GitHub acquires npm to better secure the open source software supply chain, FireEye sees human triggered ransomware increase over 800%, a wormable SMB flaw is published, and Amazon might use the Linux Foundation’s Dent project to open source cashierless tech. All this and more on this week’s Gestalt IT Rundown. Rich Stroffolino and Tom Hollingsworth break down the IT news of the week.
This week on the Rundown:
Atlassian rolled out new no-code automation features for all Jira Cloud users. This appears to be based on the Automation for Jira tool the company acquired when it bought Code Barrel a few months ago. The new features will let customer automatically task, or send high priority notifications, using a drag and drop policy and workflow tool, think IFTTT for Jira. This also integrates with third-party integration like Gitlab, GitHub, CircleCI, Jenkins, MS Teams, Slack, and Twilio.
In December, Amazon announced it would contribute code to a new networking operating system designed for switches called Dent, a project maintained by the Linux Foundation. Now the Wall Street Journal reports that Amazon plans to use Dent to open source parts of its “Just Walk Out” cashierless technology, according to sources. Amazon also reportedly met with Target and Walmart to discuss the technology, but neither has plans to test the technology currently.
According to a new report by FireEye, 76% of enterprise ransomware attacks occur outside of working hours, with 49% occuring overnight and 27% over the weekend, with an average of three days from when a network is compromised to actually launching the attack. This study looked specifically at human-operated attacks, which don’t just trigger automatically when breaching a network. Since 2017, Fireeye says human-operated attacks increased 860%. More sophisticated ransomware seems to be a theme in the last 6 months.
Microsoft released an emergency patch to fix a flaw in the Server Message block protocol, which could allow for specially crafted packets to execute code on client or server machines with “wormable” attacks that would allow it to spread quickly. The flaw was limited to SMBv3.1.1, and only effected 32- and 64-bit Windows 10 versions 1903 and 1909. Microsoft recommends Windows 10 machines update as soon as possible. If unable to patch right away, Microsoft recommends turning off SMB compression and blocking port 445 as a mitigation.
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.
- Catching Up On Microsoft Build 2020 | Gestalt IT Rundown: May 20, 2020 - May 20, 2020
- Checksum: Episode 2 – Is IoT Security a Nightmare? - May 18, 2020
- AWS Rolls Out Graviton2 M6g instances - May 18, 2020
- The Three Philosophies of SolarWinds APM - May 15, 2020
- Rubbing Salt In the Exploit - May 15, 2020
- Dell EMC Unifies Midrange Storage with PowerStore | Gestalt IT Rundown: May 13, 2020 - May 13, 2020
- Riverbed Wasn’t Built In a Day - May 12, 2020
- Checksum: Episode 1 – Why Did Nvidia Buy Mellanox? - May 11, 2020
- How Do You Start Learning About Containers? - May 11, 2020
- Why Did Nvidia Buy Cumulus Networks? | Gestalt IT Rundown: May 6, 2020 - May 6, 2020