The IT Nerd

HP Wolf Security’s latest Quarterly Threat Insights Report for Q3 2023 is out now. It reveals how cybercriminals are using pre-packaged malware kits to evade detection tools and breach organizations. Key findings include:

• A Vjw0rm campaign carrying out multi-stage attacks from a single malicious JavaScript file: This attack uses a 10-year-old Houdini worm and “living off the land tactics” to remain hidden. 
• A Parallax RAT campaign running a “Jekyll and Hyde” attack – two threads run when a user opens a scanned invoice template. One thread opens the file, while the other runs malware behind the scenes, making it harder for users to tell an attack is in progress.
  • Parallax malware kits are available for $65 a month on hacking forums.

HP also identified attackers are going after their own, “hazing” aspiring cybercriminals by hosting fake malware building kits on code sharing platforms like GitHub. 

Other findings include:

• Archives were the most popular malware delivery type for the sixth quarter running, used in 36% of cases analyzed by HP in Q3.
• Macro-enabled Excel add-in threats (.xlam) rose to the 7th most popular file extension abused by attackers in Q3, up from 46th place in Q2.
• At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in both Q3, and Q2.

The report can be downloaded here. 

Today, HP unveiled the newest addition to the Z by HP workstation lineup: the HP Z6 G5 A, a cutting-edge desktop workstation designed to meet the demanding needs of virtual production, 3D rendering, AI, and machine learning professionals. With the highest number of cores ever in a Z by HP workstation and the ability to configure up to 3 high-performance graphics cards, the Z6 G5 A is set to revolutionize productivity and performance.

Powered by the AMD Ryzen Threadripper PRO CPU, the Z6 G5 A features up to 96 cores in a single workstation CPU, allowing users to create and render simultaneously on intensive projects. With space for up to 3 high-end NVIDIA RTX 6000 Ada Generation GPUs or AMD GPUs and eight memory channels, the Z6 G5 A is perfect for tearing through virtual production, 3D modeling tasks, or complex, advanced data sets.

The Z6 G5 A can tear through virtual production or 3D modeling tasks as well as data science workflows like AI and machine learning. With an innovative system design and the new AMD Ryzen Threadripper Pro 7000 WX-Series CPU, the Z6 G5 A packs a staggering number of cores into a single workstation for higher productivity.

The Z6 G5 A also offers plenty of room to expand as demands change, with space for up to three high-end GPUs and flexible storage options with front-accessible, hot-swappable NVMe drives for quick and easy access to large files. The redesigned layout of this generation Z by HP desktop workstation increases airflow, ensuring the system remains cool even at peak performance, while intelligent fan control tunes the fan speeds in real-time using over 20 temperature sensors to maintain whisper-quiet operation. With 360,000 hours of rigorous testing, MIL-STD testing, and certification for professional applications, the HP Z6 G5 A is built to endure. As part of the World’s Most Sustainable PC Portfolio, HP’s commitment to sustainability is reinforced in the design, built with 40% recycled plastics, and is planned to be EPEAT® Gold-certified, reflecting the company’s dedication to helping the environmental impact of its products.

In today’s hybrid work environment, being able to tap into exceptional remote performance is a top priority. The HP Anyware solution allows for a color-accurate, low-latency experience for 3D VFX, AI, and machine learning workflows under varying network connections, and the HP Anyware Remote System Controller enables IT managers to monitor and manage workstation fleets without compromising control. Additionally, the Z by HP Data Science Stack Manager streamlines access to the best open-source software solutions in a user-friendly platform for data scientists and AI creators. The HP Z6 G5 A supports WSL2, bringing the ability to run Linux within the Windows ecosystem and offering easy access to tools from the Z by HP Data Science Stack Manager and the new Z by HP AI Studio.

HP Z6 G5 A Features:

Create, render, process—all at once.

• Do it all—with efficient performance per watt—on the Z6 G5 A. The system design packs up to 96 cores in a single workstation CPU¹ with room for up to 3 high-end GPUs.

Expandable. Flexible. Whisper Quiet.

• Designed to pack all the power and components you need now with room to grow—without throttling. Get maximum expandability with up to 6 PCIe slots (up to gen 5) and 12 NVMe SSDs.

