Archive for August 27, 2019

Jim Lee Launches New Backpack for Comic Book Artists And Collectors

Posted in Commentary with tags on August 27, 2019 by itnerd

HEX, award-winning fashion accessory brand, launches the new Jim Lee Collectors Backpack. Working with Jim Lee, Hex realized that not only do the artists need a better backpack solution, but so do their fans! Comic conventions have become immensely popular events where collectors can gather to follow their favorite characters and artists. They buy, sell and collect comic books, posters, autographs, etc etc. Comic books are not kids business anymore as many of these books reach values well into six-figure territory. But there was no way to safely transport them.

The HEX x Jim Lee Collectors Backpack has been created for comic book collectors as a way to safely transport comics. Comic convention goers routinely carry hundreds if not thousands of dollars of comics around in flimsy bags. This backpack provides secure and safe storage for comic book enthusiasts.

Inside the top of the backpack is a file folder with individual sleeves so that multiple bagged and boarded or slab comics can be held securely. Additionally, there’s a fleece lined laptop section. It’s even possible to lock the top of the files for extra security.

There is an easy access pocket that is the exact size of the Overstreet Price Guide. Plus, there’s an expandable mesh pocket on each side to carry poster tubes.

The Collectors Backpack features the same custom Batman lining as the Artists Backpack. There is also a Special Edition version of the Collectors Backpack that extends the Batman artwork to the external pocket. Other unique features include “Batarang” zipper tags.

HEX x Jim Lee Collectors Backpack Features:

  • Individual Fleece Lined Comic Carrying Pockets
  • Padded Laptop Sleeve
  • Overstreet Price Guide Pocket
  • Anti-theft Zipper Lock
  • Poster Tube Holder
  • Exterior Phone Pocket
  • Organizer
  • Custom Jim Lee Batman Lining
  • Water Resistant 600D Polyester with PU Coating
  • Limited Edition Only Features
  • Jim Lee Front Pocket
  • “Batarang” Zipper Pulls
Advertisements

Trend Micro Report Reveals 265% Growth In Fileless Events

Posted in Commentary with tags on August 27, 2019 by itnerd

Trend Micro Incorporated today published its roundup report for the first half of 2019, revealing a surge in fileless attacks designed to disguise malicious activity. Detections of this threat alone were up 265% compared to the first half of 2018.

The findings in 2019 so far confirm many of the predictions Trend Micro made last year. Namely, attackers are working smarter to target businesses and environments that will produce the greatest return on investment.

Along with the growth in fileless threats in the first half of the year, attackers are increasingly deploying threats that aren’t visible to traditional security filters, as they can be executed in a system’s memory, reside in the registry, or abuse legitimate tools. Exploit kits have also made a comeback, with a 136% increase compared to the same time in 2018.

Cryptomining malware remained the most detected threat in the first half of 2019, with attackers increasingly deploying these threats on servers and in cloud environments. Substantiating another prediction, the number of routers involved in possible inbound attacks jumped 64% compared to the first half of 2018, with more Mirai variants searching for exposed devices.

Additionally, digital extortion schemes soared by 319% from the second half of 2018, which aligns with previous projections. Business email compromise (BEC) remains a major threat, with detections jumping 52% compared to the past six months. Ransomware-related files, emails and URLs also grew 77% over the same period.

In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, over 6 billion more than the same period last year. Of note, 91% of these threats entered the corporate network via email. Mitigating these advanced threats requires smart defense-in-depth that can correlate data from across gateways, networks, servers and endpoints to best identify and stop attacks.

To read the complete report, Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/evasive-threats-pervasive-effects.

 

Dell Technologies Advances Software-Defined Networking

Posted in Commentary with tags on August 27, 2019 by itnerd

Today at VMworld 2019, Dell Technologies (NYSE:DELL) announces new advancements in software-defined networking so customers can simplify and help lower the cost of networking in today’s multi-cloud world.

Dell EMC SD-WAN Solution

Legacy wide area networks (WANs) struggle to keep up with the modern, multi-cloud traffic demands. At the edge, the new Dell EMC SD-WAN Solution helps customers move away from complex, slow-to-innovate and expensive branch office networking to a SD-WAN platform that uses cloud capabilities and economics. Previewed at Dell Technologies World, the new solution is now globally available and supported.

This Dell EMC SD-WAN Solution delivers all-in-one simplicity – combining VMware SD-WAN by VeloCloud software available as a flexible subscription with highly-engineered and efficient modern appliances in multiple configuration options – all backed by world-class Dell EMC support, supply chain, and services.

