Archive for April 11, 2022

ESET Canada Sets Up New HQ In Thornhill

Posted in Commentary with tags on April 11, 2022 by itnerd

Amidst the work-from-home mandates throughout the past two years of the COVID-19 pandemic, ESET moved its Canadian headquarters from downtown Toronto to Commerce Valley Drive West in Thornhill. As staff begin returning to in-office work, ESET Canada will mark the official opening of its new location on April 11th with a private event for team members from across the country.

The new location is part of the second-largest tech hub in Canada, offers more square footage to accommodate a growing ESET Canada team and is accessible with both public transit and major arterial roads. 

Regardless of its physical location, ESET remains committed to providing the expertise and products that help people and organizations stay safe in the cyberworld.

The move also coincides with a brand refresh for ESET, which represents the role it has played in the progress that digital technology has enabled – in short, a force for progress. 

For more than 30 years, ESET has been providing digital protection as technology has advanced and progressed to change people’s lives, day-to-day activities and the way we do business. Progress in technology means the potential for a better world and society, but it is not without risk. As technology progresses, so too do those with malicious intentions; with every innovation comes someone who wants to exploit it for nefarious means.

Leave a comment »

Trend Micro Has Found Evidence That The Spring4Shell Vulnerability Is Being Exploited

Posted in Commentary with tags on April 11, 2022 by itnerd

Security researchers at Trend Micro have observed an active exploitation of the Spring4Shell vulnerability where threat actors were able to weaponize and execute the Mirai botnet malware on vulnerable servers in the Singapore region. 

Trend Micro says most of the vulnerable setups were configured with the following features:

  • Spring Framework versions before 5.2.20, 5.3.18, and Java Development Kit (JDK) version 9 or higher
  • Apache Tomcat
  • Spring-webmvc or spring-webflux dependency
  • Using Spring parameter binding that is configured to use a non-basic parameter type, such as Plain Old Java Objects (POJOs)
  • Deployable, packaged as a web application archive (WAR)
  • Writable file system, such as web apps or ROOT

This of course is a major problem as if one group of threat actors taking advantage of this vulnerability, other threat actors are doing the same thing. Or will be doing the same thing soon enough.

I have sourced a pair of comments on this starting with Saryu Nayyar, CEO and Founder, Gurucul:

“This is another example of a known set of malware being leveraged to exploit a newly discovered set of vulnerabilities. Mirai is indeed a long standing and dangerous piece of malware that can deliver multiple destructive outcomes to organizations. Until vulnerabilities such as these can be patched, which can take weeks or months, organizations need to augment their threat detection, investigation and response programs to determine if they are already under attack and certainly find any signs of an attack early in the kill chain. This can allow them to perform emergency patching on systems if threatened. However, this requires a solution not only with advanced analytics and non-rule-based machine learning models to detect any variations employed when Mirai is executed, but also threat intelligence combined with risk analytics to prioritize and escalate to security teams once the attack is potentially found. These capabilities are critical for accelerating response and rallying security teams to identify and focus efforts on a serious active threat. Unfortunately, most current SIEM and XDR solutions lack this combination of features to be enough to stop this attack so organizations must look at more advanced solutions to better enable security teams. “

Chris Olson, CEO, The Media Trust is next:

 “In the face of Log4Shell, many organizations rolled out patches to protect their internal systems and consumer-facing services. But the emergence of Spring4Shell reminds us that patching is only a temporary fix: as long as organizations are depending on third-party assets for website, app and backend development, they must exercise continual vigilance and monitoring to protect their users.”

This is likely the start of larger campaigns using this exploit. This sysadmins and security professionals should take this time to make sure that they aren’t vulnerable to being pwned by this exploit.

Leave a comment »

Guest Post: 54% Of Americans Say They’re Receiving More Text Scams Than Ever Before – Are You Protected?

Posted in Commentary with tags on April 11, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout. 

There is only one you – let’s keep it that way! Tomorrow, April 12th is Identity Management Day and Lookout cybersecurity would like to share tips on how consumers can better manage their identity online. 

A recent study from Lookout found that scammers are increasing their complexity, and hacks are looking more real to consumers. Only 8.7% of the 2,000 survey participants correctly identified the legitimate text message, login page, and video when compared to scammers.

