10 | January | 2022 | The IT Nerd

Archive for January 10, 2022

Grass Valley CA Pwned… Data Stolen

Posted in Commentary with tags Hacked on January 10, 2022 by itnerd

An investigation into a data breach attack of Grass Valley, California, has discovered city employee and citizen information was exposed. The breach, which occurred between April 13^th and July 1^st, 2021, resulted in an attacker transferring files outside of the network, including financial and personal info of “individuals associated with Grass Valley”.

I have some commentary from Saryu Nayyar, CEO and Founder of Gurucul on this attack:

“The ability to understand users, access and entitlements are essential in determining anomalous behaviors for determining whether access to and transmissions of sensitive data is actually the work of a malicious threat actor. Moving from traditional SIEMs and XDR tools to a next generation SIEM with XDR capabilities is critical as the initial activity, before data theft occurs, can be prioritized as a high-risk event based on a baseline of what is normal as well as monitoring for deviations that are indicative of an attack campaign, especially with adaptable Machine Learning (ML) models.”

It’s pretty clear that prevention and detection are the best ways to avoid being the next Grass Valley. Thus hopefully organizations of all sizes take note of this incident and plan their defences accordingly.

UPDATE: Elizabeth Wharton who is the VP Operations of SCYTHE

Municipalities struggle to identify and respond to data breaches, as I’ve experienced first-hand in the past. They suffer significantly from the cybersecurity skills gap, often with limited budgets. The cybersecurity industry needs to give them tools that help their teams gain experience with real-world threats so that they can continuously validate their processes and technologies, but it needs to provide them at a price-point that makes sense.

NHS Warns Of Log4j Pwnage

Posted in Commentary with tags Security on January 10, 2022 by itnerd

NHS digital cyber team has alerted of Log4Shell attacks on VMware software. The cyber alert service says an unknown threat group targeted the unpatched Horizon systems in order to establish a presence within affected networks. If successful, attackers could steal data or deploy ransomware. This isn’t good timing as NHS just like other health care systems worldwide are being overwhelmed by the Omicron variant of COVID. Though when is it a good time to get pwned.

I have two comments on this. The first is from Albert Zhichun Li, VP of Engineering of Stellar Cyber:

“Overall, Log4j vulnerabilities are relatively easy to exploit and not too hard to defend. The bar is low, and any attacker is capable of using Log4Shell. Every vendor needs to scan their potential java components, especially web services, in this case Tomcat, and offer urgent patches. All businesses need to keep security hygiene by patching the service or restricting the access.”

The second comment is from Saryu Nayyar, CEO and Founder, Gurucul:

“As we have seen over the past 30days, the Log4J vulnerability continues to be a challenge as new exploits are developed, making it essential to detect the threat activity both as the vulnerability is exploited or as attackers have successfully inserted themselves in an environment. Static signatures and rule-based ML must be constantly updated for certain variants to be detected. Dynamic and adaptable behavioral analytics that prioritize and escalate the specific anomalous activity attempting to exploit Log4j is the best approach to determining whether a new or unknown attack is actively attempting to compromise systems based on Log4j or execute a campaign post-initial compromise.”

Log4j/Log4Shell is the one thing that is making life miserable for sysadmins everywhere. The best way for them to put themselves out of their misery is to ensure all the thing are patched, and then double check to make sure all the things are patched.

UPDATE: I got additional commentary from Stephanie Simpson who is the VP Product Management of SCYTHE

Ransomware gangs, like CONTI, will continue to try to use Log4Shell vulnerabilities, especially as companies need to continue product development in the aftermath of this vulnerability being discovered. To protect customers from these new TTPs, companies need to test and validate there are no holes in the software before it is pushed to production.

Avira Joins Norton 360 In Dropping A Crypto Miner On Your PC…. WTF?

