Archive for November 9, 2021

Nitro to Acquire European eSign Leader Connective

Posted in Commentary with tags on November 9, 2021 by itnerd

Nitro Software Limited, a global document productivity software company driving digital transformation in organizations around the world, is pleased to announce it has entered into an agreement to acquire Connective NV (‘Connective’), a leading European-based eSign SaaS provider, for an enterprise value of €70 million (~US$81 million). The transaction, to be funded by a A$140 million (~US$104 million) capital raising, further cements Nitro’s position as a global eSign and document productivity leader.  

Acquisition Highlights:

  • The acquisition is in line with Nitro’s product-driven strategy, significantly accelerating and enhancing Nitro’s eSign, electronic identity (eID) and document workflow capabilities as customers increasingly demand high-trust and automated signing solutions.
  • Following the acquisition, Nitro will be positioned to become one of the top 3 global players in the enterprise eSign market—with the combination of Connective’s leading high-trust eSign capabilities and Nitro’s document productivity platform and global go-to-market reach.
  • Connective has a substantial customer base with over 1,000 mid-market, enterprise, and government accounts across Europe, including 8 of the 10 largest banks in Belgium and 60+ Belgian government agencies and departments.
  • Connective also has over 30 eID and smart card integrations across 20 countries – the most of any eSign vendor on the market today.

Over the past two years, the transition to digital solutions has rapidly accelerated as organizations look to deliver exceptional customer experiences, while meeting the demands of a growing digital-first workforce. Central to this transformation is the rapidly growing eSign market where high-trust signing is becoming the standard. Spending on eSigning solutions globally is expected to grow at a 29% CAGR over the next decade1, and the acquisition of Connective enables Nitro to further tap into the entire US$17B eSign market opportunity.

Founded in 2014, Connective is the leading eSign SaaS provider in Belgium, with fast-growing market share in France and a rapidly expanding customer base in 11 other European countries. The company focuses on serving the needs of enterprise and government customers that require high levels of trust, security and regulatory compliance and offers expansive eID support alongside a powerful document workflow automation solution. Key Connective customers today include the Belgian and French governments, BNP Paribas, Cofidis, ING Bank, Pirelli and Toyota.

The Connective acquisition represents a significant acceleration of Nitro’s enterprise eSign capabilities, providing high-trust signing via full Advanced Electronic Signature (‘AES’) and Qualified Electronic Signature (‘QES’) functionality as customer demand for high-security signing solutions continues to grow. Nitro sees enormous opportunity in adding Connective’s trusted products to the Nitro Productivity Platform, which already includes powerful PDF productivity, simple eSigning and industry-leading analytics capabilities.

Connective brings to Nitro an experienced team of over 60 employees with significant domain expertise in secure, high-trust enterprise-grade eSigning, particularly in highly regulated markets, and more than 110 integration, lead generation and reseller partnerships. With Nitro’s and Connective’s combined 13,000+ customers in 150+ countries, and an expanded channel partner network, upsell and cross-sell opportunities are expected to deliver significant revenue upside. Upon transaction completion, Connective will become an indirect subsidiary of ASX-listed, Nitro Software Limited. The complete Connective team is expected to join Nitro and promptly commence work on achieving revenue synergies and a successful integration. 

Further information about the acquisition and associated capital raising can be found at https://ir.gonitro.com/Investor-Centre/.

Attackers Exploit Zoho Vulnerability & Access Windows LSASS API

Posted in Commentary with tags on November 9, 2021 by itnerd

Cybersecurity firm Palo Alto Networks has warned of an ongoing campaign that resulted in at least nine critical organizations worldwide including defense, healthcare, energy, tech and education to be compromised. The threat actors behind this campaign exploited a vulnerability in Zoho’s enterprise password management solution known as ManageEngine ADSelfService Plus which allows remote execution code on unpatched systems. The attackers also used KdcSponge, a malware known to steal credentials, which access the Windows LSASS API function to capture credentials (domain names, usernames and passwords). Needless to say, this is far from trivial. In fact it is downright dangerous.

Yariv Shivek, VP of Product, Neosec had this to say:

     “Service exploitation is always best mitigated by WAF and NGAV solutions. However, no security control is infallible, and when those controls are not present, or fail to detect and block the attacks, compensating controls better be in place.”

