Archive for August 3, 2023

« Older Entries

Threat Actors Are Abusing Cloudflare Tunnel in New Effort to Use Legitimate Tools for Attacks

Posted in Commentary with tags on August 3, 2023 by itnerd

Nic Finn, Senior Threat Intel Consultant at GuidePoint Security, released new research, which you can read here identifying a new legitimate tool that threat actors are using to execute attacks – Cloudflare Tunnel, also known by its executable name, Cloudflared. 

Background: Cloudflared is functionally very similar to ngrok, an ingress-as-a-service tool that’s been used by Threat Actors for quite some time now. However, Cloudflared differs from ngrok in that it provides a lot more usability for free, including the ability to host TCP connectivity over Cloudflared. Additionally, Cloudflared provides the full suite of Access controls, Gateway configurations, Team Management, and User Analytics.

Why this Matters: This tool is a legitimate binary, supported on every major operating system, and the initial connection is initiated through an outbound HTTPS connection to Cloudflare-owned infrastructure, followed by data exchanged to tunnel connections over QUIC on port 7844. This means that most firewalls or network-based defenses will allow this traffic, as most firewall rules are far more relaxed toward outbound connections. Threat Actors don’t have to expose any of their infrastructure, except the token assigned to their tunnel, to anyone except Cloudflare prior to a successful connection, and their ability to modify the configuration of the tunnel in real time means post-breach analysis is severely limited if the TA covers their tracks. 

Leave a comment »

Google rolls out new privacy features to help users stay safe online

Posted in Commentary with tags on August 3, 2023 by itnerd

Online safety and security is always top of mind for Google. Today, the company announced new ways to help users stay in control of their personal information, privacy and online safety, including:  

  • Results About You: Last year, Google launched the Results about you tool to make it easy for people to request the removal of search results that contain their personal details, right from the Google app or however they access Search. TomorrowGoogle will announce a new dashboard that will let you know if web results with your contact information are showing up on Search. This tool will be available in the U.S. in English to start, and Google is working to bring it to new languages and locations soon. 
  • SafeSearch Blurring Setting: SafeSearch blurring setting is rolling out for all users globally, and will, by default, blur explicit imagery on Search, such as adult, graphic or violent content.
  • Personal Explicit Images: Google has long had policies that enable people to remove non-consensual explicit imagery from Search. Now, it’s building on these protections to enable people to remove from Search any of their personal,  explicit images that they no longer wish to be visible in Search.  For example, if you created and uploaded explicit content to a website, then deleted it, you can request its removal from Search if it’s being published elsewhere without approval. More broadly, whether it’s for websites containing personal information, explicit imagery or any other removal requests, we’ve also updated and simplified the forms for users to submit removal requests. 

For more information and details please read the Google Blog post here

Leave a comment »

Dasera Releases Mesa Verde

Posted in Commentary with tags on August 3, 2023 by itnerd

Dasera, the premier automated data security and governance platform for data-driven enterprises, expands data security and governance coverage, empowering organizations to safeguard structured and unstructured data with precision and efficiency. Now with a comprehensive and seamless approach to securing unstructured data sources, Dasera is redefining the standards of data security. Unlike traditional models, its solution effectively bridges the gap across all data types and sources, ensuring consistent protection regardless of whether the data is on-premise or in the cloud. This expansive approach makes Dasera one of the few in the industry delivering such a broad scope of data security.

New product features include:

  • Improved Risk Remediation for Applications Accessing Data 
    Dasera’s already extensive risk detection capabilities receive a boost with the ability to track risks associated with certain service account users. The platform now offers improved workflow enhancements, accurately disambiguating user actions and attributing risks to specific individuals, including those leveraging service accounts.
  • Expanded Data Classification Support for Unstructured Data 
    Dasera expands its data classification capabilities, now providing unparalleled support for unstructured data sources, including the widely used Amazon S3. Businesses can now seamlessly discover and classify sensitive data from unstructured sources, broadening Dasera’s coverage and empowering customers to proactively protect their data.
  • Data Classification for Images Leveraging AI 
    The latest update introduces the ability to classify sensitive data within images, including text and handwriting. Leveraging the power of AI, Dasera users can now identify unstructured data hidden in images, ensuring that no critical information goes undetected. This extension of coverage marks a significant advancement in data security for businesses handling image files.
  • ‘Continuous Compliance Check’ Reporting 
    Dasera automates data security reporting with the introduction of scheduled PDF reports delivered directly to executives’ and stakeholders’ inboxes. This feature provides real-time visibility into data security risks, enabling key decision-makers to shift from ad-hoc audit surveys to always-on automated ‘continuous compliance check’.
  • Streamlined Infrastructure Onboarding 
    Dasera now offers improved infrastructure onboarding capabilities through enhanced CloudFormation and Terraform templates. This streamlines the onboarding process for various data stores on popular cloud platforms such as AWS, Azure, and GCP. Customers can efficiently connect to their data infrastructure, saving valuable time and resources. (Dasera had launched Ski Lift for Snowflake customers during the Snowflake Summit in June.)
  • Azure Tenant-Based Onboarding for Discovery at Scale 
    With the latest release, Dasera introduces Azure Tenant Based Onboarding, enabling customers to onboard their Azure Subscriptions at scale. This optimization accelerates the onboarding and discovery process for Azure users providing full visibility in a matter of minutes.

To learn more about these updates and how Dasera helps organizations protect their environment across the data lifecycle, visit booth SC202 at Black Hat or read Dasera’s whitepaper on how to Harness the Power of Data Security.

Leave a comment »

TELUS strengthens its cybersecurity portfolio as Norton’s exclusive breach response provider in Canada

Posted in Commentary with tags on August 3, 2023 by itnerd

 TELUS announced that it will be the official Canadian breach response provider for Norton, a leading consumer cyber safety brand of Gen, delivering support to employees and customers of organizations affected by data breaches. This marks an expansion of the incident response services offered by TELUS, providing businesses with a diverse range of solutions to help minimize the impacts of a data breach. As cybercrime rates rise and the demand for solutions increases, TELUS Online Security goes beyond standalone identity monitoring services in the market by helping businesses offer their employees and customers breach response and remediation plans that include tools like dark web monitoring, daily or monthly credit reports, dedicated identity restoration support and identity theft reimbursement coverage of up to $1 million for related expenses.

TELUS Online Security powered by Norton™ offers two premium plans for businesses to help protect their employees and customers: Guardian and Guardian Plus. Key benefits include:

  • Identity Theft Protection: Fraudsters can use stolen personal information to open new financial accounts, apply for tax refunds, rent or buy properties, or perform other fraudulent activities. If an employee or customer’s identity is compromised, a dedicated identity restoration specialist will handle the case from start to finish.
  • Credit Monitoring: Employees and customers are alerted to key changes to their credit file, such as a change of address or name, credit report inquiries or new accounts being opened.2
  • Dark Web Monitoring: Detects and notifies employees and customers when their monitored personal information is found on the dark web, including email addresses, bank account numbers, credit card numbers, contact details and driver’s license numbers.

These plans complement the comprehensive suite of breach response services already offered by TELUS Business, which support all elements of an organization’s needs, including preparedness, investigation and remediation of a cybersecurity incident.

The launch of TELUS Guardian and Guardian Plus plans comes as Norton and TELUS extend and deepen their partnership for an additional three years, with the shared goal of creating a safer digital world for all Canadians. For more information on how TELUS Online Security can help your organization, please visit telus.com/Guardian.

Leave a comment »

Review: Infinity Loops Apple Watch Ultra Titanium Link Bracelet

Posted in Products with tags on August 3, 2023 by itnerd

While my wife and I were in France on vacation, we were contacted by Infinity Loops offering us a couple of Apple Watch band to do a review on them. After having a look at the website, we decided to say yes to this request and in short order we had two bands were headed in our direction. Today’s review is of their Apple Watch Ultra Titanium Link Bracelet. At $122 Canadian for the band, is it a good option for Ultra owners (and owners of other Apple Watches as it’s also available in sizes to fit any Apple Watch)? Let’s dive in and find out.

