Recent Posts

Pages: [1] 2 3 ... 10

Linux, gOS, Harmony OS, Moblin, Ubuntu, OpenSuse / Introducing the AlmaLinux HPC and AI SIG

« Last post by javajolt on May 03, 2024, 05:06:13 PM »

The establishment of the AlmaLinux HPC & AI SIG

The AlmaLinux HPC and AI SIG is dedicated to supporting and guiding individuals and organizations in leveraging the full potential of AlmaLinux for their high-performance computing and artificial intelligence endeavors. With its exceptional performance, security, and scalability, AlmaLinux has emerged as the Linux distribution of choice for those seeking to push the boundaries of computational power and innovation in enterprises, universities, research institutions, and the cloud. As a truly community-backed enterprise Linux distro, AlmaLinux provides the ideal platform for developers, administrators, and researchers to collaborate and build upon for their research and HPC and AI deployments. The HPC and AI SIG is here to ensure that users have the resources, expertise, and community support needed to maximize the benefits of AlmaLinux in their HPC and AI projects.

The AlmaLinux HPC AI SIG is being founded by a group of HPC and AI experts who have chosen AlmaLinux as the operating system to power their projects. This includes representatives of HPC hardware vendors, AI/ML open-source software projects, and administrators deploying AlmaLinux at research institutions. With a shared passion for harnessing the immense potential of HPC and AI, the SIG members will collaborate, innovate, and exchange knowledge within the AlmaLinux community. By leveraging AlmaLinux’s stability, security, compatibility, and performance, we are able to push the boundaries of what is possible in our respective fields, while simultaneously contributing our expertise to help users thrive in their HPC and AI endeavors. Together, the SIG members are dedicated to advancing the capabilities of AlmaLinux and driving the future of HPC and AI.

The goals of the new SIG

The members of the AlmaLinux HPC and AI SIG are committed to promoting the numerous benefits that AlmaLinux brings to the realm of HPC and AI. Through the SIG’s collective knowledge and experience, we aim to provide guidance and support to AlmaLinux users who are engaged in HPC and AI projects. Whether it’s optimizing performance, ensuring security, or overcoming challenges, SIG members are here to share their knowledge, offer assistance, and foster a collaborative environment for HPC and AI users in the AlmaLinux community.

As advocates for the HPC and AI community within AlmaLinux, the SIG represents their interests and addresses their unique needs. The SIG acts as a voice for the community, ensuring that their perspectives, challenges, and requirements are heard and understood by the broader AlmaLinux development team. By actively engaging with users, listening to their feedback, and advocating for necessary improvements or features, we strive to shape the future direction of AlmaLinux to better serve the HPC and AI community. Through our efforts, we aim to foster a strong and symbiotic relationship between AlmaLinux and the HPC and AI community, enabling continuous innovation and growth for both.

Get involved

Outside the AlmaLinux community, the AlmaLinux HPC and SIG aim to foster partnerships and relationships with third-party stakeholders, such as hardware vendors and open-source software projects, to enhance the compatibility, performance, and optimization of AlmaLinux for HPC and AI workloads. Through these collaborations, the SIG can ensure that AlmaLinux remains at the forefront of technological advancements in the HPC and AI domains, providing a seamless and efficient environment for researchers and developers. Join us in advocating for AlmaLinux and driving the adoption of HPC and AI applications by engaging in collaborative efforts and contributing to the growth and development of this powerful platform. Together, we can shape the future of HPC and AI with AlmaLinux.

Join our efforts to collaborate with HPC and AI experts, tap into their knowledge and experience, and unlock the full potential of AlmaLinux for your projects. Engage in discussions, share insights, and stay updated on the latest developments through our Mattermost chat channel, and mailing list, and keep an eye open for our first quarterly meeting!

source

Windows | Windows 11 | Windows 10 News / Windows 11 users, you’re in for an upgrade you can’t ignore

« Last post by javajolt on May 03, 2024, 04:57:18 PM »

Mandatory advertisements

(Image credit: Shutterstock/Prostock-studio)

Microsoft seems intent on making ads disguised as recommendations a fact of life in Windows 11, and the tech giant has begun testing promotional recommendation pages that take up your whole screen, urging users to install Edge and other services - similar to the page you see when you first set up your device or install Windows 11.