     “In this case, an attack against a ManageEngine‘s REST API started with the exploitation of a zero-day authentication bypass vulnerability. Having gained full access to the API, the attackers had a much larger attack surface to work with. They found other vulnerable API endpoints that allowed for arbitrary file writes and command injection, and by chaining all 3 together managed to drop in webshells and proceed to completely take over the servers running the vulnerable API implementation, pivoting from them into the victims’ networks.”

     “This pattern is not unique – signature matching is inherently useless against zero-day attacks for which no signature exists.”

     “Thus, when developing your own APIs – test them for security vulnerabilities; when deploying them in production – monitor their usage to detect any anomalous behavior.”

     “And remember: Anomaly detection often prevails where signatures fail.”

If you’re a Zoho user, consider yourself warned.

Robinhood Pwned…. Data Swiped…. And The Internet Reacts

Posted in Commentary on November 9, 2021 by itnerd

Robinhood reveals that they had a data breach on their blog yesterday: Robinhood Announces Data Security Incident. Bloomberg carried the story here: Robinhood Security Breach Exposes Data on Millions of Users:

The intruder obtained email addresses of about 5 million people as well as full names for a separate group of about 2 million, Robinhood said Monday in a statement. For some customers, even more personal data was exposed, including names, birth dates and ZIP codes of about 310 people, and more extensive information belonging to a group of about 10.

This is very bad. And I have a round-up of comments regarding this hack:

Doug Britton, CEO, Haystack Solutions:

   “Threats will always be lockstep with the evolution of banking. As we enter a new digital era where it is dramatically more difficult for the average employee to recognize threats. This breach centers around a customer service rep not a system vulnerability per se. The best defense in any case is a highly skilled cyber team. The public and private sectors need to continue to invest in the next generation of cyber professionals to combat the persistent threat of bad actors regardless of their targets or we risk an imbalance in security that will hinder new evolutions in finance.”

Saryu Nayyar, CEO, Gurucul (she/her): 

   “This must be a hacker with a sense of humor, although the actual loss of data is by no means funny. It’s ironic that the trading app Robinhood was hacked, with the possible loss of information on up to seven million users in a ransomware attack. After all, the historical Robin Hood was renowned for robbing from the rich and giving to the poor. We’re guessing that those who did the hack aren’t going to give it to the poor.

   “It remains to be seen which group is responsible, and whether or not Robinhood paid the ransom, so this remains a developing story. And while it’s not easy to hack millions of records out of a system, it seems to happen on almost a daily basis these days. Legitimate customers deserve better protection than they seem to be getting these days.”

Ron Bradley, VP, Shared Assessments:

   “In the 1984 movie Beverly Hills Cop, a famous Eddie Murphy quote, “Look, man, I ain’t fallin’ for no banana in my tailpipe!.”  So what does this have to do with the Robinhood hack?  This is a prime example of social engineering which has been around for decades. While technical controls help us to guard against threat actors, there will always be instances where someone will fall for a ruse.

   “In this particular case, the type and number of records reportedly compromised aren’t particularly alarming to me. The fact is, anyone reading this column most certainly has had their data compromised in one fashion or another. The good news is, there were no reports of passwords being stolen which would change the equation. Regardless, this is just another reminder of the importance in not reusing credentials across multiple platforms. Particularly those which involve financial transactions.

   “There’s no substitute for implementing multi factor authentication, password managers, and good cyber hygiene to reduce the blast radius in the case where personal information is part of a data breach or even a targeted attack.”

  Rajiv Pimplaskar, CRO, Veridium

   “Financial services and e-commerce consumer accounts are a magnet for bad actors to exploit as they offer easy access to money as well as PII (Personally Identifiable Information) that can be later misused. Password sharing is often domain specific and an individual is more apt to share passwords between their financial accounts making lateral movement easier and facilitate a larger number of breaches.

   “While traditional 2FA (Two Factor Authentication) can mitigate the issue, it still doesn’t solve for the MITM (Man In The Middle) attacks where phished authentication credentials can be introduced into an alternate compromised channel enabling the fraudster to take control.

