Archive for January 4, 2022

Microsoft Updates Log4j Directive

Posted in Commentary with tags on January 4, 2022 by itnerd

The Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) has issued a new update to the December 11th guidance for preventing, detecting and hunting for exploitation of the Log4j vulnerability. While the entire document is worth reading, here’s the key message:

The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities.

Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.  At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

 “The Log4j vulnerability continues to be one of the largest and most serious security problems in recent years that attackers continue to exploit despite its disclosure. The challenge is the widespread use of this open-source library and the difficulty in detecting its execution when it can be so deeply embedded down the software stack. Relying on traditional indicators of compromise or pattern matching is insufficient. Analyzing and controlling access to specific applications based on identity along with detection of anomalous behaviors to unearth this somewhat hidden vulnerability can more rapidly provide security teams with identification and prioritization of response actions.”

Given that this vulnerability is being actively exploited, it’s incumbent to make every effort to protect your infrastructure from this threat. Otherwise it is a safe bet that a bad actor will make you the next headline.

HisenseMakes A Lot Of News At CES

Posted in Commentary with tags on January 4, 2022 by itnerd

I tuned into the Hisense press conference from CES at noon today and walked away with a lot of news to share. So let’s get started:

  • The big news is that Hisense is rolling out mini-LED backlighting in its U9H- and U8H-series ULED TVs that were announced today. This is seriously going to disrupt the TV market in North America. More detail on those TV’s are a follows:
    • U9H: This model has a 120Hz, 10-bit, quantum dot 4K UHD panel which will produce more than 2,000 nits of brightness. That means that your HDR game will be top shelf. It also brings Dolby Vision and Dolby Vision IQ, FreeSync, and variable refresh rate to the table.
    • U8H: This is a small step down from the U9H with 120Hz quantum dot TVs sporting mini-LED backlighting and 1,500 nits peak brightness. New for this year is a 75″ version.
    • U7H: No mini-LED here. But it’s functionally the same as the U8H.
    • U6H: This is functionally the same as the U7H. But with a 60Hz panel.
  • Hisense also dropped a few drool worthy Laser TVs as well. Here’s what you need to know:
    • The L5G is a 4K projector that has eARC capabilities, so you can plug in a soundbar for some even more impressive audio quality. It only needs to be about 11.4-inches from the wall to provide a 100-inch screen.
    • The L9G TriChroma Laser TV rolls up with Dolby Vision included, which is pretty mind blowing as this is a laser TV. It also uses the Hisense’s TriChroma laser engine and it can reach up to 3000 lumens peak brightness. Which means that you’ll be able to use this TV in a room that has daylight in it, and still see the screen without any issues.
    • The PX1-PRO TriChroma Laser Cinema is the newest 4K ultra-short throw projector with Hisense’s own TriChroma Laser Engine. It can also provide a razor-sharp picture from 90 to 130 inches. It also has 4K resolution with native 60Hz refresh rate. There’s also Dolby Vision, HDR10 and Filmmaker Mode. Dolby Atmos Playback is available and WISA Ready.
  • All the above TV’s come with the Android TV OS built in. Up until now Hisense also made Roku OS TVs as well. But given that on the Hisense Canada website only lists one Roku model, and there was zero mention of Roku in this press conference which differs from previous Hisense press conferences that I have attended, I am guessing that Roku has been kicked to the curb. But I guess that I will find out soon.

There were some other lower end models that Hisense sort of glossed over. But when these TVs start to hit stores later this year, you can bet that you’ll hear a lot about them.

Infosec Institute Named a Leader in 2021 IDC MarketScape for IT Training in the U.S. 

Posted in Commentary with tags on January 4, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced it was recognized as a Leader in the 2021 IDC MarketScape for IT Training in the U.S. The report cited Infosec’s focus on quality training content and instructors, integration of labs and role-relevant materials as strengths of its Infosec Skills technical skill development platform.

While IT training is challenging for most organizations, the cybersecurity skills gap, in particular, has left organizations vulnerable to rising cyber threats.* Infosec is among the few IT training vendors equipped to provide authoritative and relevant cybersecurity training according to the IDC MarketScape assessment that positioned Infosec as a Leader among major IT training providers in the U.S. 

