Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting several days ago that activity began ramping up again and Talos has uncovered some interesting findings during its analysis.
There are several large scale concurrent campaigns going on with Nuclear right now, but one in particular stood out. This campaign is using some familiar techniques borrowed from other exploit kits as well as a new layer of sophistication being added with mixed success. Attackers are always trying to work the balance of evasion and effectiveness trying to evade detection while still being effective in compromising systems. This is especially evident in those hacking for monetary gain in non-targeted attacks. Talos has found a Nuclear campaign using both Domain Shadowing and HTTP 302 cushioning prevalent in Angler. The biggest change is that it appears to be so sophisticated that it’s not working properly. Continue reading “Domain Shadowing Goes Nuclear: A Story in Failed Sophistication”
If you ever want to start an argument, simply ask a group of music fans to name the most influential act of the Rock era. Then step back and watch the sparks fly!
As a musician myself, popular music, its origins and evolution have long been a topic of interest and passionate debate among my circle of friends. Everyone has an opinion and even the shyest among us has no problem wading in to this discussion. Sometimes it’s a matter of personal taste, but more often than not I’ve noticed that we tend to argue in favor of the acts we loved in our formative years.
People who came of age in the 1950s identify acts like Elvis Presley, Jerry Lee Lewis and Chuck Berry as innovators. For those who grew up in the 1960s you can expect responses to include The Beatles, The Rolling Stones and The Who. From the 1970s, you’ll hear names like Led Zeppelin, Pink Floyd and Fleetwood Mac, amongst others. And the list goes on and on. Continue reading “Analytics, Separating Facts from Myth”
Drummer Bernard Purdie has played on over four thousand recordings in his fifty-year career. The self-proclaimed “Hitmaker”, he has recorded with Steely Dan, B.B. King, Hall and Oates, Miles Davis, and Louis Armstrong among many others. Included in his many contributions to music is his famous half-time “Purdie Shuffle”. You’ll hear it featured in such songs as Led Zeppelin’s “Fool in the Rain” and Toto’s “Rosanna”.
Check out Purdie explaining how he created his unique shuffle:
In a world that has become more digital and collaborative — where everyone struggles to be heard — the temptation is to shout louder. But what if a different leadership style could be more effective? What if listening rather than broadcasting could make us agile in an unpredictable world?
Listening-centric leadership is a big departure from traditional management styles, which are based on being the most dominant force in the room. But it’s fast gaining traction. For example, in a recent Harvard Business Review article, Peter Bregman cracks the code on the power of listening: “It’s counter-intuitive, but it turns out that listening is far more persuasive than speaking. Silence is a greatly underestimated source of power. In silence, we can hear not only what is being said but also what is not being said.”
In her mega-selling book “Quiet: The Power of Introverts,” Susan Cain echoes this sentiment and explains, “We don’t need giant personalities to transform companies. We need leaders who build not their own egos but the institutions they run.” This same principle is the thesis of a recent CMO article entitled, “To Be Heard, Turn Down the Volume” in which Jeff Pundyk of The Economist Group writes, “Without more listening, there’s little learning; without meaningful participation, there’s little chance for engagement.”
“Quiet Power” is making its way into the management leagues here at Cisco, where I work. Conscious Leaders is a revolutionary new leadership development programme we’re using in the EMEAR region. One of its central tenants is a Predictive intelligence (PI) approach to keeping up with current trends. PI extolls focusing on what is about to emerge, not what has already happened. Leaders and teams can take a more relaxed mindset and enjoy the challenge of looking ahead, not the angst of chasing to keep up. Said another way, PI reminds us to stop broadcasting our ideas and opinions so we have the mental space to listen to what others are telling us. After all, if you’re not listening, how will you be able to spot market transitions, and capitalize on them?
Not convinced? Still believe that a strong and vocal argument is the best way to make your point? Let’s go back to Peter Bregman, who explains, “Arguing does not change minds — if anything, it makes people more intransigent.”
So why do so many people persist in broadcasting instead of listening? Bregman goes on to say, “We don’t [listen] because it’s uncomfortable. It requires that we listen to perspectives with which we may disagree and listen to people we may not like. But that’s what teamwork — and leadership — calls us to do. To listen to others, to see them fully, and to help them connect their desires, perspectives, and interests with the larger outcome we all, ultimately, want to achieve.”
In case you’re thinking listening-centric leadership is a fleeting fad, it has actually been around for thousands of years! In fact, Lau Tzu, the ancient Chinese philosopher wrote: A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves.
