

While the purpose of these attacks remained unclear for HN
Security, yesterday, Google’s Menscher said the hacked servers were
part of a botnet comprising of “thousands of compromised GitLab
instances” that was launching large-scale DDoS attacks.

The vulnerability was fixed
in April
, but evidently a lot of sites have not updated.

GitHub Availability Report: October 2021

Post Syndicated from Scott Sanders original https://github.blog/2021-11-04-github-availability-report-october-2021/

In October, we experienced one incident resulting in significant impact and degraded state of availability for the GitHub Codespaces service.

October 8 17:16 UTC (lasting 1 hour and 36 minutes)

A core Codespaces API response was inadvertently restructured as part of our Codespaces public API launch, impacting existing API clients dependent on a stable schema.

For the duration of the incident, new Codespaces could not be initiated from the Visual Studio Code Desktop client. Connections to the web editor and pre-existing desktop sessions were not impacted, but degraded, with the extension displaying an error message while omitting Codespaces metadata from the Remote Explorer view.

The incident was mitigated once we rolled back the regression, at which point all clients could connect again, including with new Codespaces created during the incident. As our monitoring systems did not initially detect the impact of the regression, a subsequent and unrelated deployment was initiated, delaying our ability to revert the change. To ensure similar breaking changes are not introduced in the future, we are investing in tooling to support more rigorous end-to-end testing with the extension’s use of our API. Additionally, we are expanding our monitoring to better align with the user experience across the relevant internal service boundaries.

In summary

We will continue to keep you updated on the progress and investments we’re making to ensure the reliability of our services. To learn more about what we’re working on, check out the GitHub engineering blog.

The collective thoughts of the interwebz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close