Archive for November 2, 2021

Cloudentity “2021 State of API Security, Privacy and Governance” Shows API Security Issues

Posted in Commentary with tags on November 2, 2021 by itnerd

Cloudentity’s latest study “2021 State of API Security, Privacy and Governance” shows 44% of enterprises experience API security issues, including substantial API authorization issues concerning privacy, data leakage and object property exposure with one or both of internal and external-facing APIs. Additionally, 97% of respondents reported that identity and authorization issues with APIs have had a direct impact on their organization in the form of delays to new applications or service enhancements. The report also reveals the top contributors of API identity ad authorization risks are lack of data lineage, difficulty diagnosing issues, component-driven development complexity and inconsistent security policy management.

Yariv Shivek, VP of Product, Neosec had this to say:

     “Authorization issues continue to be the most prevalent problem in API security (see also OWASP API Top 10), but certainly not the only one. It is a testament to the unique challenges posed by API security, that even the organizations surveyed (all big established enterprises with 10,000 or more employees) struggle with authentication and authorization issues, as well as other API security risks.”

     “The imperative of blending “shift left” with “secure right” can be seen in the mix of issues raised. When it comes to “secure right,” almost half the respondents (47%) rely on log analysis to identify API identity and authorization issues in their organizations, a process I believe is best automated with big-data ML-driven behavioral analytics.”

Yariv mentioned the OWASP API Top 10. You can have a look at it here.

58% Of Businesses Have Started Migration To Windows 11; Only 6% Have Fully Adopted The New OS

Posted in Commentary on November 2, 2021 by itnerd

It’s been a little over three weeks since the release of Microsoft 11, and 58 percent of businesses have started migration. Yet, among the 83 percent of U.S. businesses running Windows, only six percent have fully migrated to the new OS.

New research from based on feedback from 450 IT professionals – reveals implementation experiences and initial impressions, including use of Windows 11 PRO and its features specifically for business users.

Key research findings include:

  • 42 percent of Windows-based businesses haven’t upgraded a single machine to Windows 11
  • Technical concerns are preventing 41 percent of Windows-based businesses from switching to Windows 11
  • More than half of companies (51 percent) that have installed Windows 11 experienced slowed performance due to memory issues
  • Windows 11 received good grades against ransomware and malware, with 39 percent of IT techs judging this release more secure
  • Nearly ¾ of IT professionals (72 percent) who have personally upgraded to Windows 11 are satisfied with the new OS

The full research can be found at:

BREAKING: Facebook To Shut Down Controversial Facial Recognition Program…. But You Should Still #DeleteFacebook

Posted in Commentary with tags on November 2, 2021 by itnerd

The news is breaking that Facebook is shutting down a controversial facial recognition program:

Facebook plans to shut down its decade-old facial recognition system this month, deleting the face scan data of more than one billion users and effectively eliminating a feature that has fueled privacy concerns, government investigations, a class-action lawsuit and regulatory woes.

Jerome Pesenti, vice president of artificial intelligence at Meta, Facebook’s newly named parent companysaid in a blog post on Tuesday that the social network was making the change because of “the many concerns about the place of facial recognition technology in society.” He added that the company still saw the software as a powerful tool, but “every new technology brings with it potential for both benefit and concern, and we want to find the right balance.”

Sure Facebook wants to “find the right balance.” What’s likely closer to the truth is that all the various whistle-blowers and leaks have caused so much damage that Facebook is trying to get ahead of anything else that will add to its misery. But this should not alter the fact that Facebook is simply a company that cannot be trusted. Thus you and everyone else on planet Earth should #DeleteFacebook.

Guest Post: Underminer Exploit Kit – The More You Check, The More Evasive You Become 

Posted in Commentary with tags on November 2, 2021 by itnerd

The Underminer exploit kit has surfaced numerous times since 2019, but here it is back again delivering the Amadey malware, as the Malwarebytes Threat Intelligence team found last week.

Exploit Kit

An exploit kit (EK), or an exploit pack, is a type of toolkit cybercriminals use to attack vulnerabilities in systems, for them to be able to distribute malware or perform other malicious activities. Exploit kits are packaged with exploits that can target commonly installed software, such as Adobe Flash®, Java®, Microsoft Silverlight®.

