Archive for April 21, 2023

Guest Post: Cisco Announces Intent to Acquire Smartlook, Enabling New Offerings for Cisco AppDynamics and Full-Stack Observability

Posted in Commentary with tags on April 21, 2023 by itnerd

By Ronak Desai, Senior Vice President & GM AppDynamics & Full-Stack Observability

I’m pleased to share that Cisco is announcing its intent to acquire Smartlook, a privately held company headquartered in Brno, Czech Republic. It represents a big step forward in delivering even more value for Cisco AppDynamics and the Full-Stack Observability Digital Experience Monitoring (DEM) solution, with new application and user experience insights, analytics, and troubleshooting capabilities.

Creating Seamless Digital Experiences 

Organizations expect digital services to be high-performing and intuitive, with easy-to-navigate user experiences. Poor user experience directly impacts digital business outcomes and improving that experience can positively impact customer satisfaction, brand reputation, and revenue generation.

DEM tracks the performance and quality of an end user’s digital experience on a mobile device, desktop, browser, or game console, as well as the experience through a digital endpoint like an API, IoT device, SaaS service, or application agent. Our customers expect us to provide capabilities for end-to-end monitoring of an experience for user accessing applications and services hosted anywhere from any location using any device. DEM technologies seek to observe and model users’ behavior as a continuous flow of interactions in the form of user journeys.

Digital Experience Monitoring (DEM) tracks the performance and quality of an end user’s digital experience across multiple devices and applications

Smartlook takes an enhanced industry approach to Real User Monitoring (RUM) as a critical component of DEM. It utilizes session recordings with event-based analytics to analyze end-user digital behavior and provides insights into user interactions in the production application environments. This enables organizations to efficiently troubleshoot hard-to-replicate digital behavior anomalies and analyze user interaction trends across web and mobile application platforms, helping them to optimize user experiences and business outcomes.

Cisco is committed to helping our customers optimize their digital experiences. The Smartlook team brings extensive expertise in the design and development of user experience (UX) platforms with web and mobile capabilities, which helps further strengthen Cisco AppDynamics and the upcoming Cisco FSO Platform (general availability in June 2023) to meet our customers’ growing digital experience demands.

I look forward to what we can accomplish together and welcome the Smartlook team members to Cisco’s FSO and AppDynamics team when the acquisition closes in the fourth quarter of FY23.

Leave a comment »

Nuspire Teams with Qualys

Posted in Commentary with tags , on April 21, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced it is expanding its partnership with Qualys, a pioneer of disruptive cloud-based IT, security and compliance solutions. Through this partnership, Nuspire will deliver Qualys Patch Management to its managed service clients, who already benefit from the power of its robust offering anchored by Qualys Vulnerability Management, Detection and Response (VMDR), so they can patch operating systems, endpoints and third-party applications.

Patching is a critical process for any organization’s security team. However, it can be cumbersome and tedious, requiring constant monitoring and manual work. As organizations face rising vulnerabilities and cyber threats, automation will become even more critical for maintaining a robust security posture. The efficiency gains provided by automation will allow security teams to remediate vulnerabilities more quickly and effectively.

With Qualys, security teams can leverage vulnerability and threat data in the patching process, in addition to zero-touch automation, which eliminates non-caustic threats across more than 400 applications – e.g., continuously patching Chrome or Windows. Qualys Patch Management simplifies processes, helps companies reduce their attack surface and frees up IT and Security resources to focus on more strategic areas.

The cloud-based service, which Nuspire will market as Vulnerability Patch Management, includes:

  • Patching for various vendors, covering Windows, Linux and Mac operating systems, mobile devices and third-party applications.
  • Remote patching to accommodate dispersed teams without the need for VPN bandwidth.
  • Prioritized and flexible patching based on a client’s individual needs.
  • Phased approach to prevent business interruptions
  • Customized reporting to chart security improvement progress
  • Expert tuning and 24x7x365 monitoring to ensure a client’s business is always protected.

