Who We Are


Nexus is an electronic engineering design firm that provides customers with the key expertise and design capabilities in order to make products reliable, marketable, and operationally sound. We have the desire to build strong corporate relationships in which 

Nexus can provide its engineering expertise and creative product designs.  Nexus is a complete technology company providing electronic, software, mechanical and industrial design solutions in addition to offering prototyping, new product introduction (NPI) and volume manufacturing services. Nexus can deliver innovative custom tailored solutions from concept through production.


Nexus Technologies
11 National Ave,
Fletcher, NC 28732
(O) 828-681-2844 
(F) 828-681-2823
sales@nexus-tech.net  

 


Interesting Info and Updates







Giant Fighting Robot Makers Open Up the Cockpit

09/17/2016

The US MegaBots have challenged the Japanese Kuratas to a duel:
 

______________________________________________________________________________

Justice Dept. group studying national security threats of internet-linked devices







09/09/2016


DOJ forming IoT team:



If they name themselves anything that includes the phrase “cyber justice” they’ll need capes.
 



______________________________________________________________________________



The US-CERT has issued a warning for high-risk network infiltration vulnerabilities in Cisco devices.




This is fallout from last month’s “Shadow Brokers” release of NSA exploits.
September 07, 2016
______________________________________________________________________________
An Old Trojan has been revived with bonus ransom-ware:

______________________________________________________________________________ 




MS Word docs – like resumes – carry macros that plant the Trojan. It steals those strong passwords you spent weeks perfecting, sends them back home, and then locks your computer and demands a ransom.



You might want to request resumes and other docs in PDF form for a while (yes, PDFs have problems, but no major scam running at the moment).

It would also be logical to make sure Word & Excel macros are disabled by default. Unfortunately, that process is not clear. You’ll have to Google your particular version of Office and chase it down. My up-to-the-minute copy of Word 2016, with the built-in “Tell me what you want to do” search bar, keeps taking me to documentation for Office 2007. I hope you have better luck.
 
Symantec / Norton Antivirus Allows Security Exploits:
July 06, 2016
______________________________________________________________________________

 

Attackers can become  root / system admin. The holes exist across all platforms





Millions of Hacked LinkedIn Id’s advertised “For Sale

May 18, 2016

______________________________________________________________________________







A hacker is advertising what he says is more than one hundred million LinkedIn logins for sale.
The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.
At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.
LinkedIn now plans to repeat the measure on a much larger scale.
One expert said the service should have reset all its accounts the first time round.
LinkedIn is often used to send work-related messages and to find career opportunities - activities its members would want to stay private.
Criminals could make use of this information or see if its subscribers had used the same passwords elsewhere.
"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords," a spokeswoman for the California-based firm told the BBC.
"We have no indication that this is a result of a new security breach.
"We encourage our members to visit our safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible."

Login leak


Details of the sale were first reported by the news site Motherboard.
It said the details were being advertised on at least two hacking-related sites.
A total of 117 million passwords are said to be included.
The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.
LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.

Invalidated IDs


After the breach first occurred, a file containing 6.5 million encrypted passwords was posted to an online forum in Russia.
LinkedIn reacted by saying it had invalidated all the accounts it believed had been compromised and emailed affected members saying they needed to register new passwords.
But Motherboard has tracked down one user, whose details are in the batch currently on sale, and found that the password listed for him was still active.
A security researcher who has also been given access to about one million of the advertised IDs said he believed it was "highly likely" that the leak was real.
"I've personally verified the data with multiple subscribers [of my own site] 'Have I been pwned'," Troy Hunt told the BBC.
"They've looked at the passwords in the dump and confirmed they're legitimate."
Another expert noted that the problem stemmed from the fact that LinkedIn had originally "hashed" its passwords but not "salted" them before storing them.
Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.
"A salt involves adding a few random characters, which are different on a per-user basis, to the passwords [before they are hashed]," explained Rik Ferguson, chief technology officer at the cybersecurity firm Trend Micro.
By doing this, he added, you prevent hackers from being able to refer to so-called "rainbow tables" that list commonly-used passwords and the various hashes they produce, and then see if any of the hashes match those in the stolen database.
LinkedIn introduced salting after the attack, but that only benefits the login databases it generated afterwards.
"Using salting is absolutely best practice for storing passwords under any circumstances and was the case back in 2012 as well," Mr Ferguson said.
"If LinkedIn is saying now that it didn't know which accounts had been affected by the breach, then the sensible thing to have done at the time would have been a system-wide forced reset of every password."




