Archive for April 12, 2022

Craig Newmark Serves Up $50 Million To Create A Cyber Civil Defense 

Posted in Commentary with tags on April 12, 2022 by itnerd

Here’s an interesting initiative. Craig Newmark of craigslist fame on Monday promised a major investment in the cybersecurity community and public cyber education by serving up more than $50 million towards what he called a Cyber Civil Defense. This was announced on Twitter:

A press release was also part of this announcement. Here’s a section of it:

CNP’s funding will support efforts to raise public awareness of threats and online security choices, in addition to the creation of online tools and digital infrastructure that help secure the country’s networks. The effort will also include programming aimed at developing a diverse, inclusive, and equitable workforce capable of meeting the technical challenges ahead.

“American and western democracy are at risk,” said Craig Newmark. “As individuals, we’re also under attack. We need to work together to protect each other and democratic ideals in the digital world.”

I think that this will make a difference. So does Allen Drennan, Co-Founder & CTO, Lumicademy:

“Lately, breaking news of meeting provider and remote learning breaches have made it clear that mainstream vendors of these products are not compliant. This significant gift will give consumers a better chance at solid privacy, security and control when implementing a learning or meeting platform that involves more than basic privacy.”

If we want to be safe online, all of us have to participate in being part of the solution. The $50 million that Newmark has served up will help to kickstart the solution becoming a reality.

Leave a comment »

Today is Identity Management Day

Posted in Commentary with tags on April 12, 2022 by itnerd

As the lines between our personal and professional lives continue to blur, protecting our digital identities as consumers, employees, or partners is essential to security.

Identity Management Day brings together security leaders, vendors, and advocates to raise awareness, share best practices, and inspire individuals —and organizations of all sizes—to take action when it comes to effectively managing and securing digital identities. I reached out to one of those leaders for a comment about today. And that’s Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi:

“Identity management Day is a great opportunity to remind everyone that machines need identities to authenticate and connect securely. And nearly everything on enterprise networks fits our definition of machines: physical, virtual and IoT devices, applications, APIs, containers and clusters. In fact, the number of machines on enterprise networks is growing 43% per year. So, if your identity management program isn’t focused on humans and machines you’re missing a huge part of the problem.

The bad guys know this, and they are already taking advantage of it. Today is a great reminder to assess the machine side of your identity management program and see if you are doing as much to protect the identities of the machines on your network as you are doing to protect the identities of the humans on your network.”

So this is a great opportunity to do what you need to do to make sure that your digital identity, in all its forms, stays secure.

Leave a comment »

The FBI And Their Friends Take Down RaidForum

Posted in Commentary with tags on April 12, 2022 by itnerd

Score one for the good guys.

CNN has reported that the FBI and international partners seized control of the popular hacking forum RaidForum. At the time of the seizure, the forum had over 500k registered members, and was known for advertising hacked American data. Law enforcement agencies in the US, UK, Sweden and elsewhere were involved in the seizure.

Chris Olson, CEO, The Media Trust had this to say:

“The seizure of RaidForum is a great example of what can happen when law enforcement agencies cooperate in the global fight against cybercrime. Unfortunately, it’s not likely to have a significant impact on cybercrime, as users of RaidForum – and any “surface web” hacking boards – are not major players, and many will simply migrate elsewhere.”

“The modern Web is effectively a borderless entity, which makes cybercrime exceedingly difficult to fight. By 2025, the yearly cost for consumers and organizations is expected to reach $10.5 trillion. In the meantime, we need to take better control of our digital borders – until we do, cyber actors will continue to target consumers through Web and mobile endpoints.”

Hopefully we see more takedowns like this. Because everytime the good guys do this, it becomes less and less comfortable for threat actors to exist.

UPDATE: I have two more comments. The first is from Peter Stelzhammer, Co-founder, AV-Comparatives:

“By shutting down this forum a great source for black hats has gone. Nevertheless, there is a massive number of other sources, so stay safe on the internet and use IT security systems and backup.”

“Investigators had been preparing the operation for a year. It was coordinated by Europol’s cybercrime specialists. So, you can see how much it was online without any consequences serving the black heads. Cybercrime is making more money than the whole drug industry nowadays.”

