Archive for June 13, 2023

« Older Entries

Cisco Launches Full Stack Observability Platform

Posted in Commentary with tags on June 13, 2023 by itnerd

Cisco announced the launch of a new Full Stack Observability Platform—a vendor-agnostic solution that harnesses the power of the company’s full portfolio. It delivers contextual, correlated, and predictive insights that allow customers to resolve issues more quickly and optimize experiences, while also minimizing business risk.

This industry-leading offering enables a new observability ecosystem that brings data together from multiple domains including application, networking, infrastructure, security, cloud, sustainability, and business sources.

Cisco’s FSO Platform is focused on OpenTelemetry and is anchored on Metrics, Events, Logs, and Traces (MELT), enabling businesses to seamlessly collect anpd analyze MELT data generated by any source. The Cisco FSO Platform is also designed as a unified, extensible platform, allowing developers to build their own observability solutions, empowering an ecosystem of customers and partners.

Cisco FSO Platform Applications: Cloud Native Application Observability

Cloud Native Application Observability is the premier solution delivered on Cisco FSO Platform. It helps customers achieve business outcomes, make the right digital experience related decisions, ensure performance alignment with end-user expectations, prioritize, and reduce risk while securing workloads.

In addition to Cloud Native Application Observability, the first set of modules on Cisco’s FSO Platform are:

  • Cost Insights: Provides visibility and insights into application-level costs alongside performance metrics, helping businesses understand the fiscal impact of their cloud applications, while also supporting sustainability efforts. 
  • Application Resource Optimizer: Provides visibility into Kubernetes workload resource utilization, so businesses can maximize resource usage and reduce excessive cloud spend, helping them meet financial targets and sustainability goals.
  • Security Insights: Generates an application-based business risk score to help DevOps and SecOps teams to prioritize and eliminate vulnerabilities on cloud native applications or services that have a high likelihood of exploitation. 
  • Cisco AIOps: Visualize contextualized data relevant to infrastructure, network, incidents, and performance of a business application, all in one place. Simplifies and optimizes IT’s operational needs.

Cisco is already collaborating with partners, including CloudFabrix, Evolutio, and Kanari, to develop and monetize a diverse ecosystem of solutions for the Cisco FSO Platform that enable meaningful, new use cases and rapidly deliver customer value from observable telemetry. 

Cisco FSO Platform launch partners are building novel solutions and extending the Platform’s reach to new customers and business use-cases:

  • vSphere Observability and Data Modernization from CloudFabrix: This solution observes vSphere data through Cisco FSO Platform and correlates it with Kubernetes and infrastructure data to generate insights and recommended actions across infrastructure and the containerized application stack.
  • Evolutio Fintech: This fintech observability solution is designed to help customers draw business insights by monitoring KPIs based on data ingested such as payments and credit card authorizations. 
  • Kanari Capacity Planner and Forecaster: This provides visibility into time series data associated with capacity planning and forecasted events with risk factors that have been determined through predictive ML algorithms (ARIMA, SARIMA, LSTM). Capacity Planner and Forecaster also allows organizations to take a sustainable, resilient approach to planning and tracking resources.

The Cisco FSO Platform marks a key advancement in Cisco’s accelerating FSO strategy. Partners can unlock even more value for themselves and their customers through extensibility. AI-driven root cause analysis, experience optimization, and incident management are tied to business context so teams can identify, prioritize, resolve, and predict issues before they impact end users and their business.

Leave a comment »

Cyware Announced as Launch Partner for Wiz Integration (WIN) Platform

Posted in Commentary with tags , on June 13, 2023 by itnerd

Cyware, a leader in threat intelligence, security automation, and cyber fusion platforms, today announces its partnership with leading cloud security provider Wiz as the company unveils Wiz Integration (WIN) platform. Cyware, hand selected as a launch partner, brings the power of vendor-neutral orchestration, automated response, and security collaboration capabilities to WIN.

