Connect with us

Cyber Security

Microsoft Offers IoT Certified Online Course Free of Charge for IT Professionals

Published

on

Microsoft
  • The course will allow developers to work with data engineers, other stakeholders to provide business solutions.
  • The applicant must know how to incorporate the Azure services, which form an IoT solution, after completion.

Microsoft has launched a new course for developers seeking to move into the world of the Internet of Things ( IoT). Microsoft has announced speciality training for Azure IoT Engineer, which is a free certification course. This new course was revealed during a conference on Microsoft Create. In January, Microsoft had launched the software into beta.

This new course will enable the developer to work with data engineers and other stakeholders to provide business solutions right from setting up the IoT device until the end of its life cycle including maintenance.

After completing the course, according to Microsoft, the applicant will be able to incorporate the Azure services that form an IoT solution, including data analysis , data processing , data storage options and platform-as-a-service options

Furthermore, the candidate should have experience implementing the Azure services which form an IoT solution for this credential, including options for data storage, data analysis , data processing, and platform-as-a-service options. “Candidates for the Azure IoT Developer Specialty certification will have subject matter experience designing cloud and edge elements of an Azure IoT system” notes the official site.

The skills which this new qualification will assess will include the following:

  • Implement infrastructure for IoT solution.
  • Devices are provided and managed.
  • Edge to Introduce.
  • Data is stored and controlled.
  • Monitor, fix, and optimize IoT solutions.
  • Implement health.

On Microsoft Learn, the free online learning to help this credential is available. Candidates who want an instructor-led course can get it at a fee.

Microsoft also revealed during Build 2020 that it would allow developers to access quantum computing via the Azure platform, a new platform that will be available as a limited preview for select developers and companies.

Source: https://cybersguards.com/microsoft-offers-iot-certified-online-course-free-of-charge-for-it-professionals/

AI

Federal Government Inching Toward Enterprise Cloud Foundation

Published

on

The federal government’s efforts to put an enterprise cloud platform in place to serve the Pentagon and other agencies has been slowed, but is lurching forward. (GETTY IMAGES)

By AI Trends Staff

The federal government continues its halting effort to field an enterprise cloud strategy, with Lt. Gen. Jack Shanahan, who leads the Defense Department’s Joint AI Center (JAIC), commenting recently that not having an enterprise cloud platform has made the government’s efforts to pursue AI more challenging.

“The lack of an enterprise solution has slowed us down,” stated Shanahan during an AFCEA DC virtual event held on May 21, according to an account in FCW. However, “the gears are in motion” with the JAIC using an “alternate platform” for example to host a newer anti-COVID effort.

Lt. Gen. Jack Shanahan, who leads the Defense Department’s Joint AI Center

This platform is called Project Salus, and is a data aggregation that is able to employ predictive modeling to help supply equipment needed by front-line workers. The Salus platform was used for the ill-fated Project Maven, a DOD effort that was to employ AI image recognition to improve drone strike accuracy. Several thousand Google employees signed a petition to protest the company’s pursuit of the contract, and Google subsequently dropped out.

Shanahan recommends the enterprise cloud project follow guidance of the Joint Common Foundation, an enterprise-wide, multi-cloud environment set up as a transition to the Joint Enterprise Defense Infrastructure program (JEDI). The JEDI $10 billion DOD-wide cloud acquisition was won by Microsoft in October, was challenged by Amazon and has been stuck in legal battles since.

“It’s set us back, there’s no question about it, but we now have a good plan to account for the fact that it will be delayed potentially many more months,” Shanahan stated.

That plan involves a hybrid approach of using more than one cloud platform. At Hanscom Air Force Base in Bedford, Mass., for instance, the Air Force’s Cloud One environment is using both Microsoft Azure and Amazon Web Services.

“I will never get into a company discussion, I’m agnostic. I just need an enterprise cloud solution,” Shanahan stated. “If we want to make worldwide updates to all these algorithms in the space of minutes not in the space of months running around gold discs, we’ve got to have an enterprise cloud solution.”

