News for Admins

Tech News

Hackers Weaponize Open Source Software in Targeted Phishing Attempts

The Microsoft Threat Intelligence Center (MSTIC) has recently detected a wide range of phishing attempts using weaponized open source software.

These attempts, attributed to ZINC (https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/), have used traditional social engineering tactics by contacting individuals with fake job offers on LinkedIn. "Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads," Microsoft says (https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/).

MSTIC has observed ZINC, also known as Lazarus, using weaponized versions of open source software including PuTTY, KiTTY, and TightVNC installer for these attacks, which have targeted "employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia."

Linux Kernel 6.0 Announced

Linus Torvalds has released Linux kernel 6.0 (https://lwn.net/Articles/910086/), noting that the version number change is more a matter of practicality than reflective of any fundamental changes.

"But of course there's a lot of various changes in 6.0," Torvalds says, "We've got over 15k non-merge commits in there in total, after all, and as such 6.0 is one of the bigger releases at least in numbers of commits in a while."

According to Jon Corbet at LWN.net, "headline features of this latest release include a number of io_uring improvements, including support for buffered writes to XFS filesystems and zero-copy network transmission, an io_uring-based block driver mechanism, the runtime verification subsystem, and much more."

See change details in LWN's merge-window summaries (part 1 [https://lwn.net/Articles/903487/] and part 2 [https://lwn.net/Articles/904032/]) and read more at LWN.net (https://lwn.net/Articles/910086/).

Google Announces TensorStore for High-Performance Array Storage

Google has announced TensorStore, an open source, C++ and Python library designed for reading and writing large multi-dimensional arrays.

Many contemporary computer science applications manipulate huge, multi-dimensional datasets, says Google. "In these settings, even a single dataset may require terabytes or petabytes of data storage. Such datasets are also challenging to work with as users may read and write data at irregular intervals and varying scales, and are often interested in performing analyses using numerous machines working in parallel," Google explains.

TensorStore is an open source software library that, according to the website (https://google.github.io/tensorstore/#concepts):

  • Provides a uniform API for reading and writing multiple array formats
  • Natively supports multiple storage drivers, including Google Cloud Storage, local and network filesystems, in-memory storage
  • Automatically takes advantage of multiple cores for encoding/decoding and performs multiple concurrent I/O operations to saturate network bandwidth
  • Enables high-throughput access even to high-latency remote storage

"Processing and analyzing large numerical datasets requires significant computational resources," says Google, which "is typically achieved through parallelization across numerous CPU or accelerator cores spread across many machines." Thus, according to Google, "a fundamental goal of TensorStore has been to enable parallel processing of individual datasets that is both safe (i.e., avoids corruption or inconsistencies arising from parallel access patterns) and high performance (i.e., reading and writing to TensorStore is not a bottleneck during computation)."

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus