Posted in Commentary with tags Google on April 25, 2023 by itnerd
Yesterday at RSA, Google announced their new Cloud Security AI Workbench, a cybersecurity suite powered by an AI model coined Sec-PaLM that specializes in intelligent security LLM (Large Language Model).
Cloud Security AI Workbench will span a few new AI-powered tools (both owned by Google):
Mandiant’s Threat Intelligence AI – finds, summarizes and acts on security threats
VirusTotal – helps subscribers analyze and explain the behavior of malicious scripts
Google says that it plans to release the rest of the offerings to “trusted testers” soon, but in general, Sec-PaLM will assist customers in searching for and interpreting security events and interacting with the results conversationally. Also, users of Google’s Security Command Center AI will get explanations of attack exposures, assets effected, suggested mitigations and risk summaries, compliance and privacy findings.
Google’s play in the generative AI cybersecurity race comes just after Microsoft’s March release of competitor Security Copilot.
Jeffrey Sims, Principal Security Engineer, HYAS had this to say:
“Google has also been a large contributor to the open source LLM space with their fine-tuned model series called Flan (Fine-tuned LAnguage Net). These models range in parameter size (capability) and allow for commercial applications.
“In addition to Google’s offering, we’ll see many technologically advanced organizations leveraging these open source models which will allow for deep customization and creative use cases, working in tandem with AI Workbench’s “partner plug-in integrations,” mentioned above. The rate of innovation based on creative systems like this will radically accelerate the security space in the years to come. “
It will be interesting to see how Google’s offering competes against from companies like Orca Security and ARMO who are doing similar things. And it will be interesting to see who else jumps into this space.
Twitter and it’s owner Elon Musk have both sunk to a new low with news via The Daily Mirror that a far right party in the UK has now been given a gold checkmark which makes it an “official organization” under Twitter’s rather messed up rules:
Fury has erupted after Twitter verified far-Right group Britain First with an ‘official organisation’ gold tick under Elon Musk’s shake-up of the social media platform.
British political party Britain First opposes multiculturalism in the UK, campaigning against what they call ‘Islamisation’, and instead seeks to ‘preserve traditional British culture’.
They have been known for making direct action on their beliefs including ‘invasions’ of British mosques. The leader, Paul Golding, has been previously convicted for religiously aggravated harassment against Muslims.
Now the official party on Twitter has received a gold tick, which verifies the account as an ‘official organisation’. Mr Golding has also had a blue tick added to his profile to verify him as an ‘official business user’.
This is an organization that has been previously banned from not only Twitter, but Facebook as well for the fact that this is a violent extremest group. By unbanning them, it’s pretty clear the Elon supports this far right group. Which says a lot about Elon.
So, if Elon is letting hate flow on Twitter, and backing that up with actions like this, is there any reason for any reasonable person to remain on Twitter? I would say that there isn’t. Because remaining on the platform only legitimizes Elon’s actions which are deplorable according to any standard.
StrikeReady, an AI-driven security company, has swept the Cyber Defense Magazine 11th Annual Global InfoSec Awards during RSA Conference 2023 in the categories of:
Most Innovative Applied Artificial Intelligence in Cybersecurity
Hot Company Security Orchestration, Automation & Response (SOAR)
Publisher’s Choice Threat Intelligence Management
Editor’s Choice Virtual Assistant for Cybersecurity
The most recognized security product and service industry-wide with over 60 awards and honors, StrikeReady CARA stood out with its innovative AI-based Virtual Security Assistant, which provides context-based responses and actions by leveraging underlying embedded technologies, such as threat intelligence platform (TIP), breach and attack simulation (BAS), SOAR, and more. StrikeReady has always envisioned that conversational AI is the foundation for empowering cybersecurity analysts. With ChatGPT coming into the limelight, it has reinforced their belief that AI-based assistance will be the biggest disruption in cybersecurity. They are the only company offering this solution.
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” and looking for best of breed, next generation InfoSec solutions.
CVE-2023-27524 is described by Horizon3.ai Chief Architect Naveen Sunkavally in this manner:
“a dangerous default configuration in Apache Superset that allows an unauth attacker to gain remote code execution, harvest credentials, and compromise data. We estimate there are roughly 2K+ servers on the Internet affected by this issue.”
Apache Superset is an open source data visualization and exploration tool. It has over 50,000 stars on GitHub, and there are more than 3000 instances of it exposed to the Internet.