WIN enables Wiz and Cyware to share prioritized security findings with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits:

  • Connecting the dots on vulnerabilities and patch management insights from Wiz CNAPP Reports
  • Automating responses across all security tools through advanced low-code, customizable playbooks and vendor-neutral orchestration
  • Automatically alerting internal and external stakeholders to risks, incidents, and remediation

The combined value of these two offerings will streamline security for organizations that are on a cloud journey, regardless of where they may be on that journey.

WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their CI/CD pipeline. Wiz is setting the industry standard in integrated solution strategy to maximize operational capabilities of organizations with partners like Cyware in WIN.

Leave a comment »

Healthcare Vendor ITx  Reports Yet Another GoAnywhere Hack

Posted in Commentary with tags on June 13, 2023 by itnerd

In a breach report filed June 8th, revenue cycle software vendor ITx joined the list of healthcare companies to announce a Fortra-related breach – this one affecting nearly 490,000 individuals. 

ITx took the following actions after Fortra disclosed the flaw that was being actively exploited:

  • Feb. 8th – ITx discovered it had been subject to a Forta security incident  
  • May 10th – Review was completed of all relevant logs provided by Fortra  
  • May 19th – Review was completed to determine what and whose information was affected 
  • June 8th – Breach report filed 

Information compromised in ITx’s Fortra incident includes patients’ names, addresses, medical billing and insurance information, medical information, and demographic information such as birthdate and SSNs. 

To date, the GoAnywhere vulnerability has affected the health information of about 4.4 million individuals at Blue Shield of California, Aetna and Santa Clara Family Health Plan, Brightline, Community Health System, and NationsBenefits, to name a few.

Avkash Kathiriya, SVP of Research and Innovation, Cyware had this to say:

   “We are facing an epidemic of healthcare-related breaches, and most organizations continue to fight this battle alone. Healthcare providers need much better visibility of weaknesses, and the ability to share threat intelligence throughout their supply chains. While every entity in the supply chain may not be adequately prepared to counter sophisticated cyber threats, together they can mount a collective defense against the common threats faced by the sector.”

GoAnywhere keeps claiming victims which is not good for any of us. I fully expect the carnage that has been caused by this vulnerability to continue for a long time.

Leave a comment »

Today Is Patch Tuesday… Here’s What Was Fixed By Microsoft

Posted in Commentary with tags on June 13, 2023 by itnerd

It’s the second week of June, which means it’s Patch Tuesday. And that means that you need to get about patching all things Microsoft. Bleeping Computer has the details:

While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as ‘Critical,’ including denial of service attacks, remote code execution, and privilege elevation.

The number of bugs in each vulnerability category is listed below:

  • 17 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 32 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities
  • 1 Edge – Chromium Vulnerabilities

This list does not include sixteen Microsoft Edge vulnerabilities previously fixed on June 2nd, 2023.

Dor Segal, Senior Research Tech Lead, Silverfort highlights two key fixes by Microsoft:

     “CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege Vulnerability with a high CVSS score of 9.8.

This vulnerability could be used by an attacker with access to spoofed JWT authentication tokens to bypass authentication, gain access to a SharePoint server and adopt the privileges of an authenticated user.

It’s currently unclear whether the access permissions are to the SharePoint application or to the server itself, meaning the impact of any exploitation attempts could range from data theft to initial access into a domain environment. This would explain its high CVSS score.

CVE-2023-29362 – a Remote Desktop Client RCE vulnerability – is pretty unique and well worth notice.

Admins use RDP clients for many of their day-to-day tasks, from managing servers to fixing user problems. Using an RDP client can give admins a false sense of security: they can see what’s going on in a remote server or that client’s computer, but they believe themselves to be protected from malicious activity on the client’s end thanks to the RDP. This vulnerability unfortunately proves that wrong.

