Library Management Software May Be Open to Ransomware Attacks

When it comes to software, schools are either on top of it or a little behind. The reason being is mostly the budgets they have to deal with, one piece of software that is often ignored by schools, which tend to have to work on the “if it isn’t broken we don’t need to replace it” policy, is the Library management software. If people are using any of Follett’s old library management software, they may want to change that approach and update soon as it’s been revealed that the software may be open to ransomware attacks.

The vulnerability was discovered by Cisco’s Talos group and found that users could remotely install backdoors and ransomware code to the JBoss web server element of the library management system, leaving users with either a large bill or no access to their libraries information.

Follett has not sat idly by with them already releasing a patching system to fix the flaws that expose the system and it even picks up any unofficial files which may have been snuck on to compromise the servers. Working with the Talos group, Follett is seeking to inform customers about the security risk and how to address the issue, potentially removing the threat and damage it could do before someone manages to make any money off of your local schools’ library.

Apple Designing Servers In-House to Prevent Snooping

With the amount of sensitive information stored on their servers, cloud providers take security very seriously. However, many cloud services actually use third-party servers like Amazon Web Services or Microsoft Azure to run their platform. Even for those with their own servers, the hardware is made by and supplied by third-parties. In light of security concerns, Apple is taking it to the next level and designing their own servers.

Right now, Apple uses Amazon, Microsoft and Google servers to help run iCloud in addition to their own hardware. While it might seem prudent to do everything in-house to keep things secure, Apple wants their servers to be designed themselves. As we know from Edward Snowden’s revelations, the NSA, and probably other spy agencies are prone to intercepting hardware mid-shipment and tampering with the hardware.  Cisco for instance, has been one own past target and with Apple’s legal fight against the FBI, they may have been moved up the list.

By designing their own hardware, Apple will be able to make sure that everything is where it is supposed to be and no hardware has been added to it. With the massive scale of iCloud, Apple will be able to easily have whole manufacturing runs dedicated to them. Still, with their massive user base, running that many servers will be will a challenge for Apple. Nonetheless, Apple may soon get the total hardware control truly needed for true security.

Internet Traffic Soon to Reach a Zettabyte

We use the internet every day, from checking your emails to watching the latest shows, the internet has become a default part of using a computer for a lot of people. With more and more using the internet, for even more complex reasons, it comes as no surprise that companies are looking at ways to share content with less traffic, such as Netflix re-encoding their library. Even with all these steps, Cisco imagines that for the first time the global internet traffic will reach a zettabyte.

A zettabyte is 909,494,701 terabytes, or if that’s too small you could always think of it as a trillion gigabytes. This estimate comes after Cisco has calculated that the internet traffic has increased fivefold in the last five years, with it set to continue to grow.

Cisco attributes this increase to the popularity of services like Netflix and Amazon Prime video, with video streaming services accounting for roughly 41% of all internet traffic. With more mobile devices connecting every year and phone companies looking to promote cheaper video streaming for your mobiles, watching videos online contributes more than most people think.

With internet speeds set to rise and video streaming, gaming and music services looking to increase their online presence it will come as no surprise that people will be sending and receiving more information over the internet.

Hundreds of Cisco Routers Carrying Malware

Nearly 200 Cisco internet routers have been found to carry malware, reports volunteer internet security organisation Shadowserver Foundation. News of infected Cisco routers was first reported by the company itself back in August, when it was revealed that attackers had replaced firmware on the devices with malicious malware implants, allowing them full access to networks and all information passed through it.

Last week, Madiant of FireEye claimed that 14 infected Cisco routers had been over four countries – calling the threat SYNful Knock – though Cisco was quick to point out that it is not the only vendor that is vulnerable to such an attack.

“While Mandiant saw this attack across specific Cisco models, the key focus of this research is more about an evolution in attack types and how important it is for all network administrators to ensure security best practices are implemented,” said Yvonne Malmgren, Business Critical Communications Manager for Cisco Corporate Communications, told SecurityWeek Network devices, of many types and from many companies, are high-value targets for malicious actors.”

