Archive for June 16, 2022

Panchan Peer-To-Peer Botnet Discovered By Researchers

Posted in Commentary with tags , on June 16, 2022 by itnerd

Akamai security researchers have released discovery on Panchan, a new peer-to-peer botnet and SSH worm that emerged in March and has been actively breaching Linux servers since. Panchan, written in Golang, utilizes its built-in concurrency features to maximize spreadability and execute malware modules. The malware also harvests SSH keys to perform lateral movement. That feature is pretty novel. You can read the full report on this botnet here. But Rob Shaughnessy, VP, Federal for GRIMM had this to say:

“Technologically, the recently disclosed Panchan botnet one has one potentially novel feature: harvesting SSH keys locally to facilitate lateral movement in the victim network. This method can increase lateral movement speed and help the botnet spread across connected organizations. The innovative use of harvested credentials helps explain why current victims of Panchan are mainly education institutions and show fairly significant geographic clustering. Research and educational institutions have traditionally favored collaboration and openness over strict security more than industry. Although botnets such as Panchan can be used for many functions, including highly malicious ones, Panchan is currently used for cryptocurrency mining. Using botnets is a way to effectively reduce or remove the most costly part of any cryptomining organization, providing an essentially free cloud computing infrastructure. With the recent collapse of cryptocurrency value globally, we will likely see increased utilization of botnets and similar malware for this purpose. For cyber defenders, this will substantially increase the network noise level and provide additional opportunities for more malicious code to insert itself using lower risk events, like Panchan, as cover.”

Clearly this botnet has a bunch of tricks up its sleeve. Which means that sysadmins and security professionals need to be on the look out for it as it is likely to pop up in a lot of places.

Infragistics’ App Builder Goes On-Premise

Posted in Commentary with tags on June 16, 2022 by itnerd

 Infragistics, the software company responsible for the UI and UX solutions powering applications for the world’s largest enterprises and software developers, today announced the launch of App Builder™ On-Prem. App Builder is a cloud-based, drag & drop tool that enables UI designers and developers to collaborate in a single working environment to speed app creation from design to code. The on-premise edition of the widely adopted tool can now be used by large scale designer-developer teams, as well as developer-only enterprise teams.

The biggest challenge in app development today is streamlining app creation from design to code. According to a recent Infragistics survey, only 23% of developers work with a design team – leaving more than 3 out of 4 developers to also act as UI designers. Seventy percent (70%) of developers say that working with HTML/CSS and designing screens slows them down the most in terms of web app building.

To create mission critical enterprise apps, low-code apps must prioritize user experience (UX) by beginning the app creation process with user interface (UI) design. App Builder achieves this by bringing together the core components of the app creation process. App Builder is included with the Ignite UI for Angular and Blazor web-based toolkits and eliminates the complexity of user interface design and development so developers can build business apps up to 80% faster.

App Builder On-Prem offers all the features and benefits of the cloud version of the App Builder software. The product brings the low-code tool to enterprise organizations that have not approved the use of cloud-based SaaS solutions or those with sensitive design work that can’t go beyond a company’s firewall. It can be installed on an organization’s server and behind its server firewall. It is runnable on any infrastructure and accessible only by internal personnel, ensuring data and designs are safe from any outside influence. 

The release of App Builder™ On-Prem is part of Infragistics’ Ultimate 22.1 rollout, which includes new design-to-code features and capabilities for both versions of App Builder, including: 

  • OpenAPI / Swagger Support – Easily connect Swagger definitions for Web APIs or Entity Framework models to App Builder, offering live access to real data (cloud-based or localhost), or auto-generated mock data based on schemas in app design.  This live data access support builds on the OData & JSON data binding features shipped earlier this year, allowing complete flexibility to connect to data during the app building process. 
  • Data Visualizations & Charts – with over a dozen Chart types to choose from, designers and developers can include updated visualizations in their apps to enable data & analytics in any screen.  With a simple point and click, chart type, data series, colors and interactions can be customized for any type of data visualization experience in an app.
  • Design System Updates – The Indigo.Design System, the backbone of App Builder, adds to the Material UI Kit with brand new UI Kits for Bootstrap, Fluent and Indigo. This gives design teams the ability to target any popular design system, customizable to the themes, screen parts and UI patterns that seamlessly handoff to App Builder for pixel-perfect apps and code generation for Angular or Blazor. 
  • New Controls, Updated Code Generation – The App Builder Toolbox gets more than 10 new controls, including new data bound controls, new Navigation controls,  plus updated and improved code-generation for both Blazor and Angular apps.
  • App Templates & Screen Layouts – A library of 12 App Templates and 15 Screen Layouts can kick-start app design and help build responsive pages in a single click. These new templates alleviate the hardest part of app development for developers – hand-coding responsive CSS for the web and creating complex, interactive layouts with real UI controls bound to real data.