Thinking back, I recall a few times when this screen appeared on my own Windows 11 PC after an update, and it caught me off guard as my PC is already set up to my liking. Like myself, some users would be greeted with “Let’s finish setting up your PC” automatically after a Windows Update had been installed. Before this, this sort of notification might appear if you bought a PC and set it up for the first time, but now it looks like anyone already up and running could also see it.

(Image credit: Shutterstock/Space_Cat)

A breakdown of the new notification in Windows 11

The new notification screens were spotted by Windows Latest following Microsoft’s monthly Patch Tuesday update in April 2024. As shown in a screenshot provided in Windows Latest’s report, the notification screen explains that the ‘set-up’ process will involve backing up your files using OneDrive, restoring “Microsoft recommended settings” (read: setting Edge as your default browser), backing up your phone on your PC, setting up Windows Hello, as well as getting a Microsoft 365 subscription, and turning on Phone Link between your phone and PC.

You are then given two options, neither of which is to opt out of the notification if you’re not interested. You can choose to “Continue” or select “Remind me in 3 days,” and the pop-ups will eventually return. Windows Latest tried the ‘Continue’ option, which led to a “Let’s customize your experience” page which prompts users to customize their Start menu’s ‘Recommended’ section. As shown in a provided screenshot, users would be given some control over the apps that appear in this section.

If you decide not to make any adjustments you’ll be guided to a page with the heading “Use recommended browser settings.” The top option, not by coincidence, is Microsoft Edge - Windows 11’s default browser. This is accompanied by Bing as the default search engine, which again no surprise. Enabling these also pins the Edge icon to the taskbar and creates a desktop icon (if you’ve removed these). Luckily, if you’re not interested in using Microsoft’s web browser and search engine, you can click on “Don’t update your settings,” (which sounds like you’re getting left behind), and you can keep your previous settings.

(Image credit: Shutterstock/Gorodenkoff)

This isn’t the first of Microsoft’s heavy-handed attempts to get people to use its software and services, and not the first to be met with distaste from users. As Windows Latest points out, Edge already comes preinstalled, and it’s difficult to remove for users running Windows 11 outside of Europe.

If you make it through all of these option screens and have any patience left, you’ll be met with more promotional pages for other Microsoft services, like the offer to try Microsoft 365 Family with a free trial. You could forgo this and subscribe to Microsoft 365 Basic, which includes ad-free OneDrive and Outlook, along with 100GB of cloud storage. In the screenshot that Windows Latest includes, no prices are stated - just a ‘Continue’ button. After this page, users are urged to set up Microsoft’s Phone Link app, which works similarly to Apple’s AirDrop feature, and allows you to access data on a linked Android phone on your PC.

source

Windows 11 / Microsoft should give up on Windows 11 and throw everything at Windows 12

« Last post by javajolt on May 03, 2024, 10:13:02 AM »

(Image credit: Surface/Unsplash)

If the recent news concerning two Windows 11 updates that have been breaking various features isn’t enough, the recent reveal that the OS’s market share has dipped below 26% certainly should spark some alarm.

According to April 2024 data from Statcounter, Windows 11 plummeted to a 25.69% market share after it reached an all-time high of 28.16% back in February 2024. Meanwhile, Windows 10 has risen to over 70% market share during the same period, and this is after Microsoft announced its intentions to reach End of Support (EOS) for Windows 10 by October 2025.

Microsoft could be looking at a tremendous issue, in which its hopes for Windows 11 being the ultimate AI-supported OS with Copilot, are hampered due to not having the user base it needs. Normally, an OS drops in support once the successor launches, so Windows 11 falling nearly three points in just a few months is quite telling.

But is it honestly surprising?

It’s no secret that Windows 11 has been plagued with issues and bad updates since its launch — not to mention its biggest problem involving many users not being able to make the upgrade in the first place due to its much steeper installation requirements, which prevents many otherwise interested users from even upgrading in the first place.