A typical exploit kit usually provides a management console, a bunch of vulnerabilities targeted to different applications, and several add-on functions that make it easier for a cybercriminal to launch an attack. Exploit kits typically integrate vulnerabilities of popular applications, which many users leave poorly patched.

It can also be used by someone who does not have any experience writing software code for creating, customizing, and distributing malware.

Underminer Exploit KitUnderminer EK was first seen in the wild in 2017, targeting Asian countries by first deploying bootkits a malware loaded during the boot process, controlling the operating system start up, modifying the system before security components are loaded,  for OS persistency and then a coinminer in a later stage. Back then, this EK spread by malvertising and exploiting browser vulnerabilities. One of the coinminers distributed by this EK was “Hidden Bee” – a covertly running Chinese miner.

When we dig into the Underminer EK, the authors seem to have a good grasp of anti-debugging techniques as they applied plenty of them. We will discuss the interesting ones below.

The first check this EK performs is the use of assembly rdtsc instruction – this instruction is used to determine how many CPU ticks took place since the processor was reset. This can also be used as an anti-debugging technique. The most common way is to use this instruction to get the current timestamp, save it in a register, then get another timestamp and check if the delta between the two is below an exact number of ticks that were pre-decided by the author. In our sample, the second timestamp and the comparison were carried out long after the first timestamp was saved in the memory:


Figure 1 First Timestamp check

Next, in case the Avast library is loaded into the running process, the EK detaches the DLL_LOAD signal from aswhook.dll (Avast Hook Library) so that Avast AV will not capture the later DLL loading event.Image

Figure 2 DLL_LOAD Detach

The Underminer remaps ntdll.dll and several others, a technique that might be used to bypass User-Mode Hooks.

The kit also checks if one of the following security products are installed under C:\Program Data by checking for the existence of the following products’ directories:

  • Avast Software
  • Avira
  • Kaspersky Lab
  • Panda Security
  • Doctor Web
  • AVG
  • 360TotalSecurity
  • BitDefender
  • Norton
  • Sophos
  • Comodo

In addition, Underminer EK uses several more popular techniques to check whether the process is being actively debugged. This EK didn’t perform any anti-vm or anti-emulation techniques .

Later, the malware creates a “3e5d740863” folder under C:\Users\Username\AppData\local\Temp (user’s temporary directory)and copies itself into it. The malware will add a registry key ‘HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders’ and pass the newly created folder path as a key value, which is a persistency technique in which the folder’s content will be executed at user login, known as MITRE T1547.001.

After the file copy, the malware will execute the newly copied file and terminate the current process.

To become even more persistent in the system, Underminer creates a scheduled task that will execute malicious file every day at 01:00 AM. The scheduled task name is the executable’s name, and it is running with user credentials.

Our sample connects two command and control servers and passes the information of the infected station to them:


The information being passed is:

  • victim id
  • a version of the malware
  • pc name
  • username
  • as we assume, the number of binaries installed

The next stage is to download and execute additional malware. We checked the malware twice and got two different executables; one of them was an Oski Stealer and another new, well packed .Net stealer. 

Oski Stealer is a malicious information stealer, which was first introduced in November 2019. The Oski stealer steals personal and sensitive credentials from its target, eventually being misused to clean out the user’s liquid assets.

The second stealer, (with the original name of ‘Licensing.exe’) seems to have some code borrowed from RedLine Stealer[TB1]. It steals browser credentials, crypto wallets, file share credentials etc. It connects to the command-and-control server via the 16713 TCP port.

As a side note, info stealers might be co-opted into the cycle of various kinds of attacks, and ransomware campaigns in particular. While serving a reliable method for criminals to obtain credentials tied to financial accounts, they have also started using ‘information stealers’ to obtain corporate remote network login credentials, like virtual private networks (VPNs) or remote desktop software. corporate remote network login credentials, like virtual private networks (VPNs) or remote desktop software.

Without being dependent on the drop file, Underminer exploit kit creates a new registry key to gain persistence over the dropped malware. The key will be added under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

At the time this blog was published, the command-and-control server was still operating and continues to distribute different types of malware.

Minerva Labs Hostile Environment Simulation and Critical Asset Protection modules prevent the remap of DLLs required for Underminer exploit kit to carry out its attack, thus preventing additional malware drops.




