Archive for July 26, 2023

« Older Entries

New AI Attack Tools Are Emerging… And That Should Concern You

Posted in Commentary with tags on July 26, 2023 by itnerd

There’s a new AI FraudGPT tool discussed in this Netenrich report called “FraudGPT: The Villain Avatar of ChatGPT,” and the recent appearance of the WormGPT, used to launch BEC attacks as discussed in this SlashNext report. Both reports are very much worth reading as AI is clearly being used for evil.

I did a Q&A on this with David Mitchell, Chief Technical Officer, HYAS and got this commentary: 

  • Any differences & similarities of these tools/offerings?

“The only difference will be the goal of the particular groups using these platforms — some will use for phishing/financial fraud and others will use to attempt to gain access to networks via other means. “     

  • Are these just riding on the ChatGPT brand, or are they new AI iterations?  

“GPT stands for “Generative Pre-trained Transformer”, which is a specific model of AI use case, not a brand per-se. The dark versions being sold may have different sets of training and data sizes, but the overarching point is that they have no guardrails or ethics ingrained. “     

  • Why now and will we see more of this attack vector? 

“As with any new technology, soon after it is released, nefarious actors begin adopting it in order to learn its weaknesses to exploit. In the case of GPT, nefarious actors are adopting the technology and enhancing it for their needs. “    

  • Can these AI assisted attacks be detected by currently installed defenses? 

“Historically, these attacks could often be detected via security solutions like anti-phishing and protective DNS platforms. With the evolution happening within these dark GPTs, organizations will need to be extra vigilant with their email & SMS messages because they provide an ability for a non-native English speaker to generate well-formed text as a lure.”

These new AI based attack tools are going to make life miserable for defenders. Thus hopefully defences can be made to make AI based attack tools less dangerous.

Leave a comment »

Inside Out Launches Freemium Platform For Privilege Abuse Risks

Posted in Commentary with tags on July 26, 2023 by itnerd

 Inside-Out Defense, the cybersecurity industry’s first platform to solve privilege abuse, today announced the availability of the freemium version of the company’s platform. The freemium version provides IT staff with a complete view of the user footprint across their organizations. This view of all users is called an identity catalog, including user personas and entitlements across all systems, infrastructure, applications, and user activities, providing the context of users internally and externally.  Inside-Out Defense creates its identity catalog by monitoring activities within a company’s infrastructure and applications to determine users and actions instead of relying on directory information. Recently, Inside-Out Defense was named by Chief Security Officer Magazine as One of the Cybersecurity Startups to Watch in 2023

Inside-Out Defense is a SaaS platform providing agentless privilege abuse detection and remediation. The platform supports all environments and applications and is built for ‘Continuous Validation of Trust’. The platform interoperates with and complements existing Identity Access Management (IAM), Privilege Access Management (PAM), and custom identity solutions. Inside-Out Defense identifies the gaps between known and unknown abuse leveraging its patented AI technology “HoneyCombe Polygraph Mesh,” which, through its proprietary LLMs and finetuning techniques, not only tracks each user activity but also monitors the adjacent user behaviors to derive/infer and deterministically flag malicious user intent,  thereby stopping privilege abuse in real-time and at scale. 

Key Features:

  • The free trial offer is valid for a ten-day trial period.
  • In the free trial, organizations can create an all-encompassing identity catalog for their organization, including users and identities across all systems, environments, and applications, even those not contained in the organization’s directory services. The identity catalog will also include all users different personas and entitlements.
  • The identity catalog is a valuable tool for enabling IT staff to audit privilege levels currently granted and identify ‘disconnected identities’ that may be operating outside the organization’s IAM and PAM systems, a typical hacker attack vector.
  • Customers can upgrade to a paid version to enable real-time detection and remediation of privilege abuses.
  • Inside-Out Defense hopes to increase awareness of the lurking dangers that privilege abuse presents. The identity catalog provided in Inside-Out Defense’s freemium trial offers real-time visualization of users and their entitlements, enabling IT staff to review identities and privileges across their organizations in detail.
  • The Inside-Out Defense freemium trial is a simple and easy-to-implement solution. Customers can request access and seamlessly connect their applications and environments to the Inside-Out Defense platform. IT staff can quickly visualize their identity catalog, including the context of users, their activity footprint, and behaviors. 

