Archive for January 24, 2023

BREAKING: Federal Court Dismisses Rogers/Shaw Appeal

Posted in Commentary with tags , , on January 24, 2023 by itnerd

In a blow to consumers, the Federal Court of Appeal has shot down the Competition Bureau’s request to blog the merger of Rogers and Shaw. That leaves this whole thing up to federal Innovation Minister François-Philippe Champagne. And he Tweeted this:

At this point, the Federal Government hasn’t shown any interest in shooting what is clearly a merger that harms consumers out of the sky. Thus I do not have high hopes that Champagne will do anything but allow this merger to go through. And consumers will literally pay the price at the end of the day.

It’s truly too bad that Canada doesn’t have a federal government who recognizes that Canada pays far too much money for their telco services and is prepared to address the issue. While I am free to be surprised on that front, I don’t think I will be.

DOJ Slaps Google With An Antitrust Lawsuit

Posted in Commentary with tags on January 24, 2023 by itnerd

News has just dropped that Google has been hit with an antitrust lawsuit. Actually, it’s the second one in two years that has Google has been served up with. CNBC has the details:

This lawsuit, which is focused on Google’s online advertising business and seeks to make Google divest parts of the business, is the first against the company filed under the Biden administration. The department’s earlier lawsuit, filed in October 2020 under the Trump administration, accused Google of using its alleged monopoly power to cut off competition for internet search through exclusionary agreements. That case is expected to go to trial in September.

Google’s advertising business generated $54.5 billion in the quarter ended Sept. 30 from Search, YouTube, Google Network ads and other advertising.

Google also faces three other antitrust lawsuits from large groups of state attorneys general, including one focused on its advertising business led by Texas Attorney General Ken Paxton.

The states of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee and Virginia joined the DOJ in the latest lawsuit.

This is likely a sign of things to come as big tech is in the crosshairs of the US Government. Companies like Microsoft and Apple are likely to get served with similar lawsuits at some point. But in the here and now, execs at Google must be not be very happy about this.

HomePod OS 16.3 Has Been Released And It Activates Hidden Climate Sensors… Here’s What That Looks Like For You

Posted in Tips with tags on January 24, 2023 by itnerd

Today Apple released HomePod OS 16.3. And part of that release includes code to active climate sensors that have been hidden in the HomePod mini since the day that they were released in 2020. I believe that Apple intends that these will be used to monitor the temperature and humidity in rooms, and run automations based on that. I just updated my HomePod minis and here’s what I saw.

First of all, I noted that it took about 30 minutes per HomePod mini to update which is a bit longer than I was used to. I have four HomePod minis and I did the update on all of them at the same time to save some time. During the update, I noted a new tab was added to the Home app:

There’s now a Climate tab that allows you to see what the HomePod mini is detecting in terms of temperature and humidity. But once the update was completed, I wasn’t able to use this right away. Instead I saw this:

All the temperature and humidity sensors were in a “calibrating” state. That took about 30 minutes to complete. After that, I was able see this:

Now I don’t have anything like HomeKit compatible fans or anything of the sort. So I can’t use for anything useful myself. Other than perhaps ask Siri what the temperature is in a room. But if you have a HomeKit compatible fan or something of the sort, you can leverage that to turn on a fan if the temperature is too high, or turn on a HomeKit compatible humidifier if the humidity is too low. For what it’s worth, this information will also show up in widgets on the Home Screen in a summary format. Finally, I should note that the new HomePod that Apple is releasing shortly, which I can’t figure out why it exists, has similar functionality. And it is a safe bet that those will ship with 16.3 installed from the factory.

So is this new functionality in the HomePod mini something that you will leverage? Please leave a comment and share your thoughts.

Apple Puts Out A Campaign For Data Privacy Day… While Being Sued For Data Privacy Issues

Posted in Commentary with tags on January 24, 2023 by itnerd

I really find the fact that Apple is celebrating Data Privacy Day which is January 28th with a full campaign highlight that they apparently protect the privacy of its users ironic. But before I get to the ironic part, let’s get to the campaign that Apple is running. First, there are dedicated privacy-focused “Today at Apple” sessions. According to Apple, in this session, attendees will learn how they can customize each feature based on their individual privacy preferences. Which I suppose is a good thing. You can sign up for the “Taking Charge of Your Privacy on iPhone” session starting today on Apple’s website in the “Today At Apple” section in your country.