  • 7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe – dllhost.exe – Underminer EK
  • 0fa23ba39a85ad3a28d71e1d50edc2c39046d2ffe36fb257e8953acee7726924 – – Oski Stealer
  • eb0c56870fb482ff798dab0048ff1b8a7010f6ce6b769e9ffffc569070898624 – ic.exe (Licencing.exe)


  • web.jsonpost[.]xyz – C&C server
  • web.xmlpost[.]xyz – C&C server


  • web.jsonpost[.]xyz/sj2vMs/index.php?scr=1 – C&C server
  • web.xmlpost[.]xyz/sj2vMs/index.php?scr=1 – C&C server
  • 169.197[.]142[.]162/ – Oski Stealer


169.197.142[.]162  – Underminer C&C

194.124.213[.]221 – Licensing C&C



Researchers Discover A Number Of Vulnerabilities That Would Enable Attackers To Gain Remote Code Execution In Nagios

Posted in Commentary with tags on November 2, 2021 by itnerd

GRIMM, a forward-looking cybersecurity organization led by industry experts, today announced they performed dedicated vulnerability research into Nagios and discovered a number of vulnerabilities that would enable attackers to gain Remote Code Execution (RCE) as root on Nagios management servers, which provides great potential for later lateral movement. This research stems from GRIMM’s Private Vulnerability Disclosure (PVD) Program where research targets are selected based on extensive threat modeling and our team’s deep background in reverse engineering and vulnerability research.

To mitigate the risk of similar vulnerabilities, GRIMM recommends that organizations that use Nagios restrict the use of external commands by monitored endpoints to just those commands required for the desired functionality. Beyond these proactive measures, network administrators and defenders should be familiarized with potential avenues of attack against their network as well as the signs and characteristics of such attacks.

This vulnerability is significant because the Nagios instance is a very attractive target both because of the information it contains and its role in network activity. The software contains both historical and constantly-updated information on network configuration and services on the network, which is useful to attackers in mapping out how to reach the systems that they are most interested in. In addition, once attackers gain root access, they have the ability to manipulate any of the data that is being displayed to administrators or security personnel, which could enable them to further conceal their activity. Finally, because Nagios routinely performs service checks and other administration tasks, moving laterally to other servers or even to endpoints will likely be considered normal and not raise suspicion.

The security research is done entirely by GRIMM’s internal PVD team. The GRIMM PVD team has decades of experience in the most sensitive environments. Because GRIMM has a strong commitment to partnership, the PVD program welcomes requests to look into specific software or hardware. GRIMM is able to offer this service to a limited, trusted clientele to ensure that the program is used appropriately while the team works with the vendors for patches.

Telstra Collaborates With Equinix To Deliver Enhanced Access And Network Connectivity

Posted in Commentary with tags on November 2, 2021 by itnerd

Telstra today announced it is collaborating with Equinix, the world’s digital infrastructure company™, to enhance the Telstra Octagon financial services solution and expand global access and direct connectivity between North America and eight of the world’s major futures and commodities exchanges.

Developed as a purpose-built solution for capital markets and fintech companies in North America, Telstra Octagon uses Telstra’s ultra-low latency global networks to support high-frequency trading activities. With Telstra’s financial trading solution available on Platform Equinix, Telstra can now offer financial organizations enhanced network connectivity, as well as access to Equinix data center, colocation and Equinix Fabric™ interconnection services adjacent to the exchanges. 

This combination gives Telstra Octagon users – including financial organizations, investors, trading firms and their customers – expanded trading capabilities, as well as broader support for their global network requirements through expanded connectivity, cloud and IP delivery options.

Priority end-to-end access enables financial and trading organizations to respond to market-moving events as they happen and execute investment strategies across Asian and North American capital markets. 

With Telstra Octagon, organizations can access high-frequency trading environments faster between North America and the Asia-Pacific regions, including the NASDAQ and CBOE exchanges in Equinix NY, CME and ICE, ASX in Australia, HKEX in Hong Kong, SGX in Singapore, TAIFEX in Taiwan, KRX in South Korea and JPX in Japan — representing more than a trillion dollars in contracts traded daily. 