Joint Common Foundation Aims to Set Up Migration to JEDI

The Joint Common Foundation, announced in March, is an enterprise cloud-based foundation intended to provide the development, test and runtime environment—and the collaboration, tools, reusable assets and data—that the military needs to build, refine, test and field AI applications, according to a JAIC AI Blog post.

“The Infrastructure and Platform division is building an enterprise cloud-enabled platform across multiple govCloud environments in preparation for the JEDI migration,” stated Denise Hodge, Information Systems Security Manager, who is leading the effort to develop the Joint Common Foundation.

Denise Hodge, Information Systems Security Manager, who is leading the effort to develop the Joint Common Foundation

The JCF has the following design goals:

  • Reduce technical barriers to DoD-wide AI adoption.
  • Accelerate security assessments of AI products to support rapid authorization decisions and AI capability deployment.
  • Create standardized development, security, testing tools, and practices to support secure, scalable AI development.
  • Facilitate the concept of secure re-use of AI resources, software, tools, data, and lessons learned that capitalize on the progress made by each JCF AI project.
  • Encourage efficiencies by finding patterns in JCF customer needs and creating solutions that are repeatable to build core products that advance AI development
  • Mitigate risk by providing a common, standardized, and cyber-hardened infrastructure and platform for AI development, assessments, and rapid deployment promotion.

Hodge has spent much of her career supporting Chief Information Officers and Authoring Officials in various IT ecosystems in the Department of Defense, concentrating especially on cybersecurity. “Cybersecurity is the thread that binds the enterprise cloud together,” she stated.

She described four pillars of security to promote cyber engagement and governance: infrastructure security; secure ingest, ongoing authorization and continuous monitoring.

“This initiative is to provide a common, standardized, and hardened development platform that promotes a secure AI development ecosystem,” Hodges stated.

JEDI Project Tied Up in Court

In court documents released in March, Amazon argued that the Pentagon’s proposed corrective action approach over the disputed $10 billion cloud contract, is not a fair re-evaluation, according to an account from CNBC.

Amazon was seen as the favorite to win the JEDI contract, until President Donald Trump got involved. Amazon alleges that the President launched “behind the scenes attacks” against Amazon. Some of them were detailed in the memoir of James Mattis, the retired Marine Corps general who served as US Secretary of Defense from January 2017 through January 2019. In the memoir, Mattis stated that President Trump told him to “screw Amazon” out of the contract.

Amazon is seeking to depose a number of people involved in the JEDI recommendation. The dispute is ongoing.

Read the source articles at FCW, JAIC AI Blog post and CNBC.

Source: https://www.aitrends.com/cloud-2/federal-government-inching-toward-enterprise-cloud-foundation/

Continue Reading

Cyber Security

26 USB Bugs Found in Linux , Windows, macOS and FreeBSD

Published

on

USB devices

Academics say they have found 26 new vulnerabilities in the USB driver stack that operating systems like Linux , macOs, Windows and FreeBSD employ.

The research team, consisting of Purdue University’s Hui Peng and Swiss Federal Institute of Technology Lausanne’s Mathias Payer, said all the bugs were found using a new tool they developed, called USBFuzz.

The tool is what security practitioners call a fuzzer. Fuzzers are applications that allow security researchers to submit large quantities of null, unwanted, or random data into other programs as inputs.

Security researchers then analyze how the software being tested conducts the discovery of new bugs, some of which may be maliciously exploited.

A New Portable USB Fuzzer Built by Academics

Peng and Payer created USBFuzz to test USB drivers, a new fuzzer designed specifically for testing the USB driver stack of modern-day operating systems.

“USBFuzz uses a software-emulated USB device at its heart to provide drivers with random device data (when they conduct IO operations),” the investigators said.

“As the emulated USB interface works at system level, it is straightforward to port it to other platforms.”

