Archive for February, 2023

« Older Entries

Targus Earns Bronze EcoVadis Rating

Posted in Commentary with tags on February 28, 2023 by itnerd

Targus, the number one laptop case brand in the U.S. and Canada and a leader in laptop cases and mobile computing accessories, announced that it has earned a bronze sustainability rating from EcoVadis, the world’s most trusted provider of business sustainability ratings. 

The EcoVadis methodology assesses companies’ policies, measures, and published reporting in the areas of environment, labor and human rights, ethics, and sustainable procurement. A bronze rating indicates that Targus ranks among the top 50 percent of performers worldwide across these key areas. 

In addition, Targus participated in a global Treekly challenge to turn their footsteps into forests. The Targus team collectively walked a total of three million steps in both the months of September and January, roughly 1,500 miles! According to Treekly, by turning footsteps into forests, Targus created fair-wage employment for indigenous communities in Moraharivo, Madagascar to plant and protect a further 5,849 mangrove trees, with an overall total now at 11,408. The “Targus Forest” is estimated to capture approximately 625 tons of CO2 by 2030 and 3,858 tons by 2050. The latter is equivalent to flying economy class from London to Hong Kong round trip over 1,000 times or driving over six million miles, according to the Treekly Impact report detailing the results of Targus’ Treekly contributions. 

Among other key sustainability achievements, to date, Targus’ product management team calculates that the company has recycled 17 million plastic bottles through its EcoSmart line of eco-friendly laptop bags and has now expanded its EcoSmart technology to the tech accessories category.  

The new collection includes an Energy Harvesting EcoSmart Keyboard, which was named a CES 2023 Innovation Awards Honoree, as well as an Ergonomic EcoSmart Keyboard and Ergonomic Ambidextrous EcoSmart Mouse, all made with post-consumer recycled plastic and wrapped in sustainable packaging. The Energy Harvesting EcoSmart Keyboard is available now, with the Ergonomic EcoSmart Keyboard and Ergonomic Ambidextrous Mouse launching later this spring. 

To learn more about Targus’ sustainability progress and roadmap, read its 2023 Global Sustainability Report and head to the Targus press room for its latest sustainability developments and product launches. 

Leave a comment »

A Follow Up To The Highly Dangerous Zoom Phishing Email

Posted in Commentary on February 28, 2023 by itnerd

Earlier today, I came across a phishing email that purported to be Zoom asking you to download “security software”. I did some investigation and on the surface, there were some serious alarm bells that I noted. I decided to dig deeper to see what the intent was behind this phishing email and I think I found it. Thought it took me some time to get there.

First of all, I can confirm that this is a highly dangerous Zoom installer that will not be detected by any anti-virus program. Nothing that I tossed at it would detect it. That’s very bad.

On top of that, it seems to have the ability to evade my VM to avoid analysis. Thus I had to take it to a real PC that I use for testing this sort of thing as I can restore it easily and it doesn’t sit on my main network. And after looking at it for three hours, I can say that what it appears to do is as follows:

  • It seems to monitor certain registry keys / values for changes. I am guessing that this is done to protect autostart functionality.
  • It appears to go to sleep. I assume that this is to make it harder to analyze.
  • It seems to have some functionality that isn’t enabled yet as there appears to be a portable executable that isn’t currently running, but was added by this software.
  • It runs checks on the volume name of the device that it is on. It also scans the file system. That implies that it is looking for files that it can steal.
  • It changes any Windows certificates that it comes across.
  • It looks like it has the ability to phone home as it occasionally pings several IP addresses that I was able to capture on my network monitoring tools.

That implies that whomever came up with this is a highly advanced threat actor. This would also qualify as spyware in my mind. And the kicker is that the Zoom functionality seems to still work. So the best way to not get pwned by this is to never download it and install it.

Now, if you run Zoom in your enterprise, the best way to ensure your Zoom users never trip over this is to turn on the ability to force updates to Zoom. This document will help you with that. And I will warn you that your users will not be happy about this. But this combined with user education about phishing emails like this one are the best way to defend against this sort of attack. If you’re an average user, you should only do updates via the app via the “Check For Updates” function. And of course, if you get an email like the one that I discovered earlier today, you should always delete it and never interact with it.