   “BFSI (Banking, Financial Services and Insurance) companies as well as retail industry need to mandate passwordless customer authentication methods leveraging W3C WebAuthN and FIDO alliance standards. These methods establish an unphishable relation between the user and their account, making the environment immune to such data breaches and ransomware incidents. Furthermore, such solutions are easier to use and more cost effective to operate enabling great adoption.”

Garret Grajek, CEO, YouAttest:  

   “Data breaches are the outcome of the constant scanning, exploring and probing that are being done on all internet resources today. Attackers use automated tools for 24/7 scanning – they then automate mapping to vulnerabilities and map exploitation tools to the discovered vulns. This is why zero-day hacks are, by nature, ahead of the patches: bad actors find the vulnerability before vendors have identified them, let alone patched them. It’s essential to use hardened platforms and adhere to solid security practices like the NIST 800-53, PR.AC-6, the principle of least privilege. We must assume our sites and the credentials themselves will be hacked and ensure that each identity provides the least amount of exposure to the enterprise resources. This is best practiced through identity triggers and reviews which help an enterprise discover over-privileged identities and malicious changes to permissions of compromised identities.

Robinhood has some explaining to do. And I suspect that many, many people will be asking them to explain themselves.

UPDATE: I have one more comment from Anurag Gurtu, CPO, StrikeReady

Recently, Robinhood has been under intense scrutiny. Earlier this year, it halted the trading of meme stock and got retail traders furious when they were not able to sell the stock, which caused the price of these stocks to crash quickly. The SEC has been investigating since then to determine if Robinhood was colluding with Citadel to halt trading in these stocks, considering Citadel is one of Robinhood’s largest customers and holds large short positions against these meme stock.  

And with the current breach, Robinhood’s situation has gotten worse. Individuals in the retail trading community, who are outraged, now have to deal with their PII being compromised. Retail traders are not using Robinhood as evidenced by its stock taking a nosedive post earnings. The monthly active users have declined by 11% and these users are moving to other platforms for crypto trading.

Guest Post: 24% of Americans Share Work Passwords With People Outside The Organization Says Atlas VPN

Posted in Commentary with tags on November 9, 2021 by itnerd

Data presented by Atlas VPN reveals that 24.39% of Americans share work passwords with people outside of their workplace. 

Many employees in the United States are not cautious about who they disclose their work-related passwords to. This puts enterprises in danger of being hacked if these credentials fall into the hands of someone negligent or with malevolent intent. 

A total of 1,000 full-time workers in the United States took part in the survey carried out by Keeper. The survey was completed in February 2021 and the results were published in May 2021. 

The findings reveal that 7.89% of respondents have shared work-related passwords with their significant other or spouse in the last year. Also, as many as 4.33% of employees provide their work-related credentials to their children. 

On the same note, 5.81% of those polled admitted to sharing work-related passwords with another family member. In short, 18.03% of US workers share passwords with members of their family or significant others.  Yet, this is not the end of the story because 3.78% of employees provide their work passwords to ex-colleagues.  

Similarly, 2.58% of office workers provide work passwords to their friends that they don’t work with. Usually, that friend also has close friends, so it could turn into a long list of people who have sensitive passwords very quickly.  

Sticky note fiasco 

Over half of those polled (57%) admit to jotting down work-related web passwords on sticky notes. This alone poses a significant cybersecurity risk to their businesses. The surprising fact is that two-thirds (67%) admitted to losing those sticky notes.  

To read the full article, head over to:
https://atlasvpn.com/blog/24-of-americans-share-work-passwords-with-people-outside-the-organization

Canadian Tech Hiring Activity Accelerates: CompTIA Study

Posted in Commentary with tags on November 9, 2021 by itnerd

Employers across Canada are accelerating their recruitment and hiring of technology workers, according to a new report from CompTIA, the nonprofit association for the information technology (IT) industry and workforce.

Job postings for tech occupations jumped 42,100 year-over-year in the first three quarters of 2021, a 65% increase, CompTIA’s “Canadian Tech Industry and Workforce Trends 2021” report reveals. It’s a signal that many employers are resuming hiring activity in conjunction with the recovering Canadian economy.

The CompTIA report estimates that tech employment in Canada will increase by 15,000 positions this year, with the bulk of hiring occurring in three provinces – Ontario (+7,545 new hires), British Columbia (+3,144) and Quebec (+3,008).

