Archive for January 26, 2022

White House OMB Announces “Zero Trust” Strategy

Posted in Commentary with tags , on January 26, 2022 by itnerd

That White House’s Office of Management and Budget (OMB) has released a Federal strategy today to move the U.S. Government toward a “zero trust” approach to cybersecurity. This report has more digestible details. But here’s the key point:

The U.S will adopt a “zero trust” approach, meaning the federal government will assume no actor, system, network, or service operating outside or within the security is trusted, according to a memo from the acting director of the Office of Management and Budget, Shalanda Young.

In a statement, the White House said that the “growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data.”

Anurag Gurtu, CPO, StrikeReady had this to say:

“As part of any digital transformation, Zero Trust networks should be a key initiative that focuses on securing resources (data, identities, and services), rather than securing physical networks.

By focusing on tailored controls around sensitive data stores, applications, systems, and networks, the Zero Trust model shifts the focus away from varying types of authentication and access controls.

The Zero Trust initiative should be supported by other key initiatives such as modernizing the security operations as well as uniting and empowering cyberdefenders. Without one of these, an organization’s security will be shaky at best.”

I like the fact that The White House is putting their influence behind this. That will hopefully encourage companies to do the same thing.

UPDATE: I have additional commentary from Lucas Budman, CEO, TruU:

“Securing only endpoints, firewalls, and networks provide little protection against identity and credential-based threats. Users should be authenticated continuously, from the time they try to login to the moment they log out. Until organizations start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches. The initial step in any successful Zero Trust strategy should focus on granting access by verifying the person requesting access, understanding the context of the request, and determining the risk of the access environment. This never trust, always verify, enforce least privilege approach provides the greatest security for organizations.

It’s also important in a Zero Trust construct to recognize that devices that access data (laptops, desktops, mobile devices) have identities, as well. You have to understand the device’s posture when accessing the network in order to provide proper device level authentication and authorization. If the user only has access to non-sensitive or public information, the enterprise may not care that their device might have malware; however, if the user is trying to access sensitive financial or customer data, access should only be given to those devices that are managed, trusted and protected. In any case, simultaneous device risk data and identity authentication allow customers to implement policies that respond to potential threats as they happen by stepping up identity verification on compromised endpoints and limiting access to high-value assets associated with those endpoints.”

Prophet Spider Is Exploiting Log4j Vulnerabilities In VMware Horizon

Posted in Commentary with tags , on January 26, 2022 by itnerd

Initial access broker group Prophet Spider has been found exploiting the Log4j vulnerability in VMware Horizon, according to a new report from researchers with BlackBerry Research & Intelligence and Incident Response teams. Given how widely used VMware Horizon is used, this is a major threat.

Jorge Orchilles, CTO, SCYTHE had this to say:

“Initial Access Brokers leverage any opportunity to gain access to an organization. They must maintain that access as they sell it and hand it off to the buyer. Today the exploit being used is for Log4j, tomorrow it will be another. As defenders, we want to be able to detect and respond to the inevitable exploit that will one day break through our protection. Regardless of the exploit, we can detect and respond to what happens after by testing, training, and improving our people, process, and security controls. This is an ever evolving field, we must collaborate to stay ahead of the threats.”

This is the key thing:

The exact number of applications (and the various versions) affected by these vulnerabilities may never be fully known. Although VMware released a patch and mitigation guidance in December 2021 in response to the vulnerability, many implementations remain unpatched, leaving them susceptible to exploitation.

Thus if you haven’t got about patching, you may want to hop to it ASAP seeing as this is being exploited.

WARNING: A Geek Squad #Scam Is Making The Rounds

Posted in Commentary with tags on January 26, 2022 by itnerd

Today I had to jump into a situation where one of my clients got this email from someone claiming to be Geek Squad:

She called the number and when they started to ask about the passwords to her Google accounts, her credit card info, and some other personal info, she hung up. Then she phoned me.

Good call as this is a scam. Ignoring the fact that the fonts and the logos are not consistent with the Geek Squad brand, that this seems to clearly come from someone with a South Asian background (based on words like “queries” and phrases like “continue taking our service” and “for the last one year”) as that’s where these scams often originate from, and the lack of use of a toll free number, there’s these other telltale signs:

If you look at the From address, it is sent from a @gmail.com address. Best Buy who owns Geek Squad would never, ever use an @gmail.com address to send anything. The second thing is that this is not addressed to the end customer. Based on the To field, It is addressed to dearcustomer@geeksquad.com. Again Geek Squad would never do this. That implies that this is a phishing attempt. As in they send this email to hundreds or thousands of people hoping that 1% fall for the scam. Because a scam doesn’t have to be successful in volume to be successful. 