CVE-2023-29362 allows an attacker who has compromised a Windows machine to attack and spread to any RDP client connected to that same machine. In the case of admins or other privileged machines, this could potentially lead to compromise of the entire domain.

It’s worth noting that patching is needed on the client’s side – not the server’s – so we recommend first patching privileged clients before moving on to the rest of the clients in the organization.”

After I post this, I will get about patching all the Microsoft gear in my home and home office. You might want to do the same thing as soon as you can.

Leave a comment »

Laminar Announced as Launch Partner for Wiz Integration (WIN) Platform

Posted in Commentary with tags , on June 13, 2023 by itnerd

Laminar, the leading agile data security platform, today announces its partnership with leading cloud security provider, Wiz as the company unveils Wiz Integration (WIN) Platform. Laminar, hand selected as a launch partner, brings the power of the Laminar Data Security Platform to WIN, to improve customer understanding of how cloud vulnerabilities may put their sensitive data at risk.

The integration between Wiz and Laminar optimizes the value of both platforms while enabling organizations to more efficiently and effectively secure their public cloud environments. With this integration, data security teams can use the Laminar Platform to secure overexposed and unprotected data, remediate misplaced data, and delete any redundant, obsolete, or trivial (ROT) data — which ultimately ensures a more secure, hygienic data environment that meets compliance requirements. Pairing all of this data security posture with the Wiz platform allows cloud security teams to better understand how to prioritize cloud infrastructure vulnerabilities.

WIN enables Wiz and Laminar to share prioritized security findings with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits:

  • Prevent Sensitive Data Exposure – Laminar enriches Wiz with a layer of data context that gives organizations additional visibility into the full impact of each attack path and issues.
  • Ruthless Prioritization – In collaboration with Laminar, Wiz enables infrastructure security teams to focus on issues that impact highly sensitive data first.
  • Streamline Collaboration and Remediation Workflows – With the joint solution, data security and infrastructure teams share data with a common view to contain and remediate risk faster.

The combined value of these two offerings will streamline security for organizations on a cloud journey, regardless of where they may be on that journey.

WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their CI/CD pipeline. Wiz is setting the industry standard in integrated solution strategy to maximize operational capabilities of organizations with partners like Laminar in WIN.

Leave a comment »

Parental Control App For Android Riddled With Vulnerabilities

Posted in Commentary with tags on June 13, 2023 by itnerd

Vulnerabilities initially found back in 2022 in a parental control Android App by Kiddowares, which has over 5M downloads from the Google Play store, are still causing problems today. Despite an update made by the app maker to address the initial vulnerabilities, not every user has updated to the most recent version of the app, thereby making themselves still vulnerable. Bleeping Computer has additional details:

Researchers at SEC Consult have found that the Kids Place app versions 3.8.49 and older are vulnerable to five flaws that could impact the safety and privacy of its users.

The five security issues are the following:

  1. User registration and login actions return the unsalted MD5 hash of the password, which can be intercepted and easily decrypted. MD5 hashes are no longer considered cryptographically secure, as they can be brute-forced using modern computers.
  2. The customizable name of the child’s device can be manipulated to trigger an XSS payload in the parent web dashboard. Children or attackers can inject malicious scripts to execute on the parent’s dashboard, achieving unauthorized access. The issue has received the identifier CVE-2023-29079.
  3. All requests in the web dashboard are vulnerable to cross-site request forgery (CSRF) attacks. The attack requires knowledge of the device ID, which is obtainable from the browser history. The issue has received the identifier CVE-2023-29078.
  4. An attacker could exploit the app’s dashboard feature, originally intended for parents to send files up to 10MB to their child’s device, to upload arbitrary files to an AWS S3 bucket. This process generates a download URL which is then sent to the child’s device. No antivirus scan takes place on the uploaded files, so these can contain malware.
  5. The app user (child) can temporarily remove all usage restrictions to bypass parental controls. Exploiting the flaw, tracked as CVE-2023-28153, does not generate a notification to the parent, so it goes unnoticed unless a manual check is performed on the dashboard.

