Archive for May 4, 2023

Google Announces Passkey Support For Google Accounts

Posted in Commentary with tags on May 4, 2023 by itnerd

Yesterday, Google announced that users can now sign into their Google account using passkeys instead of passwords or 2-step Verification. The move is part of the company’s efforts towards passwordless authentication and to further protect users from threats like phishing.

“This signature proves to us that the device is yours since it has the private key, that you were there to unlock it, and that you are actually trying to sign in to Google and not some intermediary phishing site,” Google’s Arnar Birgisson and Diana K Smetters said.

 Passkeys will be linked to each device where they’ve been added to the account allowing devices to be unlocked locally using a PIN or screen lock biometrics. Passkeys will be securely backed up and synced to the cloud and work across all major web browsers and platforms.
For now, passkeys will be an additional Google sign-in option ensuring that users have a fallback method and can log in using a password.

Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “Only last year Google shared its intent to end passwords realizing that identity threats are a top priority, and right before password national day it takes a major step towards that goal. Google is not alone on this mission joining FIDO alliance, Apple, and Microsoft which are on the same path. As adoption increases, we will see a decrease in less secured 2FA (two factor authentication) options available. Passkeys are proven to resist online attacks such as phishing compared to the common SMS OTP (one time password) yet security teams should carefully review usage and attempts as attackers will try to bypass and be ahead of the game.”

I am a big fan of passkeys as this will solve a lot of problems in terms of online security that consumers have. Thus making them a lot safer as a result. Hopefully other companies jump onto the passkeys bandwagon as that will make users more safe in more places.

Brightline Confirms That The Were Pwned In GoAnywhere MFT Hack

Posted in Commentary with tags on May 4, 2023 by itnerd

There has been a rash of attacks via a vulnerability in Fortra’s GoAnywhere MFT tool. And the results are far reaching. The latest victim to have disclosed that they have been pwned via this vulnerability is Brightline, which provides virtual coaching and therapy to children. They posted the disclosure on their website:

While Fortra’s investigation is ongoing, we understand that on January 30, 2023, Fortra was made aware of suspicious activity within certain instances of its GoAnywhere MFT service. Through its investigation, Fortra states that it identified a previously-unknown vulnerability which an unauthorized party used to gain access to certain Fortra customers’ accounts and download files, including ours.

Fortra informed us about the security vulnerability in their GoAnywhere MFT service on February 4, 2023. We took swift action the same day in response to the notice. Our investigation determined the incident was limited solely to the Fortra service and did not impact our own network.  Fortra also promptly notified law enforcement and is cooperating with their investigation of the Fortra incident.

Subsequently, we determined that the unauthorized party acquired certain files that were saved in the Fortra service. After making this determination, we immediately began to analyze the files to determine which individuals and data had been affected. As part of that analysis, it was determined that those files contained a limited amount of protected health information.  We then began notifying the Covered Entities of the incident.


Based on the investigation, we identified a limited amount of protected health information/personal information in the files that the unauthorized party acquired, potentially including some combination of the following data elements: individuals’ names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names. Please see here for a list of impacted entities. Note: Aetna member IDs were not compromised as a result of this incident.

Yikes! That’s far from trivial and not good. Ani Chaudhuri, CEO, Dasera:

The recent data breach involving Brightline, a pediatric mental health provider, is a stark reminder of the importance of data security in the healthcare industry. While it is disheartening to learn that such a vital service provider has been targeted, this incident should serve as a call to action for organizations to strengthen their data protection measures.

It is essential to recognize that Brightline promptly addressed the breach, taking immediate steps to investigate and mitigate the impact of the incident. Their efforts to enhance security measures, rebuild their service, and reduce data exposure demonstrate a commitment to protecting their patients’ information. However, the fact remains that even the most well-intentioned organizations can fall victim to cyberattacks.

As a data security company, we understand organizations’ challenges in safeguarding their sensitive information. In this rapidly evolving landscape, companies must invest in robust data security solutions and work closely with experts to ensure they are prepared for emerging threats.

