1
Gael García Bernal Embodies ‘Exótico’ Luchador in ‘Cassandro’ Trailer Starring Bad Bunny
(www.rollingstone.com)
MrRobot
joined 1 year ago
1
[WTS] [USA-VA] [H] Sennheiser HD 6XX [W] PayPal (CONUS only, shipping included)
(teddit.seedoubleyou.me)
Microsoft Excel to let you run Python scripts as formulas
Microsoft is adding the Python programming language to Microsoft Excel, allowing users to create powerful functions for analyzing and manipulating data.
The public preview of the feature is now available to Microsoft 365 Insiders in the Beta channel, with the goal to ultimately roll out the feature to Excel for Windows in 16.0.16818.2000.
However, even if you join the Microsoft 365 Insiders Beta channel to test the new feature, there is no guarantee that Python in Excel will be available, as Microsoft is rolling it out slowly to test the feature.
Python in Excel
The new Python in Excel feature brings a new 'PY' function that allows users to embed Python code directly in a cell to be executed like any macro or regular Excel function.
However, instead of running the Python scripts locally, Excel will execute the code in the cloud using a hypervisor-isolated container on Azure Container Instances. Microsoft says this container environment will include Python and a curated set of Anaconda libraries to prevent security issues.
These libraries include the data visualization and analysis tool 'pandas' and the visualization tool 'Matplotlib.'
As the Python scripts will run in an isolated container, they will not have access to any local resources, including the local network, computer, files, and a Microsoft 365 authentication token.
To embed a Python script in Excel, users will use the =PY() function to open a text area where they can enter the Python code they wish to execute.
The code is then executed in the cloud container, and the results are sent back and displayed in the worksheet. Microsoft says this is all done anonymously so that your Python code is not linked back to a particular user.
"Python in Excel makes it possible to natively combine Python and Excel analytics within the same workbook - with no setup required," Microsoft explains in an announcement.
"With Python in Excel, you can type Python directly into a cell, the Python calculations run in the Microsoft Cloud, and your results are returned to the worksheet, including plots and visualizations."
Using the Python Panda library in Excel
Source: Microsoft
Microsoft treats Python in Excel like other embedded scripting languages, automatically blocking them if a document contains a Mark of The Web (MoTW).
Windows automatically adds MoTW flags to all documents and executables downloaded from untrusted sources, such as the internet, using a special 'Zone. Id' alternate data stream.
These MotW labels tell Windows, Microsoft Office, web browsers, and other apps that the file should be treated with suspicion and will cause the document to be opened in Protected View, preventing the execution of macros and embedded Python scripts.
"If you open a workbook that contains Python code from the internet, Excel Protected View won't run Python formulas in the workbook. If a workbook is opened with Microsoft Defender Application Guard, Python formulas don't run by default," explains Microsoft.
To test Python in Excel, join the Microsoft 365 Insider Program and enroll in the Beta channel. However, as previously said, this feature may take some time to roll out to everyone
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
Akira ransomware is a relatively new ransomware operation launched in March 2023, with the group later adding a Linux encryptor to target VMware ESXi virtual machines.
Cisco VPN solutions are widely adopted across many industries to provide secure, encrypted data transmission between users and corporate networks, typically used by remotely working employees.
Reportedly, Akira has been using compromised Cisco VPN accounts to breach corporate networks without needing to drop additional backdoors or set up persistence mechanisms that could give them away.
Akira targets Cisco VPNs
Sophos first noted Akira's abuse of VPN accounts in May, when researchers stated that the ransomware gang breached a network using "VPN access using Single Factor authentication."
However, an incident responder, known as 'Aura,' shared further information on Twitter on how they responded to multiple Akira incidents that were conducted using Cisco VPN accounts that weren't protected by multi-factor authentication.
In a conversation with BleepingComputer, Aura stated that due to the lack of logging in Cisco ASA, it remained unclear if Akira brute-forced the VPN account credentials or if they bought them on dark web markets.
A SentinelOne report shared privately with BleepingComputer and focusing on the same attack method presents the possibility of Akira exploiting an unknown vulnerability in Cisco VPN software that might be able to bypass authentication in the absence of MFA.
SentinelOne found evidence of Akira using Cisco VPN gateways in leaked data posted on the group's extortion page and observed Cisco VPN-related traits in at least eight cases, indicating this is part of an ongoing attack strategy by the ransomware gang.
