Cyber criminals have launched a new campaign that targets Sangoma PBX, an open source web GUI that manages communications toolkit Asterisk, security researchers have said.

The attack exploits CVE-2019-19006, a critical vulnerability in Sangoma private branch exchange (PBX), which grants the attacker admin access to the system and gives them control over its functions.

Nearly 1,200 organisations worldwide over past 12 months are said to have been targeted, with the main purpose of the campaign being to lift phone numbers and gain live access to compromised VoIP services, according to a blog by researchers at Check Point Software.

Countries targeted include the Netherlands, Belgium, US, Columbia, and Germany. However, over half of the attacks so far have been aimed at companies based in the UK, in industries such as government, military, insurance, finance, and manufacturing.

“While investigating the exploitations, researchers identified several online profiles associated with private Facebook groups that deal with VoIP, and more specifically, SIP server exploitation,” said researchers Ido Solomon, Ori Hamama and Omer Ventura, in a joint blog post. 

They added that investigations into the source of the attacks suggested that most hackers were based in Gaza, the West Bank, and Egypt.

It was also concluded that the group has mostly tried to gain access to phone numbers, and sell these on to other groups, and grant access to compromised VoIP services “to the highest bidders, who can then exploit those services for their own purposes”.

Researchers said that hackers could also use the compromised systems to support further attacks, such as using the system resources for cryptocurrency mining, spreading laterally across the company network, or launching attacks on outside targets, while masquerading as representatives from the compromised company.

Companies using vulnerable systems have been urged to change all default passwords and analyse call billings on a regular basis as well as applying patches to close the CVE-2019-19006 vulnerability that hackers are exploiting.

The growth of Alibaba‘s cloud business is outpacing both AWS and Microsoft in the third quarter of 2020, with the Chinese firm capitalising on the country’s early recovery from the pandemic.

Alibaba’s cloud division brought in revenues of 14.89 billion yuan (£1.71bn) in the three months ending 30 September. That’s a 60% increase year-on-year, representing faster growth than the 29% recorded by AWS and the 48% cited by Microsoft’s Azure. 

That was also higher than the 44.7% growth recorded by the third biggest provider, Google Cloud.

It’s worth noting that Alibaba is a smaller operation that doesn’t provide the same breadth of cloud services as the three larger companies and its business is mostly in China, despite recent expansion into Europe.

The company said that most of the gains were from its internet, finance, and retail businesses, although part of it can also be attributed to China’s earlier recovery from the COVID-19-related downturn.

“We delivered another solid quarter,” said Maggie Wu, Alibaba’s CFO, in the earnings report. “Our domestic core commerce business continued to grow steadily during the post-COVID-19 environment in China through higher purchase frequency and consumer spending, while cloud computing revenue grew 60% year-over-year, driven by the acceleration in digitalisation across all industries and businesses of all sizes in China.

“We are happy to see that our strategic investments are starting to see improving operational efficiencies and the effect of scale.”

Amazon and Microsoft are currently the outright leaders in cloud, between them accounting for over half of the worldwide market, according to Synergy Research Group. Alibaba is now the fourth-largest provider of cloud services, behind Google but ahead of the likes of IBM and Oracle.

“We remain focused on our three long-term growth engines – domestic consumption, cloud computing and data intelligence, and globalisation – to effectively capture opportunities from the ongoing changes in consumer demand and acceleration of digitalisation of businesses across our digital economy,” said Alibaba CEO Daniel Zhang.

WhatsApp has redesigned its storage management settings, making it easier for users to mass-delete images and large files that have been shared multiple times, including those that take up most of the phone’s storage space.

The new update, which users can find by going to Settings > Storage and Data > Manage Storage, automatically groups content into two categories: those forwarded multiple times and those greater than 5MB. Users can also choose to preview specific media files and sort them by size before deleting them in bulk. Additionally, WhatsApp will display a warning alert when the storage is almost full.

You can then choose which group to review, then click on the files you’d like to delete and click the trash can image to delete them. If you just want to delete the entire group, simply click “Select All,” then click the trash can image.

These are welcome developments, as the current WhatsApp storage usage tool only lists the number of messages, photos, GIFs, and videos in each chat, and the amount of space they take up. The risk of accidental deletion is higher because users don’t have the option to browse or review the content they delete.

With the new storage management tool, users will enjoy greater control over the storage space WhatsApp takes up. According to reports, this new feature will roll out to all users this week.