Moreover, it is vital for organizations to regularly assess their data security infrastructure and implement necessary updates and patches to address vulnerabilities. As the ransomware gang exploited a zero-day vulnerability in this case, it highlights the importance of staying informed about potential risks and swiftly mitigating them.

We empathize with Brightline and the affected individuals, understanding the stress and potential harm such breaches can cause. To assist those impacted, offering complimentary identity theft and credit monitoring services is a commendable step by Brightline. Organizations must prioritize their clients’ well-being and offer support during these challenging times.

While the Brightline data breach is unfortunate, it is a critical reminder for organizations to prioritize data security and invest in necessary measures to protect sensitive information. Collaboration between organizations and data security companies is essential to safeguard against threats and minimize the impact of breaches on the lives of those affected.

I suspect that there are more companies who use GoAnywhere are going to step forward and say that they have been pwned. Which will massively increase the scale of this vulnerability to something that could be an Earth shattering event in the cybersecurity space.

When AI Imitates Pizza Hut, Pizza Hut Imitates AI

Posted in Commentary with tags on May 4, 2023 by itnerd

Over the last 48 hours, the internet has been buzzing about the bizarre AI-generated Pepperoni Hug Spot commercial.

On April 24, Redditor u/PizzaLater posted a 30-second video to subreddit r/midjourney that went so viral that everyone from iconic pizza chains to billionaires took notice. The fake ad utilized artificial intelligence to create an advertisement for an imaginary pizza place called “Pepperoni Hug Spot.” The universal reaction to the commercial has been a joint combination of amazement, horror, and laughter, with several consumers dropping their comments on the 90s nostalgia that the spot brings.

It didn’t take long for Pizza Hut Canada to take notice, as several of the visuals used in the ad ties – including the logo and red roof restaurant – are reminiscent of Pizza Hut and classic dine in moments of times past.

This Saturday, May 6, 2023 – Pizza Hut Canada will excite Torontonians, bringing AI to life with a fun experience for all those pizza lovers out there! You might want to keep an eye on Pizza Hut Canada’s Twitter account for clues as to what is coming.

UPDATE: That didn’t take long. This was just posted to Pizza Hut Canada’s Twitter account:

City Of Dallas Pwned By Ransomware

Posted in Commentary with tags on May 4, 2023 by itnerd

Yesterday, the city of Dallas announced that a number of its servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website which has been taken offline and 911 dispatchers are having to write down calls for officers rather than using the computer dispatch system.

CBS News Texas obtained an image the ransomware note. The hackers, a group called Royal, claim that they encrypted the city’s critical data, and threatened to post sensitive information online.

Officials are working to contain the spread to other city computer systems and, while there were reports of other governmental computer outages, there seems to be limited impact on city operations affecting residents.

While large, American cities such as Dallas, Baltimore, Oakland, Washington DC, to name a few, continue to experience impactful outages, it highlights a larger concern of the caliber of cybersecurity these municipalities have in place.

“We commonly find [state and local governments’] security posture to be weaker than that of the average corporate company. This is not due to a lack of concern, but rather a lack of resources and manpower to address the ever-growing challenges of cybersecurity,” Quentin Rhoads-Herrera, a Dallas-based cybersecurity executive, told CNN.

I have a three comments on this. Starting with Kevin Hanes, CEO, Cybrary:

   “Sounds familiar (ATL). For all the folks who are responding and trying to figure out the what, how, why, and now what?…as terrible as it is this will pass and you can come out of it stronger. It’s challenging but you have to stay positive and take care of one another as stress and no sleep will take its toll on everyone.”

Stephen Gates, Principal Security SME, follows up with this:

   “Most successful ransomware attacks are primarily due to hidden vulnerabilities that have laid dormant within the inner bowels of a network for some time. This endemic problem plaguing American cities (and elsewhere) will never be resolved until organizations accept the fact that yes, they are completely vulnerable to ransomware attacks. The problem, however, is that they often have no idea where those vulnerabilities lie.