______________________________________________________________________________
 Paying Not an Option When Ransomware Hits


Thursday May, 13 2016
 


The rapid rise of ransomware has made it the latest marquee threat in cybersecurity. The growth in victims and damages has been widely reported, with successful attacks being waged against organizations of all sizes and stripes. However, this trend has had a disproportionate impact on small and medium-sized businesses.

To get a fresh, direct line on the effect ransomware is having on these organizations we surveyed members of Spiceworks, a IT community site numbering well over a million account holders geared to IT administrators and managers in the SMB. We asked respondents whether they had been victims of ransomware, how they responded (or how they thought they would respond), and how the threat of ransomware has affected their organization. Their answers were consistent and described a common frustration, resignation, and uncomfortable urgency with the issue.

When they get hit, they disconnect

Most ransomware does not hide the fact it has just locked down your system or encrypted your critical files. It alerts you. As a result, a majority of survey respondents said they were aware they had been compromised within an hour of the event. 90% were aware of the attack within 24 hours.

This is very different from traditional data breaches, where the average time of discovery is measured in months, not hours, according (PDF) to research from Ponemon Institute.

Unfortunately, the mission of the ransomware attack is accomplished in a much shorter period. Typical lockdown or encryption of a system happens within a minute or two of the ransomware’s execution. At that point, there are only two choices left: pay or start cleaning up. Regardless, the very first task most survey respondents focus on is isolating the infection. 75% of the victims pull the machines as soon as possible and begin some form of restoration process.

Common Ground: Don’t Pay

The most surprising response was the near unanimous resistance of these IT professionals to pay the ransom. Reporting on attacks at places like Hollywood Presbyterian Hospital in California and others have shown the willingness of organizations to pay. Back in 2014, Kent University reported that 40% of CryptoLocker victims had chosen to pay, and more recently the US DoJ reported on millions spent on ransomware and recovery efforts since 2005.

Both of the respondent groups (prospective and actual victims) agreed that paying was not a viable option, as 95% of ransomware victims refused to pay the ransom. Over 80% of the not-yet victims also indicated they wouldn’t pay if they were attacked. Their reasons were mixed, but most were unconvinced paying would result in them actually getting their data back. Others felt that they would do well enough by restoring from their own backups.

Lessons Learned: Backups Can Come Up Short

The most common mitigation for these organizations was to restore their affected systems from backup. The unaffected groups indicated that they were backing up almost 100% of their data, and 81% felt that these backups would allow them to completely recover. Unfortunately, among the victims, only 42% were able to recover all of their data during the restoration process. They were able to make substantial progress in recovery, but their comments highlighted gaps that included unmonitored and failed backups, accessible backup drives which were also encrypted, and the loss of between 1-24 hours of data from their last incremental snapshot.
An effective backup strategy is the most common recommendation for organizations looking to blunt the effect of ransomware. Surprisingly, when these administrators were asked what changes they made to their security in the wake of the attack, only 8% of the victims reported improving their backup strategies. Instead, the majority focused on increased restrictions of access and content through technology (63%) and providing additional awareness training in hopes of changing user behavior (47%).
Looking Ahead
The market forces driving ransomware are still in their infancy. The business models, tools, and actors are evolving, and defensive strategies need to do so as well.
Even now, existing ransomware tools like Teslacrypt and Locky are emerging with new techniques and improved abilities to hide themselves and spread. This survey helps highlight three key areas where the actual victims and targets of ransomware see the need to improve:
● They want new tools that will help to prevent them from becoming victims.
● They want to help their users understand the threats that they are under to make them a defensive asset and not a vulnerability.
● They want to be able to broadly recover without paying the criminals.
If they can accomplish these three things, the profit motive driving the growth in ransomware will begin to erode. Then organizations can turn their focus to addressing whatever new criminal trend will be waiting around the corner.
By: Jack Danahy

______________________________________________________________________________
Report on Cyber Insurance


Thursday May, 5 2016



From a report on cyber insurance that forecasts a booming market:



“Year-over-year increases in the frequency and cost of cyber incidents – nearly doubling since 2010 -- coupled with heightened regulatory scrutiny and growing litigation, are causing a surge in demand for cyber liability insurance.”