For more information on Nuspire’s Vulnerability Patch Management service, please visit https://www.nuspire.com/services/managed-security/vulnerability-patch-management/.  

Leave a comment »

Elon Musk Is Paying To Ensure That Some Celebs Have Blue Checkmarks… WTF?

Posted in Commentary with tags on April 21, 2023 by itnerd

There’s never a dull moment with Elon Musk and Twitter. Yesterday was the great purge of legacy verified checkmarks from Twitter. And a lot of celebrities who were very vocal about not paying Elon $8 a month ($11 on iOS) to keep them lost their checkmarks. But some didn’t. Take this guy:

You might recall that Stephen King was one of the first celebrities to be critical of Elon’s plan to force people to pay for verification. Thus you would think that he would lose his blue checkmark. But he hasn’t appears to be paying for Twitter Blue. Except he hasn’t paid for Twitter Blue. So what’s the deal with that?

There’s a simple answer to that. Elon is paying for him, and others apparently:

So why would Elon pay for Twitter Blue on behalf of these celebrities? My guess is that he knows that without celebrities having blue checkmarks next to their name, nobody else is going spend $8 a month ($11 on iOS) to get Twitter Blue. So he’s “paying” for a few celebrities to have Twitter Blue in hope that will get the revenue stream going. Seeing as only 3% of Twitter users subscribe to Twitter Blue, he’s got a lot of work to do on that front. It also highlights the fact that Twitter Blue has been a complete failure for Elon as celebrities aren’t interested in signing up and the only people who are are those who have no Internet clout of any sort. And on top of that, he’s devalued the value the blue checkmark as well. Illustrating that he has no clue what he’s doing. And the Twitterverse didn’t hesitate to point that out:

Congratulations Elon. You’ve once again played yourself.

1 Comment »

FireMon And Nuspire Collaborate To Eliminate Complexity Of Firewall Policy Management

Posted in Commentary with tags , on April 21, 2023 by itnerd

FireMon, the leading network security policy management company that brings visibility, control and automation to enterprise cloud and hybrid network infrastructure, has today announced that Nuspire, a leading managed security services provider (MSSP), has augmented Nuspire’s Management Gateway Service with FireMon Security Manager. The new solution, Nuspire Firewall Policy Review, powered by FireMon, provides organizations with complete visibility into their network security, offering clear analysis and recommendations across all firewalls to optimize their security posture.

Gartner estimates firewall misconfigurations will cause 99% of all firewall breaches through 2023. If technology leaders do not perform regular firewall policy updates, it’s only a matter of time until their business experiences a breach. This latest solution by FireMon for Nuspire delivers consolidated security policy management for firewalls and cloud security groups to automate policy changes and minimize risk. Since creating the first-ever policy management solution in 2001, FireMon has grown to become the industry’s only real-time security policy management solution delivering complete visibility and control across an organization’s entire IT landscape.

Nuspire Firewall Policy Review, powered by FireMon, combines the industry expertise of Nuspire with powerful automation and data from FireMon to give extraordinary visibility into network risks. With this solution in place, organizations can fortify their perimeter regardless of where their teams are located. It delivers user-friendly reports with analyses and recommendations that can be used as a risk roadmap to prioritize security improvements.

About FireMon 
FireMon’s mission is to improve security operations that will in turn lead to better security outcomes. FireMon delivers industry-leading security policy management, cloud security operations, and cyber security asset management solutions to over 1,700 enterprises in nearly 70 countries. Their security policy management platform is the only real time solution that reduces firewall and cloud security policy-related risks, manages policy changes, and enforces compliance. FireMon’s Cloud Defense (formerly DisruptOps) offering is the only distributed cloud security operations offering that detects and responds to issues in the fast-paced public cloud environments such as AWS and Azure. Their cloud-based Cyber Asset Management solution (formerly Lumeta) can scan an entire enterprise infrastructure, from on-premises networks to the cloud, to identify everything in the environment and provide valuable insights into how it’s all connected together. Learn more at FireMon.com.