   “It is imperative to get ahead of the game and find the vulnerabilities yourself by attacking your internal network the same way an attacker will. This is not a one-and-done proposition since you’ll never be able to manage your risk daily if you don’t know where you’re vulnerable. As a result, automated AI-driven tools are readily available to perform that continuous function for you today.”

Finally Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “Local government offices continue to be a target for ransomware groups as we’ve seen for the past couple of years. For the most part, their infrastructure is outdated, their controls are not tuned and therefore, in the case of a compromise, the impact is greater than it should be resulting in a complete disruption of operations.

   “The Royal ransomware group has been known to use a mix of old and new techniques to lure victims to install a remote desktop malware from which they can extend reach and encrypt critical files. Controls against Ransomware threats must be implemented as well as practices to contain and recover without paying the ransom.”

Local governments really need to focus on not being a “target rich environment” for threat actors by improving their security posture. That’s the only way that situations like this will become less likely to happen.

HYAS, RSM Partner To Preemptively Protect Clients Via Protective DNS

Posted in Commentary with tags on May 4, 2023 by itnerd

HYAS Infosec, leaders in utilizing advanced adversary infrastructure intelligence and detection to preemptively neutralize cyberattacks, today announced its partnership with RSM, a leader in the professional services industry, to deliver HYAS Protect, which leverages authoritative knowledge of attacker infrastructure to proactively protect enterprises from cyberattacks. 

The partnership enables RSM to now offer a solution to its RSM Defense clients that preemptively identifies communication with malicious or compromised domains and thwart cyberattacks — and neutralize adversary infrastructures before they can get started attacking. Access to malicious domains is blocked at the network level, preventing both unintended connections and actions by adversaries, adding to RSM’s best-in-class cyber threat intelligence and managed detection and response services (MXDR).

Phishing, malware, supply-chain attacks, and other nefarious actions all require communication with malicious domains. HYAS protective DNS provides RSM customers with unprecedented visibility and attribution of the origins of attacks and the infrastructure being used.

HYAS Protect provides the best possible protection at the DNS layer against the malicious infrastructure used by malware, ransomware, phishing, and supply-chain attacks. Actions that can be taken include outright blocking and/or alerting so that further investigation can be taken. HYAS provides protective DNS for devices inside and outside customer networks. Its high-fidelity threat signal reduces alert fatigue and improves network intelligence. HYAS also blocks low-and-slow attacks, supply chain attacks, and other intrusions that can lurk in the network. 

New Head of Telstra International Appointed

Posted in Commentary with tags on May 4, 2023 by itnerd

Telstra’s Finance and Strategy Executive Director Roary Stasko has been appointed as the new CEO of Telstra’s International business, starting 1 July.  

Telstra Enterprise Group Executive David Burns said he was thrilled to appoint Mr. Stasko, who brings a wealth of experience and passion for international markets, to the role. And he said that Mr. Stasko’s background in emerging markets would be invaluable in his new role.  

He said Mr. Stasko would start in the role on 1 July to ensure a smooth transition with current Head of Telstra International Oliver Camplin-Warner, who will be moving to head up the Telstra Purple business in the new financial year.  

Mr. Stasko said he was looking forward to working across the diverse portfolio of the International business, and exploring growth opportunities. 

Mr. Stasko will continue to hold his position on the Digicel Pacific Board, and will be based out of San Francisco, Ca. 

Flashpoint Has Found That Killnet Is Rebranding And Reorganizing

Posted in Commentary with tags on May 4, 2023 by itnerd

Flashpoint has published a blog today entitled: For Money and Attention: Killnet Apparently Reorganizes Again

The past months have seen Killnet trying to make money in various ways, although it appears that these attempts to attract funding were mostly unsuccessful, or at the very least insufficient. They include:

  • Publicly applying for sponsorship from the Russian state and from Russian businesspeople several times over the past months
  • Selling access to various documents exfiltrated from NATO countries
  • Selling the “Infinity” forum, which the group created in December 2022
  • Promoting its paid “hacking school” ($249 for a course) which is apparently yet to launch
  • Advertising its paid DDoS services 
  • Soliciting money from its followers

Killnet remains widely ridiculed on top-tier Russian-speaking forums. On Exploit, for example, a thread in which the group’s leader, Killmilk, was advertising the sale of Infinity, drew widespread mockery, with users offering a couple hundred dollars for what many of them saw as a lost cause. 