Here are some tips to keep you protected: 

Conceal Personal Information
Limit the amount of personal information placed online. Information like location, pet name, last name, and birthday can be used to break into important accounts. 

  • 60% of people share their birthday publicly on social media

Strong Passwords 

  • Use Two-Factor Authentication: This makes it harder for hackers to access your account and will alert you to any potential hacking attempts.  
  • Password Changes: Be sure to regularly change the password to your most important accounts. This will help prevent hackers from getting access. Make sure you use a combination of letters and numbers for the best protection. 
  • AVOID using passwords like these:

Delete WiFi Connections
If you connect to an unknown WiFi network and it starts asking you for any sort of username and password, such as validating your identity with a login, disconnect from it immediately. 

Install Security Software On Your Devices
Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.

  • Only 31% of Americans pay for identity theft monitoring on their devices, leaving 69% of Americans vulnerable to identity theft.

Leave a comment »

EU Officials Targeted With NSO Spyware…. Or Not….

Posted in Commentary with tags on April 11, 2022 by itnerd

The title of this story doesn’t seem to make sense. But it will. Trust me. Let’s start with this Reuters story that says this:

Senior officials at the European Commission were targeted last year with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters.

Among them was Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019, according to one of the documents. At least four other commission staffers were also targeted, according to the document and another person familiar with the matter. The two EU officials confirmed that staffers at the commission had been targeted but did not provide details.

The commission became aware of the targeting following messages issued by Apple to thousands of iPhone owners in November telling them they were “targeted by state-sponsored attackers,” the two EU officials said. It was the first time Apple had sent a mass alert to users that they were in government hackers’ crosshairs.

The warnings triggered immediate concern at the commission, the two officials said. In a Nov. 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.

That’s very bad. And of course, the spyware that we’re talking about was designed by the NSO Group…. Or was it?

Security researchers have said the recipients of the warnings were targeted between February and September 2021 using ForcedEntry, an advanced piece of software that was used by Israeli cyber surveillance vendor NSO Group to help foreign spy agencies remotely and invisibly take control of iPhones. A smaller Israeli spyware vendor named QuaDream also sold a nearly identical tool to government clients, Reuters previously reported.

So it could be either of these companies. I would be forcing the NSO Group to prove without a shadow of a doubt that it wasn’t them. Because given their previous track record, it’s going to be hard to take their word for it at this point. Still, it is a very disturbing story that shows that this spyware, regardless of who is behind it, has been used more widely than previously thought.

Leave a comment »

Elon Musk Joins Twitter’s Board Of Directors…. And Then Decides Not To Join Twitter’s Board Of Directors

Posted in Commentary on April 11, 2022 by itnerd

You might recall that last week Elon Musk as in the guy behind SpaceX and Tesla became the single biggest shareholder of Twitter stock. This led to him apparently joining the board last week. Twitter CEO Parag Agrawal said he was “excited to share” that Musk was joining the board, adding that “through conversations with Elon in recent weeks, it became clear to us that he would bring great value” to the Board.”

Just less than a week later, that apparently won’t happen based on this Tweet:

You have to wonder what happened. Because parsing the statement above leads to some interesting questions. Specifically this statement for starters:

We also believed that having Elon as a fiduciary of the company where he, like all board members, has to act in the best interests of the company and all our shareholders, was the best path forward. The board offered him a seat.

The use of the word “fiduciary” is interesting. That word is defined as “a person who holds a legal or ethical relationship of trust with one or more other parties (person or group of persons).” Which makes sense seeing that Twitter is a public company. Then there’s this part of the statement:

We announced on Tuesday that Elon would be appointed to the Board contingent on a background check and formal acceptance.

I am not sure why they would mention that he has to go through a background check in a statement like this. Combine that with the previous line and you start to wonder if something happened behind the scenes that caused him to pull out. As in Twitter came across something that made him joining the board a non starter. Such as his well documented bad behaviour when it comes to saying and doing stuff that runs counter to being part of a public company. I’m not sure what the reason is, but you don’t put language into a statement that could have been as short as “Elon won’t be joining the Twitter board” unless you are sending some sort of message.

So where does this go from here? Maybe he goes away. Or maybe he decides to do a hostile takeover of Twitter. I don’t know. But I’ll be watching as this story is far from over.

1 Comment »