This is a leadership style that comes naturally to many women. I don’t physically have a loud speaking voice and sometimes struggle to be heard in forums designed to reward the person who can shout the loudest. Because of this, I tend to listen more than I shout, which could be seen by some as weakness. However, when I do speak, I like to think it is with knowledge and wisdom. I make it count.
What’s your management style? In this noisy, digital world in which we live are you going to shout above the noise or be quiet – and listen to what you hear?
As customers embrace cloud strategy to build an agile data center, one of the key pillars is openness. Why openness? To move fast, accelerate time-to-market, drive higher level of innovation and avoid vendor lock-in are some of the benefits to openess. What does open mean? In this case, open source, open standards, open interfaces, open API’s, open tools set including automation, orchestration and DevOps.
Come and join Cisco at ONS June 15-18, 2015 to learn how we’ve been in the forefront developing and contributing to the open source community. Hear our speakers Tom Edsall Data Center SDN Solutions June 18 @ 2:00 pm, Mike Cohen at the partner theater June 18 @ 12:40 pm and others
See demos in Cisco’s booth on OpenStack, Group Based Policy GBP that enables capturing application requirements directly rather than converting the requirements into a set of infrastructure configuration updates, Open Dayligt, and more. In the solutions showcase section, you’ll see a service chaining demo with Avi and One Convergence.
What else are we doing to drive openness in the data center? BGP-EVPN control plane to define how VxLAN tunnel endpoints map MAC addressed to IP addresses in a multi-vendor environment, Network Service Header NSH offering a method to identify network service path, OpFlex is an extensible policy protocol designed to exchange abstract policy between a network controller and a set of smart devices capable of rendering policy, open SDN with ACI and many more.
Mobile applications and sensors are commonly used to monitor traffic, health & wellness and incidents such as road traffic accidents. But what about the threat of catastrophic disasters such as earthquakes where the loss of life can be unprecedented?
The sun drenched, Californian city of Pasadena is known for hosting the annual Rose Bowl Football game. It is also located near the infamous San Andreas Fault (SAF). If you paid attention in geography class at school or if you’ve seen the latest Hollywood blockbuster, ‘San Andreas’ starring ‘The Rock’, you’ll know that this means the city is at risk from earthquakes.
Can ‘The Rock’ save the day?
It is suspected that one day California will be hit by The ‘Big One’. This is a hypothetical earthquake of a magnitude ~8 or greater that is expected to happen along the SAF. Such an earthquake will result in devastation to human civilization within about 50-100 miles of the fault in urban areas such as Palm Springs, Los Angeles and San Francisco. No one knows when ‘The Big One’ will happen because scientists cannot predict earthquakes with any precision. However, technology is providing them with data that in time will give Californian residents a fighting chance of survival.
Seismometers are highly sensitive instruments that detect seismic activity that occur before earthquakes strike. Unfortunately, due to their cost, the number of seismometers in California are limited. The Southern California Seismic Network operates just 350 seismic stations and the Northern California Seismic Network has a further 412.
With the threat of ‘The Big One’ forever looming, The Caltec Institute in Pasedena embarked on a project to determine how they could provide a blanket of cheap Seismometers across the state.
Their answer? Smartphones! Yes, really!
Research conducted proved that accelerometers found in most smartphones are sensitive enough to detect large earthquakes.
Creating the ‘Community Seismic Network’ – Caltech is encouraging residents to opt-in to turn their smart phones into mobile seismometers by simply downloading an application called ‘Crowdshake’ onto their android device.
Caltec have said: “if only 1 percent of users in the area opted into the scheme, that few hundred seismometers would be augmented by several hundred thousand additional sensors giving sufficient intelligent processing”.
So how does it work?
Upon downloading the mobile application an algorithm executes in the background of the mobile device. Algorithms are monitored and when seismic motion is detected by the accelerometer, a message is sent to a Cloud Fusion Center which includes the time, location, and estimated amplitude of the data that triggered the message.
The benefit of the Community Seismic Network is huge. A dense, city-wide seismic network could be used to detect earthquakes rapidly after they start and measure the strength of shaking accurately as it unfolds.
What would this mean to Californian residents? Well, it will enable immediate action to be taken to prevent damage, such as stopping trains and elevators, stabilizing the power grid, and deploying emergency teams.
This is an astounding example of the Internet of Everything! People, data, process and things coming together to save lives in real-time!
Whilst the application is currently a research prototype and not yet fully deployed for public use, Caltech anticipate that the capability of real-time early warning may convince users to download and install the application when it is readily available.
So quite simply, it pays to ‘get social’ especially on those days when ‘The Rock’ isn’t around the save the day!
