Aqua Security Announces Its Aqua Cloud Native Security Platform Has Achieved VMware PKS Partner Application Program Validation

SecurityInformed | May 22, 2019

Aqua Security, global platform provider for securing container-based and cloud native applications, has announced that Aqua Cloud Native Security Platform (CSP) has attained VMware Partner Ready status for PKS. The validation of Aqua’s CSP validates that the solution has been tested and verified to interoperate with VMware Enterprise PKS, and can fully manage and secure workloads running on VMware Enterprise PKS. “We are pleased that Aqua Security has validated its Cloud Native Security Platform for VMware Enterprise PKS. This signifies to customers that Aqua Security can be deployed with the knowledge and reassurance that Aqua fully supports the specified versions and configurations on VMware Enterprise PKS,” said Pat Lee, vice president, Emerging ISVs & Solutions, VMware.

Spotlight

In today’s digital economy, IT organizations are increasingly using public cloud technologies and services to meet their needs for increased agility and innovation, as well as cost management. This use of public cloud technologies is furthercomplicated when companies use multiple cloud service providers, a concept also known as multi-cloud, and attempt to integrate on- and off-premises environments, known as hybrid cloud. IT organizations now must manage systems that spanacross both multi-cloud and hybrid cloud environments, which presents new challenges for data protection.


Other News
VPN

NordVPN extension now on Microsoft Edge

NordVPN | December 15, 2021

NordVPN has officially launched the NordVPN extension for Microsoft Edge browser, available on all platforms compatible with Edge. The new extension is extremely light and fast so users can switch between locations within seconds. Microsoft Edge browser is based on Chromium, which means users can install the NordVPN extension via the Chrome Web Store. With this release, NordVPN is unlocking full official support for people who were already using other NordVPN extensions on Edge. We knew many users were installing the NordVPN extension for Chrome on the Microsoft Edge browser. That's why we decided to improve their experience by releasing an official NordVPN extension designed for Edge. In terms of functionality, the new extension works exactly the same way as the ones for Chrome and Firefox, giving users a seamless experience across browsers." Vykintas Maknickas, Product Strategist at NordVPN Apart from Edge, NordVPN has browser extensions for both Google Chrome and Mozilla Firefox. "We're constantly looking for ways to enhance our user experience. For example, we recently added M1 Mac compatibility and increased our bug bounty program to $50K for all Nord brands, including NordPass, NordLocker, and NordLayer. As part of a broader effort to shift Nord Security and our brands into a broader cybersecurity suite, pushing all of these initiatives brings us closer to doing exactly this," says Vykintas Maknickas from NordVPN. To stress the importance of privacy online, NordVPN recently released the findings of its research on browser cookies and how browsing habits create different privacy and security risks. NordVPN is the first brand in the Nord Security family of products and was established in 2012. NordVPN became the premier VPN solution of choice worldwide throughout the years, now serving more than 14 million users. Nord Security has also expanded its scope to include security solutions for businesses and advanced encryption tools for consumers, including NordPass, NordLocker, and NordLayer. About NordVPN NordVPN is the world's most advanced VPN service provider used by over 14 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide. One of the key features of NordVPN is the zero-log policy.

Read More

VPN

Exidio Launches First-of-Its-Kind Decentralized VPN App for IOS/Android

Exidio | December 16, 2021

Following their initial launch in 2020, Exidio expands their offerings to include mobile app devices including apps for Exidio and Sentinel, creating custom open source applications on a peer-to-peer bandwidth network for optimal protection. This tech provides people with secured and easily accessible information using dVPN to protect users from shared data and encrypt all personal information. While many in Western countries don’t experience the impact of controlling governments, globally people are actively controlled by local and national governments or external groups. Using services, like those that Exidio and Sentinel offer, can give freedom to the users to effectively communicate or manage sensitive information. Exidio changes the landscape of mistrust and obscurity within the VPN industry by creating custom, white label applications that connect to the Sentinel node network, a decentralized peer-to-peer node network. Ensuring privacy and security, Exidio can prove a users' web traffic and metadata is end-to-end encrypted. Exidio cannot access the traffic, nor can a node host view the web traffic or metadata of a user. Exidio builds open source applications allowing anyone to check its codebase. The Sentinel Ecosystem consists of the Sentinel node network, the dVPN user base, communities of open source code contributors, and companies integrating the Sentinel node network. Since its inception in 2018, the Sentinel Ecosystem has seen significant growth. By sharing an app version for this tech, people will be able to access more easily and integrate into the fast communications and processes of a mobile device. Whether participating at a protest or just texting a friend on a sidewalk, this tech will protect people who are at risk of federal detention or worse, physical abuse and harm, at the hands of controlling groups. About Exidio Exidio is the leader in transparent, end-to-end encrypted VPN technology. Exidio builds beautiful applications empowering consumers and businesses to reclaim their digital privacy and security. Leveraging open-source code and decentralized networks, Exidio is bringing a new paradigm of transparency to the VPN space. Customers can download our application to access websites and stream videos from around the world, reclaim their online security and free themselves from third-party surveillance. About Sentinel Sentinel is the first scalable framework allowing for dVPNs to utilize shared resources, reducing the overall network carbon footprint The goal of the Sentinel ecosystem to decentralize the VPN industry and introduce the ‘dVPN’ to the mainstream consumer.

