Archive for June 2, 2023

CISOs Plan to Increase Cybersecurity Spending Despite Economic Concerns: Nuspire

Posted in Commentary with tags on June 2, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), announced findings from its second annual research study, revealing current challenges, priorities and purchasing trends of Chief Information Security Officers (CISOs).

The study also charts how CISOs’ and IT security decision-makers’ (ITDMs) challenges and priorities have evolved since the first report was published in August 2022. Changes include a significant reduction in concerns over securing a remote workforce and an increased focus on cybersecurity insurance and incident response.

Additional findings from the study include:

  1. Ten percent of CISOs/ITDMs manage all of their cybersecurity needs in-house.
  2. CISOs/ITDMs with less than $1 million for outsourcing are more likely not to outsource compared to their peers with larger budgets.
  3. CISOs/ITDMs report increased confidence in their cybersecurity systems, especially considering their security strategy relative to end-user compliance and peers.
  4. CISOs/ITDMs are now more concerned with software applications and email/collaboration tools versus end users and endpoints, which topped the list last year.
  5. The unique challenges and IT pressures of remote work have fizzled out from the benchmark study, making way for greater emphasis on attracting and retaining skilled cybersecurity professionals.

Nuspire’s research methodology involved anonymously surveying more than 200 U.S.-based CISOs and ITDMs from large to mid-size enterprise organizations across various industries, including manufacturing, financial services, information technology, healthcare, retail and more.

The “Second Annual CISO Research Report on Challenges and Buying Trends: A Focus on Optimization” is available on Nuspire’s website.

Leave a comment »

BREAKING: Bell Canada Has A Pair Outages With Their Internet Service

Posted in Commentary with tags on June 2, 2023 by itnerd

Just before 11AM EST, Bell Canada had some sort of Internet outage that stopped their modems from connecting to their service. The error message that people were seeing was “Error 2100” which meant that the modem could not authenticate to the Bell network. Down Detector captured the fact that this was a widespread issue:

Fortunately the issue was addressed by Bell just before 11:20 AM EST where service was restored. But looking at Bell’s Twitter accounts, there was no acknowledgement by the telco that there was any issue. And looking at the screenshot above, this was the second outage in 12 hours. Clearly something is up with Bell at the moment and it would be in their interest to explain what is going on and what they are doing to make whatever is going on go away.

Leave a comment »

Zero Click Exploit Targets iOS Users

Posted in Commentary with tags on June 2, 2023 by itnerd

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. Kaspersky has been tracking this and had this to say:

“The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data,”

Joe Saunders, CEO, RunSafe Security had this to say about this threat:

“Even the best developers inadvertently leave open the potential for critical vulnerabilities to be exploited. Scanning & patching as we chase the vulns is inevitable – but this is why we need to invest in secure by design, secure by default and memory safety across software.”

The Kaspersky research on this threat noted that they were hit by this. That shows you how potentially dangerous this can be. And it isn’t known if Apple has patched whatever means the threat actors are using to get control of devices. This is something that I will be watching closely as there’s more to come in terms of detail.

Leave a comment »

Flashpoint Research Team Offers Analysis Into Deepfakes

Posted in Commentary with tags on June 2, 2023 by itnerd

According to a survey conducted in 2022, the use of detected deepfakes rose by 13 percent between 2021 and 2022. According to a blog posted by researchers at Flashpoint, threat actors posted about deepfakes on illicit forums and marketplaces approximately 133,000 times within the past three years. While not all discussions are malicious, threat actors are actively discussing and learning about the emerging technology. That suggests that maybe those who defend against attacks should be learning about deepfakes as well.

The Flashpoint blog can be found here.

Leave a comment »