Thus if you get one of these emails, ignore it, delete it, and go about your day.

Agnostiq Launches Covalent to Democratize Access to the World’s Most Advanced Cloud Computing Resources

Posted in Commentary with tags on January 26, 2022 by itnerd

Agnostiq, Inc., the first-of-its-kind quantum computing SaaS startup, is pleased to announce the release of Covalent, an open-source workflow orchestration platform designed specifically for quantum computing and HPC technologies. Covalent aims to make quantum and high performance computing resources more accessible to practitioners and developers, including machine learning engineers and data scientists.

Fueled by the technology’s rising popularity, the global market for quantum computing is expected to reach $5 billion by 2028. Quantum computing has the capabilities to speed up computations in the coming years, which is anticipated to accelerate innovations in many industry verticals. But, it remains largely inaccessible to the enterprise, due mainly to the novelty of the technology and the high level of expertise required to build applications. Agnostiq is building a suite of tools to lower the barriers for developers and enterprises to enter into the world of quantum computing.

Covalent solves the following challenges associated with these advanced computing technologies:

  1. Breaks workflows down into modular Python components, allowing users to easily reproduce repetitive code and avoid costly reruns; important in a high performance computing/quantum setting since running experiments on these devices is extremely expensive;
  2. Serves as a single entry point for Quantum Processors, CPUs, GPUs, and quantum-inspired hardware, with no additional setup required; and
  3. Includes an intelligent task scheduler that automatically selects the best hardware resource for a given task based on a mix of predefined as well as user-defined constraints.

The company previously secured $2 million in seed funding, led by Differential Ventures, with follow-on participation from Scout VenturesBoost VCTensility Venture Partners, and Green Egg Ventures.

KAYAK Reveals 38% Of Employed Gen Z’s in Canada Plan To Take A Workcation For A Change Of Scenery In 2022

Posted in Commentary with tags on January 26, 2022 by itnerd

According to a new survey from KAYAK, more than one quarter (27 per cent) of employed Canadians plan to take a workcation (i.e. working remotely from a different location) in 2022. This trend is even more prominent amongst Gen Z’s (aged 18-24), with 38 per cent planning to take a workcation this year. To capture this growing demand for blending the flexibility of remote work with leisure travel, KAYAK is launching an interactive “Work from Wherever” Guide to help those interested in taking a workcation find the best place to go based on their personal style.

Who needs a workcation

According to the survey, one quarter (25 per cent) of employed Canadians feel burned out from their current job and the same amount (25 per cent) have fantasized about quitting their jobs. To support those looking for a change of scenery to reignite their day-to-day motivation, KAYAK’s new tool is here to help. 

Featuring data-driven insights on the most popular destinations to work remotely, KAYAK’s “Work from Wherever” Guide aims to help personalize where to workcation in 2022. From the average price of a flight, hotel and rental car to the internet speed and compatible timezones, KAYAK took a number of factors into account to determine the best place to workcation based on Canadians’ personal and professional needs.

The guide also features a sweepstakes where one lucky winner will receive two, Economy, round-trip Air Canada flight tickets for anywhere the airline flies, plus $7,400 in gift cards to put toward their own workcation.

Where to workcation 

From European favourites like Lisbon (Portugal) and Barcelona (Spain) to Central American hotspots like Santa Teresa (Costa Rica) and Bocas Del Toro (Panama), metropolitan cities with nearby beach escapes (for quick weekend trips) are where Canadians are searching to travel in 2022.

Whether you’re considering a workcation now or in the future, KAYAK has additional tools to help you plan your trip confidently. Check out KAYAK’s Travel Restrictions Page which provides country level details on vaccination rates as well as KAYAK’s recent partnership with CLEAR offering an easy way to show proof of vaccination before traveling internationally.

** Remote employees should check with their employers for any immigration, tax considerations, etc. when debating whether to work remotely from another destination **

Guest Post: 45% Of Fraud Attacks Worldwide Abuse Brand Names Says Atlas VPN

Posted in Commentary with tags on January 26, 2022 by itnerd

While more internet users are becoming aware of suspicious emails and malicious links, attackers are sophisticating fraud attacks, making them harder to recognize. 

According to the data presented by the Atlas VPN team, 45% of fraud attacks worldwide abuse brand names. In addition, the United States and Spain are the most targeted countries by phishing attacks. 