Mandiant later reported that the number of confirmed infections of Cisco hardware had risen to 79, over 19 countries. Monday then brought the news, courtesy of Shadowserver, that 199 routers were found to be carrying SYNful Knock, one-third of which are believed to be within the US.

“It is important to stress the severity of this malicious activity. Currently, Shadowserver believes that any machine that responds to this scan is potentially compromised. Compromised routers should be identified and remediated as a top priority,” a Shadowserver spokesperson said.

Cisco has published an article regarding the detection and countenance of SYNful Knock.

Thank you Security Week for providing us with this information.

Image courtesy of diTii.

Amazon, Netflix, Google, and Microsoft to Create Next-Gen Video Format

The Alliance for Open Media, comprised of Amazon, Cisco, Google, Intel, Microsoft, Mozilla and Netflix, has been formed in an effort to create the next-generation of royalty-free video formats, codecs, and related technologies. Though there is no mention of it in the official announcement, the enterprise seems designed to bypass paying MPEG LA royalties.

According to the press release from the Alliance for Open Media:

The Alliance’s initial focus is to deliver a next-generation video format that is:

  • Interoperable and open;
  • Optimized for the web;
  • Scalable to any modern device at any bandwidth;
  • Designed with a low computational footprint and optimized for hardware;
  • Capable of consistent, highest-quality, real-time video delivery; and
  • Flexible for both commercial and non-commercial content, including user-generated content.

This initial project will create a new, open royalty-free video codec specification based on the contributions of members, along with binding specifications for media format, content encryption and adaptive streaming, thereby creating opportunities for next-generation media experiences.

“Customer expectations for media delivery continue to grow, and fulfilling their expectations requires the concerted energy of the entire ecosystem,” Gabe Frost, Executive Director for the Alliance for Open Media, said. “The Alliance for Open Media brings together the leading experts in the entire video stack to work together in pursuit of open, royalty-free and interoperable solutions for the next generation of video delivery.”

The endeavour will allow Mozilla, Cisco, and Google, which are already working on royalty-free video formats independently – Daala, Thor, and VP9/VP10, respectively – to combine its research and development work thus far.

Thank you Alliance for Open Media for providing us with this information.

Image courtesy of Wikimedia.

Drive Destroying Malware Discovered

Cisco Systems’ Talos Group have discovered a new malware that takes ninja operation to a whole new level. It has been dubbed Rombertik and it basically monitors everything you do on the web, including all of your personal information.

This nasty bit of software gets installed when a user unknowingly clicks on a malicious link; either from an email or off a website. The researchers reversed engineered the software to see exactly what is going on, Rombertik stays hidden in the deepest darkest part of your hard drive, cloaking itself when the user goes near and that can self-destruct if put under scrutiny from anyone; it has been known to wipe entire hard drives clean to prevent anyone learning the code.

Researchers Ben Baker and Alex Chiu kept a blog of their investigation:

Once the unpacked version of Rombertik within the second copy of yfoye.exe begins executing, one last anti-analysis function is run — which turns out to be particularly nasty if the check fails. The function computes a 32-bit hash of a resource in memory, and compares it to the PE Compile Timestamp of the unpacked sample. If the resource or compile time has been altered, the malware acts destructively. It first attempts to overwrite the Master Boot Record (MBR) of PhysicalDisk0, which renders the computer inoperable. If the malware does not have permissions to overwrite the MBR, it will instead destroy all files in the user’s home folder (e.g. C:\Documents and Settings\Administrator\) by encrypting each file with a randomly generated RC4 key. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted.

The Master Boot Record starts with code that is executed before the Operating System. The overwritten MBR contains code to print out “Carbon crack attempt, failed”, then enters an infinite loop preventing the system from continuing to boot.

