Archive for March 15, 2023

If You Haven’t Applied Yesterday’s Patch Tuesday Updates… Now Would Be A Good Time

Posted in Commentary with tags on March 15, 2023 by itnerd

I say that because Microsoft used Patch Tuesday to correct a zero-day bug in the Windows SmartScreen anti-malware web service that was allowing hackers to deliver malware without users noticing. Tracked as CVE-2023-24880, this vulnerability allowed the hackers to prevent security alerts from popping up and warning users when opening malicious files from the Internet.

The exploit was discovered by Google’s Threat Analysis Group (TAG) and reported to Microsoft on February 15. The exploit uses malicious MSI files that were signed with a specially crafted Authenticode signature that would cause SmartScreen to fail and not alert the user. TAG points out that the real issue here is that Microsoft had “narrowly” patched a similar vulnerability, CVE-2022-44698, back in December, but as they pointed in out in their blog post this week:

“This security bypass is an example of a larger trend Project Zero has highlighted previously: vendors often release narrow patches, creating an opportunity for attackers to iterate and discover new variants,”

“When patching a security issue, there is tension between a localized, reliable fix and a potentially harder fix of the underlying root cause issue. Because the root cause behind the SmartScreen security bypass was not addressed, the attackers were able to quickly identify a different variant of the original bug.

Morten Gammelgaard, EMEA, co-founder, BullWall had this to say:

   “The fact is, malicious actors will always find a way to get into your network. Microsoft had patched this vulnerability last December only to see the threat actors change direction and find a new way in. There is no final fix for network security. As we saw in a recent LA Housing Authority ransomware attack,  the LockBit group was in that network for an entire year before they took action and encrypted the network. 

   “Even Elon Musk had his spaceship designs stolen and held for ransom recently. And if you think no one will notice your small business, they will probably notice your suppliers and either shut down your supply chain or move laterally into your network itself.”

If you’re wondering where the Elon Musk reference comes from, this will help you to get up to speed on that. But in any case, given that this is a significant vulnerability that you need to get about patching ASAP.

Salesforce Web3 Announced By Salesforce

Posted in Commentary with tags on March 15, 2023 by itnerd

Salesforce has announced Salesforce Web3 to help companies create, manage, and deploy non-fungible tokens (NFTs) in a sustainable and trusted way. Salesforce Web3 enables brands to create connected customer experiences across Web2 and Web3, and scale efficiently with a unified platform.

Salesforce survey data finds nearly half (45%) of consumers would be more interested in purchasing an NFT if it came from their favorite brand and NFT Management and Web3 Connect innovations deliver a seamless experience creating NFTs easily and securely.

  • NFT Management helps retailers build brand love with digital collections. With NFT Management, brands are able to:
    • Create NFT Collections with Clicks, Not Code: In just a few clicks, customize and deploy secure, audited smart contracts they fully own and control in perpetuity.
    • Deliver Trusted Experiences: Keep their data secure with configurable privacy controls and proactive fraud detection.
  • Web3 Connect unifies customer data from Web3 across the Customer 360. By using Web3 Connect, companies can:
    • Enrich customer profiles with Web3 data: Unify Web2 and Web3 identities in their CRM with Web3 wallet IDs, NFT transaction history, and wallet risk scores
    • Create personalized, omnichannel experiences: Delight customers with a seamless experience across Web2 and Web3 channels, powered by their Customer 360 platform.
  • Salesforce customers Crown Royal, Mattel and Scotch & Soda agree after successfully creating and securely deploying NFT Collections during the pilot program that supported nearly 275,000 transactions between them.

See the newsroom post HERE for more details on these Web3 product innovations.

Jscrambler Takes Gold for Client-Side Security in Cybersecurity Excellence Awards 

Posted in Commentary with tags on March 15, 2023 by itnerd

Jscrambler today announced it received Gold Place in Client-Side Security in the Cybersecurity Excellence Awards.  

Jscrambler’s Webpage Integrity (WPI) offers a large set of functionalities aimed at protecting customers against sensitive data leaks and unwanted changes which may harm their company’s reputation and business. This is especially important as more commerce is conducted online than ever before. Two global e-commerce brands that rely on Jscrambler to protect their payment pages saw significant activity during Q4 2022. Webpage Integrity monitored a combined 40.3 million user sessions and blocked over 60.2 million data access attempts by third-party vendors. The continuous monitoring and proactive blocking of JavaScript running in the browser prevent these vendors from potentially accessing sensitive credit card data.   

WPI allows organizations to understand all the scripts that are being loaded onto each of their websites, as well as the potential risk associated. WPI provides rich information and insights to assist in mitigating any potential threats. Considering that vulnerabilities in third-party software account for 13% of all data breaches’ initial attack vectors with an average cost of $4.55M per data breach, it is fundamental for companies to have total visibility and control on their websites. 

Jscrambler  is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.

Find out more at:  

Has Amazon’s Ring Been Hacked? Ransomware Gang Posts Threat To Leak Data

Posted in Commentary with tags on March 15, 2023 by itnerd

The ALPHV ransomware group has claimed responsibility for an attack on Amazon’s security camera company, Ring, and is threatening to leak their data. This came to light because of this Tweet:

ALPHV is known for using the BlackCat malware in their attacks. The ALPHV group operates a ransomware-as-a-service platform. The group also has a searchable database of its victims who deny paying the ransom on the site.