The band arrives in a box like this with no markings on it other than the Infinity Loops logo. And inside you’ll see the band:

The entire band is wrapped in plastic. Which is a good thing as titanium has a tendency to collect light surface scratches easily. The first question that I had was if this was really titanium. To answer that, I took a magnet to it because titanium isn’t magnetic. Thus a magnet should not stick to it if it is titanium. From what I can tell, the links are titanium and part of the clasp is made of stainless steel as the magnet stuck to the underside of the clasp, but didn’t stick anywhere else. Speaking of the clasp, it has two buttons on the side to unlock the strap. And overall, it looks almost exactly like the Apple Link Bracelet which is stainless steel and costs a lot more than the Infinity Loops offering. Speaking of the Apple Link Bracelet, Infinity Loop “borrowed” one of the best features of the Apple offering:

There are buttons on the back of the band that allows you to size it for your wrist without requiring tools or a visit to your local jewelry store to pay someone to do it for you. I had mine perfectly sized inside of five minutes of getting it delivered to me by Canada Post. As for weight, I compared it to a stainless steel link bracelet of the same size and same design. It was about 5 grams lighter than that at 69 grams versus 74 grams for the stainless steel link bracelet.

As you can see, it more or less matches the shade of titanium on the Apple Watch Ultra. And it feels comfortable. And as I type this, no stray hairs have been caught in this band which is a common thing with bands such as this one. My only advice to you is if you resize the band, make sure all the links are snapped in place. I didn’t do that and the band came apart the first time I put it on after I put it on. The build quality is also excellent as I couldn’t find anything that I would call out as an issue. Especially with the lugs which fit as well as a stock Apple Watch band.

So, is the Infinity Loops Apple Watch Ultra Titanium Link Bracelet worth it at $122 CDN? I would say so without hesitation. This is a very good option for those who don’t want to spend the cash on Apple’s offering, or some other similar offerings that cost less than what Apple has to offer, but cost more than this band. But they want something more upscale for the Apple Watch. Be it the Ultra or some other model. I’m pretty happy with this band and it will be in my rotation of bands going forward. And I am sure that if you get one, you’ll be happy with it as well.

3 Comments »

New Mobile-Specific AppSec Product Launch Supports iOS Scan Apps & Detect Vulnerabilities

Posted in Commentary with tags on August 3, 2023 by itnerd

Guardsquare, the mobile application security provider, today announced that the company’s award-winning Mobile Application Security Testing (MAST) product, AppSweep, is now available for iOS. Built for developers and mobile application-specific, AppSweep allows users to scan Android and iOS apps to identify security risks. 

Security findings include actionable recommendations developers can leverage to fix the identified security issues ensuring AppSweep users quickly uncover and can solve security issues in mobile app code and dependencies. Free to use with no restrictions, AppSweep is now available for both iOS and Android.

With the ever-growing reliance on mobile apps across all verticals, organizations must prioritize the security of their mobile applications to ensure customer trust and brand loyalty, protect valuable IP, achieve compliance, and prevent loss of revenue. Yet only a third of those involved in mobile app development use a MAST tool, which can lead to insecure mobile apps and detrimental effects on organizations left vulnerable to risks. 

With the introduction of AppSweep for iOS, Guardsquare ensures that regardless of the operating system, organizations can safeguard their mobile apps and protect their users’ sensitive data. AppSweep helps development teams efficiently and effectively meet security needs in an actionable manner.

For more information about AppSweep for iOS and Android, visit https://www.guardsquare.com/appsweep-mobile-application-security-testing

Leave a comment »

Cybersecurity Unicorn Pentera Discovers 12 New LOLBAS Vulnerabilities

Posted in Commentary with tags on August 3, 2023 by itnerd

Here’s a look at groundbreaking research published by  Cybersecurity Unicorn Pentera, highlighting 12 new LOLBAS (Living-Off-the-Land Binaries-And-Scripts) files uncovered by Pentera security researchers.

