Archive for July 7, 2020

Aptum launches Managed Disaster Recovery as a Service

Posted in Commentary with tags on July 7, 2020 by itnerd

Aptum, a global hybrid cloud and managed services provider, has introduced its Managed Disaster Recovery as a Service (DRaaS) offering, allowing businesses to minimize the risk of IT service downtime from any type of disruption, including ransomware and malware, and focus instead on strategic priorities. 

Aptum’s Managed DRaaS relies on enterprise-grade replication software to back up customer data in near real time and maintain operations to mitigate disruptions, planned or unplanned, whether misconfigurations, attacks or natural disasters at the customer’s primary site. The solution uses the cloud to protect data offsite and allows customers to order and power up virtual machines (VMs) on demand in the event of a failover. Businesses can customize the offering to suit their specific needs, such as file-level restore or full or partial failover of systems.

Aptum will work with customers to build a Managed DRaaS solution that meets their overall Business Continuity Plan objectives, backed by 24×7 support, 365 days a year from service centers in North America and Europe.
Features of Aptum’s DRaaS include:

  • Low Recovery Point Objective (RPO) – the measure of the maximum tolerable amount of data to lose in a failover – to protect the customer’s virtual production infrastructure
  • Allows point-in-time rollbacks to protect against malware and ransomware·  Provides machine level, file level, partial or full restore
  • Offers non-disruptive failover testing for validation purposes·  Provides ability to create dev/test environments using production data and software in an isolated and secure infrastructure
  • Offers a remote disaster recovery site without the up-front cost associated with a second infrastructure stack

Aptum DRaaS is available immediately with supported environments including HyperV, VMware and Azure.

TikTok And Other Chinese Apps Could Be Banned In The US

Posted in Commentary with tags on July 7, 2020 by itnerd

The U.S. is “looking at” banning TikTok and other Chinese social media apps Secretary of State Mike Pompeo told Fox News:

His comments come amid rising tensions between the U.S. and China and as scrutiny on TikTok and Chinese technology firms continues to grow. When asked in a Fox News interview if the U.S. should be looking at banning TikTok and other Chinese social media apps, Pompeo said: “We are taking this very seriously. We are certainly looking at it. We have worked on this very issue for a long time,” he said. “Whether it was the problems of having Huawei technology in your infrastructure we’ve gone all over the world and we’re making real progress getting that out. We declared ZTE a danger to American national security,” Pompeo added, citing the two Chinese teleommunications networking companies.

This comes after TikTok and other Chinese apps got banned in India. Not to mention that TikTok is a security nightmare. Now some of this is because of politics as well. After all, the current US government doesn’t like China. But plenty of teens and millennials like TikTok. Thus any ban would likely spark a reaction from those groups.

It will be interesting to see how this plays out.

Palo Alto PAN-OS: Authentication Bypass in SAML Authentication Discovered

Posted in Commentary with tags on July 7, 2020 by itnerd

A critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication has been discovered.

On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the ‘Validate Identity Provider Certificate’ option disabled (unchecked). Improper verification of signatures in PAN-OS SAML authentication could allow an unauthenticated network-based attacker to access protected resources.

Mark Bell, EVP of operations at Digital Defense, Inc., a provider of vulnerability and threat management solutions had this comment:

The fact that these devices are generally externally facing and the simplicity of exploiting the Palo Alto PAN-OS vulnerability significantly increases the threat exposure. Bad actors are probably already scanning the internet looking for vulnerable instances.

Here’s some specific details about this issue. Affected versions of PAN-OS are:

  • PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
  • PAN-OS 9.0 versions earlier than PAN-OS 9.09
  • PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
  • All versions of PAN-OS 8.0 (EOL)

This issue does not affect PAN-OS 7.1

This issue cannot be exploited if SAML is not used for authentication.

This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile.

Palo Alto Networks provided a patch for this vulnerability and indicated they are not aware of any malicious attempts to exploit this vulnerability at this time.

The Digital Defense Vulnerability Research Team is developing checks for the condition for its Frontline.Cloud vulnerability management solution as more information is made available.

