Archive for April 18, 2023

« Older Entries

ESET Discovers Corporate Secrets and Data on Recycled Company Routers

Posted in Commentary with tags on April 18, 2023 by itnerd

 ESET, a global leader in digital security, today unveiled new research into corporate network devices that were disposed of and sold on the secondary market. After looking at configuration data from 16 distinct network devices, ESET found that over 56% – nine routers – contained sensitive company data.

Of the nine networks that had complete configuration data available:  

  • 22% contained customer data
  • 33% exposed data allowing third-party connections to the network
  • 44% had credentials for connecting to other networks as a trusted party
  • 89% itemized connection details for specific applications
  • 89% contained router-to-router authentication keys
  • 100% contained one or more of IPsec or VPN credentials, or hashed root passwords
  • 100% had sufficient data to reliably identify the former owner/operator

Organizations often recycle aging tech through third-party companies that are charged with verifying the secure destruction or recycling of digital equipment and the disposal of the data contained therein. Whether an error by an e-waste company or the company’s own disposal processes, a range of data was found on the routers,

  • Third-party data: As we have seen in real-world cyberattacks, a breach of one company’s network can proliferate to their customers, partners, and other businesses with whom they may have connections.
  • Trusted parties: Trusted parties (which could be impersonated as a secondary attack vector) would accept certificates and cryptographic tokens found on these devices, allowing a very convincing adversary in the middle (AitM) attack with trusted credentials, capable of syphoning off corporate secrets, with victims unaware for extended periods.
  • Customer data: In some cases, core routers point to internal and/or external information stores with specific information about their owners’ customers, sometimes stored on premises, which can open customers up to potential security issues if an adversary is able to gain specific information about them.
  • Specific applications: Complete maps of major application platforms used by specific organizations, both locally hosted and in the cloud, were scattered liberally throughout the configurations of these devices. These applications range from corporate email to trusted client tunnels for customers, physical building security such as specific vendors and topologies for proximity access cards and specific surveillance camera networks, and vendors, sales and customer platforms, to mention a few. Additionally, ESET researchers were able to determine over which ports and from which hosts those applications communicate, which ones they trust, and which ones they do not. Due to the granularity of the applications and the specific versions used in some cases, known vulnerabilities could be exploited across the network topology that an attacker would already have mapped.
  • Extensive core routing information: From core network routes to BGP peering, OSPF, RIP and others, ESET found complete layouts of various organizations’ inner workings, which would provide extensive network topology information for subsequent exploitation, were the devices to fall into the hands of an adversary. Recovered configurations also contained nearby and international locations of many remote offices and operators, including their relationship to the corporate office – more data that would be highly valuable to potential adversaries. IPsec tunneling can be used to connect trusted routers to each other, which can be a component of WAN router peering arrangements and the like.
  • Trusted operators: The devices were loaded with potentially crackable or directly reusable corporate credentials – including administrator logins, VPN details, and cryptographic keys – that would allow bad actors to seamlessly become trusted entities and thus to gain access across the network.

The routers in this research originated at organizations ranging from medium-sized businesses to global enterprises in a variety of industries (data centers, law firms, third-party tech providers, manufacturing and tech companies, creative firms, and software developers). As part of the discovery process, ESET, where possible, disclosed the findings to each identified organization – several of them household names – collaborating to ensure they were aware of the details potentially compromised by others in the chain of custody of the devices. Some of the organizations with compromised information were shockingly unresponsive to ESET’s repeated attempts to connect, while others showed proficiency, handling the event as a full-blown security breach.

Organizations are reminded to verify that they are using a trusted, competent third party to dispose of devices, or that they are taking all the necessary precautions if handling the decommissioning themselves. That should extend past routers and hard drives to any device that’s part of the network. Many organizations in this research probably felt that they were contracting with reputable vendors, but their data still leaked. With this in mind, it’s recommended that organizations follow the manufacturer’s guidelines for removing all data from a device before it physically leaves their premises, which is a simple step that many IT staff can handle.

Organizations are reminded to treat disclosure notifications seriously. Doing otherwise may leave them vulnerable to a costly data breach and significant reputational damage. 

At RSA 2023, this research called “We (Could Have) Cracked Open the Network for Under $100” will be presented on April 24, 2023, at 9:40 a.m. PT.

To read the white paper, which includes resources on secure device disposal, visit WeLiveSecurity.

Leave a comment »

Elon Musk Responds To CBC “Government Funded” Label Gong Show In The Most Immature Way Possible

Posted in Commentary with tags on April 18, 2023 by itnerd

You might recall that several public broadcasters including the CBC were slapped with a “Government Funded” label on Twitter. Many of these broadcasters objected to this. And in the case of some including the CBC, they’ve stopped posting to Twitter. Then this happened:

Late Monday, Twitter CEO Elon Musk tweeted, “Their concern has been addressed,” with the CBC label changed to “70% Government-funded Media.” About an hour later, it changed again to “69% Government-funded Media,” reflecting what Musk said was based on the CBC’s government funding of “less than 70%.”