Leave a comment »

U.S. Marshalls Get Pwned Rather Than Getting Their Man

Posted in Commentary with tags on February 28, 2023 by itnerd

The U.S. Marshals Service who are better known for getting their man is now known for being pwned in a ransomware attack:

In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”

Wade said the incident occurred Feb. 17, when the Marshals Service “discovered a ransomware and data exfiltration event affecting a stand-alone USMS system.”

The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said.

He added that on Wednesday, after the agency briefed senior department officials, “those officials determined that it constitutes a major incident.”

Even if this was a stand alone system, this is still pretty bad. Though it looks like at first glance that this was contained. However there was data theft. And some sensitive stuff was stolen.

Jan Lovmand, CTO of BullWall had this to say:

   “Even organizations with extensive resources and expertise fall victim to ransomware attacks. The U.S. Marshals Service (USMS) is responsible for catching fugitives and handling federal prisons in the US and has all the resources of the US government at their disposal. Not unlike the cyber attack on the FBI’s New York Field Office last week, they are a high government profile target and not immune to determined malicious hackers. 

   “In addition to the theft of highly sensitive information, these ransomware attacks can cause significant operational disruption. The U.S. Marshals Service’s system contained sensitive information, including returns from legal processes, administrative information, and PII of USMS employees and subjects of investigations. 

   “Containment and after-action strategies are crucial for all organizations to mitigate the risks associated with ransomware attacks. Organizations must have a response plan in place to contain the attack, preventing further damage, as well as a strategy for recovery and restoration of data and systems. These plans should be regularly updated and tested to ensure their effectiveness.”

This incident is pretty bad and hopefully there’s a root cause analysis to allow this agency to ensure that this never happens again.

Leave a comment »

A Highly Dangerous Zoom #Phishing Email Is Making The Rounds

Posted in Commentary with tags on February 28, 2023 by itnerd

Since the start of the pandemic, Zoom has exploded in popularity as a means to communicate. But threat actors are latching onto that to advance their goals. Take this email for example:

It looks well crafted and seems like something that could come from Zoom. But look closer and you’ll see that it isn’t from Zoom. Starting with this:

This isn’t a Zoom email address as Zoom uses zoom.us as their domain. So right out of the gate, this is a red flag. Now I will say that unlike most phishing scams that I come across, the English in this email is decent. I guess threat actors are finally learning that their English needs to be on point if they have any hope of scamming someone. But what hasn’t changed is a call to action to get you to do what they want. Specifically this:

Please take note that your account will continue to be inactive until you install the security app. We’re sorry for any inconvenience this may cause.

If you think that you can’t use Zoom until you install this “Security App”, then you’re more likely to click on “Install Security App”. Which by the way you should not click on that. But because I am a trained professional, I did. And here’s what I got:

Now I have to admit that the threat actors spent a lot of time and effort making this look just like something that Zoom would do. But a closer look shows that this isn’t a Zoom web page:

Again, Zoom’s domain for web and email is Zoom.us. Thus this is another red flag. And to reinforce the fact that they want you to do what the threat actors want, there’s this:

This makes me think that this scam is aimed at companies who use Zoom rather than individuals as those are all features that companies use. Also, you’ll notice that the quality of the English falls apart here.

I’m pretty sure that if you click download, you’ll get some malware. Let’s find out by taking a Windows 11 virtual machine and trying to install it just for giggles. I recorded the install process for you to view.

Now I did compare this to the real Zoom installer and the install process is identical. The only thing that jumps out at me is the version number, which is version 5.13.5 (12053). The latest version that I am aware of for Windows is 5.13.10 (13305) which makes this slightly older. I also noted that Microsoft Defender didn’t stop this. I also ran this by VirusTotal and it didn’t flag this as suspicious either. That implies that this is a novel attack of some sort which makes this extremely dangerous. I am going to investigate this further and I will update you with my findings. But in the meantime, I have reached out to Zoom and submitted all of this information so that they can put an end to this. But until they do, I would not only watch out for this threat if it hits your inbox, I would send this out far and wide to make sure nobody gets hit with this as clearly this threat is dangerous.

UPDATE: You can read my analysis of this threat here.