Study Shows That Every Router Has Flaws…. Here’s How To Minimize Your Risk

Posted in Commentary with tags on July 7, 2020 by itnerd

Most people think that home routers are “plug in and forget” items that allow them to get their devices onto the Internet with having to think about it any further. Except that they aren’t “plug in and forget” devices. They provide security for your home network, which means that you have to make sure that the firmware is up to date. That also requires that the vendor of the router is on top of security threats and the like, and that they are putting out firmware for you to install.

That’s where this study from the Fraunhofer Institute for Communication comes in. It involved 127 routers from seven manufacturers and found the following:

  • The researchers compared the firmware images from each tested router with known vulnerabilities and exploits, and the findings were disturbing. Many of the routers were found to be affected by hundreds of known vulnerabilities. Not a single router tested found to be without at least one known vulnerability. And 46 of the routers tested had not received an update in the last year. And 22 had not updated in the last two years. In the worse case, some routers were found to have not been updated in five years.
  • Even when routers had received updates, 50 were found to used hard-coded qualifications: The username and password were encoded into the router as a default, meaning that attackers could easily gain access.

Then there’s the question of who makes security a top priority. Here’s the answer:

Nonetheless, vendors seem to prioritize security differently. Especially AVM does a better job than the other vendors regarding most of the security aspects. However, AVM routers are not flawless as well. ASUS and Netgear do a better job on some aspects than D-Link, Linksys, TP-Link and Zyxel.

Now while I could quibble about aspects of this study, I think the study paints a pretty stark picture. And router companies need to up their game. But until they get around to doing that, here’s my advice to minimize your risk:

  1. Buy a router from a company that is known to have frequent updates to their products, and who has a track record for updating their products over the long term.
  2. Check for updates frequently and apply them ASAP. Because hackers are not looking for routers that are up to dat. They’re looking for the ones that aren’t.
  3. Check the router logs from time to time to make sure that there’s no funny business goin on in terms of someone trying to break into your network.

Bye Bye, So Long, Farewell…. Clearview AI Leaves Canada

Posted in Commentary with tags on July 7, 2020 by itnerd

Canada’s Privacy Commissioner has announced that facial recognition software provider Clearview AI will no longer offer its services in the country. Let’s break this announcement down:

Clearview AI has advised Canadian privacy protection authorities that, in response to their joint investigation, it will cease offering its facial recognition services in Canada.

This step includes the indefinite suspension of Clearview AI’s contract with the RCMP, which was its last remaining client in Canada.

I read that as Clearview AI doesn’t like to be investigated as it clearly has something to hide. So it’s picking up its marbles and going home.

The investigation of Clearview by privacy protection authorities for Canada, Alberta, British Columbia and Quebec remains open. The authorities still plan to issue findings in this matter given the importance of the issue for the privacy rights of Canadians.

An ongoing issue under investigation by the authorities is the deletion of the personal information of Canadians that Clearview has already collected as well as the cessation of Clearview’s collection of Canadians’ personal information.

The privacy authorities appreciate Clearview AI’s cooperation to date on the ongoing investigation, and look to the company’s continued cooperation as it is brought to conclusion.

As well, the Office of the Privacy Commissioner of Canada will complete its related investigation into the RCMP’s use of Clearview AI’s facial recognition technology.

The joint investigation was initiated in the wake of media reports which stated that Clearview AI was using its technology to collect images and make facial recognition available to law enforcement in the context of investigations. Reports have also indicated the US-based company provides services in a number of countries to a broad range of organizations, including retailers, financial institutions and various government institutions.

Given the investigations are ongoing, no further details are available at this time and interviews are not possible.

I read that as Clearview AI’s problems are not going away anytime soon despite the fact that they picked up their marbles and went home. And it shouldn’t stop as Clearview AI looks like a really shady firm from the perspective of the casual observer. And there’s still the question of if the firm will delete the photos of Canadians if you ask them to. So I for one am happy that Clearview AI is gone from Canada. Let’s hope that other countries, such as the US and the EU really put the screws to them as well.