Comprehensive Security. Trusted Reliability.

• The Z6 G5 A has undergone 360K hours of rigorous testing, MIL-STD testing, and is certified for pro apps. With HP Wolf Security for Business, it’s protected below, in, and above the OS.

Discover the power of the HP Z6 G5 A workstation and revolutionize your workflow, unleashing new data-driven insights and unparalleled performance for your most demanding projects. Create, render, and process all at once with the new HP Z6 G5 A and unlock the full potential of your most demanding projects.

Pricing and Availability

• The HP Z6 G5 A is expected to be available in November 2023 on HP.com/Z with availability in select countries later this year

UPDATE: HP has told me that this will be available in Canada this December.

HP Canada introduces a new Chromebook Plus laptop to HP’s existing Chromebook portfolio: the HP Chromebook Plus 15.6-inch. HP Chromebook Plus devices are designed for unrestrained productivity and creativity to provide a more powerful HP Chromebook experience.

Today’s consumers expect their devices to do it all. Gen Zers, in particular, are seeking technology that is flexible, adaptable, and delivers powerfully immersive experiences while keeping the planet in mind with sustainable materials. Key features and capabilities for HP Chromebook Plus devices include:

• Unrestrained productivity – users can get work done from anywhere with up to a 12th Gen Intel® Core™ i5 processor, speedy memory up to LPDDR5, and ample storage, including up to 13 hoursⁱⁱⁱ for the HP Chromebook Plus 15.6-inch. To stay productive, built-in Google Docs, Sheets, and Slides are available online and offline.
• Look and sound your best – AI-powered video conferencing tools, including noise cancellation, lighting improvement, blur backgrounds, and live caption tools.
• Unleash your inner creator – advanced photo and video editing tools offer a premium creator experience, including Google Photos AI-powered Magic Eraser that easily removes distractions in a photo background or enhances brightness and contrast with a HDR effect, as well as Adobe Photoshop and Adobe Express. Those purchasing a HP Chromebook Plus device can get Photoshop web and Adobe Express Premium for 3 months at no cost.
• Immersive entertainment – smooth streaming and cloud gaming are made easy with up to Wi-Fi 6E technology and up to a 144Hz refresh rate FHD IPS panel on the HP Chromebook Plus 15.6-inch.
• Working safely from everywhere – HP Chromebook Plus laptops are designed with smart security features to keep data secure. Privacy is top of mind with an easy-to-access microphone mute button and webcam switch turning off your camera when not in-use.
• Built with the planet in mind – designed with recycled materials like post-consumer recycled plastic and ocean-bound plastic. Packaging is 100% sustainably sourced and recyclable.

The sleek and durable 15.6-inch HP Chromebook Plus 15.6-inch comes equipped with a 15.6-inch diagonal screen and FHD IPS^v resolution to provide reduced lag and a crisp viewing experience from any angle.

Pricing & Availability:

The HP Chromebook Plus 15.6-inch will be available at both hp.com on October 8 and at Staples and Costco on November 15 for $499.99 USD.

HP Inc. today announced the findings of a new commissioned study, conducted by Forrester Consulting, highlighting the need for companies to adopt always-on endpoint management to cater for increasingly dispersed global workforces.

72% of companies surveyed currently have a hybrid working model, with 75% of respondents reporting that the shift to remote and hybrid working models has magnified IT operational challenges. 

Forrester Consulting’s survey of 312 IT and Security Decision makers shows that companies are struggling to balance asset management, user experience assurance, and risk management. 

Key findings in the 2023 study, “Mastering Endpoint Security In A Hybrid World” include:

• The top challenges companies face when managing remote endpoints are ensuring data security (60%); keeping software on remote devices up to date (55%); and maximizing the accuracy of asset databases (55%). 
• Just 42% of companies perform firmware updates annually, 23% update every two years or less, and 12% only update “when essential” – putting firms at risk of security vulnerabilities and compatibility issues.
• Two-thirds (67%) of respondents say ensuring secure and continuous communication with remote endpoints is a major concern for their company’s IT department. 
• IT is having to rely on subpar protection, with 50% citing inadequate endpoint security solutions as an obstacle to addressing security and management challenges. Meanwhile, 54% believe full-disk encryption provides substantial protection for endpoints but acknowledge it can be insufficient. For example, if the attacker has physical access to the device.