1 Comment »

Marcus Hutchins Joins Cybrary 

Posted in Commentary with tags on February 28, 2023 by itnerd

Cybrary today announced that cybersecurity researcher Marcus Hutchins has been appointed as the first Cybrary Fellow. Hutchins is renowned for stopping the global WannaCry ransomware attack.

As a Cybrary Fellow, Hutchins will collaborate with various teams and work cross-functionally to foster engagement with Cybrary’s community of over 3 million learners through spearheading training events and mentoring opportunities, advising on training content strategy, and co-creating new hands-on learning activities such as virtual labs and pathways.

Hutchins shares Cybrary’s passion for ensuring cybersecurity training is affordable and accessible, making his appointment a natural fit. In this role, he is well-positioned to impact Cybrary’s mission to equip cybersecurity professionals with the skills they need to get hired and effectively defend against threats.

The announcement follows Cybrary’s recent Cybrary Free Access launch offering more than 500 hours of material designed to help users break into the cybersecurity industry and advance toward their career goals. 

Leave a comment »

Compugen signs global partnership with OTORIO 

Posted in Commentary with tags on February 28, 2023 by itnerd

Compugen, one of Canada’s largest and most established technology solutions providers, has announced a business partnership with operational technology (OT) and digital risk management solutions provider OTORIO. This move will see Compugen leverage OTORIO’s leading platform in its OT solutions to better protect customers against cyber threats in industrial environments.

As operations in industry and manufacturing become smarter, more data-driven, and more connected, the risk of cyber attacks in this segment has grown exponentially, with incident volumes marking an increase of 67% in the last five years. Such intrusions have led to outages, disruptions, and millions of dollars incurred – causing real, tangible damage to businesses and institutions and their ability to serve their customers. Compugen and OTORIO see this development as an opportunity to bring advanced cyber defense solutions to Canada’s growing OT landscape and help improve security posture across the industry.

Under the partnership, Compugen will resell OTORIO’s RAM OT security protection monitoring platform and spOT Assessment compliance risk assessment software solution, as well as use the latter to offer customers efficient and effective periodical technical risk assessments of their operational networks. The company’s long-standing relationships with the most respected names in IT enable the integration of many different technologies into comprehensive, business-driving solutions. 

Leave a comment »

White House To Government Employees: You Have 30 Days To Get TikTok Off Your Phones

Posted in Commentary on February 28, 2023 by itnerd

The pressure on TikTok is increasing as this just happened:

The White House is giving all federal agencies 30 days to wipe TikTok off all government devices, as the Chinese-owned social media app comes under increasing scrutiny in Washington over security concerns.

The Office of Management and Budget calls the guidance, issued Monday, a “critical step forward in addressing the risks presented by the app to sensitive government data.” Some agencies, including the Departments of Defense, Homeland Security and State, already have restrictions in place; the guidance calls on the rest of the federal government to follow suit within 30 days.

The White House already does not allow TikTok on its devices.

Seeing as TikTok is owned by ByteDance which is a Chinese company, the Chinese government was sure to react at some point. And as if on cue, they have:

The U.S. government “has been overstretching the concept of national security and abusing state power to suppress other countries’ companies,” Mao Ning said at a daily briefing. “How unsure of itself can the U.S., the world’s top superpower, be to fear a young person’s favourite app to such a degree?”

TikTok really has no meaningful answer to suggestions that data from the app can be accessed by the Chinese government? Or the fact that the potential exists for the Chinese government to use TikTok to launch things like disinformation campaigns? Could that be the reason why the Chinese government is not only seeing bans like these pop up, but why they might also be freaking out?

Chris Vaughan, AVP – Technical Account Management at Tanium had this to say:

This latest step at the federal level to ban TikTok from government-owned devices reflects that institutions are recognizing that a comprehensive approach is important to protect our citizens from social media campaigns designed to further foreign political objectives and deepen divisions in western societies.

Chinese intelligence tactics are fueled by the sustained collection of user data such as commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations with longer term objectives. Such data can deliver targeted, timely psychological operations against individuals or groups of citizens. We have seen this during election cycles and politically charged events in recent years. This move raises the question of  the extent to which Chinese influence is acceptable when it comes to national infrastructure and everyday life. Concerns have increased in the West in recent months and the use of Chinese surveillance technology has been restricted. We have also seen reports of Chinese initiatives to influence politicians through lobbying and donations, as well as through the spread of disinformation through social media.