There’s also the fact that the OS has been forcing ads as "recommendations" into the Start menu and has even begun testing promotional recommendation pages that take up your whole screen, urging users to make Edge the default browser and installing or enabling other services. The worst part is that there’s no way to fully opt out of these ads, which accomplish nothing but clog up the UI with constant notifications.

As for what features Windows 11 offers over Windows 10? There’s simply not enough incentive for users to make the jump, with some features like centering the icons and Start menu on the taskbar and bringing back desktop widgets, barely worth mentioning. And some features, like the ability to move the taskbar, were actually removed.

On the other hand, Windows 10 came after Windows 8/8.1 which endeared users to its many improvements including bringing back the Start menu. Not to mention how much more stable the OS is compared to its successor, with far fewer broken updates.

What's the future for Windows 11?

The biggest reason to make the move to Windows 11 is possibly Microsoft Copilot, but that’s also coming to Windows 10. There are some unique AI tools that Windows 11 will be getting eventually, but that could also serve to further the divide between users with higher-end PCs and less powerful ones.

So then, what should Microsoft do? The tech giant might have to cut its losses and speed up the release of Windows 12, putting all the AI goodies and other new features there instead. The user base would be more willing to move to a new OS, and doing so could even prevent a possible ecological disaster in the making. There are also tons of other features and tools that could be added, plenty of which are fan favorites that would easily draw in users from Windows 10.

This move would be the kiss of death for Windows 11, but this would honestly be a net positive for Microsoft, as it could put all the bad press for Windows 11 behind it and fully support a superior OS while giving Windows 10 users far more incentive to make the switch in the process.

source

General Discussion / For sale: Cheyenne supercomputer with 8,064 Xeon CPUs and 306TB of DDR4 memory

« Last post by javajolt on May 02, 2024, 06:51:40 PM »

Some assembly and maintenance is required

Buyer is responsible for the relocation of 26,000 pounds of equipment.

◄ § ►

Image credit: U.S. GSA

What was once the 21st most powerful supercomputer in the world is now available to the highest bidder — well, maybe, as the current bid of under $30,000 has not met the required amount. The U.S. General Services Administration opted to put the Cheyenne supercomputer, deployed in 2016, up for auction, in part due to ongoing repair and maintenance problems.

The retired supercomputer is, as the name suggests, a monster. It’s a 5.34 petaflops system, one of the last deployed by Silicon Graphics International after its acquisition by Hewlett-Packard. Since then, it's been a cornerstone of operations at the NCAR-Wyoming Supercomputing Center in Cheyenne, Wyoming.

The Cheyenne supercomputer is a water-controlled installation made up of SGI ICE XA modules with 28 racks holding 8,064 Intel E5-2697v4 CPUs. That totals 145,152 cores, for those keeping count. The main system is spread across 4,032 dual-socket nodes. Here are the specs of the primary components:

Each E-Cell weighs in at 1,500 pounds, and shipping is not included in the winning bid. The purchaser needs to hire a professional moving company to transport the supercomputer from the facility to its new home. The auction notes also state that the supercomputer will be sold as-is and that it "is currently experiencing maintenance limitations due to faulty quick disconnects causing water spray." Not exactly the pinnacle of supercomputing achievements, then.

Beyond the above hardware, the supercomputer also includes two air-cooled management racks. These consist of 26 1U servers each, 20 of which have 128GB of memory and six with 256GB of memory. That's an additional 8TB of DRAM, if you're wondering. The management racks also include 10 Extreme Switches, and two Extreme Switch power units, and each rack weighs 2,500 pounds.

While the Cheyenne supercomputer has been in operation for the past seven years, the auction notes says the "expense and downtime associated with" fixing the current cooling problems makes it unworthy of continued maintenance. And of course, even though this was a lightning-fast supercomputer when it first launched, it would be considered sluggish by 2024 computing standards. This is a fate shared by many supercomputers, even some of NASA's most powerful ones.

