Archive for October 22, 2021

Commvault Extends Value Of Intelligent Data Services To AWS Marketplace

Posted in Commentary with tags on October 22, 2021 by itnerd

Commvault today announced the availability of Commvault Backup & Recovery and Commvault Professional Services in AWS Marketplace, an online store that makes it easy for customers to find, test, buy, and deploy software that runs on AWS. Commvault continues to innovate in delivering industry-leading technology to customers to help them face digital transformation head-on with solutions that protect data anywhere, whether in the cloud, on-premises, or in a hybrid model. 

Stephen Orban, GM for AWS Marketplace & Control Services, will address this topic further during his keynote session at Commvault Connections21, Commvault’s best-in-class global event centred around empowering data-minded information technology (IT) professionals to modernize their data protection environment, manage their data more efficiently, and mitigate risk, on October 28.

Expanding the reach of Commvault’s industry-leading backup and recovery solutions, AWS Marketplace availability of Commvault Backup & Recovery, with optional add-ons of Commvault Disaster Recovery and Commvault Professional Services, provides AWS customers with simple, scalable, and secure enterprise-grade data protection at infinite scale and rapid recovery of any workload. Commvault and AWS already share dozens of joint customers together. Through AWS Marketplace, customers have additional flexibility and choice to efficiently manage critical data, both in the cloud and on-premises, protect and recover from threats like ransomware, and use intelligent automation to optimize efficiency and reduce costs.

Orban will discuss this topic at length during the keynote panel at Commvault Connections21. To register for Connections21, visit: www.commvaultconnections21.com

To learn more about Commvault solutions in AWS Marketplace, visit our Seller Profile.

Leave a comment »

Trump Announces His Own Social Media Platform…. Which Promptly Gets Pwned By Hackers

Posted in Commentary with tags on October 22, 2021 by itnerd

Donald Trump who has been tossed from pretty much every other social media platform on the planet decided to create his own social media platform:

Former President Donald Trump pitched his new social media platform, Truth Social, as a haven for free speech and a counterweight to the big tech giants that have in recent years put a greater emphasis on moderating content users post to their sites.

But as the platform’s terms of service agreement makes clear, not all speech will be permitted. Specifically, users are prohibited from speaking ill of the platform itself or its leadership.

Announced Wednesday, Truth Social will be part of the Trump Media & Technology Group, which also plans to launch a subscription video service for what it called “non-woke” programming. The company said it plans to begin a beta launch next month with a nationwide rollout early next year.

I guess if you’re such a bad boy that nobody will let you play in their sandbox, you have to build your own sandbox. And I guess because it’s your sandbox, you can create your own rules that protect your thin skin from being harmed.

Here’s where things get funny. Within hours, the website that hosts the sign up page for the site got pwned by hackers:

Mere hours after the world learned of Trump’s social media project, a sign-up link that clearly wasn’t meant to be public was discovered taking users to the domain “tmediatech.io.” A slew of people started registering for the unreleased platform via this page and quickly discovered that pretty much every username was available for the taking. The domain has since been taken down. 

It didn’t take long before usernames that clearly would be Trump’s choice for his own personal handle — @DonaldJTrump@DonaldTrump, and @realDonaldTrump — were registered. The proud new owner of the TRUTH Social username @DonaldJTrump also took the opportunity to bless his profile page with its first post: the “Pig Poop Balls” meme image.

Usernames like @MikePence, Trump’s former VP, and @CodeMonkeyz, the online handle for QAnon figurehead Ron Watkins, were also quickly taken.

Over on Twitter, the company’s CEO and founder Jack Dorsey noticed that the TRUTH Social handle @Jack, which is what Dorsey registered for his username on Twitter, was used by Trump’s group for its promotional photos for the upcoming TRUTH mobile app on the App Store. Trump was permanently banned from Twitter following the attack on the U.S. Capitol on Jan. 6, “due to the risk of further incitement of violence.”

However, even though the promo used the @Jack handle, the username was not registered on the platform yet either. So, once trolls noticed this, the @Jack handle was scooped up as well and immediately got into banter with one of TRUTH Social’s many Trump accounts about the former president’s ban.

The fun lasted for a few hours before users who had registered for the unreleased platform started to be hit with an on-screen prompt saying “you can no longer use your account.”

Someone with Trump Media & Technology Group noticed what was happening and pulled the plug. The “tmediatech.io” domain is now inaccessible and the registered accounts have seemingly been removed.