The MBR also contains information about the disk partitions. The altered MBR overwrites the bytes for these partitions with Null bytes, making it even more difficult to recover data from the sabotaged hard drive.

Once the computer is restarted, the victim’s computer will be stuck at this screen until the Operating System is reinstalled:

Effectively, Rombertik begins to behave like a wiper malware sample, trashing the user’s computer if it detects it’s being analyzed. While Talos has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.”

The malware also has some less destructive cloaking measures, to evade sandbox tools, it writes random data to memory 960 million times; The delay from that can trip up a sandbox tool.

“If an analysis tool attempted to log all of the 960 million write instructions, the log would grow to over 100 gigabytes,” the Talos researchers explained. “Even if the analysis environment was capable of handling a log that large, it would take over 25 minutes just to write that much data to a typical hard drive. This complicates analysis.”

Well, that sounds like a nasty bit of programming. I’ll admit, I have been stung by malware a few times, most recent being around a month ago with those shopping aid ad extensions. Have you ever been snagged by malware? What are your preventative measures? Let us know in the comments.

Thank you to ArsTechnica for providing us with this information.

Google Aiming at Making Wi-Fi Hotspots out of Old NYC Payphones

Bloomberg reports that a meeting in New York providing information to companies interested in offering free Wi-Fi has counted Google as one of the attendees, aside from IBM, Samsung and Cisco. However, Google is known for its ambition to offer free or affordable internet connectivity, which indicates that the corporate giant is planning to submit a big proposal to the New York department of IT.

While Google already offers free Wi-Fi around its office in Chelsea neighborhood, the company also has a number of initiatives to bring cheaper and abundant internet connectivity to the US and abroad. People asking why is Google so anxious to bring this feature to the public all over the world should ask themselves what (most) of them are using as a start page on their browser, the developer of their browser or the actual search engine used to find all their information. And yes, the answer to all questions is Google.

The plan Google has for NYC is to enable its payphone locations with Wi-Fi hotspots charged by phone services, and not ISPs, while also incorporating advertisements for actually making it ‘free’. The company has requested the plan be in effect on all 7,300 payphones, meaning that NYC will become a city covered in free Wi-Fi connectivity after the plan is approved and work is finished. Another interesting and beneficial feature mentioned is the ability to connect to every other Wi-Fi hotspot automatically once you authorized access to the Wi-Fi network.

The project would mean a new level of connectivity that does not depend on cellular data subscriptions for new yorkers, providing the project goes through. Even so, it still is a big step forward towards a new type of wide connectivity than just a few wireless routers placed in key, remote locations.

Thank you Techcrunch for providing us with this information
Image courtesy of Techcrunch

Solar-Powered, Smartphone Charging Benches to be put in Boston

Soofa is a smart urban furniture company developed by Changing Environments, (an MIT Media Lab spin-off) and they’re bringing the Silicon Valley feel to Boston. As we’ve learned, this companies trendy name is derived from the acronym SUFA (Smart Urban Furniture Appliance) with the ‘double o’ added for a modern feel.

Being described as an ‘urban watercooler’, Soofa hopes to bring strangers together in a commonplace whilst providing an almost-essential service in todays technology age.

Soofa Co-Founder Sandra Richer explained her companies intentions to Mashable:

“There isn’t too much knowledge or perception around renewable energy these days because people are removed from it — it’s either on the roof or set aside somewhere that you don’t see it. We wanted to change the way people see its immediate benefits by putting something out into public spaces.”

Boston already has six benches in full operation with a further four set to be placed in the next few weeks. As it stands, Soofa currently has 100 of these benches ready to roll out with plans for further production.

