Archive for January 25, 2023

BREAKING: Trump Gets His Facebook And Instagram Account Back

Posted in Commentary with tags on January 25, 2023 by itnerd

First Donald Trump got his Twitter account back. And now Facebook and Instagram are doing the same thing:

Nick Clegg, president of global affairs at Meta, which owns Facebook and Instagram, said Trump’s accounts will be reinstated “in the coming weeks” and come with “new guardrails in place to deter repeat offenses.”

Those guardrails will include “heightened penalties for repeat offenses — penalties which will apply to other public figures whose accounts are reinstated from suspensions related to civil unrest under our updated protocol. In the event that Mr. Trump posts further violating content, the content will be removed and he will be suspended for between one month and two years, depending on the severity of the violation,” Clegg said on the company’s website.

A spokesperson for Trump did not immediately respond to a request for comment.

It will be interesting to see if whatever “guardrails” Meta has will actually moderate Trump’s behaviour. And that assumes that his agreement with his own social media platform Truth Social doesn’t get in the way of this. This might be interesting to watch and see how Trump plays this.

Torq Announces 800% Revenue Growth And More

Posted in Commentary with tags on January 25, 2023 by itnerd

Torq, the security automation leader, today announced 800% revenue growth and 10X customer growth in its second year of operation in 2022, and  hitting the milestone of 1,000,000+ daily security automations. Torq also announced the Torq Advisory Board featuring global cybersecurity visionaries, and the appointment of Paulo Veloso, Vice President of Sales, Americas. Recently, Torq has also released critical industry-leading capabilities with the introduction of Parallel Execution and Torq Insights. In addition, Torq won myriad accolades across 2022, including being named to Forbes Israel’s Next Billion Dollar Startups list and being recognized as Global InfoSec Cybersecurity’s Startup of the Year.

Major Customer Momentum

In 2022, Torq’s customer base expanded to include Agoda, Armis, Chipotle, Fiverr, HashiCorp, IronSource, Lemonade, Riskified, and Wiz, as well as Fortune 100 consumer packaged goods, fashion, financial, hospitality, and sports apparel companies. This growth reflects significant enterprise traction across the United States, Europe, and Asia Pacific. 

Torq Users Surpasses 1,000,000 Daily Security Automations

Torq users are now executing more than 1,000,000 daily security automations with its platform – a major milestone that underlines its customer velocity. The exponentially-expanding usage of Torq also reflects how its security automation approach uniquely enables teams of any size to quickly create, deploy, and iterate on automated responses to unpredictable security events.

Torq Advisory Board

Torq announced the formation of the Torq Advisory Board, a group of some of the world’s most respected cybersecurity professionals. The board is helping guide the company as it further expands its security automation offerings and capabilities, serves more and more global enterprises, and continues to integrate the majority of cybersecurity systems into its platform.

Members of the Torq Advisory Board include:

  • Jason Chan, Former VP of Information Security, Netflix
  • Talha Tariq, CISO, HashiCorp
  • Yaron Slutzky, CISO, Agoda
  • Bill McKinley, CISO, SigFig and former Head of Information Security at The New York Times

New Sales Leadership

Paulo Veloso, Vice President of Sales, Americas, is Torq’s latest executive team addition. Prior to Torq, Veloso led America Sales at Splunk, helmed strategic accounts for HP Enterprise, was responsible for LATAM sales at Thales E-Security, and served as executive Sales manager at Cipher. Veloso is focused on expanding Torq’s Americas customer and prospect bases, with an emphasis on enterprise deployments.

Torq Insights Drives Industry-Leading Analytics

In late 2022, Torq delivered its latest platform innovation with Torq Insights, a comprehensive reporting and analytics overlay that provides the operational data needed to consistently manage, monitor, and iteratively evolve the security automation stack, to ensure it’s providing maximum protection while driving optimal efficiency.

“Torq Insights shows me how actively my team is using the platform to improve our overall security posture and makes everyone’s lives easier and more productive,” said Phillip Tarrant, SOC Technical Manager, CompuQuip. “It allows me to see my teammates’ progress with Torq by showing the value they’re getting out of it. The ‘total runs’ analytics capability is huge. It’s amazing to see that Torq is handling 80,000+ runs a week for CompuQuip without a single hiccup.”

Torq Delivers on the Promise of Parallel Execution

Torq’s recently-introduced Parallel Execution capability is a significant evolution for no-code security automation that enables users to instantly create multiple branches within an automatic workflow, and handle each concurrently before seamlessly merging back into a single flow. While some SOAR platforms claim to support parallel processing, these solutions require massive engineering efforts to deploy. 

Torq now offers true no-code parallel computing, to provide easier workflow design, adaptable iterating, and more powerful execution, which security teams have long asked for. Now, teams can focus on actual security responses without sacrificing precious time and resources to develop the workflows that deliver them.