Over the past five years, Ontario accounted for 55% of net tech employment job gains, followed by British Columbia (22%) and Quebec (19%). The Toronto metro area alone accounted for nearly half of all net tech employment job gains during this period.

On a sector basis, the IT services and software categories are projected to account for 82% of job gains in 2021, reflecting the ongoing trends of IT modernization and digital transformation. On an occupation basis, the systems analysts and cybersecurity category will contribute a projected 34% of job gains for the year followed by software and web developers (30%) and the IT and network support personnel (14%).

At year’s end Canada’s tech workforce is projected to total 1,146,270 employees, approximately 6% of the Canadian labour force. The estimated median tech wage of $81,751 is 47% higher than the median national wage for all Canadian workers. Salaries for experienced tech workers or those with select skills are notably higher at the 75th and 90th percentiles.

The tech industry accounts for about 5.1% of the total Canadian economy, which translates to $96 billion CAD. There are an estimated 50,401 tech business establishments across the country. The highest concentrations are in Ontario (26,683), Quebec (10,011), British Columbia (5,834) and Alberta (5,031).

The complete “Canadian Tech Industry and Workforce Trends” report, with comprehensive national, province and metro area data on average wages, business establishments, job postings, emerging tech metrics and more, is available at https://www.comptia.org/content/research/canadian-tech-industry-and-workforce-trends-2021.

Two Easy Ways To Easily Tell If You Are Running Mac Apps That Are Compatible With Apple Silicon

Posted in Tips with tags on November 9, 2021 by itnerd

So you just got a brand you Mac with the M1, M1 Pro, or M1 Mac processor in it. Congratulations! You absolutely made the right decision. But to fully leverage that new processor, you need apps that are designed for Apple Silicon so that you get the best performance and the best compatibility. Which means the question is, how do you make sure that your apps are ones that work with Apple Silicon? Before I get into the two ways that I would recommend to do that, let me explain the three different app types and why you should care:

  • X86-64 app running under Rosetta 2: If you’re coming from another Mac, or the developer of the app in question is on the lazy side, they may have only created an app that runs on Intel Macs that have Intel processors using the X86-64 bit instruction set. Which means that when you use that app on an Apple Silicon computer, macOS will have to use a translation layer called Rosetta 2 to allow it to run on Apple Silicon. Most of the time this works very well. However it is entirely possible that you may not be getting the best performance from the app in Rosetta 2. Also, it is also possible that you may have some issues with the app as no translation is perfect.
  • Universal Apps: This is where things get a bit confusing. Apple uses the term “Universal” for Apple Silicon/M1 optimized apps which work with Intel Macs too. But Apple uses the same term to refer to the same app being available on iOS and macOS. In this case, I am talking about the former as that form of Universal App ensures that you get good performance and compatibility with Apple Silicon Macs.
  • Apple Silicon Apps: These are apps that are native on Apple Silicon. These apps will give you the absolute best performance on your Apple Silicon Mac.

At the moment, I would expect most people who own Apple Silicon Macs to have Universal as developers really only want to write one app that works on both Intel and Apple Silicon platforms. But over the next few years, I expect that developers will transition over to Apple Silicon apps because there will be less and less Intel Macs in the market as time goes on and Apple will eventually drop support for Rosetta 2 for that reason. Thus it’s in your interest to make sure that you have as many apps that are Apple Silicon compatible as possible to stay ahead of this.

So, how can you tell what types of apps you’re running. Apple has a built in tool called System Information that can help you with that. Simply go to the Apple Menu –> About This Mac –> System Report. This will bring up System Information. Scroll down to the Software section and pick Applications. You should see this:

Here is where you will see all the apps that are on your Mac. Under “Kind” you will the type of app. In the screen shot above, you will see that I have the Apple Silicon version of Zoom, but everything else on the screen is a Universal app. You will also see iOS apps which is fine, Intel apps are ones which you should upgrade if you can, and Other. I honestly have no clue what that is. And nothing that I searched for cleared that up for me. If anyone out there has any info on this, I’d really appreciate a comment or an email with some clarification.