Richer also commented on the ever-growing demand for such technology:

“It’s hard to get investors to back something that is a new market, but we’re already gotten so many requests from corporate campuses, education organizations, retailers and cities, from Tel Aviv to places in Italy, Germany and Hong Kong, so now we’re focused on how to scale quickly” Mashable

Interested in looking at your own bench for your workplace, common hangout spot or company? A cast iron bench will set you back around $10,000 USD, but others are said to be significantly cheaper. Obviously this price is nothing to scoff at, especially if you’re looking to implement quite a few of these in one venue. When this issue was raised, Richer commented:

“The smart benches will be on the pricier side because of the electronics, but we want it also to be affordable enough to encourage adoption.” Mashable

Being adopted as a full business around one year ago, the company was formed as current thanks to a partnership with Verizon and Cisco to help get it off the ground.

Soofa are said to be developing other style products to be suited to further environments. It’s highly likely you’ll be seeing more of these around in America and globally in the near future.

Image courtesy of Slashgear

Hackers Target E-Banking Users By Exploiting Router Vulnerabilities To Hijack the DNS

There have been reports about critical vulnerabilities in a variety of routers, including Cisco, TP-Link, ASUS, TENDA and Netgear among others, all of which can be found in a normal household.

According to Polish Computer Emergency Response Team (CERT Polska), they have noticed an increase in cyber attack, leading to a cyber attack campaign aimed at Polish e-banking users. The hackers apparently use known router vulnerability that allow attackers to change the router’s DNS configuration remotely. This allegedly is used to lure users to fake bank websites or can perform Man-in-the-Middle attacks.

“After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all.” CERT Polska researchers said.

The DNS can be changed and point to a malicious DNS server from the router’s settings, giving the hacker complete control to facilitate interception, inspection and modification to the traffic between the user and the online banking website.

It is said that most of the Banking and E-commerce sites are using HTTPS with SSL encryption, making it impossible to impersonate them without a valid digital certificate issued by a Certificate Authority (CA), but to bypass such limitation cyber criminals are also using the SSL strip technique to spoof digital certificates.

The recommended steps to take in case of such attacks are to change the default username and password for the router, update the router’s firmware to the latest version and disable Remote Administration features in the router’s settings. Another way to notice fake websites is to lay attention to the browser’s address bar and HTTPS indicators.

Thank you TheHackerNews for providing us with this information

Cisco Systems To Shift Focus On ‘Internet of Everything’

Cisco Systems is said to have focused on the Internet of Everything (IoE), which basically connects everything to everything. From people, to mobile devices, smart gadgets and homes, transportation networks, data, processes, a world where every device capable of connecting to the internet will be connected and synced with each other. The number of estimated connected devices is said to be 15 to 25 billion by 2015, and will drastically show an increase to 50 billion by 2020.

“Cisco has led customers through every Internet transition over the last 30 years,” said Blair Christie, Cisco Senior VP and chief marketing officer, in a statement. “The Internet of Everything is perhaps the most promising of these, creating unprecedented opportunities for organizations, individuals, communities and countries to realize dramatically greater value from networked connections between people, processes, data and things.”

The Internet of Everything has been implemented by Cisco to cope with employees’ needs, where everyone has been bringing their own devices to work, and all needed to work properly in the working environment. And this is a good thing, since IoE services offer long-form content, location-based and profile data, sensors-collected data, as well as home/control/automation features available at home and in the workplace.

Thank you Tweak Town for providing us with this information
Image courtesy of Tweak Town

NSA Reportedly Can Bug Computers Before They Reach Buyers

Apparently the NSA does not have to wait until people are using technology to start snooping on it. Spiegel has obtained documents which claim that the agency’s Tailored Access Operations (TAO) group can intercept computer equipment orders and install tracking hardware or software before the shipments even reach their buyers. The division can target a wide array of hardware, too. Another NSA section, ANT, reportedly has a catalog of tools that can install back doors in everything from Cisco and Huawei network systems through to hard drives from most major manufacturers, including Seagate and Western Digital. Some of these bugs can give the NSA “permanent” access, since they’re designed to persist if the owner wipes a device’s storage or upgrades its firmware.