Microsoft Teams will provide support for multiple users and organizations on its desktop versions, according to the Microsoft 365 Roadmap website. Users will be able to add other accounts, including one personal and one school or work account. These accounts will be able to have separate profile pictures, and users can switch between them through their settings. 

The feature is in development and will arrive to Microsoft Teams commercial and education users worldwide in December. This update applies to the desktop app. The mobile version already supports switching between personal and business accounts.

Microsoft Teams, initially launched in November 2016, is a chat-based collaboration tool within the Microsoft Office 365 suite of services. It gives in-office and remote teams a shared space to collaborate on projects and share information. Teams’ features include one-on-one chat, team chat, document collaboration, and more. Microsoft Teams is also integrated with Skype, SharePoint, Exchange, and Yammer.

Teams app has made several updates recently, including: 

• The ability to appear offline to contacts
• Support for up to 1,000 participants
• Zapier, an automation app, will allow users to connect their apps and create automated workflows, reduce busywork and improve productivity. 

Future features include Together mode (pulling users together into a virtual space), custom layouts, breakout rooms, meeting recaps and improved search results.

The coronavirus pandemic has spurred an increase of corporate and personal Microsoft Teams use, growing from 44 million to 115 million users in just six months.  

Approximately 7.5 million external attacks were recorded against cloud accounts during the second quarter, with over 200,000 of those against UK business, security firm McAfee has revealed.

The findings were based on the aggregated and anonymised cloud usage data from more than 30 million McAfee MVISION cloud users worldwide from all major industries, detailed in a new McAfee Labs Threats Report for 2020.

The UK has been ranked seventh on a top ten list showing the most cloud attacks by region, with just over 200,000. This is followed by Brazil and the Netherlands, at around 250,000, Russia and New Caledonia at just under 300,000, and India at 450,000. Thailand currently experiences the highest number of attacks against cloud accounts, with 625,000.

The report also found that Q2 saw a 605% increase in COVID-19-themed attack detections, following the trend of hackers exploiting the pandemic for criminal activities. Overall, during this past quarter, McAfee managed to observe an average of 419 new threats per minute.

Commenting on the findings, Nigel Hawthorn, data privacy expert for cloud security at McAfee, said that “the fact that there have been nearly 7.5 million attacks on users via cloud services in the second quarter of this year highlights how criminals have been quick to pivot attack methods to take advantage of the pandemic”.

“The move to widespread remote working has required many industries to adopt new cloud services to maintain staff productivity, communication and collaboration. When managed correctly, however, the cloud is the most secure place to do business and an incredible driver of business growth, innovation and resiliency. Incorporating cloud into strong data governance policies and regular staff training are the keys to making this a reality,” he added.

Hawthorn recommended that IT teams should be “able to quickly identify, prioritise and respond to these targeted attacks – across both device and cloud”.

“Technology can play a key role in helping security professionals understand whether their organisation is at risk, what specific threats they are susceptible to, and how they can pre-empt an attack,” he added. “This must go hand-in-hand with a shared responsibility security model. Everyone is accountable in some way and must play their part to protect data against cybercriminals.”

AWS has launched its latest GPU-equipped instances aimed at machine learning and high-performance computing (HPC) workloads.

Called P4d, the new instances come ten years the first set of GPU instances were launched. They feature Intel Cascade Lake processors and eight of Nvidia’s A100 Tensor Core GPUs. These connect via NVLink with support for Nvidia GPUDirect and offer 2.5 PetaFLOPS of floating-point performance and 320GB of high-bandwidth GPU memory.

AWS claimed that the instances offer 2.5x the deep learning performance, and up to 60% lower cost to train when compared to P3 instances.

In addition, the P4 instances include 1.1TB of system memory and 8TB of NVME-based SSD storage with up to 16 gigabytes of read throughput per second. The instances can combine over 4,000 GPUs into an on-demand EC2 UltraCluster. 

Among the use cases touted by AWS for these instances include supercomputer-scale machine learning and HPC workloads: natural language processing, object detection & classification, scene understanding, seismic analysis, weather forecasting, financial modelling, etc. 

The P4 instances are available in one size (p4d.24xlarge) and can be launched in the US East (N.Virginia) and US West (Oregon) Regions with immediate effect.

Among the companies that have already been working with the P4 instances include Toyota Research Institute (TRI), GE Healthcare and Aon.

“At TRI, we’re working to build a future where everyone has the freedom to move,” said Mike Garrison, technical lead, Infrastructure Engineering at TRI.