Beyond overall trading, Telstra Octagon can also provide value to organizations related to price discovery, risk analysis, smart order routing, flow and matching, trade execution and settlement activities. More information on Telstra Octagon is available at

Review: Apple 2021 MacBook Pro 16″ – Part 1

Posted in Products with tags on November 2, 2021 by itnerd

October 27 2016 is a day that will live in infamy for many Mac users. That’s the day that Apple announced the 2016 MacBook Pro. That would be the one that ditched things like the HDMI port and SD card slot for USB-C everything. Forcing everyone to buy a dongle for every function that they needed. It was also the one that introduced the butterfly keyboard. The one that was horrifically unreliable. And it introduced the TouchBar, and deleted real function keys. Those along with other changes made Apple users irate. Some even abandoned the platform for Windows laptops that gave them what they wanted. And it seemed that Apple didn’t care as they kept sticking with all of these changes. Though they eventually did back away slowly from the butterfly keyboard in 2019 when the costs of failed keyboards and class action lawsuits from ticked off Apple users started to add up. It also likely didn’t help that people like me kept their 2015 MacBook Pros that didn’t have these flaws and also said 2015 MacBook Pros increased in value because it was thought of as the last good Apple MacBook Pro. That must have cost Apple a few bucks over the years.

That changed earlier this month when Apple released the 2021 MacBook Pro. You might call this the apology MacBook Pro as it is the closest thing that you will get to Apple apologizing for angering pro users. But there’s more than that. It’s also a MacBook Pro that kills anything with an Intel processor.

Now this review will be split up into two parts. Today, I’ll be looking at the design and feature set of the MacBook Pro, along with doing some benchmarking. Part 2 of this review will have some observations after using it for a few days, and some final thoughts. But first let’s get to the MacBook Pro that I have. The MacBook Pro comes in two screen sizes. 14″ and 16″. It also comes with two processors. The M1 Pro and the M1 Max. I explain the differences between the two processors here. But with that framing the discussion, here’s what I ordered less than ten minutes after the end of the Apple event that announced these machines:

  • 16” MacBook Pro
  • M1 Pro with 10-core CPU, 16-core GPU, 16-core Neural Engine
  • 1TB storage
  • 32GB of RAM

Why did I go with this configuration? There’s a handful of reasons why I went this rout: 

  • Both the M1 Pro and the M1 Max utterly destroy almost anything with an Intel processor. More on that in a bit. But I don’t have a reason to use the power that the M1 Max is capable of. Specifically, video editing in ProRes. Nor do I render graphics on a regular basis. So I went with the M1 Pro.
  • I have 512 GB of storage in my Intel MacBook Pro. And I have only filled 55% of it. So 1TB is more than enough for me. 
  • I have 16GB of RAM in my Intel MacBook Pro. Thus 32GB of RAM is more than enough for me.

And Apple made the unboxing experience interesting:

The UPS guy dropped of this box to me. There’s a pull tab in the middle which you have yank on:

From there the box unfolds to reveal your rather expensive purchase:

Now this is where I start to criticize Apple. It’s wrapped up in plastic. For a company that claims to care about the environment, and made a big deal of removing the plastic from the packaging of the iPhone 13, why wrap this MacBook Pro in plastic? Surely they could have come up with some other way to seal the box? It really makes their environmental efforts look like greenwashing.

End of rant.

Pull the tab at the top of the box to easily remove the plastic wrapping that will be in a landfill site shortly. You can then open the box to see this:

You get to see your new MacBook Pro wrapped in some sort of wax paper like wrapping. I’m going to put that to the side for a second so that you can see what else in the box.

At the top you get your usual books. To quote Flossy Carter, pluck them and file them to the side, but not before getting these out:

Black Apple stickers instead of white ones that are usually included. I guess nothing says pro like black Apple stickers.

There’s a 140W GaN charger that can be used to charge the 100 watt-hour battery (Fun fact: It’s the largest battery that you can put in a notebook and legally take onto an airplane) to 50% in 30 minutes.