App Builder is also included with Indigo.Design, a complete design-to-code platform that integrates UI prototyping, design systems, user testing, app building and code generation to eliminate design hand-offs and reduce costly iterations — enabling true UX design-development collaboration.

Uber Expands “Reserve At Airports” To More Airports

Posted in Commentary with tags on June 16, 2022 by itnerd

Today Uber is announcing a global expansion of Reserve at Airports, which is their go-to product that allows you to push a button and plan your pickup from the airport. As of Thursday, it will be available at 55 airports throughout the world, including 2 airports in Canada: Vancouver (YVR) and Montreal (YUL).

As more folks take to the skies, the airport experience can feel more stressful and uncertain than ever. That’s why Uber is focused on helping get people where they need to be as efficiently and safely as possible. So they’re expanding our Reserve at Airports product to make airport travel smoother and simpler:

Reserve at Airports includes: 

  • Early booking: Book your ride up to 30 days in advance so you know you’re set once you land.
  • Flight tracking: The integration automatically adjusts your reservation time based on flight information to ensure your driver is ready and waiting at the airport when your flight lands, whether it’s on time, early or delayed.
  • 60 minutes of wait time: If you aren’t ready to get in your ride the moment you land, your driver will wait up to 60 minutes at no additional charge.
  • Convenient pickup: Your ride will conveniently wait for you at the designated pickup area for Uber so you can step off the plane and into your ride.

Reserve at Airports is available for Uber Premier, Uber Premier SUV, Uber Black and Uber Black SUV at the following airports below. The airports in BOLD are where Reserve at Airports is newly available: 

  • Montreal (YUL), Vancouver (YVR)
  • Atlanta (ATL), Austin (AUS), Burbank (BUR), Charleston (CHS), Charlotte (CLT), Chicago (ORD + MDW), Dallas (DFW + DAL), Denver (DEN), Fort Myers (RSW), Houston (IAH + HOU), Indianapolis (IND), Jacksonville (JAX), Las Vegas (LAS), Los Angeles (LAX), Miami (MIA + FLL + PBI), Minneapolis – St. Paul (MSP), Milwaukee (MKE), Nashville (BNA), New Orleans (MSY), New York (JFK + LGA), Oakland (OAK), Orange County (SNA), Orlando (MCO), Philadelphia (PHL), Phoenix (PHX), San Antonio (SAT), San Diego (SAN), San Francisco (SFO), San Jose (SJC), Seattle (SEA), Tampa Bay (TPA), Washington DC (DCA + IAD) 
  • Bologna (BLQ), Cape Town (CPT), Johannesburg (JNB + HLA), Milan (LIN + MXP), Nice (NCE), Paris (CDG), Rome (CIA + FCO) 

New Attack Spoofs PayPal to Obtain Banking Info: Avanan 

Posted in Commentary with tags on June 16, 2022 by itnerd

Avanan researchers have seen an uptick in attacks spoofing PayPal in an attempt to steal banking information utilizing an order confirmation letter to induce end-users to call a customer support number. Previously, Avanan discovered a similar attack that spoofs an Amazon order notification to obtain payment information.

Avanan’s cybersecurity research uncovered a new email campaign leveraging PayPal like the Amazon email. In this attack, threat actors send what looks like a PayPal confirmation notice, notifying the user that they bought hundreds of dollars of cryptocurrency. The only recourse to cancel the order is to reach customer service by phone.

The number listed on the email is a Hawaii-based number linked to scams asking for a credit card number and CVV to cancel the charge. This attack also works because there are no links in the email body. When there is a link, the email security solution can check whether it’s malicious. Without connections, it becomes more complicated.

With the combination of social engineering in the form of what looks like a fraudulent payment, and no malicious links or otherwise malicious text, this is a tricky attack that has proven hard to stop.

You can review the report by Avanan here so that you can protect yourself from this novel attack.