For transparency, here’s the breakdown in terms of what the CBC gets from the government:

In 2021-22, the CBC received more than $1.2 billion in government funding, a decrease from about $1.4 billion the year before. That compares with other revenue of $650 million in 2021-22 and $500 million the year before.

This is a really pathetic move by Elon. He truly thinks this is funny. But it isn’t. It only shows what an immature loser he is. It would really be wise of him to stop doing stuff like this if he wants to be taken seriously. Though part of me thinks that he doesn’t care as he’s clearly intent on driving Twitter into a brick wall as fast as he can.

Leave a comment »

Veridas Facial Biometrics Among The Four Best In The WorldAccording to NIST

Posted in Commentary with tags on April 18, 2023 by itnerd

 Veridas, a Spanish technology company specializing in digital identity and biometrics, is positioned in fourth place among the best facial biometrics engines among the nearly 150 algorithms submitted to the evaluation conducted by the National Institute of Standards and Technology (NIST), considered the most prestigious body in the assessment of biometric engines in the world. 

Veridas joins the world elite in this sector. The company from Navarre has achieved its best result in the most demanding category possible: the evaluation of one out of many (1:N) with a sample size (N) of 12 million. Specifically, it has registered a False Negative Identification Rate (FNIR) of 0.0232 for a False Positive Identification Rate (FPIR) of 0.001.

Thus, when searching for a known subject in a database of 12 million records, the Veridas engine will find the correct individual as the first candidate 97.68% of the time. This facial biometric engine is also the same one that is already available in production for the company’s more than 250 Tier 1 customers in more than 25 countries. 

Veridas has achieved iBeta’s most advanced evaluation in life detection

The Veridas engine analyzes a facial image, which is then converted into an irreversible vector, making it impossible to recover the original image if that vector is lost. The vectors obtained from the images are then compared to determine the similarity score between the two images. In addition, the company has achieved iBeta’s most advanced evaluation in life detection, being one of the few companies in the world to hold both Level 1 and Level 2 status.

Veridas is once again at the top of the NIST recognition list. In fact, in the voice biometrics and combined voice and facial biometrics evaluations, the company has achieved second and first place, respectively.

In its commitment to be at the forefront of transparency, auditing and reliability of its biometric solutions, Veridas has been one of the first companies worldwide to perform a ‘Diagnosis on the ethical principles of Artificial Intelligence‘ and has passed the iBeta PAD Level 2 evaluation for its liveness detection technology. Additionally, Veridas has connected its Identity Verification Platform with the American Association of Motor Vehicle Administrators (AAMVA) database to offer their US customers a more robust and secure ID verification solution. 

Leave a comment »

The NIKKOR Z DX 12-28mm f/3.5-5.6 PZ VR Power-Zoom Ultra-Wide Angle Lens Is The Latest Addition To Nikon’s Growing Toolkit for Creators

Posted in Commentary with tags on April 18, 2023 by itnerd

Nikon Canada Inc. has announced the NIKKOR Z DX 12-28mm f/3.5-5.6 PZ VR, the ultra-wide angle lens made for content creators and vloggers. This latest lightweight lens is the widest NIKKOR Z DX-format lens yet, and has the added benefit of a power zoom (PZ) for more creative versatility and great looking video. The 12-28mm f/3.5-5.6 PZ VR is designed to capture sharp and immersive content that lets you get more of what matters in the frame; more friends, more expansive landscapes and more freedom to create without limits. 

Featuring an extremely versatile zoom range from an ultra-wide angle of 12mm to 28mm, this lens is a must-have for any vlogger or creator who wants to get the whole story in the shot, and dynamically change-up the frame smoothly and consistently. The ultra-wide angle is also great for everything from larger-than-life landscapes, grand interiors, tabletop photos and group selfies where no one gets left out. Surprisingly small and light for such a wide zoom, the NIKKOR Z DX 12-28mm weighs only approximately 7.3 oz, making it easy to hold with an extended arm. It’s perfectly mated to lightweight cameras such as the ultra-compact and capable Nikon Z 30, Z 50 or the retro inspired Z fc.

The Lens Made for Content Creators 
The NIKKOR Z DX 12-28mm f/3.5-5.6 PZ VR is the first NIKKOR Z lens utilizing a power zoom with linear drive, providing smooth optical zoom and other thoughtful features for creators to enhance and simplify their video recording experience. The power zoom function easily and effortlessly zooms in close to a subject, or zooms out to truly establish the scene. To suit any shooting style, the zoom can be activated by twisting the customizable zoom ring on the barrel, with designated buttons on the camera body, or when using the ML-L7 Remote Control (included in the Z 30 Creator’s Accessory Kit). The zoom can also be controlled remotely through a PC or phone with the SnapBridge app. Additionally, the zoom rate can be selected from 11 speed settings, within the range of 0.55 to 36 seconds, for maximum consistency when reframing your shot or adding dramatic creative flair.