Second, there’s a short film that stars Ted Lasso star Nick Mohammed who plays “Nate the Great” on the show:

Now to the ironic part. Currently there are a total of three separate lawsuits relating to the lack of privacy on the iPhone that Apple is currently dealing with. While nothing has been proven in court, it’s clear that the “reality distortion field” is set to full strength at Apple Park as clearly they don’t see the irony here. And perhaps, maybe their MARCOMM people didn’t really think this through. Or they’re banking on the fact that the average Joe hasn’t heard of the three lawsuits in question. Either way, I am not sure that this is a good look for Apple.

ManageEngine RCE Bug Used For Pwnage By Hackers

Posted in Commentary with tags on January 24, 2023 by itnerd

Zoho ManageEngine has an extremely serious remote code execution (RCE) bug that apparently been exploited by hackers. Here’s the background that you need to know via Bleeping Computer:

Unauthenticated threat actors can exploit it if the SAML-based single-sign-on (SSO) is or was enabled at least once before the attack to execute arbitrary code.

Last week, Horizon3 security researchers released a technical analysis with proof-of-concept (PoC) exploit code and warned of incoming ‘spray and pray’ attacks.

They found over 8,300 Internet-exposed ServiceDesk Plus and Endpoint Central instances and estimated that roughly ​10% of them are also vulnerable.

One day later, multiple cybersecurity companies warned that unpatched ManageEngine instances exposed online are now targeted with CVE-2022-47966 exploits in ongoing attacks to open reverse shells.

​Post-exploitation activity seen by Rapid7 security researchers shows that attackers are disabling real-time malware protection to backdoor compromised devices by deploying remote access tools.

All Federal Civilian Executive Branch Agencies (FCEB) agencies must patch their systems against this actively exploited bug after it was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, according to a binding operational directive (BOD 22-01) issued in November 2021.

The federal agencies have three weeks, until February 13th, to ensure that their networks are secured against ongoing exploitation attempts.

Although BOD 22-01 only applies to U.S. FCEB agencies, the cybersecurity agency also strongly urged all organizations from private and public sectors to prioritize patching this vulnerability.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise,” CISA said on Monday.

Sylvain Cortes, VP of Solutions, Hackuity had this comment:

     “Most worryingly, vulnerabilities such as these are often dangerously accessible to attackers, many of whom are state-backed groups that exploit ManageEngine flaws to target multiple critical national infrastructure sectors, including finance and healthcare.

Threat actors thrive on Remote Code Execution vulnerabilities when the SAML-based single-sign-on (SSO) was or is enabled prior to the attack, in order to execute arbitrary code.

This raises huge security concerns for all Federal Civilian Executive Branch Agencies (FCEB) in particular, who must patch their systems against this bug after it was added to CISA’s Known Exploited Vulnerabilities (KEV) list.

The access that these vulnerabilities provide to threat actors leave hundreds of thousands of users at risk for cyber attacks, malware, social engineering attacks and more. Any interruption to these systems can also have a widespread impact in terms of revenue, loss of reputational damage. Organizations must focus on patching these exposed vulnerabilities as their main priority.”

The fact that the CISA is involved shows how serious this is. And it shows that you need to take this seriously as well if you use ManageEngine. Which means that you should ensure that all ManageEngine patches are applied so that you’re not the next victim.

Venafi Announces TLS Protect For Kubernetes

Posted in Commentary with tags on January 24, 2023 by itnerd

Venafi, the inventor and leading provider of machine identity management, today introduced TLS Protect for Kubernetes. As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud and multi-cluster Kubernetes environments. By delivering increased visibility, control and automation over machine identity management within more complex cloud native infrastructures, it helps enterprises improve application reliability and reduce development and operational costs. 

Built with a fully supported version of the cert-manager open source project – the de facto cloud native solution designed by Jetstack, a Venafi company, for developers to automate TLS and mTLS certificate issuance and renewal – TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, as well as offers options for security controls over certificate issuance to meet the security team policy for enforcing trust. It also includes a management interface that provides full visibility of public trusted certificates for ingress TLS, as well as private certificates for inter-service mTLS for pod-to-pod and service mesh use cases. By building a detailed view of the enterprise security posture across multiple clusters and cloud platforms, including certificates that have been manually created by developers, it proactively identifies operational issues that help platform teams maintain cluster integrity and prevent outages.