Cheyenne peaked at number 21 on the Top500 list of the most powerful supercomputers back when it launched. Today, it sits at number 160 — based on a Rmax score of 4.79 petaflops. The paradigm shift to GPU-powered supercomputers over the past decade means that, as an example, you could potentially exceed that level of performance with around 23 Nvidia DGX H100 systems sporting 46 CPUs and 184 GPUs.

Not included: All the optical and Ethernet cables (Image credit: U.S. GSA)

Even so, the auction comes with a treasure trove of parts and components for whoever is willing to pony up the cash. The supercomputer will be drained for removal, and it seems it won't necessarily include all the necessary cabling. However, it does include a whopping 313,344GB of DDR4-2400 ECC RAM. That alone could be worth more than $350,000 — not to mention an unspecified amount of storage.

Also of interest is that the supercomputer uses around 1.727 MW of power when fully assembled. Which means that if you want to power it up and run complex simulations on it, the power requirements could cost over $4,000 per day (depending on the price of electricity, naturally).

We presume most bidders would be more interested in parting out the system rather than attempting to get it running again. Besides the missing Ethernet and optical cabling that you'd need to acquire, there's the apparently unresolved issue of the leaking quick-connect liquid cooling components. But who knows? Maybe some enterprising business will find a way to bring Cheyenne back into service, like a phoenix rising from the water-logged ashes.

Updated: Bidding is scheduled to end on May 3, 2024 and is up to $28,085 $120,085 now. There's no longer a "reserve not met" disclaimer, which apparently means someone is going hope with several truckloads of old supercomputer parts. Whether the buyer will try to fix up the system and get it running, sell it for parts, or just grind it up for the raw materials remains to be seen.

source

General Discussion / Microsoft OneDrive finally adds a feature Google Drive has had for years

« Last post by javajolt on May 02, 2024, 06:22:48 PM »

File storage solutions are competing for feature parity, and that is great for consumers all around.

Quote

TL;DR

■ Microsoft OneDrive has received offline mode on web, letting you access marked files without an active internet connection.

■ You can action and organize files and folders in offline mode, and changes will sync once you regain your internet connection.

■ Google Drive on the Web has had offline access for a few years now.

There are many cloud storage and file-sharing services available, but most people stick to solutions from Apple, Google, and Microsoft for their daily needs. Apple iCloud, Google Drive, and Microsoft OneDrive perform the same general functions, but there are slight differences in features and approach. Microsoft has updated OneDrive to add offline capabilities, which rival Google Drive has had for a few years.

As announced by Microsoft, OneDrive on the web is getting offline mode. This mode will let you use OneDrive in your favorite browser even when you don’t have an internet connection. Offline mode is rolling out globally to OneDrive work and school users.

Expectedly, you need to designate files and folders as available for offline access first. You can then access those files even when you don’t have an internet connection. You can also free up local storage space by making your local files and folders online directly from OneDrive for the web. Both actions were previously available through File Explorer on Windows PC and Finder on Max, but you can now carry these out directly from OneDrive on your browser.

Microsoft says that OneDrive’s offline mode lets you open and interact with OneDrive’s Home, My files, Shared, Favorites, People, and Meeting views. You can view your folders, file names, and metadata. You can also use the My files view to rename, sort, move, and copy files, though the changes will expectedly sync to OneDrive when you get back your internet connection.

Google Drive has had similar functionality for a few years now. You can select the make file available offline option to access the file without an internet connection in the future. Such functionality requires a bit of foresight, but it helps you easily work in a hybrid (online-offline) environment.

source

Huawei / US moves to bar Huawei, and Chinese telecoms from certifying wireless equipment

« Last post by javajolt on May 02, 2024, 06:13:16 PM »

The logo of the Huawei Technologies Co. Ltd. is seen outside its headquarters in Shenzhen,
Guangdong province, April 17, 2012. REUTERS/Tyrone Siu/File Photo

The Federal Communications Commission is moving to prevent Huawei, ZTE (000063.SZ), opening a new tab, and other foreign companies deemed to pose U.S. national security concerns from certifying wireless equipment, officials told Reuters on Wednesday.