We’ve previously seen Russia’s use of information operations during the 2016 US election and UK’s Brexit referendum. China’s focus meanwhile has been on the theft of intellectual property, but there are indications that the CCP may look to information and influence operations to advance its strategic goals. Such instances must be met head on by the US and other western political leaders, and this ban begins to reflect that realization.

I’ve been saying for a while that TikTok needs to be banned as it cannot be trusted. And I am glad to see it start to happen. But what really needs to happen is that it needs to be banned outright. I’m watching with great interest to see who the first country is that does that as it will certainly create a domino effect of other countries doing the same thing.

Leave a comment »

Nyriad and DigitalGlue Partner to Enable Creatives to Optimize Resources

Posted in Commentary with tags , on February 28, 2023 by itnerd

Nyriad and DigitalGlue are partnering to dramatically improve the performance, resilience, and efficiency of media production workflows while removing complex IT-centric tasks and simplifying them with a streamlined user experience. In doing so, creatives and contributors will be able to optimize resources, eliminate costly delays in post-production, and deliver great content on deadline and on budget. 

Nyriad’s UltraIO data storage system uses the processing power of GPUs and advanced algorithms to deliver exceptional performance, resilience, and efficiency. DigitalGlue’s creative.space platform is purpose-built to make enterprise storage simple to use and manage without the need for specialized knowledge or a dedicated IT department. By combining the two solutions, creatives and contributors can deploy, manage and elastically scale their production workflows quickly, easily and affordably.

The joint Nyriad UltraIO and DigitalGlue creative.space solution delivers: 

  • Performance – With high read and write bandwidth capabilities, creative.space plus the UltraIO platform removes storage as a bottleneck so that artists can invest their creative energy in the quality of their content. Editing inline without the need to copy data between file systems or create lower resolution proxies can save many hours of wasted time and reduce the number of files to manage.
  • Resilience – The UltraIO system can withstand up to 20 drives failing simultaneously with no data loss while maintaining 95% of its maximum throughput, which allows teams to work unhindered. Combining this with the proactive support from creative.space and Nyriad, the solution provides customers with peace of mind that their data and workloads are protected while not compromising the performance required.
  • Efficiency – UltraIO storage allows customers to use up to 90% of the raw capacity deployed in the environment, a level of efficiency that is largely unmatched in the storage market today. Tools available in the creative.space software suite reduce operational and management overhead. While reducing the amount of raw capacity needed to purchase, UltraIO’s efficient platform also reduces the carbon footprint of storage by up to 70% compared to competitors’ platforms of similar performance and capacity.  
  • Simplicity and Ease of Deployment – The combination of creative.space and the UltraIO storage platform is simple and easy to manage, deploying seamlessly into customers’ environments without the need to refresh or replace existing technologies. The combined solution immediately begins to enable operational simplicity and flexibility, providing opportunities to consolidate and streamline many production tasks such as rendering, streaming, non-linear editing, content ingest, and active archive, among others, into a single, easy-to-use platform.

To learn more about the joint Nyriad UltraIO and DigitalGlue creative.space solution, please visit: https://www.nyriad.io/nyriad-and-digitalglue-solution-brief/ and/or https://www.creative.space/partnerships/nyriad.

Leave a comment »

LastPass Admit That They Have Been Pwned Yet AGAIN

Posted in Commentary with tags , on February 28, 2023 by itnerd

LastPass has notified customers of a second attack which resulted in the breach of encrypted password vaults. This second incident, resulting in the threat actor making use of information exfiltrated during the first incident to exfiltrate corporate data from cloud storage resources, was caused by one of their DevOps engineers’ personal home computers being hacked. 

Sharon Nachshony, Security Researcher at Silverfort had this to say:

     “Given the number of people who rely on LastPass it’s easy to pass quick judgment on back-to-back incidents, however, what this really shows is the difficulty of detecting attacks that use seemingly legitimate, yet stolen, credentials. By obtaining these credentials, the threat actor was able to masquerade as a highly trusted user, giving them the freedom to pivot into the cloud storage environment.  