This enabled the research team not only to test USBFuzz on Linux, where most fuzzer programs work, but other operating systems too. Researchers have said USBFuzz was checked on:

  • 9 recent versions of the Linux kernel: v4.14.81, v4.15,v4.16, v4.17, v4.18.19, v4.19, v4.19.1, v4.19.2, and v4.20-rc2 (the latest version at the time of evaluation)
  • FreeBSD 12 (the latest release)
  • MacOS 10.15 Catalina (the latest release)
  • Windows (both version 8 and 10, with most recent security updates installed)

Study Team Finds 26 New Bugs

After their experiments the research team said they found a total of 26 new bugs with the help of USBFuzz.

Researchers found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reset and one freezing of the system), and four in Windows 8 and 10 (resulting in Death’s Blue Screens).

But the vast majority, and the most serious, of bugs were found in Linux — 18 in all.

Sixteen were high-security impact memory bugs in different Linux subsystems (USB core, USB sound, and network), one bug resided in the Linux USB host controller driver, and the last one was in a USB camera driver.

Peng and Payer said they reported these bugs to the Linux kernel team and suggested patches to reduce “the burden on the kernel developers while addressing the identified vulnerabilities.”

Of the 18 Linux bugs, 11 have received a patch since their initial reports last year, the research team said. Ten of those 11 bugs were also given a CVE, a special code assigned to major security vulnerabilities.

usbfuzz-tests

Further updates for the remaining seven problems are also expected in the immediate future.

“The remaining bugs fall into two classes: those still being published under embargo and those discovered and documented simultaneously by other researchers,” said the researchers.

USBFuzz is Open Source

Yesterday Payer released a draft of a white paper from the research team detailing their work on USBFuzz. Peng and Payer are planning to present their research at the Virtual Security Conference at Usenix Security Symposium, scheduled for August 2020.

Similar work has been done in the past. In November 2017, a security engineer from Google used a Google-made fuzzer called syzkaller to discover 79 bugs affecting USB drivers on the Linux kernel.

Peng and Payer said that USBFuzz is superior to previous tools like vUSBf, syzkaller, and usb-fuzzer because their tool gives testers more control over the test data and is also portable across operating systems, contrary to all of the above, which usually only work on * NIX systems.

Following Peng and Payer’s Usenix talk USBFuzz is expected to be published on GitHub as an open source project. The repo can be found here.

Copies of Peng and Payer ‘s paper, entitled “USBFuzz: A System for Computer Emulation Usb Drivers Fuzzing,” are available here and here in PDF format.

Source: https://cybersguards.com/26-usb-bugs-found-in-linux-windows-macos-and-freebsd/

Continue Reading

Cyber Security

A New Version of the ComRAT Malware

Published

on

ComRAT Malware

An modified version of the ComRAT malware that was used in recent attacks by Russia-linked cyber-espionage threat actor Turla will connect to Gmail to receive commands, ESET reports.

Also known as Snake, Venomous Bear, KRYPTON, and Waterbug, it is suspected the hacking community has been involved since at least 2006, based on the use of ComRAT, also known as Agent. BTZ and Chinch.

One of the group ‘s oldest malware families, ComRAT was used in 2008 to attack the US military and saw two major versions released until 2012, both of which were derived from the same code base. The hackers had made few modifications to the malware by 2017.

ComRAT v4, the version published in 2017, is much more complex than its predecessors, and is reported to have been in use even in this year’s attacks, according to ESET’s security researchers. ComRAT v4’s first report appears to have been collected in April 2017, while the latest is dated November 2019.

To date, Turla has used the malware to threaten at least three victims (two foreign ministries and a national parliament) to exfiltrate sensitive public cloud services such as OneDrive and 4shared.

Crafted in C++, ComRAT v4 is deployed using existing access methods, such as the backdoor PowerStallion PowerShell, and has two command and control (C&C) channels, namely HTTP (the same protocol used in the previous variant) and email (could receive commands and exfiltrate data via Gmail).