Brand abuse accounted for 45% of all fraud attacks worldwide in 2021 Q3. Our report from last year revealed that Facebook, Microsoft, and the French financial group Crédit Agricole were the most impersonated brands in 2021 H1.

Rogue mobile apps were responsible for 39% of fraud attacks worldwide. Last year, for example, cybercriminals used fake TikTok Android apps to carry out Covid-19 related scams. Fake apps are usually distributed through third-party app stores.

Phishing attacks accounted for 14% of fraud threats in 2021 Q3. Phishing cyberattacks use social engineering to steal information from users under false pretenses, either by email, phone calls, or social media and text messages.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on fraud attacks:

“Fraud attacks require the user to identify and assess possible threats, so employee training and general tech-savviness are essential when mitigating fraud risks. However, as humans are prone to make mistakes, anybody could fall for a sophisticated scam.  Businesses should set up cybersecurity solutions to back people up in such cases.”

Phishing attacks target the US

Impersonating popular brands allows cybercriminals to target multiple countries where the attack would be the most effective and bring the most profit.

Cybercriminals targeted the United States in 21% of all phishing attacks in 2021 Q3. The US is threatened by phishing the most as attackers hope to get access to important corporate accounts, spreading the malware further.

Fraudsters chose Spain as their target in 14% of phishing attacks worldwide. Phishing campaigns in Spain targeted drivers with emails informing them about supposed fines, while actually, it would download malware on the device if clicked on the malicious link.

At the same time, South Africa suffered from 12% of phishing threats carried out in 2021 Q3. Attackers targeted the Philippines in 9% of phishing attacks worldwide. Greece ranks fifth as cybercriminals directed 7% of phishing threats to Greek organizations.

To read the full article, head over to: https://atlasvpn.com/blog/45-of-fraud-attacks-worldwide-abuse-brand-names

Qualys Uncovers Major Linux Vulnerability

Posted in Commentary with tags , on January 26, 2022 by itnerd

Security company Qualys has uncovered a dangerous memory corruption vulnerability in Polkit’s pkexec, CVE-2021-2034. Polkit, formerly known as PolicyKit, is a system SUID-root program installed by default in every major Linux distribution. The easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:

“The pkexec vulnerability and other similar zero-days exacerbate the need for protecting sensitive applications and data. With options like Confidential Computing and secure enclaves, although attackers could gain elevated privileges using the pkexec vulnerability, they would not be able to access protected workloads. Secure enclaves can essentially provide a future proof protection against such newly disclosed OS vulnerabilities.”

Linux is very popular in enterprises worldwide. Thus companies worldwide need to look at this and use the temporary mitigation outlined in the report from Qualys if no patchers are available for your Linux distribution.

New LinkedIn Data Reveals Canada’s Workforce Is Considering An Industry Switch

Posted in Commentary with tags on January 26, 2022 by itnerd

Today, LinkedIn shared its latest Workforce Confidence Index findings that captures a new trend in how Canadians are navigating the Great Reshuffle. As many Canadians take on new roles, there is a small majority of Canadians who are open to doing so in industries entirely new to them.

In this edition of the Workforce Confidence Index, LinkedIn looked at how open Canadians are to switching industries and the reasons for doing so, finding that better compensation was among the top reasons Canadian’s are making the switch.

  • 57% of those who are open to new jobs said they were either currently considering changing industries (42%) or were either actively looking to do so or had changed industries in the last year (15%).
  • Other top drivers of industry change included flexible work hoursbetter benefits, and greater job stability.
  • For those who wouldn’t consider a change in industry, 68% said they enjoy the nature of their job42% wanted to build more expertise in their industry, with 30% saying they wanted to strengthen their relationships in their industry.

For the full results, including gender and COVID-related viewpoints, visit here

Methodology

LinkedIn’s Workforce Confidence Index is based on a quantitative online survey that is distributed to members via email every two weeks. Roughly 16,000+ members respond each wave, based in the U.S., Canada, Brazil, UK, France, Germany, Spain, Italy, Netherlands, India, & Australia. Members are randomly sampled and must be opted into research to participate. Students, stay-at-home partners & retirees are excluded from analysis so we’re able to get an accurate representation of those currently active in the workforce. We analyze data in aggregate and will always respect member privacy.

Data is weighted by engagement level, to ensure fair representation of various activity levels on the platform. The results represent the world as seen through the lens of LinkedIn’s membership; variances between LinkedIn’s membership & overall market population are not accounted for.