The company that wrote it is a “wholesale property and casualty insurance broker”:

  



First Electric Utility Hit by Ransomware?

Wednesday April 27, 2016
______________________________________________________________________________




Lansing’s public power electricity and water supply utility, the Lansing Board of Water & Light, is currently crippled by a Ransomware attack on its corporate computer network for the last two days.   Press reports by the Lansing State Journal, WILX-TV and WLNS-TV indicate the attack started on the morning of the April 25.



While the electricity and water supply are still running in Lansing, MI, Lansing BWL personnel don’t have access to their corporate server computer files and their telephone system.  The attack caused the BWL’s files on its corporate server to become encrypted and some criminal is apparently demanding money for the key to unlock the system.
BWL reports that customer data is not affected or compromised.
The FBI and Michigan State Police have been called in to investigate the attack.
Here are the press reports and video reporting this event:
www.wilx.com/…

Hackers who create Ransomware often demand payment in order to decrypt the files. Peffley wouldn't confirm early Tuesday afternoon if BWL will have to pay a ransom to hackers so all services can be restored safely. Amy Adamy, a BWL spokesperson, said Tuesday afternoon in a voicemail left for the LSJ that the utility could have a press conference Wednesday with more details about the cyberattack.

"We’re just trying to figure out what it will take to get our system decrypted," Peffley said. "We’re essentially locked out of our own system."
www.lansingstatejournal.com/…
The attack occurred while Lansing Mayor, Virg Bernaro, is on a travel on trade mission:
www.lansingstatejournal.com/...






New Global Security Intelligence Platform for Industrial Control Systems
Monday April 04, 2016
_______________________________________________________________________________


New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations
The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.



In the aftermath of the unprecedented cyberattack that led to a blackout in Ukraine last December, members of the US ICS-CERT team flew to Kiev to get debriefed by their Ukrainian counterparts. It was a crucial information-gathering trip as well as a reality-check for US critical infrastructure operators, according to US Department of Homeland Security officials, that such an attack could be pointed at power grids anywhere in the world.






More SSL Vulnerabilities



Thursday March 3, 2016



More SSL vulnerabilities have been disclosed. First, QUIC is unlikely to be exploited on your sites, as the cost to run it is nation-state level ($9M). However, like DROWN, it’s an exploit against SSL v2. SSLv2 is old and deprecated, but companies sometimes fail to update “unimportant” sites and leave old technology in place. Swiss banks were recently victimized this way: crack the overlooked, boring site; plant phishing malware; take over executive’s computers; steal millions of $$.







The reason SSLv2 attacks are news at all is because the hacker community has recently discovered that penetrating boring, unimportant sites frequently reveals info and/or creates a platform to attack the interesting sites. It’s a leg up, an attack advantage. Bottom line: audit your servers to ensure none of them allow SSL versions less than TLS 1.2.

Original Article:

 
The Internet of Things Will Be the World's Biggest Robot
 
Tuesday February 23, 2016
_______________________________________________________________________________


Another security hacks, this time exploiting wireless mouse connections

Probably not a serious threat, more of an admonition to IoT designers. In a more serious vein, there’s an essay below on the IoT from Bruce Schneier, cybersecurity’s version of Chuck Norris.

The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.
These "things" will have two separate parts. One part will be sensors that collect data about us and our environment. Already our smartphones know our location and, with their onboard accelerometers, track our movements. Things like our thermostats and light bulbs will know who is in the room. Internet-enabled street and highway sensors will know how many people are out and about -- and eventually who they are. Sensors will collect environmental data from all over the world.

The other part will be actuators. They'll affect our environment. Our smart thermostats aren't collecting information about ambient temperature and who's in the room for nothing; they set the temperature accordingly. Phones already know our location, and send that information back to Google Maps and Waze to determine where traffic congestion is; when they're linked to driverless cars, they'll automatically route us around that congestion. Amazon already wants autonomous drones to deliver packages. The Internet of Things will increasingly perform actions for us and in our name.