Always-on connectivity is the lynchpin of comprehensive endpoint management

In considering how these challenges may be overcome, 75% of respondents believe improved endpoint management would have a positive impact on overall business operations and efficiency.

Companies cited a need for more efficient endpoint software tracking and management (48%). To achieve this, respondents want device backup and restore capabilities (55%), automation of device recovery processes (47%), BIOS update deployment (46%), and device location tracking (46%).

To enhance remote endpoint security and management, 82% of respondents are also considering investment in solutions that can geo-locate, lock, and erase PCs remotely.

For example, HP Wolf’s Protect and Trace utilizes HP Wolf Connect to perform these functions on a PC even when it’s turned off or disconnected from the Internet.

About the research

This study, commissioned by HP and carried out by Forrester, surveyed 312 IT and security decision makers at companies with 500 or more employees across multiple industries in NA, EMEA and APJ. The study began in March 2023 and was completed in September 2023.

HP today issued its quarterly HP Wolf Security Threat Insights Report, showing how threat actors are chaining different combinations of attacks together like toy bricks to sneak past detection tools.By isolating threats that have evaded detection tools on PCs, HP Wolf Security has specific insight into the latest techniques used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches. Based on data from millions of endpoints running HP Wolf Security, the researchers found:

• It’s playtime for cybercriminals using building block style attacks: Attack chains are often formulaic, with well-trodden paths to the payload. Yet creative QakBot campaigns saw threat actors connecting different blocks together to create unique infection chains. By switching up different file types and techniques, they were able to bypass detection tools and security policies. 32% of the QakBot infection chains analyzed by HP in Q2 were unique.
• Spot the difference – blogger or keylogger: Attackers behind recent Aggah campaigns hosted malicious code within popular blogging platform, Blogspot. By hiding the code in a legitimate source, it makes it harder for defenders to tell if a user is reading a blog or launching an attack. Threat actors then use their knowledge of Windows systems to disable some anti-malware capabilities on the users’ machine, execute XWorm or the AgentTesla Remote Access Trojan (RAT), and steal sensitive information.
• Going against protocol: HP also identified other Aggah attacks using a DNS TXT record query – typically used to access simple information on domain names – to deliver the AgentTesla RAT. Threat actors know the DNS protocol is not often monitored or protected by security teams, making this attack extremely hard to detect.
• Multi-lingual malware: A recent campaign uses multiple programming language to avoid detection. Firstly, it encrypts its payload using a crypter written in Go, disabling the anti-malware scanning features that would usually detect it. The attack then switches language to C++ to interact with the victim’s operating system and run the .NET malware in memory – leaving minimal traces on the PC.

The report details how cybercriminal groups are diversifying attack methods to bypass security policies and detection tools. Key findings include:

• Archives were the most popular malware delivery type for the fifth quarter running, used in 44% of cases analyzed by HP.
• Q2 saw a 23% rise in HTML threats stopped by HP Wolf Security compared to Q1.
• There was a 4%-point increase in executables from 14% to 18% from Q1 to Q2, mainly caused by usage of the PDFpower.exe file, which bundled software with a browser hijacking malware.
• HP noted a 6%-point drop in spreadsheet malware (19% to 13%) in Q1 compared to Q4, as attackers move away from Office formats that are more difficult to run macros in.
• At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q2.
• The top threat vectors in Q2 were email (79%) and browser downloads (12%).

About the data

This data was anonymously gathered within HP Wolf Security customer virtual machines from April-June 2023. 