Features in TLS Protect for Kubernetes include:

  • Observability – Through a comprehensive web-based management interface, security and platform teams can easily discover machine identities used across all clusters, including alerts on machine identity management infrastructure health, compliance and configuration. It provides an instant visual status of all workload certificates, including their association with Kubernetes resources and X.509 certificate configurations. This includes certificates that have been manually created by developers. The interface works as both a cluster monitoring and machine identity management tool to identify potential security holes, such as unauthorized workloads, and proactively recommend fixes for identified cluster configuration errors.
  • Consistency – TLS Protect for Kubernetes enforces machine identity policy for TLS, mTLS and SPIFFE VID across all clusters based on enterprise security policies and ensures the proper version of cert-manager is used and configured consistently.
  • Reliability – The product integrates natively with Kubernetes environments to ensure performance and scalability, including a commercially supported, FIPS 140-2 compliant and signed version of the open source cert-manager project to provide enterprise-grade machine identity management across Kubernetes environments. As each new cluster is created, security teams can empower platform teams by using TLS Protect for Kubernetes to automatically bootstrap a fully supported and hardened version of cert-manager with each new cluster. This delivers better consistency for the way security tooling is managed across multi-cluster environments and reduces the risk of security drift for production environments.
  • Freedom of Choice – TLS Protect for Kubernetes supports multi-cloud configurations, cloud platform providers and Kubernetes distributions. It also integrates with popular secrets vaults and other DevOps and cloud native solutions.

TLS Protect for Kubernetes is generally available today to all customers. To learn more about the new product, please visit https://venafi.com/tls-protect-for-kubernetes/ or join the upcoming “Using Venafi for policy and control of certificate lifecycle management in Kubernetes” webinar on February 23 at 8:00am PST/11:00am EST/4:00pm GMT. Register for the webinar at https://trust.venafi.com/automate-certificate-policy-in-kubernetes/

Nozomi Networks Delivers The Industry’s First OT and IoT Endpoint Security Sensor 

Posted in Commentary with tags on January 24, 2023 by itnerd

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Nozomi Arc™, the industry’s first OT and IoT endpoint security sensor designed to exponentially speed time to full operational resiliency. Built to automatically deploy across large numbers of sites and devices anywhere an organization needs visibility, Nozomi Arc adds crucial data and insights about key assets and network endpoints. This data is used to better analyze and deter threats, as well as correlate user activity, all without putting a strain on current resources or disrupting mission-critical networks. 

Arc is a game-changer when it comes to complete asset visibility, deployment speed and reach across complex and remote OT and IT networks. Nozomi Arc is designed to:

  • Analyze endpoint vulnerabilities,
  • Identify compromised hosts,
  • Be deployed remotely; and 
  • Accelerate monitoring deployments in mission critical systems. 

According to the most recent SANS ICS security report, two of the biggest challenges facing security professionals center on the lack of security resources and the inability to track industrial control devices and applications. Nozomi Networks Arc is purpose-built to address both issues, while complementing the network-based analysis provided by Nozomi Networks’ Vantage and Guardian platforms. 

With Nozomi Arc, users benefit from:

Faster Time to Resiliency: Nozomi Arc eliminates time, resource, geographic and internal policy constraints that come with network-based deployments. It gets new sites online quickly and makes it possible to monitor and analyze once unmanaged or unreachable connections and networks. 

Lower Cyber Risk and Increased Security: Nozomi Arc is the only OT solution in the market to detect malicious hardware. It’s the first solution to provide continuous visibility into (active and inactive) network assets and key endpoint attributes as well as information about who is using them. With access to the full attack surface of host systems, Arc provides more complete threat analysis and monitors potential attack entry points than is possible with a network-based sensor alone. Additional points of visibility include attached USB drives and log files. 

Extended Visibility and Context: In addition to shining a light on more assets and devices and potential vulnerabilities, Arc identifies process anomalies as well as any suspicious user activity. This reduces the potential for insider threats or compromised hosts. Arc also adds continuous monitoring capabilities for endpoint assets, monitoring that is not possible with network sensors alone.