The second is from Artur Kane, CMO, GoodAccess:

 “While hackers’ forums’ social and educational aspects are apparent, these media play a fundamental role in the community’s operational capabilities. It is where members join forces to coordinate their activities, exchange code and tools used in attacks, share experiences about exploiting vulnerabilities, sell stolen data such as passwords, and more. Reestablishing this core exchange and collaboration platform is vital for the success of cybercriminal activities. While, at first, the former members will distribute to smaller sites, a new major successor will soon arise to take the RaidFormus place. One of the likely candidates is BreachForums.”

Leave a comment »

Ukraine Hit By Cyberattack By Russian Hacker Group

Posted in Commentary with tags , , on April 12, 2022 by itnerd

This morning, it came to light that there was an attack on Ukraine’s critical infrastructure by cyber-criminal group Sandworm:

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.

It shows that this war is on multiple fronts including cyberspace. And Justin Fier, VP of Tactical Risk and Response at Darktrace agrees:

This news represents a major step up from the relatively unsophisticated previous DDoS attacks, and it’s particularly interesting to see that Sandworm has reared its head again. CISA and other government agencies in the Five Eyes have been anticipating an attack like this and issuing sophisticated warnings for some time. Ukraine has been dealing with this type of threat for years and has been preparing with the help of global allies, including the U.S. 

While we cannot confirm these allegations, the hope is that governments worldwide will take this seriously and realize that the same type of attack could happen to them. Any attack on Ukrainian soil could also occur anywhere else, be replicated by other cyber-criminal groups or nation-states, or cause ripple effects across the global supply chain. During this ongoing “World War Wired,” we must be concerned not only with the prospect of an inbound warhead but also infrastructure destroying cyber-attacks. The responsibility will fall on each potentially at-risk organization to bolster their defenses: they must fight fire with fire, arming themselves with the latest technologies. You go to war with the army you have, not the one you wish you built, and organizations must prepare now.

In short, the time to prepare for this sort of attack is now because you can expect targets outside of Ukraine to be hit with this sort of attack in the near future.

Leave a comment »

Sophos Says That Threat Actors Were In Government Agency Computers Long Before They Launched Attacks

Posted in Commentary with tags on April 12, 2022 by itnerd

Security researchers at Sophos have found that threat actors spent more than five months on government agency computers remotely googling for tools from the target’s machines. Behavioral log data from regional US government agency’s suggests that two or more threat groups were active before a final group deployed Lockbit ransomware payloads earlier this year. That basically means that they’ve been hanging around inside an environment undetected before launching an attack.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“One of the biggest enemies of any security operations teams is threat actor dwell time. On average this is over 250 days, which is the time between when a threat actor has bypassed your defenses and is roaming inside the castle walls off the radar and moving about freely, to when they are found and removed from the “grounds”. Threat actors use different tactics and techniques stretched out over weeks or months to hide their activity from traditional SIEM and XDR tools that are rooted in identifying patterns over short periods of time. Manually being able to piece together seemingly disparate indicators of compromise over weeks or months is virtually impossible for a security team and most current solutions struggle to provide the necessary. In addition, behavioral log data is only useful for post-breach once the damage is already done. Organizations must look to add more advanced tools that link disparate events over time using analytics and adaptive and trained machine learning models, not just simple correlation, or rule-based fixed machine learning. In addition, included threat content (sadly most companies charge for out-of-the-box automated threat detection), network traffic analysis to identify unauthorized external communications, and real-time user and entity behavior baselining and analytics can be used to reveal how anomalous behaviors are actual security threats associated with an attack campaign. This changes the game to enabling security teams to be proactive versus reactive.”

This underscores that organizations need to not only keep the bad guys out, but they also need to be able to detect the bad guys if they should get in. Because both are important to avoid your organization getting pwned by threat actors.

Leave a comment »

Drive Back To The ’70s, ’80s, And ’90s With Waze 

Posted in Commentary with tags on April 12, 2022 by itnerd

Is your affection for yesteryear rooted in the ’70s disco movement, an ’80s aerobics studio or ’90s pop songs? For a drive back in time (and onwards to your next destination), activate Waze’s nostalgic new driving experience.