A new threat blog from HP Wolf Security’s threat research team has just gone online. The blog shows how opportunistic threat actors can use simple techniques and inexpensive cybercrime tools to bypass Windows security features and anti-virus scanners. HP Sure Click protects users from this type of attack, as it enabled HP to capture the malware trace. The blog also outlines HP’s analysis of the attack and describes mitigations for organizations that aren’t protected. In this case, threat actors used a mix of simple-but-effective and clever tricks to infect victim PCs with AsyncRAT, a remote access trojan that steals sensitive information:

• The art of illusion: What’s in a name? By simply mislabelling unusual file types (such as batch files) as something more familiar (like a PDF), attackers can trick users into clicking on malicious attachments. This basic technique takes advantage of Windows hiding file extensions by default. i.e., if you save a batch (.bat) file as “hello.pdf.bat”, it will show up as “hello.pdf” in Windows File Explorer. While this technique is not new, we see it being used more frequently by commodity threat actors.
• Ones and zeroes – Attackers are artificially inflating their malicious files by padding them with millions of meaningless ones and zeros. Some were almost 2GB in size, too large for many anti-malware scanners to analyze, allowing malware to slip past a critical detection measure. Because the inflated section follows a repeating pattern, the malware can be compressed into an archive file only a few megabytes large – ideal for spreading the malware in spam campaigns.
• Here comes the clever part: multi-language malware – by using multiple programming languages, the threat actor evaded detection by encrypting the payload using a crypter written in Go, before disabling the anti-malware scanning features that would usually detect it. The attack then switches language to C++ to interact with the victim’s operating system and run the .NET malware in memory – leaving minimal traces on the PC.
  • In-memory execution of .NET files from C++ requires in-depth knowledge of undocumented Windows internals, but threat actors can access these techniques through tools sold in hacker forums. 

 The blog is here for your reading pleasure. 

Today, at SIGGRAPH, HP is announcing the new HP Z4 Rack G5, the world’s most powerful 1U rack workstation. The Z4 Rack G5 is designed and engineered to revolutionize the way professionals work remotely with a compact 1U form factor design, and advanced performance tailored to the needs of the most demanding customers. As data scientists, content creators and engineers adapt to the expectation of working from anywhere, the HP Z4 Rack G5 offers the flexibility needed to deliver high-quality, high-performance computing from wherever you sit.

HP Z4 Rack G5 Features:

• Equipped to power the needs for advanced VFX, 3D modeling, and rendering with up to 24 cores in an Intel® Xeon® W-2400 CPU, support for NVIDIA RTX™ 6000 Ada Generation graphics, and up to 256 GB DDR5 memory, all with room to upgrade and expand.
• Innovative engineering enables optimal thermal performance, allowing the workstation to handle intensive workloads without compromising productivity.
• Built with premium components, and rigorously tested for reliability and durability, the Z4 Rack G5 provides uninterrupted performance for critical tasks.
• With the option of HP Anyware, teams can access the power of the Z4 Rack from any device, delivering fast responsiveness and image quality, even under varying network connections.
• Certified for pro apps and with HP Wolf Security for Business, it’s protected below, in, and above the OS.

 Additionally, as Z by HP customers – creators, engineers, and data scientists – evolve their workflows, graphics performance has become important to their success. That’s why HP is announcing support for the new Ada Generation GPUs — NVIDIA RTX 5000, NVIDIA RTX 4500, and NVIDIA RTX 4000 — across their platforms. HP also currently supports the NVIDIA RTX 6000. NVIDIA RTX Ada Generation GPUs offer abundant graphics memory with error-correcting code (ECC) for rendering, data science, and engineering simulation. The fourth-generation Tensor Cores provide up to 5X the model training performance and up to 5X the inference performance of the previous-generation NVIDIA Ampere architecture for faster generative AI content creation. 

HP is revolutionizing the way professionals work with a seamless experience for unmatched productivity, making it an ideal solution for industries such as data science, content creation, engineering, design, and virtualization.

More info about HP at SIGGRAPH can be found here: https://www.hp.com/us-en/workstations/events/siggraph.html

HP Inc. today issued its quarterly HP Wolf Security Threat Insights Report, showing threat actors are hijacking users’ Chrome browsers if they try to download popular movies or video games from pirating websites. 

By isolating threats that have evaded detection tools on PCs, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches. 