The FCC plans to vote this month on a bipartisan proposal to ensure that telecommunications certification bodies and test labs that certify wireless devices for the U.S. market are not influenced by companies posing security concerns. Last week, the FCC denied the ability of the test lab of Huawei to participate in the equipment authorization program.

This new proposal would permanently prohibit Huawei and other entities on an FCC list of companies posing national security risks "from playing any role in the equipment authorization program while also providing the FCC and its national security partners the necessary tools to safeguard this important process," the agency said.

FCC Chair Jessica Rosenworcel said in a statement the agency "must ensure that our equipment authorization program and those entrusted with administering it can rise to the challenge posed by persistent and ever-changing security and supply chain threats." Huawei's recognition as an accredited lab was set to expire on Tuesday but the FCC denied the Huawei lab’s request for an extension of its recognition. Huawei did not immediately respond to a request for comment.

The FCC in November 2022 banned approvals of new telecommunications equipment from Huawei and ZTE as well as telecom and video surveillance equipment from Hytera Communications Corp (002583.SZ>, Hangzhou Hikvision Digital Technology (002415.SZ), opens a new tab, and Zhejiang Dahua Technology Co (002236.SZ), opens a new tab.

In 2022, the FCC added Russia's AO Kaspersky Lab, China Telecom (Americas) Corp (0728.HK), opened a new tab, China Mobile International USA (0941.HK), Pacific Networks Corp and China Unicom (Americas) to the covered list, which includes companies that pose threats to U.S. national security under a 2019 law aimed at protecting U.S. communications networks.

Huawei and Hikvision were placed on a U.S. export control list in 2019, restricting most U.S. suppliers from shipping goods and technology to them unless they were granted licenses.

In 2020, the FCC designated Huawei and ZTE as national security threats to communications networks - a declaration that barred U.S. companies from tapping an $8.3 billion government fund to purchase equipment from the companies.

source

Windows | Windows 11 | Windows 10 News / Windows-as-an-app is coming

« Last post by javajolt on May 02, 2024, 05:50:08 PM »

Who needs a Windows PC when you can run the operating system as a desktop-as-a-service on your Chromebook, Linux box, or Mac?

CREDIT: KAZ

My first computer was an IBM 360 mainframe. To use it, I relied on a 3270 terminal. From there, I quickly moved on to a PDP-11 minicomputer running Unix — where my interface was a VT-102 terminal.

In those days, all the computing power was remote. Then, CP/M, Apple, and IBM PCs changed everything. And the desktop became where power lived. That was then; this is now. Today, we’re moving back to remote computing and from the PC to cloud-based Desktop-as-a-Service (DaaS) offerings such as Windows 365.

This is exactly what Microsoft has wanted for years. Don’t believe me? Check out Windows App, Microsoft’s gateway to all its remote Windows offerings.

Windows App, which is still in beta, will let you connect to Azure Virtual Desktop, Windows 365, Microsoft Dev Box, Remote Desktop Services, and remote PCs from, well, pretty much any computing device. Specifically, you can use it from Macs, iPhones, iPads, other Windows machines, and — pay attention! — web browsers.

That last part means you’ll be able to run Windows from Linux-powered PCs, Chromebooks, and Android phones and tablets.

So, if you’ve been stuck running Windows because your boss insists that you can’t get your job done from a Chromebook, Linux PC, or Mac, your day has come. You can still run the machine you want and use Windows for only those times you require Windows-specific software.

Mind you, you’ve been able to do that for some time. As I pointed out recently, all the Windows software vendors don’t want you to run standalone Windows applications; they prefer web-based Software-as-a-Service (SaaS) applications. They can make a lot more money from you by insisting you pay a monthly subscription rather than a one-time payment.

Sure, Microsoft made its first billions from Windows and the PC desktop, but that hasn’t been its business plan for years now. As Zac Bowden, a senior editor at Windows Central, recently spotted in a June 2022 Microsoft internal presentation, the company plans to “Move Windows 11 increasingly to the cloud: Build on Windows 365 to enable a full Windows operating system streamed from the cloud to any device. Use the power of the cloud and client to enable improved AI-powered services and full roaming of people’s digital experience.”