Retro Mode celebrates personalities and trends from the years most firmly cemented in today’s pop culture. Turn your next drive into a trip down memory lane with nostalgic moods, voices and cars.

Set your vibe on Waze to ’70s peace, love and happiness with an eccentric radio DJ as your host and navigator, a flower-power “El Vanarino” as your vehicle and a groovy lava lamp Mood.

If Jazzercise is more your speed, break a sweat with an ’80s aerobics instructor to guide your journey, while you maneuver in a Rad Racer sports car with a “Pumped!” boombox Mood.

Or you can head back to the ’90s in your classic two-door “SUV4EVA” while a pop star helps you avoid traffic and the paparazzi. Set your Mood to “Dialed Up,” a classic desktop PC, but without the pain of waiting for your crush to sign online.

Also starting today, audio streaming service TuneIn is partnering with Waze to deliver ’70s, ’80s and ’90s songs, allowing you to seamlessly access your favorite nostalgic bops directly via the Waze app. Stations include Hit Music 70’s in the UK, 90’s Hits in the US and Canada, and 80’s Alive in France. To listen through your Waze app make sure to sync your Audio Player.

For a drive that transports you to a new decade, click “My Waze” in your Waze app and tap the “Drive with the 80’s” banner to activate. It’s available globally, in English, French and Portuguese, for a limited time.

Leave a comment »

Guest Post: Apple Products’ Vulnerabilities Surge By Over 450% Says Atlas VPN

Posted in Commentary on April 12, 2022 by itnerd

To maximize their financial opportunities, cybercriminals are continuously striving to exploit vulnerabilities that affect as many individuals as possible.

According to the findings by the Atlas VPN team, Apple product’s vulnerabilities surged by 467% in 2021 H2. Furthermore, Google and Microsoft products accumulated the most vulnerabilities in the second half of 2021.

Google accumulated 511 vulnerabilities in the second half of 2021. Google products such as the Android operating system and Chrome browser are used by billions of people worldwide. Cybercriminals exploit vulnerabilities in such products so that more users would be affected.

Microsoft products were second in terms of vulnerabilities with 428. Most of the vulnerabilities are found in Windows OS versions, Office tools, and the Microsoft Edge browser.

Apple software vulnerabilities surged by 467% in H2 2021 to 380 exploits. Cybercriminals find the most exploits on Safari browser and operating systems on various Apple products. Due to all Apple software being interchangeable and connected, one found vulnerability can usually affect all devices.

Oracle products accumulated 258 vulnerabilities in the second half of 2021. At the same time, the Chinese telecommunications equipment company Huawei gathered 201 vulnerabilities, almost an 814% increase compared to H1.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on vulnerability threats:

“Products owned by tech giants such as Apple or Google are used by billions of people worldwide. That makes billions of users vulnerable to exploits found by cybercriminals. To stay away from such threats and keep your devices safe, people should always update their software to the latest version.”

Vulnerability levels

Exploits that are simple to perform and can do the most harm to the victims are rated higher on the risk level.

National Vulnerability Database (NVD) evaluated 1,079 vulnerabilities with a risk level of 10 in the second half of 2021. NVD issued risk level 9 to 1,173 vulnerabilities. Risk level 8 vulnerabilities were the most common, with 2,582 recorded flaws. Following up, NVD evaluated 693 vulnerabilities at risk level 7.

An exploit, CVE-2021-30858, rated 8.8, targets iPhones and iPads with the 14.8 iOS version and Macs with macOS Big Sur 11.6. The vulnerability allows the threat actor to execute an arbitrary code, enabling the installation of malware or other actions on a vulnerable Apple device.

The most harmful vulnerability from 2021 was CVE-2021-44228, better known as the Apache Log4j vulnerability.

To read the full article, head over to: https://atlasvpn.com/blog/apple-products-vulnerabilities-surge-by-over-450

Leave a comment »

New LinkedIn Data Shows Canada’s Growing Tech Workforce Is Outpacing The U.S.