New Tel Aviv Office Presence

In 2022, Torq opened a three-floor, state-of-the-art office in the heart of Tel Aviv, Israel. The office is designed to expand as Torq’s staff and operations continue scaling during the next several years. It includes a customer visitor center, comprehensive R&D facilities, and extensive collaborative environments designed to harness and channel the company’s collective energy as it solves critical customer security challenges.

Torq Racks Up Industry Awards

Torq is proud to have won many prestigious awards across 2022, including being named one of the top-10 most innovative startup companies by the RSA Conference; the Cybersecurity Excellence gold award for No-Code Security Automation; the BIG Fortress Cybersecurity Award for Incident Response; Duns 100 Best Start-Up Companies to Work for Over 100 Employees Award; and Global Infosec’s Cybersecurity Startup of the Year award. Torq was also named to Forbes Israel’s Next Billion Dollar Startups list and Qumra Capital’s Tomorrow’s Growth Companies list.

Hacker Claims That Hilton Hotels Data From 2017 On 3.7 Million Users Of Their Loyalty Program Is For Sale

Posted in Commentary with tags on January 25, 2023 by itnerd

Having personally been a victim in the Marriott hack where data on millions of guests went into the dark web, I am sensitive to other hacks of this type. Which is why this story about Hilton Hotels got my attention:

User data of Hilton Hotels have been put on sale on a dark web forum. A forum user under the alias IntelBroker has offered a database of 3.7 million users belonging to the Hilton Hotels Honors program.  

“Today I have uploaded the Hilton Hotels Honors 2017 Database for you to download,” said the post. 

According to the threat actor, the data contains personally identifiable information (PII) such as honors ID, address, name etc. However, the hotel group’s spokesperson denied any possibility of a data breach news

There is no evidence to suggest Hilton systems have been compromised, and we can confirm that no guest passwords, contacts or financial information have been disclosed,” the spokesperson told The Cyber Express. 

“We are investigating this report closely and taking all appropriate measures to ensure the continued security of our Hilton Honors members’ and guests’ information.”   

So, until someone tests this claim by verifying the information, which to be clear dates back to 2017, we have no confirmation that this is legit. And even though Hilton was previously pwned in 2015, there’s no indication that they have been pwned again. At least not yet.

David McCaw, Co-Founder & CRO, Dasera had this to say:

“The recent alleged data breach of Hilton Hotels’ Loyalty Program is a bit unsettling. With the high probability of any company being the victim of a data breach, it’s worrying that a hacker could possibly lie about a data breach of this magnitude and draw attention, eroding at least a bit of the organization’s reputation. Regardless, Hilton’s prompt response and due diligence into the alleged hack should be commended. Data security is of the utmost importance, and more than anyone, Hilton understands the concerns the recent news may have caused for its customers, myself being one of them. We all need to fully accept and recognize that data breaches can happen to any organization and it is crucial to have strong data governance and security measures in place to prevent them. This includes regular security audits, access controls, encryption, employee training on security best practices, and incident response plans in case of a security breach. We hope for Hilton’s and their customers’ sake that the situation will be resolved quickly and efficiently and that they remain committed to keeping their customers’ personal information secure.”

This is one of these situations where we will have to watch and see if this is legit and how bad this is. And more importantly, how Hilton responds to this.

Riot Games Pwned And The Company Gives The Hackers Behind It A Big Middle Finger

Posted in Commentary with tags on January 25, 2023 by itnerd

I report on companies getting pwned by hackers. But I rarely get to report on companies that have been pwned flipping the bird metaphorically speaking to said hackers. Take Riot Games. They were hacked last week.

Yesterday, the company updated this situation with a very interesting response:

So the company had source code stolen. But they aren’t going to pay the hackers who were apparently were asking for $10 million.

While in the short term, I can see a scenario where cheats for various Riot Games appear, this is the right decision because stolen data is only valuable if the hackers get paid. So how valuable is the data that was stolen I ask? And also, Riot has been very transparent. More so than I am used to seeing.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this to say:

   “This is one of the better way to handle an ransomware event. They laid everything out include potential downsides but ends on a cherry note that most of the stolen code was prototype and was never designed to be released. This is transparency personified.”

Michael Slipsager, CEO, BullWall follows up with this commentary:

   “Riot Games will not be paying the $10 million ransom demand to stop the leak of their source code.  Good for them and for practicing full transparency on the breach, as paying the ransom not only emboldens hackers to continue their attacks, but it also does not guarantee that the stolen data will not be released.

   “Despite taking steps to protect their data, even companies with strong security measures in place can still fall victim to a ransom attack and can still suffer the consequences of a ransom attack, such as loss of sensitive data, reputational damage, and financial losses. 