It also comes with a woven detachable cable that has USB-C at one end and MagSafe at the other. Yes, this comes with MagSafe. While you can charge via USB-C, which was the only charging option on the 2016 MacBook Pro, MagSafe which is a magnetic connection that detaches under force allows you to charge and protect yourself from tripping over the cable. Which in turn would send your notebook flying. That’s the first part of Apple walking back changes that angered it’s user base. Here’s another:

Apple brought back the HDMI port as well as the SD card slot. And you get a USB-C/Thunderbolt 4 port. But I will point out that the HDMI port is HDMI 2.0 which maxes out at 4K 60 FPS instead of HDMI 2.1 which support 8K 120 FPS or higher. And the SD card slot is a UHS-II slot with a theoretical maximum transfer speed up to 312MB/s and not the faster UHS-III with a theoretical maximum transfer speed up to 624MB/s. So are you getting cutting edge stuff? No. But it is more than serviceable.

On the other side you get two USB-C/Thunderbolt 4 ports. The MagSafe connector, and a high impedance headphone port which you can use with high quality headsets that are often used by audio engineers. I’ll give Apple points for that.

One other thing that I’d like to point out. During the Apple event where this MacBook Pro was announced, Apple said this:

The only reason why this MacBook Pro has the most advanced connectivity in a Mac notebook ever is because Apple took all the ports away from users in 2016 forcing them to live “the dongle life” only to put those ports back now.

Yes I am still salty about that. I bet so are many others. But I digress.

Here’s what the MacBook Pro looks like fully set up:

I’ll cover some quick items here:

  • About that notch. I noticed it when I first powered it on and then stopped caring after about an hour. It’s a total non factor for me.
  • The screen is outstanding as it is bright when playing back HDR content, it’s sharp, and everything looks stunning. You can thank the mini LED display which Apple calls a “Liquid Retina XDR” display. In short, it’s basically a scaled down version of the Pro Display XDR which you might remember as Apple’s $5000 USD monitor with a $1000 stand. It also comes with a ProMotion 120Hz display which is buttery smooth. Once you notice how smooth this display is, you won’t go back to a 60Hz display.
  • The Magic Keyboard is fantastic! As someone who learned to type on a typewriter back in the Stone Age, I love the tactile feedback that it provides. Not to mention that I get full sized function keys and a larger escape key instead of that Touch Bar that really was not useful to anyone. The backlighting of the keys is totally on point as it has the right brightness regardless of the lighting conditions in the room.
  • The Force Touch trackpad is the usual Apple feel and size and the haptics (seeing as the keypad doesn’t actually move) are top shelf, so no complaints there.
  • The speakers are simply the best speakers that I have ever heard in a notebook. Windows, Mac, anything. Any piece of music that I tossed at it sounded crisp, clear, well balanced without any distortion.
  • A lot has been made about the weight. I don’t find this to be heavy as it’s not any heavier than my 2015 MacBook Pro. Though if you have newer MacBook Pro, I can see how you would find this to be heavier that you are used to.
  • The venting that this MacBook Pro has is insane. Besides a vent on each side, there’s a massive vent below the screen. There’s seriously no excuse for this notebook not to keep cool. The large feet also help with keeping the MacBook Pro cool. And so far, I have not heard the fans. But I haven’t really pushed this machine yet.
  • The aluminum chassis being squared off really gives off a early MacBook Pro or even perhaps a PowerBook vibe to it.
  • I haven’t fully tested the 1080p webcam which replaces the rather craptastic 720p webcam that Apple had been including for years. But early tests show that the quality is great.

I’ll refine those items for part two of this review, but the real question that you have is how fast is this machine? Let’s head over to Geekbench and find out:

Well, those are some interesting numbers, but what do they mean relative to other Macs. Here’s a list of the fastest single-core scores that Geekbench has recorded:

In single core performance, it’s the fastest Mac out there. Which means for simple tasks like checking your email or surfing the web, this machine is going to be fast. And here’s a list of the fastest multi-core scores that Geekbench has recorded:

Well, this MacBook Pro plays in the same space as iMac Pro and MacPro models. That’s not bad company to be in. Which means that if your job involves doing things that require a fast machine, the MacBook Pro is up to it. But it doesn’t stop there. There’s the graphics performance in OpenCL to be considered:

And here’s how that score stacks up to the fastest graphics cards around:

Okay. At the top end of the food chain, the MacBook Pro isn’t in the same league. But if you compare it to cards that have a similar score, you’ll notice something:

A lot of these cards have been used in Macs before. So while the MacBook Pro is not the out and out fastest, it isn’t too shabby either. Now here’s the disk performance via BlackMagic’s disk speed test:

The disk read and write speeds are insane. What this means is that any disk intensive operations such as editing 4K or 8K video is a total non-issue.

