Archive for January 6, 2022

Ravkoo Pwned In “Hilariously Easy” Hack

Posted in Commentary with tags on January 6, 2022 by itnerd

US online pharmacy Ravkoo has disclosed a data breach after the company’s AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health info being accessed. Ravkoo says it has found no evidence that customers’ SSNs were accessed, adding that it does not store SSN data on the affected prescription portal. What unique about this situation is that the alleged hacker is speaking out:

The data from the Cadence Health and Ravkoo sites was provided to The Intercept by an anonymous hacker who said the sites were “hilariously easy” to hack, despite promises of patient privacy. It was corroborated by comparing it to publicly available information. 

If anything is “hilariously easy” to hack, then clearly security wasn’t a top of mind concern.

I have commentary from two sources. The first is Aimei Wei, Founder and CTO of Stellar Cyber:

“Security considerations have become a mandatory part of application developments in today’s digital environment. Unfortunately, not every developer is a security expert. Using security scanning/ pen testing before the application is released is an absolute necessary for every application. However, having a continuous monitoring, threat detection and response system is your best line of defense.”

The second comment that I have is from Saryu Nayyar, CEO and Founder of Gurucul:

“Security solutions with cloud-native architectures that can monitor AWS or other cloud-hosted infrastructure for threat actor activity are critical for organizations to migrate to. In this particular case, an exposed admin interface was not exploited by malware or a sophisticated attack campaign, however user behavioral analytics and more importantly identity access monitoring would have quickly alerted Ravkoo’s security team to this cloud hack. In addition to cloud threat monitoring, organizations need a next generation SIEM that can also monitor for and identify anomalous behaviors based on the aforementioned software capabilities. “

The bottom line is this. You want to harden your environments to such a degree that nothing is “hilariously easy” to hack. Otherwise, you get this sort of bad press.

Clio Announces Curt Sigfstead As New Chief Financial Officer

Posted in Commentary with tags on January 6, 2022 by itnerd

Clio, the world’s leading provider of cloud-based legal technology, announced Curt Sigfstead, a highly experienced technology finance leader, has joined the company as its new Chief Financial Officer. The announcement follows a recent expansion to Clio’s executive team, positioning the company for its next growth phase.

Prior to joining Clio, Sigfstead held the position of CFO for Toronto based fintech and Canadian unicorn, Clearco, where he successfully managed 100+% revenue growth and led the Company’s $125M Series C financing, increasing its Series C valuation sixfold. Sigfstead was previously the Head of West Coast Technology Investment Banking at J.P. Morgan. Sigfstead brings his wealth of experience leading and advising some of the technology sector’s largest M&A deals and raising billions of dollars of capital across public and private debt and equity markets to Clio, as the company sets the course for an exciting next chapter. 

As Clio’s CFO, Sigfstead’s responsibilities extend to all of the company’s finance functions, including accounting, treasury, financial planning and analysis, legal, and corporate development. He brings experience at the executive and board levels to the role, including corporate investment, venture investing, corporate strategy, treasury management, and financial accounting. His track record of major financing events includes mergers and acquisitions, IPOs, and private and public equity debt financings.

Sigfstead will take over the role of CFO from Rob Froment who, after a long and successful career, is retiring. In his tenure with Clio, Froment played an important role in the evolution of the company, overseeing all three of Clio’s acquisitions, leading the Series D and E funding rounds, and the launch of Clio Payments. 

Albuquerque Pwned By Ransomware Attack

Posted in Commentary with tags on January 6, 2022 by itnerd

The Albuquerque Bernalillo County government offices have been impacted by a ransomware attack. The county government buildings and public offices were closed on Wednesday across the cities of Albuquerque, Los Ranchos and Tijeras after a disruption occurred some time between Midnight and 5:30 AM January 5, county officials said in a press release:

Bernalillo County is continuing its assessment of suspected ransomware discovered on Bernalillo County systems. The county has taken affected systems offline and has severed network connections. The disruption likely occurred between Midnight and 5:30 a.m. on Jan. 5.

Most county building are closed to the public; however, county employees are remote working and will assist the public as much as possible, given the circumstances. The Sheriff’s Office customer service window at Alvarado Square is also closed.

Sam Jones, VP of Product Management of Stellar Cyber:

“Ransomware is getting easier and easier to orchestrate as an attacker. Operational downtime to critical public services will be the gravest by-product of these attacks, especially as they become more rampant. State and local governments are unfortunately perfect targets for attackers.”

The way I read that, it means that governments of all stripes need to make sure that they circle the wagons so to speak so given that they are prime targets for getting pwned.

Saryu Nayyar, CEO and Founder of Gurucul:

“Despite widespread deployment of traditional SIEM, endpoint solutions and now Endpoint-based XDR, what has been lacking within most organizations that are victims of successful ransomware attacks is true behavioral-based modeling and detection within the infrastructure. The ability to characterize proper behaviors and user and application access with the right modeling and machine learning can lead to high-fidelity detection of deviations in “normal” behaviors and unusual access to systems that are often tell-tale signs of ransomware infections. The ability to bubble these types of alerts as high-priority when appropriate empowers security teams to investigate and detect ransomware much earlier to then respond and thwart a successful attack.”