   “Even well-prepared companies like Riot Games may find themselves vulnerable to a ransom attack and it is important for all companies to stay vigilant and have a robust incident response plan in place to minimize the impact of such attacks.”

I applaud Riot Games for taking this stance. If more companies would do something like this as opposed to paying the ransom, hackers would be out of business shortly thereafter.

ThreatConnects Announces Industry-First Platform Explicitly For Threat Intelligence Operations

Posted in Commentary with tags on January 25, 2023 by itnerd

Today, cyber threat intelligence company ThreatConnect released the industry’s first threat intelligence (TI) platform explicitly designed for TI Ops. The new release radically increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis,  ML-powered analytics and intelligence, and automation. 

The ThreatConnect Platform enables organizations to achieve alignment between security operations and the critical risks to the business, better security efficiencies, and greater effectiveness, including faster time to mitigate essential vulnerabilities and faster mean time to detect (MTTD) and respond (MTTR) to threats. In a recent survey of ThreatConnect customers, more than 68% of respondents said that the product helped them improve their MTTR by more than 50%.

In the same study, 95% of respondents noted that ThreatConnect enabled them to get more value from their existing security tools, such as SIEM, XDR, and SOAR. Customers can now go beyond just managing threat intel to operationalizing it and fusing it across every part of your security program, from threat investigation to incident response to vulnerability management with ThreatConnect’s ML-Powered Global Intelligence and Analytics with CAL™ v3.0, Native Reporting Engine, and Built-in Enrichment.

For more information, there’s a blog post that you can read a this link: ThreatConnect 7.0: The Industry’s First Threat Intelligence Operations (TI Ops) Platform.

Bell Is Rolling Out New Firmware To The Gigahub

Posted in Commentary with tags on January 25, 2023 by itnerd

You might have been following my coverage of Bell’s rollout of the new Gigahub which is the hardware that they supply to their Bell Fibe customers. Out of the box, it had issues. And I put out a request for help identifying these issues as I was getting a lot of emails asking for help. Ultimately Bell identified these issues via a Bell employee who frequents the DSLReports.com forums called “Bell_Dom”. A firmware update then came out that fixed the initial rollout had. But you had an ask for it.

That seems to have changed in the last few days as according to this thread on DSLReports.com, Bell appears to be rolling this out widely. The firmware is version 1.7.8.1 and it is specific to the Gigahub. One bonus of this new firmware is that it finally fixes the issue of WiFi re-enabling when you reboot the Gigahub. That’s something that I wish that Bell would bring that down to the HH4000 as that bug is annoying.

Have you received this update on your Gigahub? What has your experience been? Please leave a comment below and share your experience.

Early Morning Microsoft Outage Caused By “Network Change”

Posted in Commentary with tags on January 25, 2023 by itnerd

Early this morning, Microsoft had an outage that affected, but were not limited to the following services:

  • Teams
  • Xbox Live
  • Outlook
  • Microsoft 365 
  • Minecraft
  • Azure
  • GitHub
  • Microsoft Store

The issue started at about 2.30 a.m. EST and ended about 2 hours later. What’s interesting is that Microsoft said this:

So Microsoft made a change that broke a lot of their online services and had to roll it back. That does happen from time to time with the best example that I can think of is Rogers and their July outage. But that creates issues for people who rely on said services. My question for Microsoft, which I hope they answer is what specifically happened and what will they do to ensure that it doesn’t happen again. Microsoft does give some version of this information out, so I for one will be interested to see what they say.

UWindsor Secures $5M Partnership With TELUS To Propel 5G Research

Posted in Commentary with tags on January 25, 2023 by itnerd

The University of Windsor (UWindsor) and TELUS today announced the launch of a 5G connected campus and commercial lab to support advanced research with 5G technology and establish the university as a go-to centre for innovation. TELUS, a world-leading communications technology company, is investing $5 million as part of a multi-year agreement that began in 2020 to fuel the development of new applications for 5G technology. The collaboration will not only support multidisciplinary research in the agriculture, advanced manufacturing, and connected and autonomous vehicles (CAVs) sectors, but will transform UWindsor campuses to enhance teaching, innovation and collaboration.

Beyond the development of the 5G commercial lab, the central space in the Ed Lumley Centre for Engineering and Innovation will be named the TELUS Atrium. The area is fostering collaborative concept discovery, ideation and creativity as students and researchers build solutions that meet today’s global challenges. Initial joint projects include:

Equipping connected vehicles for cross-border travel using 5G

  • Working with the Ontario Vehicle Innovation Network (OVIN), Original Equipment Manufacturers (OEMs) and policy makers to better equip connected vehicles to solve cross border challenges, including congestion and supply chain obstacles, using 5G.