About Nuspire 
Nuspire is a managed security services provider (MSSP), offering managed security services (MSS), managed detection and response (MDR), endpoint detection and response (EDR) that supports best-in-breed EDR solutions, and cybersecurity consulting services (CSC) that include incident readiness and response, threat modeling, digital forensics, technology optimization, posture assessments and more. Their self-service, technology-agnostic platform, myNuspire, allows greater visibility into your entire security program. Powered by the self-healing, always on Nuspire Cyber X Platform (CXP), myNuspire helps CISOs alleviate the pain associated with tech sprawl, provides intelligence-driven recommendations, solves for alert fatigue and helps clients become more secure over time. Their deep bench of cybersecurity experts, award-winning threat intelligence and two 24×7 security operations centers (SOCs) detect, respond and remediate advanced cyber threats. Our client base spans thousands of businesses from midsized to large enterprises across multiple industries and geographic footprints. For more information, visit nuspire.com

Leave a comment »

Twitter Removes “Government Funded” From The Profiles Of News Outlets…. While It Appears To Require Advertisers To Have Gold Checkmarks…. Along With #BlockTheBlue Becoming A Thing

Posted in Commentary with tags on April 21, 2023 by itnerd

So it looks like Elon has backed down from slapping the phrase “Government Funded” onto any media that gets money from a government entity. I am guessing that the blowback became too much for him to deal with, and that forced him to do one of his famous U-turns. But there’s a catch:

Twitter has removed labels describing global media organizations as government-funded or state-affiliated, a move that comes after the Elon Musk-owned platform started stripping blue verification checkmarks from accounts that don’t pay a monthly fee.

Among those no longer labeled was National Public Radio in the U.S., which announced last week that it would stop using Twitter after its main account was designated state-affiliated media, a term also used to identify media outlets controlled or heavily influenced by authoritarian governments, such as Russia and China.

Twitter later changed the label to “government-funded media,” but NPR — which relies on the government for a tiny fraction of its funding — said it was still misleading. 

Canadian Broadcasting Corp. and Swedish public radio made similar decisions to quit tweeting. CBC’s government-funded label vanished Friday, along with the state-affiliated tags on media accounts including Sputnik and RT in Russia and Xinhua in China.

So, Twitter has removed these labels for news outlets, including those under authoritarian control in China, Iran and Russia. Let’s think about that for a second. If I were CBC or Swedish Public Radio or any other broadcaster, I would not return to Twitter under these circumstances because this isn’t an improvement and Elon continues to muddy the waters here

If that wasn’t enough, it seems Elon is up to something with advertisers. And it appears to be part of the purge of legacy verification checkmarks that happened yesterday:

https://twitter.com/jamieeast/status/1649315742939226113

Elon must be smoking some serious drugs to have come up with this rather ludicrous scheme and think it would fly with advertisers. Because if I were an advertiser and I got this email, and I was on the fence as to whether I would I should continue to advertise on Twitter, I’d say “Hell no! I’m done with Twitter.” I’ll take bets now as to how long it will take Elon to do a U-turn on this policy when it doesn’t work as all this policy is going to do is drive more advertisers off of Twitter.

Finally, since we’re speaking of the great purge of legacy verification checkmarks that happened yesterday, there’s some serious trolling of that going on:

What Elon doesn’t get is that getting a checkmark via Twitter Blue isn’t a status symbol. It represents the fact that you paid for attention and Elon has devalued the blue checkmark. In fact there’s a hashtag on Twitter called #BlockTheBlue where people who pay Elon $8 a month ($11 on iOS) to get a blue checkmark get blocked by those who haven’t paid Elon. Why?

Thus it looks like this is another example of one of Elon’s ideas blowing up in his face. Because after all, he’s not that smart and doesn’t think things through before doing something. Which leads him to having situations like these where he looks like a total loser.