The second option is to use an app called Silicon which scans your computer for apps and displays everything in a user friendly way:

If you see a green dot next to the app, you’re good. If you see a yellow dot next to the app, then you need to update the app. It really doesn’t get any simpler.

Once you have an idea of what types of apps you have, I would go to the developer’s website or to the App Store to see if there is an update. If there isn’t one, I would email the developer as that may encourage them to update their app seeing as they will have to do it at some point.

Hopefully this helps you to get the most out of your new Apple Silicon Mac. If you have any questions, please leave a comment or send me an email and I’ll do my best to help you out.

Member Of REvil Ransomware Group Charged By The US

Posted in Commentary with tags on November 9, 2021 by itnerd

The US Department Of Justice has announced that one alleged member of the group has been arrested and charged in relation to attacks against tech company Kaseya earlier this year:

An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company.

The department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas […]

“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.  In another success for the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we will take away your profits, your ability to travel, and – ultimately – your freedom. Together with our partners at home and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal ecosystem that allows ransomware to exist and to threaten all of us.”

I am glad that someone is trying to take down this group as they have caused a lot of damage via their activities. Hopefully this is the first step in taking down the whole group and making it clear that crime does not pay.

PhishLab Research Finds Alarming Jump in Phishing Attacks 

Posted in Commentary with tags on November 9, 2021 by itnerd

PhishLabs by HelpSystems, the leading provider of Digital Risk Protection solutions, today released their Quarterly Threat Trends and Intelligence Report. Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020. Notably, attacks in September 2021 were more than twice as high as the previous year.

Additional key findings of the PhishLabs Quarterly Threat Trends and Intelligence Report include:

  1. Social Media Attacks Skyrocket in 2021: Since January, the average number of Social Media attacks per target climbed steadily, up 82 percent year-to-date. 
  2. Vishing is Increasing: Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.
  3. O365 Users Beware: In Q3, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins.
  4. PII Grows on the Dark Web, Leveraging Chat Services: The sale of Personally Identifiable Information accounted for 12 percent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 percent of PII sales, chat-based services were used to market the data.

PhishLabs analyzed and mitigated hundreds of thousands of attacks targeting enterprise brands and employees in the Q3. The report uses this intelligence to determine key trends shaping the threat landscape.

PhishLabs Founder and CTO John LaCour will discuss key findings from the report in a webinar today at 2 p.m. ET. Attend the webinar live or watch on-demand at this link.

The PhishLabs Quarterly Threat Trends and Intelligence Report is available to download here. https://info.phishlabs.com/blog/quarterly-threat-trends-and-intelligence-november-2021

Exclusive Networks Signs Global Distribution Deal With F5

Posted in Commentary with tags on November 9, 2021 by itnerd

Exclusive Networks, a global trusted cybersecurity specialist for digital infrastructure, is replacing its 18 country-level distribution partnerships with F5 in favour of a new global agreement. The deal extends Exclusive’s penetration with F5 into North America for the first time, while also adding many territories throughout EMEA and APAC not already covered by previous agreements. It covers the complete F5 portfolio, with a special focus on innovative application security and delivery solutions tied to F5’s recent acquisitions of NGINX, Shape Security, Volterra, and Threat Stack.

With this agreement, Exclusive Networks is building upon a long track record of success with F5 in local markets around the world. F5 itself has transformed multiple times beyond its traditional market leadership in network performance and application delivery to remain a consistently relevant fixture of enterprise infrastructure. Today this encompasses a powerful portfolio of solutions spanning security, performance, and insight capabilities to address the challenges of multi-cloud deployments and adaptive applications. 

Exclusive Networks is a global trusted cybersecurity specialist for digital infrastructure helping to drive the transition to a totally trusted digital future for all people and organisations. Our distinctive approach to distribution gives partners more opportunity and more customer relevance. Our specialism is their strength – equipping them to capitalise on rapidly evolving technologies and transformative business models.

The Exclusive Networks story is a global one with a services-first ideology at its core, harnessing innovation and disruption to deliver partner value. With offices in 40 countries and the ability to service customers in over 150 countries across five continents, Exclusive Networks has a unique ‘local sale, global scale’ model, combining the extreme focus and value of local independents with the scale and service delivery of a single worldwide distribution powerhouse. More at www.exclusive-networks.com