Based on data from millions of endpoints running HP Wolf Security, the researchers found:

• The Shampoo Chrome extension is hard to wash out: A campaign distributing the ChromeLoader malware tricks users into installing a malicious Chrome extension called Shampoo. It can redirect the victim’s search queries to malicious websites, or pages that will earn the criminal group money through ad campaigns. The malware is highly persistent, using Task Scheduler to re-launch itself every 50 minutes.
• Attackers bypass macro policies by using trusted domains: While macros from untrusted sources are now disabled, HP saw attackers bypass these controls by compromising a trusted Office 365 account, setting up a new company email, and distributing a malicious excel file that infects victims with the Formbook infostealer.
• Firms must beware of what lurks beneath: OneNote documents can act as digital scrapbooks, so any file can be attached within. Attackers are taking advantage of this to embed malicious files behind fake “click here” icons. Clicking the fake icon opens the hidden file, executing malware to give attackers access to the users’ machine – this access can then be sold on to other cybercriminal groups and ransomware gangs.

Sophisticated groups like Qakbot and IcedID first embedded malware into OneNote files in January. With OneNote kits now available on cybercrime marketplaces and requiring little technical skill to use, their malware campaigns look set to continue over the coming months.

From malicious archive files to HTML smuggling, the report also shows cybercrime groups continue to diversify attack methods to bypass email gateways, as threat actors move away from Office formats. Key findings include:

• Archives were the most popular malware delivery type (42%) for the fourth quarter running when examining threats stopped by HP Wolf Security in Q1.
• There was a 37-percentage-point rise in HTML smuggling threats in Q1 versus Q4.
• There was a 4-point rise in PDF threats in Q1 versus Q4.
• There was a 6-point drop in Excel malware (19% to 13%) in Q1 versus Q4, as the format has become more difficult to run macros in. 
• 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q1 2023.
• The top threat vector in Q1 was email (80%) followed by browser downloads (13%).

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior. 

About the data

This data was anonymously gathered within HP Wolf Security customer virtual machines from January-March 2023. 

Today at InfoComm 2023, Poly, an HP Inc. company, announced new pro-grade audio and video solutions with AI-driven software to bring meetings to life.

Be Seen

As more people return to the office, the Poly Studio X52 all-in-one video bar maximizes the virtual meeting experience in mid-sized meeting spaces. New Poly DirectorAI smart camera technology offers automated camera framing modes like group, speaker, and people framing. The 4K, 20MP camera ensures clear visibility of every participant, reaching even the farthest corners of the conference room without any image distortion. Updates to the AI-driven software for group and speaker framing capabilities include the new Poly DirectorAI Perimeter feature and other audio enhancements. The Poly Studio X52 is certified for Google Meet, Microsoft Teams and Zoom, with pending certification for native support for BlueJeans by Verizon, GoTo, and RingCentral. 

The Poly Video OS provides a unified experience across all Poly video conferencing devices. With its latest update, Poly Video OS 4.1 delivers new features and improvements:

• For better meeting room experiences with glass walls, Poly DirectorAI Perimeter technology ensures precise participant framing. IT administrators can input room dimensions, allowing AI-powered technology to define parameters accurately and prevent capturing faces beyond glass walls or windows. Additionally, Sound Reflection Reduction minimizes echo and reverberations caused by glass and hard surfaces.
• The Poly Studio E70 smart camera can now connect directly to the Poly G7500 modular video conferencing system using a standard Ethernet cable for flexible room configurations and easier installation. The Ethernet cable can power the Studio E70 camera and extend up to 100 meters.
• The Poly TC10 touch control panel now supports meeting control for Microsoft Teams Rooms on Android. It can also function as a room scheduling panel for Microsoft Teams, allowing better visibility into room availability and on-the-spot room reservations. The TC10 control panel is now certified for Microsoft Teams.

Poly Solutions for Large Rooms

• The Poly G7500 Modular Video Conferencing System and the Shure Microflex Large Room Bundles deliver a seamless multi-vendor solution for large meeting spaces and have been jointly certified for Microsoft Teams Rooms on Android. Customers now have the option of a tested and certified multi-vendor solution that seamlessly integrates video, compute, and DSP audio solutions, ensuring an optimal Microsoft Teams Rooms experience.
• The Poly Studio E70 and HP Mini Conferencing PC have been Zoom-certified for large meeting rooms, offering customers a complete intelligent solution for Zoom Rooms on Windows. The powerful combination of dual camera sensors and 12th generation Intel® Core™ i7 processor enable Zoom Room features, including a Zoom-verified Intelligent Director experience, to deliver more equitable meetings for in-person and remote participants.