The leak suggests that the targeted manufacturers aren’t aware of what’s happening; Cisco and other firms tell Spiegel they don’t coordinate with the NSA. These hardware interceptions are also limited in scope next to remote surveillance programs. The agency isn’t confirming any specifics, but it maintains that TAO is focused on exploiting foreign networks. Whether or not that’s true, the discoveries show that the NSA’s surveillance can reach the deepest levels of many networks.

Thank you Endgadget for providing us with this information
Image courtesy of Spiegel

Cisco Report Shows “Good” Sites Have More Malware Than Porn Sites

When it comes to catching viruses, malware and adware on the internet “word of mouth” will tell you that porn websites, pharmaceutical sites and gambling sites are some of the most dangerous out there. Cisco’s latest 2013 annual security report challenges this commonly-held assumption about internet security. Cisco shows us that the data contradicts what everyone thinks. In fact, the riskier links were not found on the aforementioned “dodgy” websites but in fact on regular safe-looking websites such as search engines or online shopping sites.

Cisco has stated that the average person is 182 times more likely to download malware on a safe site’s advertisements than on those sites with pornographic content. A random ecommerce site is about 21 times more likely to see you infected with an internet “bug” and you are also 27 times more likely to download malware from a no-name search engine than from a counterfeit software website.

It is clear then that Cisco’s findings look set to shake the foundations of internet security. Internet users are hugely mislead in the way they use the internet and need to start changing the way they act in general as opposed to consigning particular types of websites to that “dodgy” category.

On a related subject the 2013 annual security report by Cisco revealed Android malware is going through the roof, up 2577% in 2012, and global spam email volumes were down 18% overall – perhaps due to a series of recent take-downs of large spam email servers.

If you’d like to find out more then you can do so here.

What do you think of Cisco’s findings? Is it likely to change the way you view surfing the web? Let us know your thoughts.

Source

Belkin Completes The Acquisition Process of Linksys From Cisco

Belkin recently announced that they’ve finally completed the acquisition of Linksys from Cisco. Linksys’ portfolio of routers, other Wi-Fi devices and services will be taken over by Belkin. However, both the companies will not be disclosing the specific financial details. but we know that Belkin plans to use this newly acquired product lineup as a separate brand.

Linksys was acquired by Cisco during 2003 for $500 Million, but the company decided to keep the “Linksys” name. Cisco used Linksys for selling home networking devices using 2 major product lineups: E Series and EA Series. The EA series can be used to connect to Cisco’s Connect cloud which expands home networking devices as a platform to integrate with the cloud and run 3rd party apps.

Cisco’s Connect Cloud which is used by the users to manage and control home networks via a Smart Wi-Fi router through the internet will not be branded without the Cisco’s name.

Belkin decided to keep the name “Linksys” alive rather absorb the portfolio under its own name. That means the only difference is that Cisco’s branding will be removed from the newly manufactured devices and its GUI. This will be beneficial for Belkin because of the brand’s long run and the home networking business is already flooded many known manufacturers such as D-Link, Netgear, Asus, Trendnet and TP-Link.

Chet Pipkin, CEO of Belkin, “The Linksys portfolio will continue to exist and evolve to include even richer user experiences and network management functionality.”

Belkin assured that Linksys devices’ existing customers will still get support via support channels and its website and the warranties for existing and future devices will be honoured. Belkin also said that even though they have absorbed the divisions and its employees, some employees may lose their jobs.

Cisco will be concentrating on larger networking devices toward large architectures for enterprise business.

Via: CNET 

Cisco’s Home Networking Business Unit gets sold to Belkin, includes Linksys

Belkin have laid out plans to acquire Cisco’s Home Networking Business Unit, which will include Linksys and all of their products and employees. Belkin will continue to maintain the Linksys brand and will honour any warranties on products, past, present and future.


Once Belkin seal the deal, it will see the company take around 30% of the US retail home and small business networking market – nothing to complain about there for Belkin. Cisco don’t mind getting rid of their Home Networking division, as they wanted to get out of the consumer space.

We should see more on this in the coming weeks.

Source: TheNextWeb