The study reviewed 22 of the most well-known IT training vendors in the U.S., assessing the quantitative and qualitative characteristics that are most significant to IT education buyers and how specific training firms perform against those characteristics. Key characteristics considered include instructor quality, quality and relevance of the material, breadth of training content, content reference value and convenience. 

In the analysis, the IDC MarketScape report lists Infosec as a Leader for both its strategies and capabilities, specifically highlighting these strengths:

  • Producing authoritative content and certification test preparation
  • Quality of content, materials and instructors
  • Integration of hands-on labs into instruction
  • An easy approach to purchasing and partnerships with technology vendors 

Infosec Skills equips IT, security and engineering teams with unlimited access to over 1,200 resources to assess and close skills gaps. Learners progress from beginner to expert with training mapped to in-demand cyber roles like SOC analyst and cloud security engineer, as well as industry standards like the NICE Workforce Framework for Cybersecurity and MITRE ATT&CK® Matrix for Enterprise. Interactive cyber ranges go one step further to move learners from theory to practice through guided, realistic labs with clear learning objectives and actionable lessons.

Download a complimentary copy of the IDC MarketScape: U.S. IT Training 2021 Vendor Assessment here.

Classic BlackBerry Products Are Officially Dead

Posted in Commentary with tags on January 4, 2022 by itnerd

If you follow me on Twitter, you might have seen one of these posts over the last few months:

Well, today is January 4th 2022, which marks the day that classic BlackBerry products die. Or put another way, classic BlackBerry products running versions of BlackBerry OS will no longer work for calls, text messages, data, and emergency functionality. Which means that they are basically bricks at this point.

Now personally, I don’t know anyone who still have these devices. Thus this should be a non-event. Except perhaps for Ontario Premier Doug Ford who apparently keeps a stack of them around because he doesn’t want to switch to a new device. Now he has no choice but to get with the times and use a device that is current and that actually works. Though the Province of Ontario is about to go into another lockdown to stop the massive wave of the Omicron variant of COVID, so he might have other things on his mind rather than considering whether he joins Team Android or Team iOS.

If you need more info about the EOL of classic BlackBerry products by BlackBerry, this link will give you all the info that you need.

Kensington To Highlight Key Partnerships In Showcase Of Innovative Products & Solutions At CES 2022

Posted in Commentary with tags on January 4, 2022 by itnerd

Kensington will showcase its growing portfolio of innovative accessories for computers and mobile devices at Digital Experience! on Tuesday, Jan. 4, 2022, at the Mirage Events Center. 

In addition to the introduction of several new products designed to protect and extend the productivity of Microsoft Surface devices, Kensington will also highlight its award-winning family of solutions for Apple devices, and performance-enhancing products based upon Thunderbolt™ 4 technology.

Protecting and Enhancing the Functionality of Microsoft Surface Devices

Designed in collaboration with Microsoft, Kensington’s Designed for Surface (DFS) products integrate seamlessly with Surface devices to provide physical protection, secure data from digital and visual breaches, and enhance device functionality. Kensington DFS products are designed to deliver the highest quality, form, fit, and function to maximize the potential of the user’s Surface devices at home, in the office and everywhere in-between.

Kensington will showcase its newest DFS products specifically designed for Surface Pro 8. The new BlackBelt™ Rugged Case for Surface Pro 8 is the ultimate case for protecting the Surface Pro, giving users the confidence to use the tablet in highly-mobile or harsh environments. Available in platinum and black, the BlackBelt™ Rugged Case meets MIL-STD-810H drop testing and MIL-STD-810H Method 504.3 Contamination by Fluids standards to provide military-grade drop and wipe-down protection for the device. The new TAA-compliant BlackBelt™ Rugged Case with Integrated Smart Card Reader (CAC) for Surface Pro 8 adds a FIPS 201-compliant Smart Card Reader to provide secure access to the device and the network. Ideal for use in U.S. Federal Government institutions and organizations, the case makes a great solution for second factor authentication (2FA). All BlackBelt™ Rugged Cases feature cable lock compatibility, a self-adjusting hand strap that allows the device to lie flat, a two-point shoulder strap for hands-free carrying (on select models), a kickstand opening allowing full use of the integrated Surface kickstand, integrated Surface Pen storage, and a keyboard holder and TypeCover strap to protect the keyboard.