This move was coming long before Microsoft fell in love with AI. I saw Microsoft switching people to Windows DaaS coming down the road in 2018. Windows App will just make it easier than ever.

How easy is it? Very.

For example, you’ll be able to use Windows remotely via browsers using ancient versions of Chrome, Firefox, Safari, and, of course, Edge. Essentially, if your web browser supports HTML5, you should be good to go.

From a browser, you’ll be able to redirect your local devices, such as a printer, microphones, cameras, and your location, as well as audio, and clipboard to your remote session. If you redirect your local clipboard to your remote session, you can copy and paste text.

Microsoft is confusing, though, when it comes to copying and moving files. One part says you can, another part — on the same web page — says you can’t. Stay tuned.

Not all remote Windows services are supported, yet. Microsoft says you’ll be able to use remote desktop PCs, for example, but not at the moment. Support is coming, though..

To harness Windows App, you must upgrade to the latest version of Windows 365. You must also, for now, have a business or student account. If you qualify, upon launching Windows 365, you’ll be greeted with an invitation to explore the Windows App’s features through an interactive tour. Post-tour, you can access the “Home” screen to connect with remote devices or apps, aided by intuitive filters designed to streamline the search process.

From this customizable Home screen, you can use multiple services and PCs from one screen — although I wouldn’t try this on a smartphone. Windows App will enable you to use multiple monitors with custom and dynamic display resolutions, and scaling. So, if you like running multiple displays, as I do, you’d be able to run your personal desktop on one display while running a remote Windows session on another.

It all looks interesting. But, as Microsoft warns, “Windows App is currently in PREVIEW.” Windows app “may be substantially modified before it’s released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.”

At this point, I’d tinker with it. After all, like it or not, this is Windows’ future. But I wouldn’t think about using it for production anytime soon.

source

Patch Tuesday| Updates | Security | Privacy | Anti-virus / Microsoft says April Windows updates break VPN connections

« Last post by javajolt on May 02, 2024, 05:36:49 PM »

Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms.

The company explains on the Windows health dashboard that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update."

"We are investigating user reports, and we will provide more information in the coming days," Redmond added.

The list of affected Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later.

The complete list of affected Windows versions and problematic security updates includes:

• Client: Windows 11, version 22H2/23H2 (KB5036893), Windows 11 21H2 (KB5036894), and Windows 10 (KB5036892).

• Server: Windows Server 2022 (KB5036909), Windows Server 2019 (KB5036896), Windows Server 2016 (KB5036899), Windows Server 2012 R2 (KB5036960), Windows Server 2012 (KB5036969), Windows Server 2008 R2 (KB5036967), Windows Server 2008 (KB5036932).

While Microsoft has yet to provide the root cause behind these VPN failures, it advised home users to use the Windows Get Help app if they need support with their personal or family accounts.

It also said that small and large enterprise customers who require help should reach out via the dedicated "Support for Business" portal.

Temporary workaround for VPN issues

While there is no workaround for this issue on affected systems until Microsoft provides a fix, you can uninstall the security updates to temporarily address the VPN problems.

"To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages," Microsoft says.

However, it's important to note that Redmond includes all security fixes in a single update. Hence, removing cumulative updates removes all fixes for patched security vulnerabilities in addition to resolving VPN issues.

One year ago, Microsoft investigated major L2TP/IPsec VPN speed issues over Wi-Fi connections on Windows 11 systems after installing the April 2023 non-security updates.

In mid-January 2022, the company also released emergency out-of-band updates to address L2TP VPN issues when connecting via the Windows VPN client after installing the January 2022 Patch Tuesday updates.

source

eBooks all to know / Get 'Microsoft Excel Dashboards & Reports For Dummies, 4th Edition'

« Last post by javajolt on May 01, 2024, 04:49:54 PM »

Beneath the seemingly endless rows and columns of cells, the latest version of Microsoft Excel boasts an astonishing variety of features and capabilities. But how do you go about tapping into some of that power without spending all of your days becoming a spreadsheet guru?

It’s easy. You grab a copy of the newest edition of Microsoft Excel Dashboards & Reports For Dummies and get ready to blow the pants off your next presentation audience!