Review: Apple USB-C Digital AV Multiport Adapter

Posted in Products with tags on January 6, 2022 by itnerd

One of the things that you might have noticed in my desk setup article is that I have connected my 16″ MacBook Pro to my Acer monitor and my UPS via a big white adapter. That adapter is the USB-C Digital AV Multiport Adapter from Apple and I’m going to take a closer look at it today so that you can see if it is right for you if you have a MacBook of any description. First, let’s have a look at the adapter:

On one side of the adapter, you get a USB-C connection that is for charging the MacBook. It won’t work for any other purpose besides that. In the centre you get an HDMI connection which supports video and audio output, and to the right of that you get a USB-A connector which supports USB 3 data-transfer speeds up to 5Gbps.

The other end of the adapter which goes into your MacBook is USB-C.

This is what it looks like in action:

Now, why would you want this adapter? Well, what this adapter allows you to do in short is to plug in a monitor, as well as a USB-A device while still charging your MacBook. Although you also need this cable to charge your MacBook if you don’t have one already. So In my use case, I have one cable to plug in to have access to my external monitor, have the MacBook work with the UPS, and charge which is super convenient. If I didn’t have the UPS, then I could use the USB-A port for things like flash drives and external hard drives. I can also see this being of interest to MacBook Air and 13″ MacBook Pro users as they only have two USB-C ports on that notebook. That in my mind makes it a must get for those specific users who want to use their notebooks as desktop computers.

Let’s talk about the HDMI port as that will be of keen interest to many. Apple states that the HDMI port supports audio and does video (with support for HDR video in HDR10 and Dolby Vision) at the following resolutions:

  • 3840×2160 at 60Hz
  • 1080p at 60Hz or UHD (3840 by 2160) at 30Hz

However, in my usage of the product, I was able to get 1080p at up to 240 Hz without an issue on my external monitor. So depending on the MacBook and the monitor that you are using, you may be able to exceed Apple’s specs on that front. I should also note that this adapter is stated to work with the iPad Pro 11-inch and iPad Pro 12.9-inch (3rd generation and later), as well as the iPad Air (4th generation). So users of those devices may find some value in having this in their gear bag.

Do I have any complaints? No. But I will note this one oddity. I have noted that three times since I started using this adapter that the external monitor will go blank for a couple of seconds and come back to life. I’m not sure why that is, and my attempts to troubleshoot the issue haven’t gone anywhere as it happens on an infrequent basis. I’ll post an update if I can figure this out.

Finally, if you’re buying this, ensure that you are getting Model A2119 as Apple has two versions of these floating around and they don’t behave the same based on my research.

The USB-C Digital AV Multiport Adapter from Apple goes for $89 CDN direct from Apple. But I was able to get it for $20 off on Amazon. Thus I would check there to see if you can save a few bucks. If you have any of the new MacBook Pros or the new MacBook Air, this is a very handy item to get.

Coalfire Selects Infosec Institute to Bolster Cybersecurity Team Training 

Posted in Commentary with tags on January 6, 2022 by itnerd

Infosec Institute, a leading cybersecurity education provider, today announced their partnership with Coalfire to deliver hands-on technical cybersecurity training through the award-winning Infosec Skills platform. Coalfire is a leading cybersecurity advisor that combines extensive cloud expertise, advanced technology and innovative approaches to empower their clients to secure their digital transformations.

Today, more than 70% of security leaders are looking to the cloud to power their digital transformation. As cyber threats also move to cloud, cloud security measures, processes and policies must be in place to avoid misconfigurations and vulnerabilities that are currently the cause of many security incidents. To help organizations mitigate the risk of moving to the cloud, Coalfire has partnered with Infosec to equip their team with the latest cloud security knowledge, skills and certifications. 

Coalfire will leverage Infosec Skills to provide ongoing, hands-on training for the variety of cybersecurity professionals and developers that not only create their cloud security solutions, but also advise clients and protect client data. The training will complement Coalfire’s robust Learning and Development program through role-guided learning, equipping each learner with skills to combat the latest threats in their area of expertise. 

Through the partnership, Coalfire will leverage the Infosec Skills platform to provide additional training to members of their cybersecurity team. Named a 2021 IDC MarketScape Leader for IT Training in the U.S., Infosec Skills offers 1,200+ hands-on cybersecurity courses and cyber ranges where cyber professionals can upskill and reskill inside the operating environments they encounter on the job. 

Learn more about successfully technical training cybersecurity teams with Infosec Skills

Researchers Come Up With A Way To Allow Malware On iOS To Maintain Persistence By Simulating A Reboot

Posted in Commentary with tags on January 6, 2022 by itnerd

Researchers at ZecOps have demonstrated a way to take control of an iOS device and keep control of it that is quite novel. Traditionally, you can get rid of malware on an iOS device by rebooting it. But these researchers have created a proof of concept that hijacks the shutdown of an iOS device so that it never actually shuts down. Instead it simulates a shut down. Thus they maintain control of the device to do whatever they want with it. And they have named this technique “NoReboot”. Here’s a video of the exploit in action:

Here’s the kicker. Apple might have opened the door to this with a new feature in iOS 15 that allows you to find an iOS device using the Find My network even if it is off:

Since iOS 15, Apple introduced a new feature allowing users to track their phone even when it’s been turned off. Malware researcher @naehrdine wrote a technical analysis on this feature and shared her opinion on “Security and privacy impact”. We agree with her on “Never trust a device to be off, until you removed its battery or even better put it into a Blender.”

So, can you trust that an iOS device has been fully powered down? This implies that you can’t. And I am sure that threat actors will be looking at this seeing as the proof of concept code is out there. My question is, how will Apple respond to this? Given their track record of not dealing with security issues until they are forced to acknowledge them and address them, I am not holding my breath.