Autofocus is sharp, reliable and fast, working flawlessly with the eye-detection AF in Nikon cameras to keep focus on you or your subject. The lens features an STM motor drive, making it extremely silent when focusing, so viewers won’t be disturbed by the sound of camera operation. What’s more, when transitioning to a close-up of a subject, the 12-28mm has a very close minimum focus distance of only 0.19 m (0.62 ft). This lets users seamlessly move the focus from their face to a product in-hand, while the image stays sharp. 

Realizing that the best content often happens in real time, the lens is stabilized with Vibration Reduction (VR) that provides an effect equivalent to a shutter speed 4.5 stops faster. This function makes it easy to capture run-and-gun footage without the distracting camera shake or shoot in low-light with minimal blur. Because of its small size and versatile angle of view, this lens is also well-suited for creating steady footage with gimbals.

Main Features of the NIKKOR Z DX 12-28mm f/3.5-5.6 PZ VR:

  • Ultra-wide angle lens is ideal for vlogging and wide establishing shots but also landscapes, interior photography and city streets.
  • Power zoom function provides smooth, consistent optical zoom that’s fully customizable with varying speeds, which can be engaged with camera buttons, zoom ring or used remotely.
  • VR Image Stabilization reduces camera shake with up to 4.5 stops of compensation for stable video and sharp images.  
  • Close minimum focusing distance of 0.62 ft and maximum reproduction ratio of 0.21x allow for sharp and detailed shots of products, flowers, nature and other intricate details.
  • Ultra-compact and lightweight design makes it easy to use and carry anywhere.
  • The body of the NIKKOR Z DX 12-28mm has been designed carefully to deliver dust- and drip-resistant performance, with a sealing that prevents any dust or water droplets from entering the lens.

Price and Availability
The new NIKKOR Z DX 12-28mm f/3.5-5.6 PZ VR will be available in May 2023 for a manufacturer’s suggested retail price of $499.95. For more information about the latest Nikon products, including other NIKKOR Z lenses and the entire collection of Z series cameras, please visit www.nikon.ca 

Leave a comment »

Elon Musk Tinkers With Twitter Again…. This Time He’s Adding Labels To Tweets And Is Trying To Not Censor Anything

Posted in Commentary with tags on April 18, 2023 by itnerd

I’m going to go out on a limb and say that Elon Musk’s latest attempt to tinker with how Twitter works is going to end badly. Here’s what he’s up to this time:

There’s also a blog post with more details.

So, Elon is preaching “freedom of speech, not reach” which I guess is supposed to align with his free speech absolutist view of the universe. Which we already know is total BS at this point. The problem in my mind with this approach is that this is literally censoring on an arbitrary definition of what’s considered speech that someone doesn’t like. And that someone is likely to be Elon. I can’t see how this is a win for anyone. Especially Twitter.

Don’t be surprised if the blowback from this causes him to reverse course. Again.

Leave a comment »

Google Has Published The Results From Google Ads’ Interest-Based Advertising Testing

Posted in Commentary with tags on April 18, 2023 by itnerd

In 2020, Chrome announced the deprecation of third party cookies; and as the deadline approaches, Google ads platforms have been experimenting with serving interest based ads with privacy-preserving signals (including the Privacy Sandbox’s Topics API) instead of third party cookies.

The results showed that when using IBA solutions with privacy-preserving signals, Google Ads advertising spend on IBA decreased by between 2 and 7% compared to third-party-cookie-based results. For conversions per dollar [proxy for return on investment] the decrease was 1-3%. It also showed that click through rates (CTR) remained within 90% of the status quo. 

It’s worth noting that the results were derived from a combination of privacy-preserving signals such as contextual information, the Topics API from the Privacy Sandbox and first-party identifiers such as Publisher Provided IDs.

You can read the blog post here.

Leave a comment »

Rising inflation tightens squeeze on digital sales growth in Canada: Salesforce

Posted in Commentary with tags on April 18, 2023 by itnerd

 Salesforce has released its global Q1 Shopping Index revealing that digital online sales are down 8% year over year in Canadacompared to a global 2% decline, amidst continued economic turbulence around the world.

Here’s some Canadian highlights:

  • Digital commerce was down 8% in Q1 2023 similar to 2022 Q4, where it was down 9%
  • The per-visit average shopper spend sat at $1.99, down from $2.71 in Q4
  • The overall conversion rate in Canada was 1.9% compared to 2.5% in the previous quarter

Global Highlights:

  • After a Q4 comeback, global online sales fell 2% YoY, largely driven by decreased demand in the US
  • Globally, shopping spend is at its lowest in two years at an average of $2.30 compared to $3.02 in 2021 Q4 and $2.85 in 2022 Q4
  • Digital traffic via desktops dropped significantly at -11%, while mobile maintained at 0% growth
    • Desktop reigned in follow through, with cart abandonment lowest at 68% compared to 79% on mobile 

The full report, including global data, can be found in the full Q1 Shopping Index.