Be Heard

The new Poly Voyager Surround 80 UC empowers employees to focus and sound their best with immersive rich audio and adaptive ANC. It is the first boomless headset certified for Microsoft Teams Open Office due to its outstanding performance in noisy environments. The Bluetooth enterprise headset offers a sleek design for complete comfort, featuring soft ear cushions and an adjustable headband for an ultralight fit. Users can stay in command with up to 21 hours of talk time, convenient on-ear controls, and smart sensors for automatic call answering. 

IT Management – Poly Lens

With companies striving to enhance the in-office experience and adapt workspaces to evolving utilization trends, the Poly Lens remote device management provides enhanced visibility and insights across company workspaces. IT professionals can remotely monitor, troubleshoot Poly devices, and streamline device management under one platform.

Poly has expanded its growing portfolio of API integration partners with Ubiqisense and Vyopta to deliver insights for customers leveraging the power of Poly Lens on the Poly Studio X30 and Studio X50 video bars.

• Ubiqisense provides rich, actionable insights into room occupancy, usage patterns, and footfall across office floors, meeting rooms, open spaces, and shared desks.
• Vyopta provides insights on space utilization, UC device monitoring, troubleshooting, and meeting experience analytics.

“Organizations seeking to bridge the gap between on-site, remote, and flexible workers will need tools and technologies designed to meet the challenge,” said Amy Loomis, Research VP Future of Work, IDC. “HP | Poly has extensive experience deploying their suite of AI-enabled audio and video solutions, which offer an immersive collaboration experience for end users.”

Pricing and Availability

• The Poly Studio X52 is expected to be available worldwide in late Summer for a starting price of $4,300.
• The Poly Video OS 4.1 is expected to be available worldwide across the Poly Studio X Series of video bars and the Poly G7500 modular video conferencing systems in late Summer.
• The Poly Studio E70 featuring Zoom’s Intelligent Director on Windows is expected to be available worldwide in October 2023.
• The Poly Voyager Surround 80 is expected to be available worldwide in August for a starting price of $449.95.
• The Poly Lens App is currently available worldwide.

As today’s consumers continue seeking opportunities that help them achieve their goals and dreams, today’s Gen Zers need technology that helps support their pursuits, especially in the ever-evolving freelance economy. Flexible and adaptable tech has never been more important, as the ability to communicate with others, create content, and consume content is vital to the Gen Z lifestyle.  

With that in mind, HP is introducing updates to its popular Envy line, designed to connect, create, and be immersed in today’s hybrid world. 

• Connect. The new Envy PCs all feature a 5 MP camera for high-quality video calls, a manual camera shutter, and an enhanced HP Presence 2.0 experience. This feature includes the ability to easily adjust video and background settings (and share from multiple cameras) with the MyHP app as well as easily make adjustments to output images using the Rotate and Keystone Correction capabilities. 

• Create. Feel confident when creating, with powerful CPU and GPU options, blazing-fast connectivity with Wi-Fi 6E, and HP Fast Charge, which gets you a 50% charge in only 30 minutes. Know that your created content is safe with the AI Image Signal Processor (IPS) technology. This allows your device to automatically lock when you walk away and wake up just as quickly when you approach your PC.
• Immerse. Connect up to three external 4K displays and experience a more natural viewing experience with up to OLED display options.

The specific models being introduced are:

• The HP Envy x360 14 inch 2-in-1 Laptop PC is available now at HP.com for a starting price of $849.99.  
• The HP Envy x360 15.6 inch 2-in-1 Laptop PC is expected to be available later this month at HP.com for a starting price of $949.99.  
• The HP Envy x360 17.3 inch Laptop PC is expected to be available in May at HP.com for a starting price of 1,149.99. 
• The HP Z3700 Dual Mouse is available now for a starting price of $29.99.