RSS_Virtulization

We’re going to talk about state versus change. For the purposes of our discussion, you need to know that Tripwire Enterprise offers something called TE Commander. Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a necessary function in most enterprise IT environments. Tripwire® Enterprise (TE) Commander is a cross-platform CLI (Command Line Interface) for Tripwire Enterprise that allows…

Autonomous farming equipment that can be controlled remotely now helps to feed humanity. But what if that farming equipment were hacked? On August 8, at the DEF CON 29 conference, an Australian researcher known only as ‘Sick Codes‘ detailed what he referred to as a “tractor load of vulnerabilities” that, if exploited by an attacker, would have dire consequences for the global food supply chain. The researcher explained that modern farming equipment is increasingly being…

DoS usually is an acronym that refers to Denial of Service, but according to researcher Joseph Gaby, it can also stand for Denial of Shopping. On August 8, at the DEF CON 29 conference, Gabay outlined his research into how physical shopping cart immobilization systems work, and how they can potentially be abused by hackers. He noted that there is some pretty cool technology that most people take for granted every time they go shopping…

There may be little if any argument about the vast impact that social media platforms have on the lives of hundreds of millions of people around the world. Social media has also had a profound influence on elections. In a session at the DEF CON 29 conference on August 7, Sebastian Bay, a researcher at the Swedish Defence Research Agency (FOI), outlined how social media platforms are failing at limiting the risk of false information…

If a computer science student has a scheduling conflict and wants to attend two different classes that occur at the same time, what should that student do? In a session at the DEF CON 29 conference on August 7, Ph.D. student Vivek Nair outlined a scenario where a hack of the attendance system could, in fact, enable him, or anyone else, to be in two places at the same time. Nair explained that many schools…

VMworld is VMware’s flagship event, typically attracting 20,000+ people in the US (San Francisco) and 13,000+ in EMEA (Barcelona). As with 2020, VMworld 2021 is virtual and online. The annual conference is in its 18th year, currently focused on accelerating business innovation by delivering and securing modern applications, managing multiple clouds, and seamlessly supporting an anywhere workspace. This year at VMworld 2021 the content catalogue is a reflection of how fast technology and society have…

Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an old technology, to deliver payloads to their victims. They were mainly using workbook streams via the XLSX file format. In these streams, adversaries were able to enter code straight into cells (that’s why they were called macro-formulas). Excel 4.0 also used API level functions like downloading a file, creation of files, invocation of other processes like PowerShell, cmd, etc.   With the evolution of technology, AV vendors started to…

No attack type has been as impactful as ransomware in 2021. According to a panel of experts at the DEF CON 29 conference, the rising notoriety and impact of ransomware in 2021 has accelerated the need for both government and the private sector to act—though there was no clear consensus on the panel on exactly what actions should be taken. Chris Painter, co-chair of the Ransomware Task Force, commented that after the ransomware attack against…

Amazon’s Kindle e-reader is a popular device that has been on the market since 2007, with approximately 100 million Kindles in use around the world today. The primary purpose of the Kindle is to enable users to read books. Slava Makkaveev, security researcher at Check Point Software Technologies, had another idea, though; he wanted to see if he could load a book that would exploit the Kindle. At the DEF CON 29 conference, Makkaveev outlined…