SEC Consult’s report contains proof-of-concept requests or step-by-step instructions on exploiting the above issues, making it easy for threat actors to exploit the vulnerabilities on older versions of the apps or for children to bypass restrictions.

Therefore, it is essential to update to a secure version of the app, which is 3.8.50 or later.

The analysts discovered the flaws on November 23, 2022, while testing Kids Place 3.8.45 and reported it to the vendor, Kiddoware.

The vendor eventually addressed all problems with version 3.8.50, released on February 14, 2023.

App users can update to the latest version by opening the Google Play store, tapping their account icon, selecting ‘Manage apps & device,’ and tapping on ‘Check for updates.’

Chris Roeckl, chief product officer at mobile app security company Appdome, says:

“Technically speaking, the user is not in the best position to protect themselves or their devices. The level of sophistication of malware and synthetic fraud tools has outpaced the user’s ability to self-protect themselves. What this means is that the burden and responsibility have shifted to the app publisher/developer to protect the user. The journey to protect the user has to be the focus of app developers from here on out.

If the app market had used in-app security protections, including data encryption, anti-malware, anti-fraud and app code protections, this situation, and others like it, could have been avoided. Using a code-less automated cyber defense system to add these protections allows developers to get protections like these released rapidly, within the software engineering pipeline.”

So if you use this app, you should update right away. But I will also say that the makers of that app need to do better to make sure that their app is secure.

Leave a comment »

OVHcloud Announces C12 Powered Notebook

Posted in Commentary with tags on June 13, 2023 by itnerd

 OVHcloud, the european Cloud leader, announces the immediate availability of a new emulator, accessible through a notebook, aimed at facilitating quantum computing.

In time for the France Quantum 2023 event taking place today at Station F, OVHcloud confirms its commitment towards innovation and quantum computing giving access to French startup C12 quantum emulator. 

In development for months, this emulator will make sure developers access all the physics phenomena occurring in future C12 quantum processor thanks to a faithful and accurate emulator. Built out of carbon nanotubes, C12 quantum machines are designed to provide the highest compute accuracy perfectly mimicked by this emulator.

OVHcloud is delivering on its promise to foster a quantum ecosystem helping global developers, students and scientists alike accessing the tools they need so they are ready for the next leap. 

C12 notebook is available this month from OVHcloud Public Cloud universe. Members of the OVHcloud Startup Program and qualifying students will get complimentary access to all OVHcloud quantum notebooks.

Leave a comment »

Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Posted in Commentary with tags on June 13, 2023 by itnerd

If you have a FortiGate SSL VPN appliance, it’s time to patch it as a critical vulnerability has been discovered which if exploited can be used to hijack the appliance:

In a recent blog post, French researchers Olympe Cyberdefense said the flaw would let a “hostile agent interfere via the VPN, even if the multi-factor authentication was activated.”

The researchers said patches have been issued in FortiOS firmware for the following versions: 7.0.12, 7.2.5, 6.4.13 and 6.2.15 — and that they are waiting for more details to be released tomorrow on June 13. 

Fortinet has a general practice of putting out security patches prior to disclosing critical vulnerabilities to give its customers time to patch before threat actors get ahold of the information.

On June 11, Lexfor Security researcher Charles Fol published a tweet confirming the flaw, saying that Fortinet published a patch for CVE-2023-27997, which was reserved by Fortinet with MITRE. Fol said it was an RCE that’s reachable pre-authentication on every Fortinet SSL-VPN appliance and advised patching immediately.

Joe Saunders, CEO, RunSafe Security had this comment:

Chasing patches and developing urgent fixes is a continuously losing battle. We need a way to achieve memory safety in code so we don’t have to play this cat and mouse game in perpetuity.

Given the fact that threat actors will often use information like this to create attacks, I’d get to patching this flaw ASAP to protect your enterprise.