Millions Learn Cybersecurity Essentials With Infosec Institute Fueling 62% ARR Growth in 2021

Posted in Commentary with tags on January 26, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced impressive 2021 growth for its software segment of business — reporting a 62% increase in annual recurring revenue. Infosec’s software platforms — Infosec IQ and Infosec Skills — helped millions of learners make the digital world safer in 2021 by delivering 26 million minutes (49 years’ worth) of cybersecurity training.

Record numbers of cyber incidents and open cybersecurity roles in 2021 fueled the need for security education to strengthen organizations’ security cultures, upskill cyber teams, reduce business risk and meet compliance. As the only cybersecurity education provider with role-guided training for the entire organization, Infosec rose to this challenge by driving significant innovation in its security education software, investing in customer care and satisfaction and focusing on corporate social responsibility by building community.

Innovating for growth 

Two SaaS cybersecurity education platforms — Infosec Skills for hands-on security skills training and Infosec IQ for security awareness and phishing training — fueled Infosec’s 2021 growth with these innovation achievements:

Providing award-winning customer experience

Throughout 2021, industry leaders recognized Infosec for its market leadership and customer experience with numerous accolades based on more than 1,500 validated customer reviews including:

Building community through cybersecurity

Beyond business growth, Infosec focused on its commitment to corporate social responsibility initiatives, earning recognition as a TrustRadius’ TechCares award recipient, celebrating companies that have gone above and beyond to provide strong Corporate Social Responsibility (CSR). 

Through Infosec Gives, the company’s 1-1-1 philanthropic commitment to sharing profit, product and time to make a lasting impact, the team has:

  • volunteered  more than 850 hours to over 42 local non-profits
  • donated $15,000 to over 50 organizations and 
  • awarded $200,000 in Infosec Accelerate Scholarships to make cybersecurity more accessible to women, BIPOC, LGBTQI+, veterans and undergraduates.

Infosec also launched their Infosec Gives Partner Program, a collaboration initiative with industry organizations sharing Infosec’s vision to make cyber training more accessible. The program welcomed the Women’s Society of Cyberjustsu as their first partner. 

The company’s commitment to the community also shined through its employee experience with Infosec recognized as a Madison Top Workplace and Chicago Best Place to Work.

DeadBolt Ransomware Targets QNAP Devices In The Latest Ransomware Attack On QNAP Devices

Posted in Commentary with tags , on January 26, 2022 by itnerd

If you own a QNAP NAS like I do, you’ve likely seen reports of various ransomware attacks on these devices over the last few months. The latest of these attacks is the DeadBolt ransomware which started to appear yesterday. It claims to leverage a zero day exploit and encrypts all your files unless you pay 0.03 bitcoins (approximately $1,100 USD). But as usual, paying the ransom will not guarantee that you get your files back.

One thing that’s unique about this latest ransomware strain is that the threat actors are also targeting QNAP:

On the main ransom note screen, there is a link titled “important message for QNAP,” that when clicked, will display a message from the DeadBolt gang specifically for QNAP.

On this screen, the DeadBolt ransomware gang is offering the full details of the alleged zero-day vulnerability if QNAP pays them 5 Bitcoins worth $184,000.

They are also willing to sell QNAP the master decryption key that can decrypt the files for all affected victims and the zero-day info for 50 bitcoins, or approximately $1.85 million.

“Make a bitcoin payment of 50 BTC to bc1qnju697uc83w5u3ykw7luujzupfyf82t6trlnd8,” the threat actors wrote in a message to QNAP.

“You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to security@qnap.com.”

That’s novel.

This follows other ransomware attacks on QNAP devices. Specifically Qlocker and eCh0raix which have been around for a while. All of these ransomware strains have one thing in common. They target Internet exposed QNAP NAS devices. Thus your first course of action needs to be to take your QNAP NAS off the Internet and stick it behind a firewall. These instructions can help you with that. Your next course of action is to follow these instructions which have suggestions from QNAP as to securing your NAS. Now in my case, my NAS isn’t exposed to the Internet. In fact it never has been as I’ve always considered that to be a massive security risk. I also run QNAP’s Malware Remover to add an extra level of security.

But that doesn’t change the fact that QNAP clearly has some serious security issues that allow these ransomware attacks to take place as I don’t hear about similar attacks from other NAS vendors. Thus it would make sense for me to consider purchasing another brand of NAS as clearly QNAP NAS devices have some extremely serious security issues that clearly haven’t been addressed. Which means that QNAP really needs to step up their security game or more bad things will happen to them. Such as lost market share.