You can read the blog post here.

Cybrary for Teams Now Available on Google Cloud Marketplace

Posted in Commentary with tags on May 4, 2023 by itnerd

Cybrary, the leading cybersecurity skills development platform, today announced the launch of Cybrary for Teams on Google Cloud Marketplace. This partnership allows cybersecurity teams to access critical skill development and training resources directly through Google Cloud.

Cybrary for Teams, a workforce development solution hosted on Google Cloud, empowers organizations to develop and retain skilled cybersecurity talent. With a content library covering a complete curriculum of in-depth topics and specialized skills, Cybrary’s centralized, affordable platform offers remarkable value compared to other training options. Now available in the Google Cloud Marketplace, customers can access a turnkey solution aimed at providing organizations with the necessary knowledge, skills, and abilities to defend against the threats they face every day. Through a combination of industry certification preparation programs and hands-on threat-informed simulation, aligned to leading frameworks such as NIST / NICE and MITRE ATT&CK, organizations can continuously train, map, and evaluate the skills and competencies of their team.

Cybrary is a global platform that supports over 3.5 million professionals in their cybersecurity skills development journey. Delivering this level of critical training requires fast, scalable virtualization solutions to keep learners up to date with content on the latest threats that builds hands-on, mission-ready skills, all while ensuring an operational platform uptime. Google Cloud’s technology helps make this a reality. You can learn more about Cybrary for Teams and view the marketplace listing here.

You Know, I Really Have To Question Why Rogers Describes Its Internet Offering The Way They Do…. Because It’s Simply Not Accurate

Posted in Commentary with tags on May 4, 2023 by itnerd

Right off the top, I’m going to say that I believe that Rogers must be feeling the heat from Bell and the fact that Bell is rolling out fibre to the home anywhere and everywhere it can. And the fact is that as I said years ago, and when I got Bell’s fibre product in my home, Bell’s fibre optic Internet products destroy anything that Rogers has to offer as Rogers customers for the most part are stuck with cable. Now here’s why I say that. A reader pinged me with this:

Hello IT Nerd. I got an advertisement in my mailbox today where Rogers is offering “fibre-powered Internet” at my address. Does that mean that Rogers is about to roll out fibre to my address? Would you be able to answer this question? Thanks!

The first thing that I did was to reach out to him and ask him to check what speeds are offered at his address and send me the screenshot. I got this back in reply:

All of these options are Rogers cable based Internet offerings. Which I have said previously work like this:

They deliver Internet access by using a system they call “Hybrid Fibre” which means that the Rogers network is largely fibre optic cable. But the so-called “last mile” to your home is copper cable. The problem with that scheme is that copper cable can only handle so much bandwidth. Since Rogers is in the process of rolling out DOCSIS 3.1 across their network (at present they have DOCSIS 3.1 enabled on the downstream part of their Internet connections, but not on the upstream part of their Internet connections), that means that they’re capped at 10 Gbit/s downstream and 1 Gbit/s upstream as per this Wikipedia page.

The problem is that Rogers advertises their Internet offering like this:

You’ll note that it says “Good news! Fibre-powered Ignite Internet  is available at” followed by the address which I have redacted. Rogers isn’t being quite truthful as they are only providing fibre to the node and not the home. This is further backed up by the flyer that this person got in the mail:

Both of these pictures have references to “fibre-powered Internet”. The problem with that is consumers think that this is fibre from end to end like Bell. But it is not fibre from end to end. And that leaves consumers with a bad taste in their mouths. Take this post on Reddit as an example:

And the thing is, I’ve called out Rogers for this type of marketing before. Last year, Rogers was advertising “pure fibre to the home” when that wasn’t what they were delivering. But they quickly changed that about a week later. Presumably because of blowback from customers who thought that they were getting something other than what Rogers was actually delivering. I can only conclude that they are now doing this again because Bell is really putting the heat on them and they need to do something to acquire and retain customers on their Internet product. Which has a knock on effect for home phone and TV as well.