Horizon3.ai research found that at least two-thirds of all servers (2000) – are running with a dangerous default configuration. As a result, many of these servers are effectively open to the public. Any attacker can “log in” to these servers with administrative privileges, access and modify data connected to these servers, harvest credentials, and execute remote code.
Horizon3.ai’s post is a deep dive into the misconfiguration, and provides advice for remediation as well as indicators of compromise that users of Superset should look for. The findings were published after the Foundation completed due diligence.
NIST describes CVE-2023-27524 as follows:
“Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
If you run Apache Superset, this is required reading for you.
Posted in Products with tags BenQ on April 25, 2023 by itnerd
Let me get right to the point. The BenQ PD3420Q ultra wide monitor is aimed at anyone who needs a colour critical monitor for image or video editing. Ideally if you’re a Mac user as it has a lot of features that are Mac friendly. That’s it. The review is done. Have a nice day.
Seriously this is a great monitor with very few things for me to gripe about. Let’s start with the monitor itself. It’s a 34″ monitor that is 21:9 which means that you get a resolution of 3440 x 1440 with a pixel density of 109 ppi. It’s also a 10-bit IPS panel that has a 60Hz refresh rate.
The PD3420Q has 100% sRGB and 98% DCI-P3 color space coverage. It also comes factory calibrated (the documentation is in the box) to an accuracy of Delta-E <3 which is okay as many monitors have a Delta-E of <2. But I think that might be on the conservative side as I will point out later. I didn’t see Adobe RGB percentage coverage mentioned anywhere in the specs, so if someone reading this needs that, you might have to look at another option.
Now let’s look at connectivity which is the first reason why I like this monitor:
From left to right you get a Mini-USB port for BenQ’s Hotkey Puck to control the monitor, two HDMI 2.0 ports, DisplayPort, a USB-C port that supports 65W power delivery and DisplayPort, A USB-A upstream port, two USB-A downstream ports.
On the side you get a USB-C port and a USB-A port along with a headphone jack.
What all of that means is that if you have a modern MacBook, you can do a one cable setup where a single USB-C cable delivers video, power and anything else that you need as seen in the picture above. And you have additional connection needs, you can leverage the monitor for that.
The PD3420Q includes BenQ’s Hotkey Puck remote control dial. This plugs into the monitor via the mini USB port that I referenced earlier and is used to control monitor settings like brightness, colour modes and the volume of the built-in dual 2.5W speakers. Though I should mention that there are buttons on the back of the monitor if that’s your preference. As for the stand, it’s made of metal, features tool free assembly, and is solid. The monitor doesn’t shake at all which is great and has some basic cable management. The stand is height adjustable as well as having the ability to tilt and swivel. Though in terms of height, it may not go high enough for those who are on the taller side. For those people, a good quality VESA mount may be your best option. I should point out that before getting this monitor, you should look at your setup so that you can ensure that it enough depth for the monitor. Otherwise you might find it difficult to look at if it is too close to you.
I should also mention that the PD3420Q incorporates a built-in KVM (keyboard, video, mouse) switch, allowing you to control two computers from a single keyboard and mouse, with the Hotkey Puck able to switch between the two computers.
Now all of that is nice, but how does the monitor perform? I’ll get the negative out of the way. The speakers will not impress you. However, in the default Display P3 colour mode, the PD3420Q will impress you. It has vibrant colours and excellent colour and contrast consistency. And the fact that BenQ has software called Display Pilot for the Mac that will help to make sure that my MacBook Pro Display matches the PD3420Q as closely as possible is an excellent touch. More on that in a moment. But what this means if you depend on your monitor for colour critical work, this is a very good option for you. I will also say once you tweak things using Display Pilot, text was pretty sharp.
One feature I really appreciated was the low blue light filter, which helps reduce the amount of harmful blue light emitted by the display. This is especially useful for those who work long hours in front of a screen, as it can help to reduce the risk of eye fatigue and other related issues.
The PD3420Q also has several additional features that make it a versatile and powerful monitor. For example, it has a Picture-by-Picture feature that allows you to connect two different sources (a PC and Mac for example) to the monitor as mentioned above and display them side by side.
The monitor also has a Picture-in-Picture feature, which allows you to display a smaller window within the main display. This can be useful for tasks such as video conferencing or keeping an eye on your email while working on something else.
Another feature worth mentioning is the Display Pilot software, which allows you to customize and optimize the display settings to suit your specific needs. The software includes various features such as split-screen options, colour temperature adjustments, and more. This software was a very nice touch during my testing.