From draining bank accounts to bypassing Windows OS security features, LOLBAS attacks continue to be a popular technique amongst hackers, and with more than 3000 binary files on Windows, discovering new LOLBAS can be challenging.

Hackers utilize these scripts to stay under the radar, exploiting legitimate tools for malicious activities. As a result of Pentera’s unique automation-driven approach, they were able to increase the number of known LOLBAS downloaders in the years-old project by 30% in just four weeks.

You can read the research here.

Leave a comment »

Radiant Logic Recognized as a Representative Vendor in 2023 Gartner Market Guide for Identity Governance and Administration

Posted in Commentary with tags on August 3, 2023 by itnerd

Radiant Logic, the Identity Data Fabric company, today announces its inclusion as a Representative Vendor in the recently released Gartner Market Guide for Identity Governance and Administration (IGA). Together with its expertise in complex identity environments, and its recent acquisition of Brainwave GRC’s advanced identity analytics capabilities, Radiant Logic is uniquely positioned as an operationally mature IGA solution.  

Designed to help security and risk management leaders understand IGA capabilities and future trends when making decisions for their organization, the Gartner Market Guide for Identity Governance and Administration recommends leaders “choose IGA solutions which align with identity-first security principles that apply context, continuity and consistency to manage identity sprawl.” 

Radiant Logic’s identity-first approach unifies information from disparate sources across legacy and cloud infrastructures to stop identity sprawl and create an authoritative data pipeline that drives: Zero Trust Architecture; merger and acquisition integrations or divestitures; cloud migration initiatives; workforce and customer identity and access management; directory modernization efforts; and more. 

With the acquisition of Brainwave GRC, and powered by years of expertise in data delivery, RadiantOne now delivers advanced analytics and insights into real-time user behavior within an enterprise environment, transforming how organizations detect and prevent cyberattacks, fraudulent activity, lateral movement from insider threats, and more. 

Gartner states: “By 2026, the analytics functionality in IGA tools will advance, and those organizations that have fully adopted and implemented AI/ML-based IGA analytics will see their access administration and governance costs 50% lower than their peers.” The report also recommends that SRM leaders “Accelerate the realization of business value from IGA investments by selecting IGA solutions with strong IGA analytics capabilities, implementing these capabilities, and measuring outcomes using outcome-driven metrics.” 

Radiant Logic’s analytics-driven governance capabilities leverage RadiantOne’s expertise in accessing and managing identity data for admin and access decisions. With the integration of Brainwave GRC, Radiant Logic offers advanced controls to ensure policies conform to principles of Segregation of Duties and Zero Trust principles. Only Radiant Logic combines the best of full-suite IGA with the ease-of-use of IGA light, making it the solution for IGA that works.   

Leave a comment »

Hot Topic Has Been Pwned In A Credential Stuffing Attack

Posted in Commentary on August 3, 2023 by itnerd

American retailer Hot Topic reports being hit by repeated credential stuffing attacks that used valid credentials. The attacks were automated and repeated over a four-month period. “Following a careful investigation, we determined that unauthorized parties launched automated attacks against our website and mobile application on February 7, March 11, May 19-21, May 27-28, and June 18-21, 2023, using valid account credentials obtained from an unknown third-party source.”

Hot Topic is an American retail chain specializing in counterculture-related clothing and accessories, as well as licensed music. With 690 stores across the US, 10,000 associates and millions of online and instore customers, the exposed threat landscape is huge.

In the breach notification the company explained that hackers used customers stolen account credentials and to access their Rewards accounts multiple times. The company said they were not the source of the stolen credentials and still have no idea where the credentials came from.

The company did say that they have taken “specific steps to safeguard our website and mobile application from” credential-stuffing attacks. Because the company was unable to discern between unauthorized and legitimate logins, they would be notifying all customers that had their accounts accessed during the cyberattacks of potential abuse of their credentials.