Normally, this is the part of this article where I would say what horrible people these hackers are and they should be hunted down by law enforcement. And frankly, they likely should be if I am objective about this. But I find Donald Trump is and all those in his orbit are such unsavory characters. Thus I am fine with this. In fact I find it funny that this was so easy to pull off. Clearly whomever was running this project didn’t have security as a top of mind thing as you have to expect that it would have been a prime target for exactly this sort of thing to happen.

Oh and there’s this part that you might want to be aware of:

One interesting discovery from this whole episode though: Trump’s long-awaited social media platform actually appears to just be a copy of the open-source social media platform Mastodon.

While there’s nothing necessarily wrong with using an open-source platform, it appears Trump’s team may be violating the Mastodon licensing it’s distributed under by removing credits and links in the source code. Mashable has reached out to Mastadon for comment but did not immediately hear back.

#Fail. Clearly there’s a bunch of no-skill amateurs behind this. And apparently, said no-skill amateurs have bigger ambitions:

According to the bizarre Trump Media & Technology Group pitch deck, Trump is also planning on releasing a streaming video service to compete with the likes of Disney and Netflix.

If this social media platform is an indication of what these clowns can do, then there’s zero chance that they will compete with Disney and Netflix.

3 Comments »

Ransomware Group That Stole Apple Schematics From An Apple Supplier Pwned By Authorities

Posted in Commentary with tags on October 22, 2021 by itnerd

You might remember earlier this year that I wrote about a group called REvil who hacked their way into one of Apple’s suppliers and stole a bunch of schematics which they then held for ransom.

Fun Fact: Those schematics turned out to be the new MacBook Pros that were recently announced.

In any case, I heard nothing further about REvil’s attack on Apple since then, but it turns out there was a multi-country operation underway to take down the ransomware group. According to Reuters, several government agencies teamed up to hack REvil and take it offline this week:

One person familiar with the events said that a foreign partner of the U.S. government carried out the hacking operation that penetrated REvil’s computer architecture. A former U.S. official, who spoke on condition of anonymity, said the operation is still active.

If you read the rest of the Reuters article, it also indicates that authorities got their hands on the decryption key for REvil’s ransomware., which I wrote about here. At the time, it wasn’t clear how the key was obtained. Now we know. And now we also know that this is still an ongoing effort. Which means that ransomware gangs could now become the ones being pwned. Which as far as I am concerned is a good thing.

UPDATE: I got commentary from Robert Cattanach is a partner at the international law firm Dorsey & Whitney. He advises companies about ransomware attacks. He has previously worked as a trial attorney for the United States Department of Justice and was also special counsel to the Secretary of the Navy. Today he practices in the areas of regulatory litigation, including cybersecurity, privacy and telecommunications, civil and criminal enforcement proceedings and international Regulatory Compliance (EU focus).

“Confirming speculation over the cause of the latest demise of notorious cybergang REvil’s website, Reuter’s reports that a consortium of ‘like-minded countries’ – likely spearheaded by the FBI, Cyber Command, and the Secret Service – took a page from the hacker’s playbook and covertly corrupted backups, which Revil apparently attempted to use to restore its functioning after the FBI took it down earlier. Infecting backups with secret malware is a common strategem used by hackers to deter victims from attempting to restore their systems, and instead pay the ransom rather than going through the time and expense of a clean reboot. But apparently someone at REvil didn’t get their own memo, and attempted to use REvil’s backup files to restore their systems – always a risk if you’ve been hacked, but one which some victims are willing to take to avoid the costly and time-consuming alternative. And it also demonstrates a resolve not previously seen by the US and its allies to pursue cybercriminals with aggressive counterstrikes, which may themselves be of dubious legality under international law. Whether this prompts even more destructive escalations by cybercriminals, or causes the likes of REvil to tap the brakes a bit, remains to be seen,”

Leave a comment »

AppDynamics Survey Gauges Their Concern Surrounding The Impact Of Major Outages

Posted in Commentary with tags on October 22, 2021 by itnerd

A recent high profile digital service outage saw Facebook – including its other services/brands Instagram, WhatsApp and Oculus – offline for over 6 hours, causing widespread disruption for consumers that use these applications and digital services on a daily basis, as well as businesses that rely them as part of their operations. 

But Facebook is not alone in facing this type of crisis.

In a world of sky-high expectations for digital experiences, and record levels of intolerance for poor-performing applications, this level of disruption can cause businesses significant financial cost and damage to reputation.   