Rogers isn’t doing itself any favours by the way they are advertising their Internet offering. It confuses consumers who then are left with a bad taste in their mouths when it comes to Rogers when they find out that they’re not getting the service that they think that they should be getting. Honestly if I were Rogers, I would stop this immediately. And instead I would clearly explain to consumers how their technology works. Sure their technology in most places that Rogers operates isn’t as sexy as fibre to the home. But at least they would be completely honest. And that would be an improvement over what they are doing currently which is playing fast and loose with the facts.

The White House Makes An Announcement On How They’re Going To Promote Responsible AI Development

Posted in Commentary with tags , on May 4, 2023 by itnerd

The White House today has announced what they are going to do to promote responsible AI innovations. This is timely as this is a top of mind issue at the moment. Here’s what the goal is:

AI is one of the most powerful technologies of our time, but in order to seize the opportunities it presents, we must first mitigate its risks. President Biden has been clear that when it comes to AI, we must place people and communities at the center by supporting responsible innovation that serves the public good, while protecting our society, security, and economy. Importantly, this means that companies have a fundamental responsibility to make sure their products are safe before they are deployed or made public.

There’s a lot more to this and I encourage you to read the full details at the link above.

I have two comments on this. Starting with Ani Chaudhuri, CEO, Dasera 

In light of the recent announcement made by the Biden-Harris Administration, it is evident that the US government has taken some essential steps to promote responsible AI innovation while protecting Americans’ rights and safety. While these actions are commendable, it is crucial to emphasize that data security plays a vital role in ensuring AI’s responsible and ethical use.

As the Administration engages with CEOs of leading AI companies, it is essential to remember that responsible and ethical AI development requires robust security measures. Data security companies play a significant part in this landscape, working diligently to protect sensitive information and mitigate risks associated with AI technologies.

The new investments in AI research and development, public assessments of generative AI systems, and policies to ensure responsible AI use by the US government are all necessary steps to create a safer AI ecosystem. However, investing in data security infrastructure and prioritizing collaboration with data security companies is vital. In doing so, the government and AI industry can ensure comprehensive protection against risks and potential harm to individuals and society.

Furthermore, AI developers must be held accountable for the security of their products, emphasizing their responsibility to make their technology safe before deployment or public use. This includes proper data management, secure storage, and measures to prevent unauthorized access to sensitive information.

The Biden-Harris Administration’s actions to promote responsible AI innovation are crucial for a safer future. However, it is equally important to acknowledge the role of data security companies in this landscape and foster partnerships to ensure a comprehensive and cohesive approach to AI-related risks and opportunities.

This is followed up by a comment from Craig Burland, CISO, Inversion6:

There’s no putting the AI genie back in the bottle. Two years ago, if your product didn’t have AI it was considered last-generation.  From SIEM to EDR, products had to have AI / ML.  Now, ChatGPT is evoking fears pulled from science fiction movies.  

Generative AI (GAI) is an evolution of technology that started when we jumped into Big Data. GAI has tremendous potential and troubling downsides. But, the government will be hard-pressed to curtail building new models, slow expanding capabilities, or ban addressing new use cases. These models could proliferate anywhere on the globe.  Clever humans will find new ways to use this tool – for good and bad.  Any regulation will largely be ceremonial and practically unenforceable.  

I think that this is a good initiative by the White House. But as always, I await meaningful results as I feel that we’re currently at a tipping point in terms of where we are with AI. Which in my mind implies that things can go in a great direction, or things could go off the rails when it comes to AI. And in either case, there would be no way back.