Developing new cybersecurity applications for connected and autonomous vehicles (CAVs) 

  • In collaboration with Mitacs, a nonprofit national research organization, this project will explore the use of artificial intelligence (AI) and deep learning to identify potential vulnerabilities and access points in CAVs, enhancing safety and security.

Exploring the effective use of AI and Internet of Things (IoT) sensors in high-tech greenhouses to enable more efficient food production

  • UWindsor has partnered with Horteca to launch a two-acre, fully-operational connected research greenhouse in Harrow, Ontario. Using 5G network technology, the greenhouse will use IoT and compute capabilities to make food production more scalable, while reducing cost and footprint.

TELUS’ next generation networks are unleashing human productivity and contributing to improved health and educational outcomes, supporting environmental sustainability, fostering entrepreneurship, bridging the socio-economic divide, and driving economic growth. The agreement will build on the strength of existing partnerships to provide UWindsor and industry and community partners with the infrastructure, expertise and processes to enable new collaborations driving future public-cooperation agreements.

The TELUS 5G network currently reaches approximately 80 per cent of the Canadian population from coast-to-coast as part of its significant $70 billion investment to further develop infrastructure and operations through 2026, demonstrating its commitment to connecting Canadians and driving remarkable social outcomes in our communities. To learn more about TELUS’ 5G network visit telus.com/network.

To learn more about UWindsor’s research and innovation programs, visit http://uwindsor.ca/research-partnerships.

New Research Details Bounce The Ticket And Silver Iodide Attacks In Azure AD

Posted in Commentary with tags on January 25, 2023 by itnerd

Silverfort research has found adversaries could attack the new Microsoft Azure AD Kerberos authentication protocol to move laterally around hybrid environments.

Made generally available in August 2022 to enable cloud authentication for IaaS workloads such as servers and file shares, the new protocol is exposed to the two new techniques which evolve long-standing Silver Ticket and Pass the Ticket attacks – both of which are already well-used by threat actors to move laterally. 

The new version of Pass-The Ticket, called Bounce the Ticket, allows an attacker to steal Kerberos tickets from memory and use these to manipulate the Azure Ticket Granting System into granting malicious access to cloud workloads such as servers. This could be used to pivot around hybrid environments.   

In the enhanced Silver Ticket attack, called Silver Iodide, the Silverfort research team was able to attack Azure Files and forge Kerberos tickets to demonstrate how a threat actor could escalate privileges on the cloud-based File Share. 

Like many attacks on identity systems, the issues described lie in the underlying logic of the protocol. Fixing them would require re-engineering Kerberos – it is not simply a case of patching code. Both techniques were shared with Microsoft’s MSRC team prior to publication. 

You can read the research here.

Apple Has Done It Again…. Base Model M2 Macs Have Slower SSD’s…. And That Includes The Pro Models

Posted in Commentary on January 25, 2023 by itnerd

Back in June when the new MacBook Air and MacBook Pro both with the M2 processor shipped, a controversy erupted when it was discovered that the base model computers had slower SSD’s installed versus the base model M1 equivalent computers. At the time I said this as to the reason why they were slower:

This is due 256GB model is equipped with only a single NAND flash storage chip. The M1 version had two NAND chips that were likely 128GB each. This creates a RAID like setup that resulted in better performance. The only reason why I can think that Apple did this to save a few bucks so that they can have higher margins on the computer. And what makes that worse is that Apple raised the price this time around. 

I then declared that the base model was a bad deal and you should skip it entirely and upgrade to 512GB. It now seems that Apple has done it again. Both MacRumors and 9to5Mac are reporting that the new Mac mini at the base model level has a single NAND chip. And what’s worse, Apple’s cost cutting has now seemed to have spread to their “pro” as 9to5Mac is reporting that the base model 14″ MacBook Pro with the M2 Pro chip comes with a single NAND SSD setup. Which means that it has similar performance, meaning it has bad performance.

Now while I don’t like the fact that Apple’s cost cutting affects their entry level computers, I get it. Those are built to a price point. But for it to hit their “pro” computers where people willingly pay a premium for is inexcusable. I honestly don’t understand why Apple would do that. I can only conclude that Apple is counting on the fact that most “pro” users will custom order their computers with higher storage options which avoids this problem entirely. If that’s the case, that’s really a cynical view by Apple.

And just generally, Apple doing this again after getting significant blowback when they did this last summer is just mind blowing as you’d think that Apple would have wanted to avoid a second go round of this controversy. One person that I know suggested that Apple really must want to screw over their customers. I wouldn’t go that far, but the optics of this situation do not look good for Apple. And I guess that going forward, if you want to buy a Mac, and you expect decent levels of performance, you need to spend more money because Apple is basically forcing you to do so.

That’s really not a good look for Apple if you ask me.