Increasingly, human intervention will be unnecessary. The sensors will collect data. The system's smarts will interpret the data and figure out what to do. And the actuators will do things in our world. You can think of the sensors as the eyes and ears of the Internet, the actuators as the hands and feet of the Internet, and the stuff in the middle as the brain. This makes the future clearer. The Internet now senses, thinks, and acts.
We're building a world-sized robot, and we don't even realize it.

I've started calling this robot the World-Sized Web.

The World-Sized Web -- can I call it WSW? -- is more than just the Internet of Things. Much of the WSW's brains will be in the cloud, on servers connected via cellular, Wi-Fi, or short-range data networks.
It's mobile, of course, because many of these things will move around with us, like our smartphones. And it's persistent. You might be able to turn off small pieces of it here and there, but in the main the WSW will always be on, and always be there.

None of these technologies are new, but they're all becoming more prevalent. I believe that we're at the brink of a phase change around information and networks. The difference in degree will become a difference in kind. That's the robot that is the WSW.

This robot will increasingly be autonomous, at first simply and increasingly using the capabilities of artificial intelligence. Drones with sensors will fly to places that the WSW needs to collect data.
Vehicles with actuators will drive to places that the WSW needs to affect. Other parts of the robots will "decide" where to go, what data to collect, and what to do.

We're already seeing this kind of thing in warfare; drones are surveilling the battlefield and firing weapons at targets. Humans are still in the loop, but how long will that last? And when both the data collection and resultant actions are more benign than a missile strike, autonomy will be an easier sell.

By and large, the WSW will be a benign robot. It will collect data and do things in our interests; that's why we're building it. But it will change our society in ways we can't predict, some of them good and some of them bad. It will maximize profits for the people who control the components. It will enable totalitarian governments. It will empower criminals and hackers in new and different ways. It will cause power balances to shift and societies to change.

These changes are inherently unpredictable, because they're based on the emergent properties of these new technologies interacting with each other, us, and the world. In general, it's easy to predict technological changes due to scientific advances, but much harder to predict social changes due to those technological changes. For example, it was easy to predict that better engines would mean that cars could go faster. It was much harder to predict that the result would be a demographic shift into suburbs. Driverless cars and smart roads will again transform our cities in new ways, as will autonomous drones, cheap and ubiquitous environmental sensors, and a network that can anticipate our needs.

Maybe the WSW is more like an organism. It won't have a single mind. Parts of it will be controlled by large corporations and governments. Small parts of it will be controlled by us. But writ large its behavior will be unpredictable, the result of millions of tiny goals and billions of interactions between parts of itself.

We need to start thinking seriously about our new world-spanning robot.
The market will not sort this out all by itself. By nature, it is short-term and profit-motivated -- and these issues require broader thinking. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission as a place where robotics expertise and advice can be centralized within the government. Japan and Korea are already moving in this direction.

Speaking as someone with a healthy skepticism for another government agency, I think we need to go further. We need to create agency, a Department of Technology Policy that can deal with the WSW in all its complexities. It needs the power to aggregate expertise and advice other agencies, and probably the authority to regulate when appropriate. We can argue the details, but there is no existing government entity that has the either the expertise or authority to tackle something this broad and far reaching. And the question is not about whether government will start regulating these technologies; it's about how smart they'll be when they do it.

The WSW is being built right now, without anyone noticing, and it'll be here before we know it. Whatever changes it means for society, we don't want it to take us by surprise.



A zero day exploit has been found in the Linux kernel
 Wednesday January 20, 2016
_______________________________________________________________________________

A zero day exploit has been found in the Linux kernel. It affects kernel versions 3.8 (circa 2012) onward, both 32- and 64-bit, and includes most Android devices as well. No attacks have been noticed in the wild, but a reference attack has been published. The exploit allows local users to become root. All Linux and Android systems from 2012 on should be patched.




Open SSH has announced a security flaw and corresponding patch 
Tuesday January 19, 2016
_______________________________________________________________________________


OpenSSH has announced a security flaw and corresponding patch. It is not an easy attack to execute, but OpenSSH (a.k.a. OpenBSD Secure Shell) is in numerous products. If you’re running an SSH client or server in your product or system, and you didn’t write it yourself, it’s probably OpenSSH. Check the startup log for its version display; versions 5.4 – 7.1 are affected. This exploit reveals private keys to the attacker, which enables more and deeper attacks.