VMware SD-WAN by VeloCloud includes: a choice of public, private or hybrid cloud network for enterprise-grade connection to cloud and enterprise applications; branch office enterprise appliances and optional data center appliances; software-defined control and automation; and virtual services delivery. Software subscription options can be upgraded to accommodate changing business requirements for features, duration and bandwidth.

The Dell EMC SD-WAN Solution has three key components:

  • SD-WAN Edge powered by VMware – networking specific, purpose-built appliances designed for high efficiency and reliability
  • SD-WAN Orchestrator – cloud-based management and orchestration software services from VMware, managed by Dell EMC
  • SD-WAN Gateways – a global network of more secure, application-focused access gateways from VMware to handle WAN traffic

Dell EMC SmartFabric Director – Visibility for Both Physical and Virtual Networks

Dell EMC and VMware also announced SmartFabric Director – an innovation in software-defined networking that enables the physical switch underlay infrastructure to keep pace with the changing demands of virtualized and software-defined networks.

Dell EMC SmartFabric Director enables data center operators to easily build, operate and monitor an open network underlay fabric based on Dell EMC PowerSwitch Series switches. This is important for organizations that have embraced software-defined networking and need to help make sure their physical underlay networks are finely tuned for that overlay environment. A lack of visibility between the two layers can lead to provisioning and configuration errors, hampering network performance.

This innovative solution from Dell EMC and VMware extends the companies’ shared vision of a software-defined data center by simplifying the definition, creation and deployment of data center fabrics with intent-based auto-provisioning and enhanced visibility and management between virtual and physical network environments.

Key features include:

  • VMware vSphere and VMware NSX-T Data Center Integration – Tight integration with VMware vCenter and NSX-T enables the physical underlay/fabric to be correctly provisioned for the smooth functioning of application workloads in a VMware software-defined data center
  • Leaf/Spine Fabric Automation – SmartFabric Director uses a declarative model that allows the user to express intent with a set of three well-defined fabric types. Fabric discovery is an ongoing process and ensures that the wiring is consistent with the user-defined intent and removes guesswork for rapid auto-provisioning
  • Fabric Visibility – SmartFabric Director supports highly scalable and flexible streaming telemetry to gather key operational data and statistics from the fabric switches. Comprehensive, highly-intuitive visualization of the time-series data and other information greatly simplifies day-to-day fabric operations
  • Fabric Lifecycle Management – Upgrading switch images is a critical operation in a data center. SmartFabric Director automates the download, install and verification process and ensures that switches are upgraded with the correct images

Availability

  • Dell EMC SD-WAN Solution is now globally available
  • Dell EMC SmartFabric Director will be available globally in September 2019

 

Apple Has Patched That Vulnerability That They Accidentally Unpatched…. And In The Process Show That Said Bug Was More Widespread Than Previously Thought

Posted in Commentary with tags on August 27, 2019 by itnerd

Yesterday, Apple released iOS 12.4.1 which was meant to patch the vulnerability that they accidentally unpached when they released iOS 12.4. If you have an iDevice, you should go download it now. Really. You should do it right now. The reason being is that this vulnerability allows one to “jailbreak” the device. Which means that one could install software from outside the App Store or customize it. But it also means that the same method that is used to “jailbreak” the device could be weaponized to take control of any iOS device by going to a compromised webpage for example. Or joining suspect WiFi.

Now what was weird was that not only did Apple release iOS 12.4.1, but they also released watchOS 5.3.1, tvOS 12.4.1, and an update to macOS 10.14.6. That sort of got my attention. Thus I did some digging. As a matter of course I read the security information that Apple posts when they release a software update, and in the security information for everything but the watchOS update, there are versions of this entry which refers to the vulnerability in question:

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel

We would like to acknowledge @Pwn20wnd for their assistance.

 

This is present in the iOS 12.4.1 security information, the tvOS 12.4.1 security information, and the security information for macOS 10.14.6. And you will notice that they also thank @Pwn20wnd for their assistance as he’s the guy who discovered this vulnerability. This means that this issue wasn’t just an iOS issue. It was a lot more widespread and a lot more people who used Apple products were at risk. I guess I shouldn’t be shocked by that as Apple software shares a fair amount of code across their various platforms. But it does mean that any and all of your iDevices needs to be updated because this isn’t just an iPhone problem.