With this book, you’ll learn how to transform those rows and columns of data into dynamic reports, dashboards, and visualizations. You’ll draw powerful new insights from your company’s numbers to share with your colleagues -- and seem like the smartest person in the room while you’re doing it.

Excel Dashboards & Reports For Dummies offers:

• Complete coverage of the latest version of Microsoft Excel provided in the Microsoft 365 subscription

• Strategies to automate your reporting so you don’t have to manually crunch the numbers every week, month, quarter, or year

• Ways to get new perspectives on old data, visualizing it so you can find solutions no one else has seen before

If you’re ready to make your company’s numbers and spreadsheets dance, it’s time to get the book that’ll have them moving to your tune in no time. Get Excel Dashboards & Reports For Dummies today.

Follow this link to get your copy of 'Microsoft Excel Dashboards & Reports For Dummies, 4th Edition' for this free guide. This link will redirect you to my One Drive account and click Download. [system administrator]

source

Patch Tuesday| Updates | Security | Privacy | Anti-virus / New Latrodectus malware attacks use Microsoft, Cloudflare themes

« Last post by javajolt on May 01, 2024, 04:33:41 PM »

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.

Latrodectus (aka Unidentified 111 and IceNova) is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team Cymru that acts as a backdoor, downloading additional EXE and DLL payloads or executing commands.

Based on the distribution and infrastructure, researchers have linked the malware to the developers of the widely-distributed IcedID modular malware loader.

While it is not known at this time if they plan on phasing out IcedID in favor of Latrodectus, the newer malware is increasingly being used in phishing campaigns and contact form spam to gain initial access to corporate networks.

Security researcher ProxyLife and the Cryptolaemus group have been chronicling Latrodectus's use of various PDF lures and themes, with the latest campaign utilizing a fake Cloudflare captcha to evade security software.

Starts with an email

Latrodectus is currently being distributed through reply-chain phishing emails, is when threat actors use stolen email exchanges and then reply to them with links to malware or malicious attachments.

ProxyLife told BleepingComputer that this campaign uses PDF attachments or embedded URLs to start an attack chain that eventually leads to installing the Latrodectus malware.

Latrodectus phishing email Source: BleepingComputer

The PDFs will use generic names like '04-25-Inv-Doc-339.pdf' and pretend to be a document hosted in Microsoft Azure cloud, which must first be downloaded to be viewed.

PDF document pretending to be hosted in Microsoft Azure Cloud Source: BleepingComputer

Clicking on the 'Download Document' button will bring users to a fake 'Cloudflare security check' that asks you to solve an easy math question. This captcha is to prevent email security scanners and sandboxes from easily following the attack chain and only delivering the payload to a legitimate user.

When the correct answer is entered into the field, the fake Cloudflare captcha will automatically download a JavaScript file pretending to be a document similar to "Document_i79_13b364058-83054409r0449-8089z4.js".

Solving a fake Cloudflare captcha to download payload Source: BleepingComputer

The downloaded JavaScript script is heavily obfuscated with comments that include a hidden function that extracts text from comments that start with '////' and then executes the script to download an MSI from a hardcoded URL, as shown in the deobfuscated script below.

Deobfuscated script that downloads MSI file Source: BleepingComputer

When the MSI file is installed, it drops a DLL in the %AppData%\Custom_update folder named Update _b419643a.dll, which is then launched by rundll32.exe. The file names are likely random per installation.

RunDLL32 used to launch Latrodectus DLL Source: BleepingComputer

This DLL is the Latrodectus malware, which will now quietly run in the background while waiting for payloads to install or commands to execute.

As Latrodectus malware infections are used to drop other malware and for initial access to corporate networks, they can lead to devastating attacks.

At this time, the malware has been observed dropping the Lumma information-stealer and Danabot. However, since Latrodectus is linked to IcedID, these attacks may lead to a wider range of malware in the future such as Cobalt Strike and we might also see partnerships with ransomware gangs.

Therefore, if a device becomes infected with Latrodectus, it is critical to take the system offline as soon as possible and evaluate the network for unusual behavior.

source