It truly sucks to be Elon!

3 Comments »

Weak Microsoft SQL Servers Targeted by Trigona Ransomware

Posted in Commentary with tags on April 21, 2023 by itnerd

Researchers at cybersecurity firm AhnLab have been tracking attackers that are hacking into unsecured and Interned-exposed Microsoft SQL servers taking advantage of easy-to-guess credentials to deploy Trigona ransomware.

After connecting to a server, the threat actors deploy malware dubbed CLR Shell eventually gaining escalated privileges to Local Systems by exploiting a vulnerability in the Windows Secondary Logon Service.

Before encrypting the system and deploying ransom notes, the attackers:

  • Install and launch a dropper malware
  • Launch the Trigona ransomware
  • Configure the ransomware binary to automatically launch
  • Restart Windows via autorun key
  • Disable system recovery and
  • Delete any Windows Volume Shadow copies

Trigona encrypts all files on victims’ devices excluding those in specific folders, including the Windows and Program Files directories. Furthermore, the gang also claims to steal sensitive documents that will get added to its dark web leak site.

Roy Akerman, Co-Founder & CEO, Rezonate had this comment:

   “External recon is an action performed – all the time – by both attackers and legitimate services. Attacker’s ability today to spot a server, that is not patched with a known vulnerability, is high unfortunately. Ransomware is an opportunity, but we have seen, with the recent Log4j library or even struts vulnerability which was used for the Experian breach a few years back, is that a publicly exposed asset, that is not monitored or patched, can quickly become an initial exploitation step, where an attacker can drop webshells, or ransomware, and further expand reach across the enterprise.
 
   “Most often, those servers are out of reach as they are “outside the perimeter” and do not have any agent deployed on them, however, they may have a leg into the more restricted corporate environment due to unused access privileges.”

Hardening anything that is exposed to the Internet as far as I am concerned should be essential. Because whether it is a light bulb, or a SQL server, the bad guys will find it and try to pwn it.

Leave a comment »

Hackers Disable EDR Clients With A New Evasion Tool Dubbed AuKill

Posted in Commentary with tags on April 21, 2023 by itnerd

Researchers at Sophos report seeing attackers using an outdated version of a Windows Process Explorer driver (v16.32) to disable EDR processes before dropping their ransomware on the target system.

Dubbed AuKill, the attack uses the Windows Process Explorer’s ability to collect information on active processes to see if Windows Trusted Installer is running. If it is not, it starts the service, duplicates the token of TrustedInstaller.exe using the DuplicateTokenW WINAPI function, and passes the token to CreateProcessWithTokenW, elevating itself to SYSTEM on restart of the process.

To kill active defender products, Aukill starts multiple threads searching for defense products listed on a hard coded list it has and if it finds them disables them by calling ChangeServiceConfigW and passing SERVICE_DISABLED for dwStartType.

“The tool was used during at least three ransomware incidents since the beginning of 2023 to sabotage the target’s protection and deploy the ransomware:  In January and February, attackers deployed Medusa Locker ransomware after using the tool; in February, an attacker used AuKill just prior to deploying Lockbit ransomware,” the report said.

Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “An endpoint agent, which for the most part operates in the kernel space, is traditionally used for AV/NGAV solutions as well as that of more advanced EDR tools and is not tamper-proof. It is based in the root of a layered defense approach where additional controls must always be in place across the identity-network-endpoint triad.

   “This is a technique we’ve seen quite often coming from sophisticated nation state adversaries, that either leverage a technique such as the one mentioned of WPE Processor exploitation, a targeted zero-day exploit, or even a supply chain risk as we’ve seen with the likes of SolarWinds earlier this year. Despite continuous investment trying to strengthen agent tampering, we keep on seeing new exploits in the wild and there will continue to be with Windows OS as the main target.”

This is a very good reminder to keep your Windows systems fully patched. While that won’t stop every attack, it will stop a lot of them. And that’s not a bad thing.

Leave a comment »