 Inside-Out Defense features beyond the identity catalog enable customers to detect and remediate hidden and emerging day zero privilege abuses, visualize the user forensics in real-time, and define/enforce policy guardrails that will be gated for the paid version. 

For more information on the Freemium version, please email Inside-Out Defense at: contact@insideoutdefense.com

Leave a comment »

96% of Canadian technologists demand application observability solutions to manage their hybrid IT environments, new Cisco AppDynamics research finds

Posted in Commentary with tags on July 26, 2023 by itnerd

Following Cisco’s Full-Stack Observability momentum at Cisco Live US, Cisco AppDynamics today revealed new research on the challenges IT teams face in managing application availability and performance within hybrid IT environments. The report, titled, The Age of Application Observability,” found an overwhelming majority of technologists (96%) point to a critical need to move from a monitoring approach to observability solutions for managing multi-cloud and hybrid environments, and 77% believe increased volume of data is making manual monitoring impossible. 

Because of the complexity driven by increased adoption of cloud native technologies, economic challenges slowing down cloud migration efforts, and continued proliferation of both hybrid and on-premises environments, more technologists are considering application observability as a path forward for monitoring and optimizing application performance.   

According to the research, 40% of organizations are already exploring solutions, and 85% state observability is now a strategic priority for their organization. The combination of cloud native adoption alongside on-premises technology means there’s a greater need for flexibility than ever before.  

The research includes findings from 1,140 IT professionals interviewed across 13 global markets, including Canada.

Some key report takeaways from Canada include:

  • 87% of technologists claim that observability with business context will enable them to be more strategic and spend more time on innovation. 
  • 83% of technologists state that adoption of cloud native technologies is leading to increased complexity within their IT department, with microservices and containers spawning a massive volume of metrics, events, logs and traces (MELT) data. 
  • 71% report that leaders within their organization do not fully understand that modern applications need modern approaches and tools to manage availability, performance and security. 
  • On average, technologists report that 49% of their new innovation initiatives are being delivered with cloud native technologies, and they expect this figure to climb to 61% over the next five years. That means that the majority of new digital transformation programs will be built on cloud native technologies by 2028.  

You can read the full findings here.

Leave a comment »

Darktrace launches HEAL, final piece of industry first AI Loop for Incident response, readiness and recovery

Posted in Commentary with tags on July 26, 2023 by itnerd

Darktrace today announces the launch of Darktrace HEAL™, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with unique abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.

Managing emerging cyber-attacks presents an enormous challenge for security teams who must make decisions quickly in the heat of the attack based on potentially hundreds of changing and uncertain data points and factors. In a recent ransomware incident, analysts would have needed around 60 total hours of investigative work to build a complete understanding of the full scope and varied details, yet the malicious activity unfolded across just 10 hours. The pressure and complexity facing these teams is only poised to grow as generative AI tools enable attackers to increase the speed, scale, and sophistication of novel attacks. With the global average cost of a data breach reaching $4.35 million in 2022, the financial, operational and reputational stakes for businesses to remediate and recover quickly are high.

HEAL leverages Darktrace’s Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them more easily and confidently address live incidents. With HEAL, security teams can:

  • Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.
  • Create bespoke, AI-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritizes actions, and enables faster decision-making at critical moments.
  • Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.
  • Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.

Transforming Readiness with Incident Simulations 

HEAL’s simulated incidents are a first-of-its-kind capability for security teams to safely run live simulations of real-world cyber-attacks ranging from data theft and ransomware encryption, to rapid worm propagation, all in their own environments and involving their own assets. Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. HEAL enables teams to get real-world experience managing attacks as they would happen to the business and regularly practice these procedures to help fine tune their responses. That means teams aren’t running their incident response for the first time in the face of a real, live attack.

Transforming Incident Response with Bespoke, AI-Generated Playbooks 

When a live incident does occur, HEAL will use insights from Darktrace DETECT to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace’s knowledge of the incident, the business’s environment, and lessons learned from the security team’s previous simulations. HEAL recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business. Consequently, security teams can adapt their defenses as an incident evolves, enabling them to end it more rapidly and with less overall disruption. 