The PD3420Q does Display HDR400 and HDR10. And I will say that HDR performance is better than most IPS displays that I have seen lately. However as is usually the case, the Mini LED XDR display in my MacBook Pro blows it away. Largely because of of the fact that the MacBook Pro’s display can get way brighter than the 400 nits that this monitor is capable of, and because it comes with local dimming which the PD3420Q does not have.
Finally, in the bonus points department, all cables are included in the box which makes life easy for anyone who buys this monitor as everything is there for you to set it up and use it.
Overall, I was impressed with the BenQ PD3420Q. It’s a powerful and feature packed monitor that is well suited for professionals who need a high quality display for their work. Its price point is pretty good as I found it on Amazon for about $1200. Take a look at it if you have a colour critical workflow.
Posted in Commentary with tags Thrive on April 25, 2023 by itnerd
Thrive, a premier provider of Cybersecurity, Cloud and Digital Transformation Managed Services, announced today that it has acquired Storagepipe, a world-class Cloud, Data Protection, Managed Services and Cybersecurity provider based in Toronto, Ontario. The acquisition will further expand Thrive’s global presence while allowing Storagepipe clients to leverage Thrive’s next-generation managed Cybersecurity and Cloud services, all powered by a proprietary automation platform.
Storagepipe offers comprehensive Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS) platforms, including Disaster Recovery for VMware and Hyper-V systems and IBM I (AS/400, iSeries). The company is a Microsoft Cloud Service Provider with an extensive portfolio of Microsoft 365 services. In 2020, Storagepipe was recognized as a Veeam Impact Partner – VCSP Growth Partner of the Year and in 2021 was recognized as Veeam Service Provider of the Year in Canada.
Storagepipe is Thrive’s third acquisition based outside of the U.S. since 2021, further strengthening Thrive’s global position as a leading technology provider delivering end-to-end managed services to drive secure digital transformation for small to mid-sized enterprises across multiple industries.
Abnormal Security, the leading behavioral AI-based email security platform, today announced the launch of three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional sources, including CrowdStrike, Okta, Slack, Teams and Zoom.
Email remains the most common path into an organization, but cybercriminals are steadily shifting their tactics and targeting additional entry points across the enterprise. The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data. Security leaders are concerned about these new attacks, but lack a single platform that can correlate signals across channels in one unified view.
To solve the problem, Abnormal is expanding its platform API integration capabilities to ingest unique data from more sources. Additional signals from these applications enrich Abnormal’s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns and more across a number of cloud-based applications. When the platform identifies anomalous activity, it provides a consolidated view through an “Abnormal Behavioral Case Timeline,” which allows security teams to see cross-channel attacker activity and take remediation actions.
In the latest Market Guide for Email Security, Gartner® states, “Although email is still the most common attack vector, many attackers use emails to begin the communication and then move it to Slack, Teams or any other collaboration platforms.” Accordingly, we believe there is a need to secure these platforms, filtering malicious content and highlighting suspicious interactions.
The new products will extend the power of the Abnormal platform to detect suspicious messages, remediate compromised accounts and provide insight into security posture across the three applications. Capabilities include:
Email-Like Messaging Security: Allows administrators to take action against malicious activity, monitoring Slack, Microsoft Teams and Zoom for messages that contain suspicious URLs and then flagging potential threats for further review. Malicious messages are surfaced regardless of whether the message is sent from an internal employee or an external contractor.
Email-Like Account Takeover Protection: Analyzes authentication activity in Slack, Teams and Zoom, alerting security teams to suspicious sign-in events—whether a user is signing in from a blocked browser, in a risky location or on a known-bad IP address. Each event is automatically flagged for immediate investigation, with single sign-on (SSO) activity from Okta and Azure Active Directory included for additional evidence.
Email-Like Security Posture Management: Gives security teams a complete view of user privilege changes in Slack, Microsoft Teams and Zoom to ensure only the appropriate users have admin rights. Email-Like Security Posture Management dynamically monitors for new changes, surfacing those that are considered high impact.
The new products are part of the comprehensive Abnormal Security platform and will be available for all customers to explore through the brand new Abnormal Marketplace starting next week.
Additional Resources
To learn more about the new products, you can read this blog post.
To discover the Abnormal architecture and new data ingestion capabilities, visit this webpage.
To request a personalized demo and get started protecting your cloud communications today, visit this webpage or Booth #854 at RSA Conference.