At this point, the next thing for me is to use this MacBook Pro for a few days so I can get a feel for overall feel, battery life, and the like. Then I can provide my final thoughts about this new MacBook Pro. Stay tuned for that.

Exclusive Networks Extends Distribution Agreement With Juniper Networks 

Posted in Commentary with tags on November 2, 2021 by itnerd

Exclusive Networks today announced a new worldwide distribution agreement with Juniper Networks, a leader in secure, AI-driven Networks. The new agreement builds on the success of numerous existing regional engagements in EMEA and APAC, deepening the strategic relationship between the two companies and creating global momentum to help partners maximise enterprise opportunities for Juniper’s AI-driven networking, cloud and connected security solutions.

Juniper Mist AI technology drives automation, insight and assured user experience across the stack, delivering AIOps solutions for experience-first networking across the LAN/WLAN to the SD-WAN, automated WAN backbone and cloud-ready data centre. According to BCC Research, the global AIOps market is estimated to grow to $9.4bn by 2026 at a CAGR of over 26%[1].

As the Juniper partnership expands to a global basis, Exclusive Networks is able to build on over 5 years of success with Juniper in numerous individual territories in Europe and Asia. North America, Benelux, Iberia and the UK&I are the first new regions to be added, with Central and Eastern Europe and Southern Europe due to follow soon after. 

Exclusive Networks is a global trusted cybersecurity specialist for digital infrastructure helping to drive the transition to a totally trusted digital future for all people and organisations. Their distinctive approach to distribution gives partners more opportunity and more customer relevance. Their specialism is their strength – equipping them to capitalise on rapidly evolving technologies and transformative business models.

The Exclusive Networks story is a global one with a services-first ideology at its core, harnessing innovation and disruption to deliver partner value. With offices in 40 countries and the ability to service customers in over 150 countries across five continents, Exclusive Networks has a unique ‘local sale, global scale’ model, combining the extreme focus and value of local independents with the scale and service delivery of a single worldwide distribution powerhouse.

More at

macOS Monterey Seems To Be Leaking Memory

Posted in Commentary with tags on November 2, 2021 by itnerd

Normally I don’t upgrade to the latest version of macOS as I tend to wait until all the bugs are ironed out. But that’s not an option as I am currently using a new MacBook Pro that comes with macOS Monterey out of the box. And sure enough, there is a major problem with macOS Monterey. It seems to be leaking memory.

First, let me explain what a memory leak is. This is a scenario in which a specific process or application consumes abnormally high amounts of memory or RAM if left running for a very long time. And that’s what I am seeing. Here’s a screen shot from iStat Menus after running my new MacBook Pro for about a day:

If you look under processes, Control Center is consuming a lot of memory. And that’s not normal based on comparing it to a Mac running an earlier versions of macOS. Other users are also sharing similar experiences on the MacRumors Forums and Reddit. Including YouTuber Gregory McFadden:

On top of that, users have seen a pop up that says an application has “run out of application memory”. Clearly this is a huge problem and Apple needs to fix this ASAP as this is not trivial and will become a major problem for many.

Yahoo Pulls The Plug On China

Posted in Commentary with tags on November 2, 2021 by itnerd

Yahoo announced this morning that they were joining LinkedIn in pulling out of China. An AP report details why:

“In recognition of the increasingly challenging business and legal environment in China, Yahoo’s suite of services will no longer be accessible from mainland China as of November 1,” the company said in a statement.

It said it “remains committed to the rights of our users and a free and open internet.”

The company’s withdrawal coincided with the implementation of China’s Personal Information Protection Law, which limits what information companies can gather and sets standards for how it must be stored.

Chinese laws also stipulate that companies operating in the country must hand over data if requested by authorities, making it difficult for Western firms to operate in China as they may also face pressure back home over giving in to China’s demands.

Now, while Yahoo hasn’t been known for standing up for human rights seeing as they have handed over data related to Chinese dissidents in the past, it’s an interesting move and I now expect a domino effect of western companies leaving the country. Stay tuned to this space as I expect these announcements to become more frequent.