Compatible with Surface Laptop Go and Surface Book (13.5” and 15”), Kensington’s new Surface Laptop Riser is an all-in-one work-from-home solution for establishing a Surface desktop setup. Featuring Kensington’s proprietary SmartFit® height adjustment system to elevate the laptop into an ergonomic position, the Surface Laptop Riser features fabric-covered docking station storage that accommodates Surface Dock 2 and other compatible docking stations and hubs including the Kensington DFS SD4845P USB-C 10Gbps Triple Video Driverless Docking Station and SD5750T Thunderbolt™ 4 Dual 4K Dock. The riser incorporates a headset hanger and cable management system to keep the desktop tidy, and is made of sturdy aluminum alloy and steel to provide maximum stability and heat dissipation.

Kensington will also highlight its DFS portfolio of protection accessories for Surface Pro. The new MagPro™ Elite Magnetic Privacy Screen for Surface Pro 8 conveniently attaches to the magnetic frame eliminating the need for damaging adhesives. In addition to filtering up to 22 percent of harmful blue light rays, the privacy screen narrows the field of vision to +/- 30 degrees to reduce the chances of a visual data breach when using the device in the office or in public venues. Created in collaboration with Microsoft, Kensington keyed and combination Surface locks are easy-to-use, beautifully designed and fit perfectly to provide professional-level security wherever the device is being used.

Maximizing Laptop Performance with Thunderbolt™ 4 Technology

Kensington will show their industry-leading Thunderbolt 4 docking solutions, SD5700T Thunderbolt 4 Dual 4K Docking Station with 90W PD and SD5750T Thunderbolt 4 Dual 4K Dock (DFS).  Developed in partnership with Intel®, the Kensington SD5750T is the only DFS-certified Thunderbolt 4 dock and the SD5700T is a featured Thunderbolt accessory for Intel Evo™ platform-verified laptops. 

The SD5700T and SD5750T docking stations transform compatible laptops or Surface devices into complete desktop workstations by enabling users to charge the laptop, connect external monitors, USB devices, a full-sized keyboard and mouse, speakers, Ethernet, and other devices and accessories, through a single Thunderbolt cable.

Solutions that Make the Apple Ecosystem More Productive and Efficient

Kensington will demonstrate its growing family of award-winning solutions for the Apple ecosystem which are designed to organize and enhance the functionality of Apple devices in the home and office.

A CES 2021 Innovations Award Honoree and recipient of eight Best of CES 2021 awards, the patent-pending StudioDock™ iPad Docking Station is the ideal desktop solution for people who want to maximize their productivity and creativity while using their USB-C-based iPad Pro or iPad Air. Now available in versions that support the 2021 12.9” iPad Pro, 12.9” iPad Pro (2018/2020), 11” iPad Pro (2018/2020/2021) and iPad Air (2020), the iPad magnetically attaches to StudioDock in portrait or landscape modes and allows the use of a wide range of accessories that can be connected via USB (Type-A and Type-C), HDMI 2.0 video and Gigabit Ethernet ports, 3.5mm audio jack and SD 4.0 card reader. In addition to charging the iPad, the StudioDock includes Qi wireless iPhone and AirPod charging, and supports an optional Apple Watch charging accessory.

StudioCaddy™ with Qi Wireless Charging for Apple Devices is a versatile, space-saving solution that maximizes desktop space while keeping all of the devices in the Apple ecosystem charged, organized and within reach.  Ideal for use in both homes and offices, StudioCaddy reduces clutter and provides a stylish, yet functional, solution for centrally showcasing and storing the complement of Apple devices. StudioCaddy features a dual Qi charger and multiple USB charging ports to ensure that all of the user’s mobile devices are fully-charged and ready to go, when needed.

Kensington is introducing a new line of MagPro™ Elite Privacy Screens for the new 2021 14” and 16” MacBook Pro. The new privacy screens conveniently attach to the MacBook Pro frame with magnets, eliminating the need for potentially damaging adhesives and complex setup processes. Featuring a reversible design that offers matte or glossy viewing options, the privacy screens narrow the field of vision to +/- 30 degrees to keep information on the screen private, and filters out harmful blue light rays by up to 22 percent to ease eye strain.

To learn more about Kensington’s comprehensive portfolio of products and solutions for consumers and businesses, visit www.kensington.com.