Posted in Commentary with tags Rogers on April 25, 2023 by itnerd
I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th. However this issue dragged on for days. There is a workaround, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as an email provider. Now Rogers has sort of admitted to the fact that there is an issue, but there is no ETA as to when it will be resolved. Other than that rather tepid admission, there has been silence from the telco.
Today is April 25th which is 49 days since this episode started. And Rogers users are reaching the end of their limit with the telco. There are two threads on the Rogers Community Forums that I’ve been tracking which illustrate how frustrated Rogers had made their own users. Here’s some examples:
This is what happens when you as a business do not provide a public comment about an issue that has been ongoing for a long time. Your customers get frustrated. Your customers do not believe that you care. And most importantly, your customers look for other options with your competitors. You have to wonder if Rogers is even checking their own Community Forum as this sort of feedback isn’t hard to find, and illustrates that they have not only a technology problem on their hands, but a public relations problem as well.
And as one person in the examples above has mentioned, you have to wonder why Rogers doesn’t simply disable the need for an app specific password until they figure this whole thing out as that would lower the temperature of this situation? Perhaps they’re at the mercy of Yahoo who provides Rogers email service? Or perhaps Rogers can’t figure out how to do that? Either way, it is curious that they have not tried doing that.
Rogers has really dropped themselves in it this time. While this isn’t as bad as taking down the entire country for a couple of days like they did last summer, this isn’t going to help them win hearts and minds. Rogers really, REALLY needs to start upping their game here. Starting with giving a coherent explanation of why this issue has been ongoing for 49 days and counting. Along with what they are doing to fix this issue and when they hope that this will be fully resolved. This is the only way that they can start regaining the trust of their customers and stop customers from leaving for other telcos. I really question at this point if Rogers has the ability to do any or all of that. But now would be a really good time for them to prove me wrong.
That I am guessing means that you will see more verified accounts in your feed. Whatever that means because he didn’t exactly make that clear. And I am guessing that you will see them whether you want to or not. Elon could be talking about a previously announced change in which he said that “only verified accounts will be eligible” to be shown in the For You feed. But again, this isn’t clear from this single Tweet. It also likely means that your Tweets will be all but invisible unless you pay for Twitter Blue.
It will be interesting to see how that plays out because the people in the #BlockTheBlue camp are going to have real fun using tools like this one to block anyone who has paid for Twitter Blue. Assuming that they stay on the platform as this is now a huge incentive to dump Twitter and never look back.
I am guessing that the calculus behind this for Elon is that those who refuse to pay $8 a month ($11 on iOS) because they don’t like him and would like to make a public show of it are now going to have a choice. They will either disappear from Twitter one way or another entirely or pay for Twitter Blue. And he’s hoping the they capitulate and choose the latter option. The thing is, Mastodon is gaining somewhere between 1000 and 2000 accounts an hour based on the Mastodon Users account. That has to be coming from Twitter which implies that Elon’s losing this fight. And this latest move by Elon may accelerate departures from Twitter. Which means that Elon once again might have played himself.
Google Announces Sec-PaLM Which Is An AI Workbench For Security
Posted in Commentary with tags Google on April 25, 2023 by itnerdYesterday at RSA, Google announced their new Cloud Security AI Workbench, a cybersecurity suite powered by an AI model coined Sec-PaLM that specializes in intelligent security LLM (Large Language Model).
Cloud Security AI Workbench will span a few new AI-powered tools (both owned by Google):
Google says that it plans to release the rest of the offerings to “trusted testers” soon, but in general, Sec-PaLM will assist customers in searching for and interpreting security events and interacting with the results conversationally. Also, users of Google’s Security Command Center AI will get explanations of attack exposures, assets effected, suggested mitigations and risk summaries, compliance and privacy findings.
Google’s play in the generative AI cybersecurity race comes just after Microsoft’s March release of competitor Security Copilot.
Jeffrey Sims, Principal Security Engineer, HYAS had this to say:
“Google has also been a large contributor to the open source LLM space with their fine-tuned model series called Flan (Fine-tuned LAnguage Net). These models range in parameter size (capability) and allow for commercial applications.
“In addition to Google’s offering, we’ll see many technologically advanced organizations leveraging these open source models which will allow for deep customization and creative use cases, working in tandem with AI Workbench’s “partner plug-in integrations,” mentioned above. The rate of innovation based on creative systems like this will radically accelerate the security space in the years to come. “
It will be interesting to see how Google’s offering competes against from companies like Orca Security and ARMO who are doing similar things. And it will be interesting to see who else jumps into this space.
1 Comment »