The corporate vaults holding privileged credentials often become a single point of failure. Given enough reconnaissance time a motivated attacker will try to understand how to compromise such vaults because, once they have such credentials, it’s like having a VIP pass to corporate resources. In the case of this attack, an additional layer of MFA to authenticate into the cloud storage environment may have provided additional protection.”

If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. But if you’re asking me what you should do, I would suggest dumping LastPass completely on top of changing all your credentials immediately. It’s pretty clear that LastPass isn’t secure based on their recent history of being pwned, and has no path to become secure anytime soon. Thus moving your passwords off their service with urgency is your best course of action.

Leave a comment »

Appdome Announces the Industry’s First Mobile XDR for Brands Globally

Posted in Commentary with tags on February 28, 2023 by itnerd

Appdome, the mobile app economy’s one and only Cyber Defense Automation platform, today released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. For the first time in mobile history, mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the mobile app channel.

Global consumers now prefer mobile apps over other digital channels. While XDR, EDR, SIEM and other solutions serve web, cloud and enterprise environments well, these solutions do not provide attack and threat detection or response from the increasingly dominant mobile revenue stream and mobile channel used by consumers. Prior to ThreatScope Mobile XDR, cyber, fraud and dev teams at consumer brands were left in the dark, with no practical means to gather, share or use data from siloed and fragmented cyber and fraud systems. 

Appdome’s ThreatScope Mobile XDR gathers thousands of threat signals from mobile app security, hacking, fraud, malware, cheat and bot attacks from inside each of 100M deployed mobile apps and translates that data into brand relevant views that cyber, fraud and business teams can use to evaluate and respond to mobile threats and attacks in real time. There is no need for coding, SDK, MDM, EMM or UEM, or for any user to install an additional app on the user’s device. ThreatScope Mobile XDR goes beyond device-level attestation and gets its data straight from attacks and threats impacting the brand’s in-production mobile apps. ThreatScope Mobile XDR is pre-integrated with Appdome’s Cyber Defense Automation platform for Android and iOS apps for instant response to any cyber or fraud attack.

ThreatScope Mobile XDR provides mobile businesses and mobile brands:

Consolidated Attack and Threat Intelligence – Consolidated, real-time, attack and threat intelligence from across the cyber security, fraud, malware, cheat and bot attack landscape, all from in-production Android and iOS apps.

Threat-Views – Allows brands to create, save and monitor attacks and threats by mobile app, specific threat, threat type, OS platform and other business-specific perspectives. Isolates specific cyber security, fraud, malware, cheat and bot attacks, reduces noise and zeros in on the attacks with the biggest impact to each app, release, brand and users.

Track 1 to 1000s of Mobile Attacks – With configuration as code ease, monitor and respond to one, any combination or all of ThreatScope’s 1000s of unique threats, attack vectors, attack techniques and methods applicable to Android and iOS apps with ease. New detections targeting Android and iOS apps added weekly.

Automated Threat Response – Automate cyber defense and response to each cyber incident or fraud attack with updated security and anti-fraud features tailored to each specific threat or attack, build-by-build and release-by-release, adding agility and eliminating the impact on the mobile business and users.

Analytics Grade Threat Inspection – ThreatScope comes with a powerful, easy to use analytics engine that allows developers and cyber teams to gain 360-degree threat visibility to filter, set thresholds, inspect, investigate and monitor attack and threat trends on-demand or over time.

Shift-Left Cyber Defense for Mobile Apps – With 360° attacks and threat visibility and intelligence, mobile developers and cyber and fraud teams can shift left and collaborate on threat response in each release of Android and iOS apps.

High Fidelity Threat Intelligence – ThreatScope Mobile XDR does not rely on external servers, SDKs, extra apps or attestation services. So, there is no risk of in-transit exploit, signal spoofing, hijacking or other attacks that can compromise the integrity of the threat signal. Hardened binding between the ThreatScope and the mobile app eliminates the risk of an attacker disabling ThreatScope telemetry.

No Code/No SDK Implementation – The entire ThreatScope Mobile XDR capability can be added in Android and iOS apps without any burden on mobile dev teams, including no code, no SDK and no servers to deploy.

For more information about ThreatScope Mobile XDR visit: https://www.appdome.com/threat-scope-mobile-xdr/.

Leave a comment »

« Older Entries