Transforming Recovery with Automated Remediation & Reporting

HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business’s wider security stack to automate actions. Within HEAL’s live playbooks, teams can activate and manage authorized tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam, and Acronis.

HEAL provides security teams with automated incident reports during and after an attack,giving teams valuable time back that is normally spent writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers, and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.

Closing the Cyber AI Loop

HEAL works with DETECT and Darktrace PREVENT to build a live picture of the environment and attack, and integrates with Darktrace RESPOND to prioritize, isolate, and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace’s Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyber defense.

To learn more about Darktrace HEAL and the Darktrace Cyber AI Loop, register for the launch event on August 3.

Leave a comment »

Guest Post: 95% of patients fear their data will be leaked

Posted in Commentary on July 26, 2023 by itnerd

In today’s fast-paced healthcare industry, exchanging digital information has become essential for enhancing patient outcomes, simplifying procedures, and promoting medical progress. However, leaks of personal medical records have become a growing concern.

According to the data presented by the Atlas VPN team, 95% of patients are concerned about a potential data breach or leak of medical records. Furthermore, the majority of people do not trust Big Tech companies like Amazon, Apple, Google, Facebook, and Microsoft offering products or services to store their health data.

Overall, 70% of patients have extreme or moderate concerns regarding their medical information being leaked. Of the people surveyed, 28% admitted to having extreme worries about a potential data breach of their medical records. Furthermore, 42% of respondents expressed moderate concerns.

The findings also showed that one in four patients (25%) held slight concerns about potential data breaches. Remarkably, a small 5% of respondents displayed a lack of concern regarding the possibility of their medical record data leak.

Medical data breaches can result in identity theft, financial fraud, reputational damage, and even endanger a patient’s physical well-being if sensitive medical conditions are disclosed.

Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on how patient data should be handled:

“Healthcare providers must actively advocate for patient rights and data autonomy. Patients should be empowered with the knowledge of their data’s value, ownership, and control. By offering stringent data protection measures, healthcare providers can create an environment where patients feel in command of their health information.”

Low trust in Big Tech

Many people are skeptical about large technology companies offering services to store sensitive medical information. 

A significant 38% of respondents expressed an outright lack of trust in Big Tech. Many people are hesitant to trust Big Tech with their health data. Similarly, 27% of people slightly distrust Big Tech’s ability to manage their health data securely.

Concerns come from the knowledge of past breaches, the potential for misuse or unauthorized access, and doubts about the profit motives of these companies.

On the other hand, 21% of those surveyed placed slight trust in Big Tech. Even more surprisingly, 14% of respondents showed confidence in Big Tech’s ability to manage their health data securely.

To read the full article, head over to: https://atlasvpn.com/blog/95-of-patients-fear-their-data-will-be-leaked

95-of-patients-fear-their-data-will-be-leaked

Leave a comment »

The Uber driver app is now compatible with Apple CarPlay

Posted in Commentary with tags on July 26, 2023 by itnerd

Starting today, all drivers on the Uber platform with an iPhone will now have the ability to use the Uber driver app directly from their dashboard while using Apple CarPlay. 

This means drivers will be able to see demand heatmaps, accept trips, and view navigation right from the dashboard screen in their car.

Uber’s goal is to be the best platform for flexible work in the world, and they’re excited to add support for Apple CarPlay to make using the Uber driver app on iPhone even more comfortable and convenient for drivers.

Leave a comment »

Hackers Gain Vendor Account Access to Redirect Invoices in Latest VEC Attack

Posted in Commentary with tags on July 26, 2023 by itnerd

Vendor email compromise (VEC), a variation of business email compromise (BEC), is a sophisticated and dangerous email threat that is continuing to grow. VEC attacks are among the most successful social engineering attacks because they exploit the trusted relationships between customers and their vendors. 

Abnormal Security has released their latest research that detected a sequence of attacks where a threat actor gained access to five distinct vendor email accounts. The attacker gained access to vendor email accounts of individuals working in accounting and operations roles and sent emails in an attempt to redirect both current and future invoices to a different bank account. Each email contained a PDF attachment with a fabricated payment policy and the updated bank account information. Notably, all of the targeted organizations operate within the critical infrastructure sector, encompassing two healthcare companies, two logistics companies, and one manufacturing company.