Leave a comment »

Radiant Logic Finalizes Acquisition of Brainwave GRC

Posted in Commentary with tags on April 18, 2023 by itnerd

Radiant Logic, the Identity Data Fabric company, today announces the successful acquisition of Brainwave GRC, a leader in identity analytics. Together, the two companies will offer a first-to-market identity data platform, combining data federation and observability with analytics and prescriptive capabilities to create a complete policy information pipeline. This move is in direct response to the growing recognition that Identity-First Security relies on access to consistent, accurate identity data.

Radiant Logic and Brainwave GRC are creating a joint roadmap, with plans to release further details about their shared technology later in 2023. Radiant Logic also recently announced new capabilities including first-to-market identity data observability.

Established in 2010 in France, Brainwave GRC has a strong reputation in helping companies across EMEA ensure compliance and protect their assets from fraud and cyber threats. Brainwave GRC provides essential Access Governance reports that include access risks, accounts, attestations, and out-of-the-box reports for major compliance frameworks—a common requirement in highly regulated markets. 

Brainwave will maintain independent operations for the time being, while both platforms continue to be supported, invested in, and integrated over time. Terms of the acquisition were not disclosed.

Leave a comment »

NetRise and Qwiet AI Align to Find and Fix Vulnerabilities from Firmware to Application Code

Posted in Commentary with tags , on April 18, 2023 by itnerd

NetRise, the company solving the world’s XIoT security problem, announced today an integration  partnership with Qwiet AI, the first in the AppSec industry to provide AI-powered detection of vulnerabilities in software code.

By automating the detection and remediation of vulnerabilities in a wide array of Cyber-Physical Systems (CPS), including firmware, XIoT devices, containers, and more, NetRise’s cutting-edge solution revolutionizes the cybersecurity landscape. Drawing on the unique background of its team members, which includes expertise in machine learning, endpoint management, DoD, and cybersecurity, NetRise delivers unparalleled protection. The innovative platform harnesses machine learning to detect vulnerabilities, enrich context, and identify components, providing unprecedented value to enterprises, manufacturers, and consulting firms navigating the increasingly complex world of cybersecurity.

Qwiet AI’s application security platform (based on their patented Code Property Graph) allows customers to find vulnerabilities quickly and accurately in their code while still in development.  On top of years of experience in the code security space, Qwiet AI has added an additional layer of detection by utilizing a powerful AI engine trained to detect known and unknown vulnerabilities in both open source and proprietary code libraries, allowing Qwiet AI customers to detect new vulnerabilities at a level unmatched in the application security space.  

Organizations who take advantage of the strengths of both NetRise and Qwiet AI will benefit from complete code security coverage from the firmware running their CPS to the applications used to manage and integrate them, providing a previously unseen level of security.  

About NetRise

Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community and U.S. federal government to solve the firmware and supply chain security problem. NetRise is currently partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites and many other devices powering society.

About Qwiet AI

Driven by a powerful AI engine developed by NumberOne AI, Qwiet AI’s platform is the first in the industry to provide AI-driven detection of zero-day and pre-zero-day vulnerabilities in code. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in San Jose, California.

Leave a comment »

Attackers Leverage RMM Action1 Platform in Ransomware attacks

Posted in Commentary with tags on April 18, 2023 by itnerd

DFIR Report member Kostas Tsale Tweeted this over the weekend:

If you didn’t read the entire thread, here’s the TL:DR. He’s seeing threat actors using the Action1 RMM platform for reconnaissance activity and executing commands, scripts and binaries on network hosts. After installing the Action1 agent, they create policies to automate the execution of binaries (e.g. Process Monitor, PowerShell, Command Prompt) required in the attack.
 
Action1 is available at no cost for up to 100 endpoints, which is the only restriction in the free version of the product.
 
The exploit appears to be used in ransomware attacks from multiple threat actors, as the product has been seen leveraged in the initial stages of recent ransomware attacks using distinct malware strains.

Christopher Peacock, Principal Detection Engineer, SCYTHE:

   “Remote monitoring and management (RMM) tools have been increasingly common in attacks because threat actors can rely on its functionality instead of using malware that could trigger antivirus alarms. It’s, therefore, essential organizations block and alert for unapproved remote monitoring and management tools, which could indicate a threat actor.”

To Action1’s credit, they said this on Twitter:

Let’s see if this mitigates this threat vector in the medium and long term.

Leave a comment »

« Older Entries