Read More

VMWARE

Cybercriminals Target Linux-based Systems With Ransomware and Cryptojacking Attacks

VMware | February 09, 2022

As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include: Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments; 89 percent of cryptojacking attacks use XMRig-related libraries; and More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.” Giovanni Vigna, senior director of threat intelligence at VMware As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools. Ransomware Targets the Cloud to Inflict Maximum Damage As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S. Cryptojacking Attacks Use XMRig to Mine Monero Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect. Cobalt Strike Is Attackers’ Remote Access Tool of Choice In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible. VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises. “Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.” Methodology The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning. TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021. About VMware VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.

Read More

VIRTUAL SERVER MANAGEMENT

Lightbits Labs Announces Availability of Lightbits Cloud Data Platform on VMware Marketplace

Lightbits | April 06, 2022

Lightbits®, the first software-defined NVMe® data platform for any cloud, today announced that the Lightbits Cloud Data Platform is available on VMware Marketplace. In addition to high performance and increased flexibility, Lightbits offers rich data services that result in highly resilient storage that extends across the entire virtualized platform. VMware Marketplace is a one-stop shop for VMware validated and certified ecosystem solutions that enable customers to discover, try, purchase, and deploy directly to VMware environments. Partners can easily publish their solutions for VMware customers across platforms such as VMware Cloud on AWS, VMware Tanzu, and more. Customers will be able to access and purchase these third-party partner solutions directly from their cloud environments, while also experiencing the convenience of features such as notifications, reporting, and analytics. Lightbits provides a unified, consistent, high-performance data platform for any cloud that delivers efficiency, simplicity, and agility for container-based applications in a Kubernetes environment, as well as virtualized applications in a VMware environment. The innovative Lightbits Cloud Data Platform is architected to leverage the performance and latency benefits of NVMe/TCP and Intelligent Flash Management™ (IFM), solving the complexity and high-cost problems of high-performance storage for any cloud. Lightbits provides efficiency and flexibility of disaggregation at performance that is similar to local flash. A single Lightbits cluster can deliver over 40M IOPS (random Read) and 10PB user capacity, with less than 200μs latency. Organizations previously utilizing iSCSI can instead use NVMe/TCP on the same network infrastructure and realize much higher performance. The Lightbits Cloud Data Platform is certified with VMware vSphere® 7 Update 3 and is available on the VMware Marketplace. “Lightbits is an efficient, disaggregated software-defined architecture that combines the advantages of NVMe/TCP data fabric, IFM, and enterprise data services that is easy to consume on the VMware Marketplace. IFM dramatically improves flash storage efficiency and delivers the highest performance with the lowest latencies at scale for VMware environments,” said Eran Kirzner, CEO at Lightbits. “Many Cloud Service Providers and VCPP customers are already realizing how simple it is to provision storage, control volume policies such as availability, protection, data reduction, and QoS.” We are pleased to see the Lightbits Cloud Data Platform on VMware Marketplace. Compatible technologies, such as the Lightbits Cloud Data Platform, enable our customers to build, run, manage and better secure their applications effectively and efficiently using VMware products and services. We’re excited to work with partners such as Lightbits Labs to empower customers to derive the most value from their technology investments.” Ramya Sarangarajan, Director, Product Marketing and Strategy, VMware About Lightbits Labs Lightbits Labs® (Lightbits), is a cloud data platform company that delivers ease of use and efficiency while unlocking agility for modern businesses. Creators of the NVMe® over TCP (NVMe/TCP) protocol, Lightbits is leading the digital data center transformation by making software-defined storage that is easy to deploy at scale and delivers performance equivalent to local flash to accelerate cloud-native applications in bare metal, virtual, or containerized environments. Backed by leading enterprise investors including Cisco Investments, Dell Technologies Capital, Intel Capital, and Micron, Lightbits is on a mission to make high-performance elastic block storage simple, scalable, and cost-efficient for any cloud.

Read More

Spotlight

In today’s digital economy, IT organizations are increasingly using public cloud technologies and services to meet their needs for increased agility and innovation, as well as cost management. This use of public cloud technologies is furthercomplicated when companies use multiple cloud service providers, a concept also known as multi-cloud, and attempt to integrate on- and off-premises environments, known as hybrid cloud. IT organizations now must manage systems that spanacross both multi-cloud and hybrid cloud environments, which presents new challenges for data protection.

Resources