Cisco VPN trait seen in eight Akira attacks
Source: SentinelOne
Remote RustDesk access
Additionally, SentinelOne's analysts observed Akira using the RustDesk open-source remote access tool to navigate compromised networks, making them the first ransomware group known to abuse the software.
Because RustDesk is a legitimate tool, its presence is unlikely to raise any alarms, so it can offer stealthy remote access to breached computers.
Other benefits that arise from using RustDesk include:
- Cross-platform operation on Windows, macOS, and Linux, covering Akira's full targeting range.
- P2P connections are encrypted and hence less likely to be flagged by network traffic monitoring tools.
- Supports file transfer which can facilitate data exfiltration, streamlining Akira's toolkit.
Other TTPs observed by SentinelOne in Akira's latest attacks include SQL database access and manipulation, disabling firewalls and enabling RDP, disabling LSA Protection, and disabling Windows Defender.
These not-so-subtle changes are performed after the attackers establish their presence in the environment and are ready to proceed to the final phases of their attack.
In late June 2023, Avast released a free decryptor for Akira ransomware. However, the threat actors have patched their encryptors since then, and Avast's tool will only help victims of older versions.
Carderbee hacking group hits Hong Kong orgs in supply chain attack
Image: Midjourney
A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
Symantec reports that the legitimate software used in the supply chain attack is Cobra DocGuard, created by Chinese developer' EsafeNet,' and used in security applications for data encryption/decryption.
The fact that Carderbee uses PlugX, a malware family widely shared among Chinese state-backed threat groups, indicates that this novel group is likely linked to the Chinese threat ecosystem.
A supply chain attack
Symantec's researchers spotted the first signs of Carderbee activity in April 2023. However, an ESET report from September 2022 highlights a malicious update in Cobra DocGuard being used as the initial compromise point, so the threat actor's activity might date back to September 2021.
Symantec said they saw the Cobra DocGuard software installed on 2,000 computers but only observed malicious activity in 100, indicating that the threat actors only further compromised high-value targets.
For those targeted devices, Carderbee used the DocGuard software updater to deploy a range of malware strains, including PlugX. However, it remains unclear how the threat actors were able to conduct the supply chain attack using the legitimate updater.
The updates arrive in the form of a ZIP file fetched from "cdn.streamamazon[.]com/update.zip," which is decompressed to execute "content.dll," which acts as a malware downloader.
Interestingly, the downloader for PlugX malware is digitally signed using a certificate from Microsoft, specifically Microsoft Windows Hardware Compatibility Publisher, making detecting the malware more challenging.
Microsoft disclosed in December 2022 that hackers abused Microsoft hardware developer accounts to sign malicious Windows drivers and post-compromise rootkits.
The malicious DLL pushed by Carderbee also contains x64 and x86 drivers, used to create the Windows services and registry entries required for persistence.
Eventually, PlugX is injected into the legitimate 'svchost.exe' (Service Host) Windows system process to evade AV detection.
The PlugX sample seen by Symantec in these attacks features the following capabilities:
- Command execution via CMD
- File enumeration
- Checking running processes
- File downloading
- Firewall ports opening
- Keylogging
Symantec says Carderbee's exact targeting scope remains murky. While links to the 'Budworm' group are likely based on the collected evidence, the extent of their relationship remains unclear.
The use of a supply chain attack and signed malware makes this new threat very stealthy, and the selective deployment of malware indicates high-level preparation and reconnaissance.
Netflix is going to let DVD.com subscribers keep any unreturned discs
Illustration: Alex Castro / The Verge
Netflix won’t charge DVD.com customers for any discs they still have after September 29th, the company announced from its DVD.com account on X on Monday. That generous offer, combined with Netflix’s recent announcement that it may send customers as many as 10 extra discs from their queues, means that some people might end up with a bunch of disc copies of movies, courtesy of Netflix.
DVD.com customers will need to visit a special link on DVD.com by August 29th to apply for the promotional offer. Netflix will then send up to 10 random discs based on the movies in the subscriber’s queue.
By the way, a happy clarification in response to all the news headlines out there:
We are not charging for any unreturned discs after 9/29. Please enjoy...
Frozen's Story Will Continue In a New Podcast
It’s been a long time since Frozen 2, and it’s going to be an even longer time still until Disney is able to do anything about its plans for a third entry in the series. So... why not podcasts?