Lower Operational Overhead: Because Arc can be deployed remotely via software download, Nozomi Arc does not require extensive network changes to be deployed anywhere in the world – even the most remote location. There is no administrative overhead to manage thousands of endpoints across multiple sites. Deployments can be automated across environments, whether they are installed as part of a standard operating environment or periodically deployed to collect data and then removed. 

Nozomi Arc is available now via subscription from Nozomi Networks and its extensive global network of channel partners. Pricing is based on the number of assets monitored. 

For more information:

Read the Blog: Get More Insight into Endpoint Activity and Threats with Nozomi Arc 

Read the Product Overview: Nozomi Arc

Guest Post: Nearly 90% of the Pentagon supply chain fails basic cybersecurity requirements

Posted in Commentary with tags on January 24, 2023 by itnerd

The first-ever thorough analysis of the state of cybersecurity of the US defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.

Defense contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The in-depth analysis of the Pentagon supply chain was commissioned by CyberSheath, a cybersecurity compliance service provider, and was carried out by Merrill Research, a leader in providing custom, multi-methodological research services. Access the State of The Defense Industrial Base Report here

The survey questioned 300 US-based DIB contractors via an online survey in July 2022.

The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the DoD’s single, authorized system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed non-compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cybersecurity regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum.  

Over 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant.

The research conclusions show a clear and present risk to US national security.

These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of non-compliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the United States. Using foreign cybersecurity services has a risk on its own.

Other flaws were discovered in the following areas:

  • 80% do not have a vulnerability management system.
  • 79% do not have a robust multi-factor authentication (MFA) system in place, and 73% do not have an endpoint detection and response (EDR) solution.
  • 70% of organizations have not implemented security information and event management (SIEM)

These security measures are legally required by the DIB, and if they are not satisfied, the DoD and its capacity to undertake armed defense face a major danger. 

To read the full article, head over to: https://atlasvpn.com/blog/nearly-90-of-the-pentagon-supply-chain-fails-basic-cybersecurity-requirements

Apparently Trump Wants To Ditch His Own Social Media Company To Go Back To Twitter

Posted in Commentary with tags on January 24, 2023 by itnerd

Former President Donald Trump apparently wants to go back to Twitter so bad, he wants to ditch the social media company that he helped to found, which of course is Truth Social to do it. Mind blowing isn’t it. But according to Rolling Stone, he can’t, at least not yet, and here’s why:

When Trump first founded Trump Media & Technology Group (TMTG), he agreed to a “social media exclusivity term” that required him to “first channel any and all social media communications” to his Truth Social account for six hours before posting the content to other platforms, according to SEC filings.

Since late last year, former President Trump has informed several people close to him that he doesn’t want to re-up the exclusivity agreement with his social media company, Truth Social, two sources familiar with the matter tell Rolling Stone. “There’s not going to be a need for that,” is how one of the sources recalls Trump describing his soon-to-expire contractual obligation. 

The 18-month term of that requirement is up in June — right as the Republican primary is expected to begin heating up. After that, Trump’s exclusivity term would automatically renew for six month periods “unless notice is given.” In the event his exclusivity term expires, Trump would still be “required to post contemporaneously to Truth Social.”

“He said there’s an expiration date and that he didn’t want to make commitments,” the other source says. 

Asked whether Trump planned to continue to make Truth Social his exclusive social media home, a company representative directed Rolling Stone to a recent appearance by TMTG CEO Devin Nunes on Newsmax where the former California congressman said Trump “has no interest in going back to Twitter.” 

Sure he doesn’t. But assuming that he’s going to try and run for president again, Truth Social isn’t going to cut it as a means to get his message out there. Thus he needs Twitter. And it should be pointed out that Twitter needs him and more importantly his followers a lot more than Trump needs Twitter. Having his followers follow Trump to Twitter would be the sort of shot of the arm that Twitter desperately needs to survive. But I am not sure that Twitter having to wait until June for Trump to return would help Twitter. Thus you have to wonder if Elon Musk is going to offer some sort of incentive to get Trump to jump ship earlier. After all, Elon is a desperate guy these days.