“The previous generation P3 instances helped us reduce our time to train machine learning models from days to hours and we are looking forward to utilizing P4d instances, as the additional GPU memory and more efficient float formats will allow our machine learning team to train with more complex models at an even faster speed.”

Its on-demand price will be $32.77 per hour, going down to approximately $20 per hour for one-year reserved instances, and $11.57 for three-year reserved instances.

Intel has reportedly acquired Israeli data science startup Cnvrg.io in a bid to strengthen its artificial intelligence (AI) and machine learning credentials.

In a statement given to TechCrunch, Intel confirmed the deal and said in a short statement that “Cnvrg will be an independent Intel company and will continue to serve its existing and future customers”. The company did not disclose any terms of the deal. 

Cnvrg.io was started in 2016 and runs a data science platform aimed at helping enterprises to manage and build up AI efforts. It claims that it is a pioneer in building cutting-edge machine learning development solutions to help customers rapidly build machine learning models.

The platform offers paid and free tiers and works in on-premise, cloud and hybrid environments.

Among the Israeli firm’s partners include Red Hat, NetApp and Nvidia, while its customers include Lightricks, ST Unitas and Playtika.

In a recent blog post, co-founder and CEO Yochay Ettun said that its machine learning dashboard could improve visibility and increase machine learning server usage by up to 80%. Its dashboard helps IT teams see allocation and utilisation of different jobs, clusters, by user and by job.

Admins can monitor and compare overall capacity versus allocation and utilisation with graphs to identify gaps in efficiency.

Recently, Cnvrg.io raised $8 million in venture capital funding from investors such as Hanaco Venture Capital and Jerusalem Venture Partners. 

Barely a week ago, Intel made another acquisition in the AI sector with the purchase of SigOpt for an undisclosed amount. The company provides a software platform for research groups such as OpenAI to increase AI model performance.

Smart manufacturing looks set to drive growth in the industrial IoT market over the next five years.

According to a recent study by Jupiter Research, the number of Industrial IoT connections will increase from 17.7 billion in 2020 to 36.8 billion in 2025, representing an overall growth rate of 207%. 

The new research, Industrial IoT: Future Market Outlook, Technology Analysis & Key Players 2020-2025, predicts that 5G and LPWA (Low Power Wide Area) networks will play vital roles in creating service offerings to the manufacturing industry.

These technologies will also enable the realisation of the ‘smart factory’ concept, in which real-time data transmission and high connection densities allow highly autonomous operations for manufacturers, researchers said.

Private 5G services will also be a crucial step in maximising the value of a smart factory to service users, by leveraging the technology to enable superior levels of autonomy amongst operations. These networks should be valuable to manufacturers when used for the transmission of large amounts of data in environments with a high density of connections, Juniper said, and where significant levels of data are generated. 

The report said that this would enable large-scale manufacturers to reduce operational spend through efficiency gains.

The research predicts that over 80% of global Industrial IoT market value will be attributable to software spend by 2025, reaching $216 billion. Software tools leveraging machine learning for enhanced data analysis and the identification of network vulnerabilities are now essential to connected manufacturing operations.

“Manufacturers must exercise caution when implementing IoT technology; resisting the temptation to introduce connectivity to all aspects of operations. Instead, manufacturers must focus on the collection of data on the most valuable areas to drive efficiency gains,” said research author Scarlett Woodford.

Oracle has been forced to issue an out-of-band patch to fix a critical remote code execution (RCE) flaw affecting multiple Oracle WebLogic Server versions.

The vulnerability, tracked as CVE-2020-14750, could enable hackers to remotely exploit the server via an HTTP GET through the server’s console component, without any user interaction and may be exploited over a network without the need for a username and password.

“Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible,” Oracle explained in an https://www.oracle.com/security-alerts/alert-cve-2020-14750.html advisory.

The advisory said that the supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

Proof-of-concept code that could exploit the bug was made public on GitHub. According to security firm Spyse, around 3,300 WebLogic servers are exposed at the moment and could be vulnerable to the flaw.

In a blog post, Eric Maurice, director of Security Assurance at Oracle, shared a link to help users harden affected servers.

He also said that the vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. That particular flaw could enable hackers network access via HTTP to achieve total compromise and takeover of vulnerable Oracle WebLogic Servers.

The US Cybersecurity and Infrastructure Security Agency (CISA) also warned users about the dangers of the vulnerability and encouraged administrators to apply the patch as soon as possible.