The information possibly exposed includes:

  • Full name
  • Email address
  • Order history
  • Phone number
  • Date of birth
  • Shipping address
  • Last four last digits of saved payment cards

Ted Miracco, CEO, Approov Mobile Security had this comment:  

“Mobile apps for retailers must take the same specific steps to safeguard their website as fintech and healthcare companies, as they are also in possession of valuable client data and vulnerable to automated “credential stuffing” attacks. This includes deploying bot protection software designed to stop such attacks.  

“While Hot Topic stated that they have been working with outside cybersecurity experts, it is not clear why they did not implement mobile app attestation specifically? Mobile app attestation is a very inexpensive security measure that ensures only authentic apps access a backend service, stopping bots, and tampered or repackaged apps. This is an attack where known solutions existed, and it is inexcusable that more precautions were not taken by the management team at Hot Topic.”

Carol Volk, EVP, BullWall follows up with this:  

“Retailers are in a tough spot when it comes to preventing credential stuffing attacks. For starters, as we see here, there is no such thing as a “strong password”, because hackers are not trying to guess our passwords, but leveraging stolen passwords. Whether your password is ‘1234’ or an 18 character string with numbers and symbols, the bad guys already have it. The best way to safeguard against the use of compromised credentials is to require MFA. Unfortunately, retailers know that customers will not tolerate the friction of MFA just to order a t-shirt, a pizza or a movie ticket, so we remain at risk.”

Emily Phelps, Director, Cyware:  

Strong security hygiene is critical to defend against credential stuffing. Consider the following recommendations:

  1. Use multifactor authentication (MFA) whenever available, to enable added layers of security.
  2. Strong passwords or passphrases that are long enough to make it difficult for an adversary’s tools to figure out.
  3. Use a password manager with encryption to safely store and maintain unique, long passwords.
  4. Limit the number of login attempts from a single IP address within a specified time frame.
  5. Adopt AI/ML technologies that are designed to recognize and block credential stuffing attempts by identifying abnormal behavior patterns.
  6. Consider biometric alternatives.

Hopefully there’s accounting of what was actually exposed rather than what was potentially exposed. And that accounting happens soon. That way victims of this hack can take the required steps to protect themselves.

Leave a comment »

The Chattanooga Heart Institute Pwned… 170K Patients Affected

Posted in Commentary with tags on August 3, 2023 by itnerd

The Chattanooga Heart Institute is notifying more than 170,000 patients that hackers may have stolen their personal and medical information in a cyberattack detected in April. The breach was claimed by the Karakurt cybercrime group a month later.

In their beach notice the clinic said that a forensics investigation into the incident had determined that hackers had access to its network between March 8th and March 16th, and on May 31 they learned that the hackers had obtained files from its systems containing copies of confidential patient information, and while medical information was among the data affected, the incident did not involve data directly from the clinic’s electronic medical record system.

The investigation is still ongoing, but the information identified as being compromised includes:

  • Name
  • Mailing address
  • Email address,
  • Phone number
  • Birthdate
  • Driver’s license number
  • Social Security number
  • Account information
  • Health insurance information
  • Diagnosis, medical condition
  • Lab results
  • Medications
  • Other clinical, demographic or financial information

Over the coming weeks as the review of each file is completed, the clinic will be sending out notification letters to those individuals whose data may have been involved.

Carol Volk, EVP, BullWall: (she/her):  

“Attackers will always find a way into the network. There is no set of preventative security tools that can prevent 100% of the attacks. While a strict defensive approach is worthwhile and critical, organizations would be wise to shift some of their effort to containing attacks once the perimeter has been breached. Encryption and exfiltration activities can be spotted and stopped, preventing a bad day from becoming a horrible day. A full cyber defense stack must prepare for this.”

This is a pretty bad hack as all the info that was obtained can lead to identity theft. Hopefully a full accounting of what happened and what will be done to protect the 170,000 patients who are affected by this will be disclosed.

Leave a comment »

« Older Entries