Posted in Commentary with tags on April 12, 2022 by itnerd

Canada’s bustling tech sector has attracted national and international headlines in recent weeks, as an influx of investment into the nation’s talent pipeline helps it earn a reputation as a major hub for the industry.

The latest edition of LinkedIn’s Workforce Report for Canada reveals where the tech workforce has expanded the fastest over the past year, as well the roles, skills and cities driving growth. Here are some of the key findings:

  • Growth in Canada’s tech talent workforce outpaced the U.S. over the past 12 months (1.6% growth rate in Canada compared to 1.1% in the U.S.)
  • Calgary enjoys the fastest pace of tech workforce growth at 2.2% over the past 12 months (Vancouver and Toronto are close behind at 2.1% and 2% growth, respectively)
  • Data Engineer (19.7%) and Back End Developer (14.1%) are the fastest-growing tech jobs in Canada over the past 12 months
  • The fastest-growing skills relate to cloud-computing, such as Microsoft Azure (which was up 36% over a year), user interface library React.js (up 33%) and Amazon Web Services (up 26%)

The full report findings can be found here.

Methodology

This body of work represents the world seen through the lens of LinkedIn data, drawn from the anonymized and aggregated profile information of LinkedIn’s 810 million members around the world. As such, it is influenced by how members choose to use the platform, which can vary based on professional, social and regional culture, as well as overall site availability and accessibility.

To map “tech talent,” LinkedIn determines members’ job functions from their job titles as listed on their profiles. For this report, a member is considered to be “tech talent” if their current job function is in “Information Technology” or “Engineering.” All positions, including full-time, intern, student, contract, part-time and self-employed roles are included in this analysis.

Top educational institutions are based on the institutions listed in the education section of LinkedIn profiles. The rank for top tech schools is based on the number of “tech talent” workers who attended a given school.

The tech talent growth rate reflects the percentage change in the number of tech professionals in a given location, compared with the same location a year earlier. Named cities include wider metropolitan areas. Fastest-growing jobs reflect the percentage change in the number of professionals who list a job title as an active position on their LinkedIn profile, compared with the same title a year earlier.

Leave a comment »

CDW Canada Reveals Canadian Organizations Suffer Detrimental Business Losses Due To A Lack Of Penetration Testing

Posted in Commentary with tags on April 12, 2022 by itnerd

As the threat landscape continues to evolve, new research from CDW Canada, a leading provider of technology solutions and services for Canadian organizations, reveals that regular penetration testing can help organizations defend against increasingly sophisticated cyberattacks. The report, Rooting Out Risks conducted in partnership with Angus Reid, was released today to coincide with CDW’s inaugural Penetration Testing Awareness Day. The campaign aims to raise awareness of the importance of regular penetration testing, which involves a simulated attack against an organization’s network, data and personnel.

The research found that while nearly all (95 percent) Canadian organizations said they take security and protection against threats seriously, only 60 percent of organizations are conducting penetration testing. Even more concerning, nearly one-fifth (18 percent) of Canadian organizations said they are not conducting penetration testing at all, and less than half (40 percent) are making investments in penetration testing. When asked about barriers related to penetration testing, more than half (57 percent) of organizations indicated that penetration testing is not a company priority. Respondents also cited lack of employee expertise/talent (34 percent) and a lack of budget (33 percent) as key barriers to penetration testing, indicating that while organizations need a thorough understanding of threats to stay safe, many lack the time, talent or resources for regular assessments.

In addition, the research found that over one-quarter (26 percent) of Canadian organizations experienced a security breach in the past two years which resulted in detrimental business losses, including loss of productivity (58 percent), loss of data (37 percent) and financial loss (25 percent). With the increased threat of security breaches, the importance of engaging a trusted third-party IT partner to perform penetration testing remains paramount so that security gaps can be detected and bridged before they are exploited.

With decades of industry-leading experience, CDW specializes in reducing security risks by helping organizations prepare for – and defend against – their biggest security threats. As a trusted security partner, CDW develops customized solutions for organization’s unique risks and conducts penetration tests to identify and catalogue vulnerabilities in existing defence systems.

Leave a comment »