Based on the cookies stored in the configuration file, the malware will connect to the Gmail web interface to check an inbox and download attachments containing encrypted commands sent from another address by the attackers.

The new malware variant is internally called Chinch (same as previous versions), shares part of its network infrastructure with Mosquito, and Turla malware, such as a modified PowerShell loader, PowerStallion backdoor and RPC backdoor, has been observed to be dropped or dropped.

ComRAT v4, which is specifically designed to exfiltrate sensitive data, also helps attackers to deploy additional malware to compromised environments. Operators can also run commands to gather information from the compromised systems, such as groups or users of Active Directory, network details, and configurations of Microsoft Windows.

Components of the malware include an orchestrate inserted into explorer.exe that controls most of the functions, a communication module (DLL) injected into the orchestra’s default browser, and a Virtual FAT16 File System that includes configuration and logs.

The security researchers have noted a emphasis on evasion, with the hackers routinely exfiltrating log files related to security to determine whether or not their methods have been identified.

“The most interesting feature is that the Gmail web UI is used to receive commands and exfiltrate data. And it can bypass any security controls because it is not dependent on any malicious domain. We also found that this new version abandoned the use for persistence of a COM object hijacking, the method that gave the malware its common name, “the researchers note.

With ComRAT v4 still in use earlier this year, it’s clear that Turla remains an significant threat to diplomats and military personnel, ESET concludes.

Source: https://cybersguards.com/a-new-version-of-the-comrat-malware/

Continue Reading
Blockchain15 mins ago

Bitcoin Is a Peaceful Protest: Crypto Leaders On The Minneapolis Riots Following George Floyd’s Death

Blockchain24 mins ago

Cardano’s upcoming Shelley launch may spur price

Cannabis34 mins ago

Is Cannabis Recession-Proof? We’re About to Find Out.

Blockchain39 mins ago

Cash or Plastic? Countries Where Crypto Debit Cards Are Fair Game

Blockchain41 mins ago

Bitcoin Price Prediction: BTC/USD Stabilizes Above $9,500 As The Bulls Struggling To Conquer $9,800

Blockchain44 mins ago

Exclusive: Binance Korea to Integrate Coinfirm Real-Time AML Monitoring

Blockchain44 mins ago

Moderna (MRNA) Shares Up 0.37% amid Investors’ Concerns about Stock Sales

Cannabis52 mins ago

Louisiana OKs medical marijuana reform, but minimal market boost seen

Blockchain52 mins ago

Leading US Crypto Exchange Bittrex Lists WINGS

Blockchain53 mins ago

Litecoin, ETC, HBAR: Price Analysis, June 1

Blockchain53 mins ago

Twitter’s Bitcoin Sentiment Suggests a Price Breakout is Imminent: Here’s Why

Blockchain1 hour ago

Miners Have Been Selling More Bitcoin Than They Generate, Recent Data Suggests

Blockchain1 hour ago

Tether Integrates with OMG Sidechain to Decrease Load on Ethereum

Blockchain1 hour ago

Swiss Bank Maerki Baumann Launches Crypto Custody and Trading

Blockchain1 hour ago

Chainlink, Ethereum, Cardano and DigiByte Among 27 Altcoins Outperforming Bitcoin (BTC) in 2020

Cannabis2 hours ago

Riots in Los Angeles Affecting Weed Delivery

Blockchain2 hours ago

How to Learn Any Skill Fast

Blockchain2 hours ago

Leading US Crypto Exchange Bittrex Global Lists WINGS

Blockchain2 hours ago

AMZN and AAPL Stocks 1% Up, TGT 2% Down as Amazon, Target and Apple Temporarily Close Stores Due to U.S. Riots

Blockchain2 hours ago

Draper Goren Holm’s LA Blockchain Summit Celebrates Going Virtual With A $1 Million Bitcoin Giveaway

Trending