In the immediate aftermath of the outage AppDynamics surveyed 1,011 global IT decision makers in 11 countries to gauge their concern surrounding the impact of major outages, understand the pressure they are facing and their confidence in the technology, tools and processes they are currently using. The results are as follows:

  • 87% of enterprise technologists say they are concerned about the potential for a major outage and the resulting disruption to their applications and digital services. 
  • 84% say that they feel pressure from their organization’s leadership to prevent a major performance issue or outage of their customer and employee facing applications and digital services.
  • 87% admit that increasing complexity of their IT stack is already causing delays in identifying the root cause of issues.
  • 97% of IT teams have some form of monitoring tools in place, many of which provide highly sophisticated and advanced methods of identifying and fixing anomalies. But they question the effectiveness of these tools in this new world. Only 27% are entirely confident that they meet their needs.
  • 72% think it is critical or important that their organization deploys a full-stack observability solution within the next 12 months to solve complexity across their IT stack and identify and fix the root cause of an issue.

There is more information in this AppDynamics blog post here: https://www.appdynamics.com/blog/news/businesses-fear-outages-full-stack-observability/.

Research conducted between 7th – 11th October 2021

Leave a comment »

Google Threat Analysis Group Finds That Iranian Hacking Group Has Targeted Telegram

Posted in Commentary with tags on October 22, 2021 by itnerd

Google Threat Analysis Group has released research on APT35, an Iranian hacking group targeting high-value individuals in the US and elsewhere. One of the attackers’ novel techniques is using Telegram for operator notifications. The attacker embedded JavaScript into phishing pages that notify them when the page has been loaded. They use the Telegram API sendMessage function to send the notification, which lets anyone use a Telegram bot to send a message to a public chancel:

“The attackers use this function to relay device-based data to the channel, so they can see details such as the IP, useragent, and locales of visitors to their phishing sites in real-time. We reported the bot to Telegram, and they have taken action to remove it,”

Seeing as Telegram is typically used by people who want to conduct their activities in secret, this isn’t a trivial hack by APT35. Edward Roberts, VP of Marketing, Neosec:

“This attack follows the trend that attacks are typically a sequence of tactics employed by the hacker. Increasingly, with the ubiquitous adoption of APIs by organizations, it is no surprise that APIs are one of the tactics used in these sophisticated attacks. We expect APIs to increasingly become the focus for bad actors.”

Additionally, SmartBear’s annual State of Software Quality API survey has been released, identifying industry benchmarks, methodologies and tools used by software teams to manage API lifecycle. Key findings include:

  • A majority of API practitioners operate in a multi-protocol landscape. Of those surveyed, 57% state they use three or more protocols within their organizations.
  • Developers are increasingly involved in testing and are taking on more testing responsibilities with close to 60% reporting they are directly involved in API testing.
  • “Ease of use” was reported as being the top factor driving API tool choice along with the most important characteristic consumers need in an API.
  • The biggest obstacles to ensuring consistent quality of APIs as well as API documentation are “increasing demands for speed of delivery” and “limited time due to workload.”

Telegram has addressed this issue, but other organizations should take steps to make sure that whatever APIs the they use are not vulnerable.

Leave a comment »

ElectraMeccanica Leverages RISE With SAP To Power ERP Transformation

Posted in Commentary with tags on October 22, 2021 by itnerd

ElectraMeccanica Vehicles Corp. has announced that it has completed its migration to SAP S/4HANA Cloud leveraging the business-transformation-as-a-service, RISE with SAP. The new ERP system integrates the company’s finance, supply chain, manufacturing, sales and distribution operations processes.

ElectraMeccanica collaborated with PwC Canada, a member of the global consultancy PricewaterhouseCoopers (PwC), in the selection and implementation of an ERP system as the digital foundation of the business. SAP S/4HANA Cloud will help ElectraMeccanica support its growth and go-to-market strategy to deliver environmentally-efficient electric vehicles globally. Implemented using automotive industry capabilities and best practices, SAP S/4HANA Cloud features AI, machine learning, RPA, and situation handling across finance, supply chain, manufacturing, sales and distribution processes.

ElectraMeccanica Vehicles Corp.is a Canadian designer and manufacturer of environmentally efficient electric vehicles (EVs). The company’s flagship vehicle is the innovative, purpose-built, single-seat EV called the SOLO. This three-wheeled vehicle will revolutionize the urban driving experience, including commuting, delivery and shared mobility. Engineered for a single occupant, it offers a unique driving experience for the environmentally conscious consumer. The SOLO has a range of 100 miles and a top speed of 80 mph, making it safe for highways. The SOLO also features front and rear crumple zones, side impact protection, roll bar, torque-limiting control as well as power steering, power brakes, air conditioning and a Bluetooth entertainment system. It blends a modern look with safety features at an accessible price point of $18,500. The SOLO is currently available for pre-orders here. InterMeccanica, a subsidiary of ElectraMeccanica, has successfully been building high-end specialty cars for 61 years. For more information, please visit www.electrameccanica.com.

1 Comment »