Posted in Commentary with tags Avira on January 10, 2022 by itnerd

Yesterday I posted a story about Norton 360 installing a crypto miner when you install the product. Well, they are not the only ones doing that as Avira is doing something similar. Check out their support document on the subject:

Avira Crypto allows you to use your computer’s idle time to mine the cryptocurrency Ethereum (ETH). Avira Crypto is an opt-in feature only and is not enabled without user permission. If users have turned on Avira Crypto but no longer wish to use the feature, it can be disabled through the Avira product user interface.

And just like Norton, they take a cut:

Avira Crypto is included as part of your Avira subscription. However, there are coin mining fees as well as transaction costs to transfer Ethereum. The coin mining fee is currently 15% of the crypto allocated to the miner. Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Avira.

Let me say this one more time. An antivirus product should never ever install one of these as it is not only all sorts of shady, but antivirus programs should find and kill this sort of software and not drop it on your computer. And the fact that this is opt-in is irrelevant to me. So you can add Avira and Norton to the list of antivirus programs that I won’t recommend.

Now if you do want an antivirus program for your Windows 10 or Windows 11 PC, simply use the built in features from Microsoft that will protect you from threats for free. And they don’t drop crypto miners onto your PC as an added bonus.

1 Comment »

Review: Topvork 60W PD 6-Port USB Charging Hub

Posted in Products with tags Topvork on January 10, 2022 by itnerd

Every one of us has multiple devices. If I look at myself I have the following:

And that list is only the stuff that I use daily. It doesn’t count things like my Garmin Edge 830 cyclocomputer, or the various power banks that I have. All of which need to be charged on a regular basis. And having separate chargers plugged into a power bar is a complete waste. Which is why I jumped at the opportunity to review the Topvork 60W PD 6 port USB charging hub as I can see a three use cases for it. One is at my desk, one is on a nightstand, and one when travelling becomes a thing again. Let’s look at the charging hub:

It comes in two colours, white and black. I got the white one and it is pretty nondescript. Which means it will blend into your decor just fine. And it doesn’t really take up a lot of space as it is about the size of a bar of soap that is still in the box. It’s also pretty light which means that carrying it won’t be a chore. But the stuff you care about is in the next picture:

You get a USB-C that supports 30W charging using the Power Delivery standard or 25W using the Programmable Power Standard (PPS).
You also get a USB-A port that does 18W via Qualcomm’s Quick Charge standard.
Finally you get four USB-A ports that do a max of 12W of charging each, or 30W combined.

All told, you get up to 60W of charging power. Here’s how the math is done:

What this basically means is that you can charge anything from an iPhone to a MacBook Air using this one adapter via one wall outlet. Not to mention things like an Apple Watch, AirPods, and the like. And charge them all at the same time.

Another thing that I’d like to point out is that this supports voltages from 100v up to 240V. Which means that you can travel with it and easily keep all your gear charged. You either have to use the right cable or a travel adapter and you’re good.

Let’s get to the charging part. To test this I ran a number of experiments:

I borrowed a M1 MacBook Air from a client and charged it via USB-C from 9% to full in just under 2.5 hours. From what I could tell, it charged at the same rate as the Apple charger that it came with.
I watched my iPhone 12 Pro go from 8% to 50% in just under 25 minutes via the USB-C port.
I plugged in four USB-A devices to have them charge at the same time. They seemed to be charging slightly slower than if I charged them in their respective chargers. But only slightly.
I plugged in the M1 MacBook Air, my iPhone 12 Pro into the USB-A QC port, and for other devices and observed to to see if any of them didn’t charge. But they all did without an issue.

Clearly this hub had no problems handling whatever I threw at it.

My only gripe is that I wish the case had something on the bottom of it to make it more grippy. I say that because it had a tendency to slide around my desk which was mildly annoying. But that really is just a minor complaint.

Regardless of your use case, Topvork 60W PD 6 port USB charging hub is an easy recommendation from me if you need to charge multiple devices at the same time. Amazon sells this for $49.99 CAD and as far as I am concerned, it’s money well spent.

1 Comment »

The IT Nerd