The fact that someone might have pwned Amazon is plausible. Last December Brian Krebs carried a story on two US teens that were busted for taking control of RING camera’s and then Swatting the home owners and recording the police raid. The RING system is just one more IoT device that is attractive, and apparently vulnerable, to malicious hackers.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this comment:

   “The exploitation of IOT devices that consumers rely on continues to march towards every dystopian movie plot. Attackers have moved from ransoming devices to ransoming companies. These attacks continue to have an increasing impact on the daily life of users.”

We’ll know soon enough if this threat to leak data is real or not. If it is real, I assure you, any company who plays in this space will be freaking out. And so will their customers.

Killnet Group Attempting to Form a Private Military Hacking Company

Posted in Commentary with tags on March 15, 2023 by itnerd

On March 13, Killmilk, the leader of the Russian hacktivist DDoS collective Killnet, announced on Telegram the establishment of “Black Skills,” a Private Military Hacking Company. 

The name “Private Military Hacking Company” is a clear riff on the growing presence and cult of private military companies in Russia (primarily the Wagner Group). It is also likely a not-so-subtle invitation to the Russian government to use Killnet’s resources as a cyber mercenary group, although it’s also unlikely they will deeply vet their clientele. 

This blog post from Flashpoint’s analysis team has a lot more detail on this:

NodeZero Analytics exposes attack paths & exploitability priorities, integrates with defensive tools

Posted in Commentary with tags on March 15, 2023 by itnerd, leaders in autonomous penetration testing, have launched a major product refresh, doubling down on its commitment to help organizations continuously verify their security posture, including NodeZero Analytics, bringing “train like you fight” readiness and principles to security teams and MSSPs. 

NodeZero Analytics yields deeper insights, and answers the top questions every CISO and security team ask: “What’s exposed?” “What needs to be fixed first?” and “How will we do more with less?”

Foundational to’s philosophy is to use offense to inform defense, a derivative of the military principle to “train like you fight” in order to be prepared for a real cyber attack. NodeZero,’s continuous penetration testing platform, enables organizations to test their infrastructure at scale by chaining together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to achieve critical impacts like domain compromise and sensitive data exposure. 

The updated user experience puts powerful new insights into security teams’ hands to make autonomous pentesting a force multiplier. At the heart of the refresh are detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful.

Leading by example: During a recent autonomous pentest of a large enterprise, NodeZero successfully elevated privileges to become a domain administrator while also compromising the organization’s business email system. The autonomous attack took 30 minutes to execute, with no humans involved, and chained together a variety of techniques including:  

  1. User enumeration combined with password spraying to compromise a domain user
  2. Dumping the SAM database by exploiting local admin privileges assigned to the domain user
  3. Reusing local admin credentials across multiple machines 
  4. Discovering a domain administrator credential by dumping credentials in LSA on a neighboring machine 
  5. Pivoting from domain admin to the Microsoft Azure Active Directory infrastructure (AzureAD)
  6. Gaining access to the domain administrator’s email, which did not have multi-factor authentication (MFA) enabled 

“The sequence of events in this attack path are typical of APT’s and ransomware organizations,” said Naveen Sunkavally, chief architect at “What’s incredible is that this attack path isn’t hard coded as a runbook or predefined scripts anywhere in the product. Our machine learning techniques were able to figure out how to combine these different steps into an exploitable attack sequence safely in a production environment.” 


  1. Attack paths that clearly explain the exact sequence of events that lead to a critical impact, with proof of exploitation and detailed descriptions for exactly what to fix. 
  2. Leverage scoring that helps organizations prioritize and fix actions based on risk to the organization as well as return on effort. For example, leverage scoring can help an IT admin determine that fixing a single issue will eliminate 70% of all exploitable attack paths discovered in the pentest.
  3. Automatically generating compliance reports required for SOC2, HIPAA, GDPR, and other common compliance requirements.
  4. Surfacing systemic issues and policy recommendations to help organizations identify the true root cause for their exploitable attack surface. For example, poor credential policies can lead to systemically weak passwords that can be easily cracked by attackers. Compare Pentest Feature helps teams easily complete the Find-Fix-Verify Cycle by confirming that weaknesses and vulnerabilities identified in previous tests have been fixed.
  5. Self-service user experience that makes pentesting conveniently accessible to all types of users, from early career IT professionals to 20-year pentesting experts.
  6. Features specifically valuable for MSSP’s and MSP’s, including white labeled reporting, multi-client management, and auto-generating statements of work for remediation services. 

More Canadian Cities Along With The Province Of Ontario Ban TikTok

Posted in Commentary with tags on March 15, 2023 by itnerd

The list of Canadian Cities is growing. Hot off the heels of this, and this ban by four provinces, TikTok has new bans deal with.  The Toronto Star says that the following cities have banned TikTok:

In a statement to the Star Monday, the City of Vaughan said that, “effective immediately,” TikTok is no longer allowed to be installed or used on city workers’ corporate devices.

Meanwhile, Kitchener Mayor Berry Vrbanovic took to Twitter on Monday morning to announce the app is being removed from all its corporate smartphones, out of an “abundance of caution.”

Oh yeah and this also happened:

On March 9, the province of Ontario announced a TikTok ban on all provincial government-issued devices — the last province to do so, after all other provinces and territories followed the federal example of barring the app from corporate devices. 

So if you’re TikTok, you have to wonder what is next. The momentum against TikTok is growing and it’s only a matter of time before everyone, everywhere bans TikTok. And you have to wonder what the Chinese Communist Party will do as a result of these bans.

Buckle up.