At this time last week, the Cisco Corporate Social Responsibility team was in San Diego, California as part of Cisco Live US 2015. There, we participated in a number of different activities and events, from a Partner Pavilion in the expansive World of Solutions to a keynote featuring a member of the Cisco Networking Academy Dream Team. We highlighted the work of partners like CyberPatriot, shared stories of impact around the globe, and helped students develop the skills necessary for careers in the IT industry.
More than 25,000 people attended Cisco Live US 2015 in San Diego, California.
Throughout the week, we explained how more devices are connecting to the Internet each day, and how these connections will create job opportunities for young men and women around the world. With the help of our partners and their innovative programs, we’re empowering these future global problem solvers with the skills they need to thrive and speed the pace of social change. Below, the story of Cisco Corporate Social Responsibility at Cisco Live US 2015 in pictures:
When I set out to plan a once in a lifetime US coast-to-coast round trip with a buddy of mine in a 40-year old single engine Cessna 172 aircraft under visual flight rules (VFR), it quickly became apparent to me that I was creating my very own personal big data project with a well-defined outcome.
Read on. I will explain what I mean by outcome.
Collecting data
The sheer amount of data I was collecting resulted in many spreadsheets with destination airport codes, elevations, traffic pattern altitudes and directions, runway lengths and configurations, radio frequencies and taxi procedures.
Just one of many data rich spreadsheets
It did not stop there: route planning included avoiding high terrain that I knew the aircraft – and pilot for that matter – would not muster, military operating areas and restricted airspace.
I researched seasonal weather trends along the planned route and destinations so I was well informed of what type of weather we could be confronted with along the way. Aircraft performance considerations were made: weight & balance, estimated time en-route, fuel consumption and cost, climb speeds, density and cruising altitudes, etc.
Finally, I spent countless hours on YouTube watching videos posted by like-minded general aviation pilots flying to the destination airports in my plan. I took notes and committed their shared experiences to memory. It was time well invested: I had a pretty good idea what to expect and what to avoid. It lifted any doubt or anxiety low-time pilots like myself often experience when flying to unfamiliar airports.
Getting organized
I organized all that data in a way that would allow me to make informed decisions about each flight.
On the ground I used the data to file flight plans, get updated weather briefings and quickly make informed ‘go’ or ‘no-go’ decisions.
In the air the, data I needed was easily accessible. It exponentially reduced my workload as pilot-in-command during all phases of flight, allowing me to focus on the fun stuff: aviating, navigating, and communicating with air-traffic control.
And that brings me back to the well-defined outcome for this trip: all this data – and more importantly – how I chose to use it gave me peace of mind that the outcome of each flight would result in a safe landing at each destination airport – one that my travel buddy and I could walk away from with smiles on our faces.
And smile we did
The result was an unforgettable experience: seeing the entire country from a unique perspective that only an airborne aircraft can deliver.
Flying over the Big Apple
Big Data, Big Opportunities
So here is my point: when it comes to big data projects, my personal big data journey pales in comparison to the amount of data an organization can collect and analyze to gain valuable insights to deliver better business outcomes or unique customer experiences.
The sky is the limit. But deciding on what data to collect, where, and how to store it – how to organize, manage and analyze all that data coming from an ever-increasing variety of sources requires careful consideration:
What insights are you expecting to gain from that data?
Where is that data coming from? Is it structured or unstructured data?
How do you manage that data securely in real-time?
How does it support game changing decision-making, add value to the business or create a unique experience for the customer that will have them coming back for more?
All that can no doubt be overwhelming, and unfortunately there is no ‘one-size-fits-all’ solution.
But big data is real – it has become a business imperative. An absolute must if your business wants to remain relevant in your industry.
Statistics suggest that organizations and companies that successfully invest in, and execute on, a well-planned big data strategy will have a competitive edge over their industry peers. In some cases they will out perform them by 20%. Don’t take my word for it – just read the Gartner reports.
Or better yet, download the latest Unleashing IT Big Data edition. It is loaded with expert advice from leading Hadoop and analytics vendors that Cisco has partnered with to deliver custom tailored, validated, and secure big data solutions that easily scale as your business grows. It discusses strategies to help unlock that competitive edge. And it profiles organizations that are turning big data into big value today.
So take a moment to subscribe to UnleashingIT.com for full access to all of the contents. Unlike a single engine Cessna 172, it’s fast and free.
On Final
Jim McHugh recently posted this blog about a three-part virtual conference series on big data and analytics hosted jointly with Intel and several hadoop vendors. I think it’s worth a read and hope to see you attend our first session on June 17th. Check out the compelling agenda.