Leave a comment »

TELUS study shows efficiency and cost savings are top reasons why Canadians invest in home security systems

Posted in Commentary with tags on June 13, 2023 by itnerd

A new survey commissioned by TELUS SmartHome Security, a trusted security leader with over one million customers, found that the top motivators for Canadians’ adopting a home security system include the ability to protect themselves and their loved ones (57%), record criminal activity to help keep their neighbourhood safe (50%), monitor their home while on vacation (50%), and keep an eye out for deliveries/potential parcel theft (49%)

In addition to added protection and monitoring, Canadians are looking for cost savings at home too, with finances being named as the leading stressor for Canadians, specifically those aged 18-54. With TELUS SmartHome Security, Canadians can save on energy costs and invest in protecting their high value possessions without any upfront payments, as well as take advantage of its automation and home insurance features to save on bills. Here’s some more information on that:

  • Cost-saving benefits with bundle purchasing: TELUS SmartHome Security offers a monthly fee as low as $15 per month without any upfront payments, and customers who sign up for a professionally monitored security plan before July 31 get up to $1,500 of equipment on TELUS and free professional installation. Canadians could be saving themselves hundreds of dollars a year while enjoying the advanced capabilities of Canada’s #1 home security provider.
  • Energy-saving automation: TELUS SmartHome Security is delivering energy savings equivalent to taking 5,200 gasoline-powered passenger vehicles off the road per year. With TELUS Smart Thermostats and power usage monitoring, Canadians can program temperature schedules, get critical temperature alerts, and control devices from their smartphones for easy temperature regulation. 
  • Improving home efficiency through smart technology: TELUS SmartHome Security helps keep your home safe while making everyday life a little less complicated. From checking who’s at the door to changing the temperature on the thermostat, customers can control their entire home simply from the SmartHome Security app on their mobile phone. 
  • Top-of-the-line protection for one’s biggest investments: With over 150 years of home security experience, TELUS SmartHome Security is Canada’s most trusted security provider for a reason. Canadians can rest easy knowing their home and belongings are protected.

Here’s a full range of plans and devices.

Leave a comment »

Google for Startups Accelerator opens applications for their 2023 Black Founders & Women Founders programs

Posted in Commentary with tags on June 13, 2023 by itnerd

Today, Google Canada announced the opening of applications for both the 2023 Google for Startups Accelerator: Black Founders and Women Founders programs. Committed to leveling the playing field for all founders in North America, this marks the fourth year both programs are open to startups in the U.S. and Canada.

As advancements in AI and machine learning prompt tech startups to grow, underrepresented founders continue to encounter disproportionate structural barriers – like lack of access to capital and support networks- preventing  opportunities to launch or scale their startups. In fact, studies have shown that: 

  • In 2022, companies founded solely by women garnered just 2.1% of the total capital invested in venture-backed startups in the United States (source).
  • In 2022, only 2% of venture capital funding raised in North America went to Black-led founders. More than 76% of Black Canadian founders surveyed believe their race is a barrier to success (source).

As part of its commitment to support  underrepresented founders, the Google for Startups Accelerator is excited to open applications for the 2023 Google for Startups Accelerator: Women Founders and Google for Startups Accelerator: Black Founders cohorts.  Twelve startups from U.S. and Canada will be selected to participate in each accelerator program. These virtual accelerator programs are equity-free, three-month intensive bootcamps, giving founders the tools they need to prepare for the next phase of their growth journey.  

You can learn more about the 2023 cohort of the Google for Startups Accelerator program for both Black Founders and Women Founders programs in their blog post. I’ve also provided a quote from Iran Karimian, Startup Ecosystem Lead for Google Canada if you prefer. Applications for the Google for Startups Accelerator Black Founders and Women Founders programs are now open to startups across all sectors until July 25 and August 2, respectively.

Leave a comment »

« Older Entries