The blog is now live here: https://abnormalsecurity.com/blog/vec-attacks-replay-critical-infrastructure

Leave a comment »

Approov Intros Global Partner Program for Resellers, MSSPs, Tech Leaders, App Developers

Posted in Commentary with tags on July 26, 2023 by itnerd

End-to-end mobile app security provider Approov today launched a comprehensive global partner program dedicated to ensuring qualified business, reseller and technology leaders have access to its proven mobile security and comprehensive support, building on the large a number of existing Approov technology partnerships

Qualified participants can sell, integrate and support cutting-edge mobile security solutions from Approov in order to safeguard mobile apps, a critical element for almost all business transactions today. Approov partners work together with Approov technology experts to deliver complete solutions to their customers. Partners can help their customers fortify their applications against threats and vulnerabilities, ensuring the highest level of security for their users. 

Partners can deliver state-of-the-art mobile app security addressing customer needs, add value to their business and open new revenue opportunities as they ensure security for mobile apps in an increasingly interconnected world. Approov offers a full range of assistance and tools to partners as well as access to a rich ecosystem of experts.

Qualified participants can be consultants, managed security service providers (MSSPs), resellers or technologists with a focus on safeguarding mobile security. More information about the partner program, qualification criteria and registration information are available at the Approov partner portal.

New Partners Promotion: For a limited time, newly registered and qualified partners will be entitled to five complimentary mobile app security assessments to offer to their customers, delivered by Approov experts in collaboration with the partner. Registration by September 30, 2023, is required for this promotion.  

Leave a comment »

Rezilion Reveals Overlooked High-Risk Vulnerabilities in CISA KEV Catalog, Raising Questions about Patching Prioritization Standards

Posted in Commentary with tags on July 26, 2023 by itnerd

On Wednesday, July 26Rezilion, an automated software supply chain security platform, will release its new report, “CVSS, EPSS, KEV: The New Acronyms – And The Intelligence – You Need For Effective Vulnerability Management,” detailing the critical importance of the Exploitability Probability Prediction Score (EPSS) for enhancing patch prioritization and effective vulnerability management.

Rezilion’s vulnerability experts disclosed that there are three vulnerabilities currently being actively exploited and have a high EPSS score. The findings of the report show that vulnerabilities with a high EPSS score are more likely to be exploited compared to those with low EPSS scores- showing that using only the Common Vulnerability Scoring System (CVSS) for prioritizing patching is not the most effective approach.

Key takeaways from the report include:

  • The conventional method of prioritizing vulnerabilities often falls short. A holistic approach, including CVSS, CISA’s KEV, and EPSS, offers the best defense.
  • The KEV catalog alone is insufficient due to the delay in adding newly discovered vulnerabilities.
  • Vulnerabilities with a high EPSS score are more likely to be exploited, emphasizing the importance of this information in prioritization.

You can read the report here.

Leave a comment »

Rezilion Reveals Overlooked High-Risk Vulnerabilities in CISA KEV Catalog, Raising Questions about Patching Prioritization Standards.

Posted in Commentary with tags on July 26, 2023 by itnerd

 Rezilion, an automated software supply chain security platform, will release its new report, “CVSS, EPSS, KEV: The New Acronyms – And The Intelligence – You Need For Effective Vulnerability Management,” detailing the critical importance of the Exploitability Probability Prediction Score (EPSS) for enhancing patch prioritization and effective vulnerability management.

Rezilion’s vulnerability experts disclosed that there are three vulnerabilities currently being actively exploited and have a high EPSS score. The findings of the report show that vulnerabilities with a high EPSS score are more likely to be exploited compared to those with low EPSS scores- showing that using only the Common Vulnerability Scoring System (CVSS) for prioritizing patching is not the most effective approach.

Key takeaways from the report include:

  • The conventional method of prioritizing vulnerabilities often falls short. A holistic approach, including CVSS, CISA’s KEV, and EPSS, offers the best defense.
  • The KEV catalog alone is insufficient due to the delay in adding newly discovered vulnerabilities.
  • Vulnerabilities with a high EPSS score are more likely to be exploited, emphasizing the importance of this information in prioritization.

You can read the report here.

Leave a comment »

« Older Entries