Archive for August 16, 2023

TELUS Cellular Customers Appear To Be Having Issues [UPDATE: Resolved?]

Posted in Commentary with tags on August 16, 2023 by itnerd

No sooner did I post this story about Bell customers having issues with their cell phone service did someone ping me to ask if I was having issues with my iPhone on the TELUS network as it is not a secret that I am a TELUS customer. I did a couple of tests and I don’t appear to have any issues. But DownDetector paints a different picture:

I then when to the TELUS Service Status page and it says that there is an active outage affecting their cell phone users:

This really isn’t a surprise as Bell and TELUS apparently share infrastructure. But what is interesting is that issues with TELUS appear to have started much later than the issues Bell. I’m honestly not sure how widespread this is as I have no issues with my iPhone at the moment over 5G. But just like I said in my story about Bell, if you’re having issues using your phone on TELUS, it’s them and not you.

UPDATE: The TELUS Service Status page now shows that there are no outages. Thus I am guessing that whatever happened is resolved. If you have a different experience with TELUS, please let me know.

Leave a comment »

Bell’s Cellular Customers Appear To Be Having Issues [UPDATE: Resolved?]

Posted in Commentary with tags on August 16, 2023 by itnerd

It appears that Bell has an issue that is impacting their cellular customers at the moment. Here’s a look at what DownDetector sees:

Whatever issues Bell is having, it started earlier this morning and got worse just before 1PM. At least Bell has admitted to issues in the Toronto area on Twitter:

But to be honest, I am not sure if these issues extend beyond Toronto. But the bottom line is that if you’re having issues making a phone call on your Bell cell phone, it’s them and not you.

UPDATE: Bell is now saying that the issue is resolved:

If you’re seeing something different, please let me know.

1 Comment »

TikTok Banned For NYC Employees

Posted in Commentary with tags on August 16, 2023 by itnerd

It’s been a while since I’ve written about someplace banning TikTok. But one of the biggest cities out there has just joined the bandwagon:

New York City is banning TikTok from city-owned devices and requiring agencies to remove the app within the next 30 days.

The directive issued Wednesday comes after a review by the NYC Cyber Command which a city official said found that TikTok “posed a security threat to the city’s technical networks.” Starting immediately, city employees are barred from downloading or using the app and accessing TikTok’s website from any city-owned devices.

“While social media is great at connecting New Yorkers with one another and the city, we have to ensure we are always using these platforms in a secure manner,” a NYC City Hall spokesperson said in a statement to The Verge Wednesday. “NYC Cyber Command regularly explores and advances proactive measures to keep New Yorkers’ data safe.”

The city cited US Office of Management and Budget guidelines discouraging TikTok’s use on government devices as well as federal legislation banning the app passed earlier this year.

TikTok really has an issue here as they have been unable to come up with any argument that stops places from banning the social media app. Until they do that, this will keep happening. And at some point, TikTok will have to do something different before the narrative simply becomes “TikTok is evil.”

Leave a comment »

Omdia Launches Channel Partner Strategies Intelligence Service

Posted in Commentary with tags on August 16, 2023 by itnerd

Leading tech research organization Omdia, part of Informa Tech, has launched the Channel Partner Strategies Intelligence Service, a channel-focused market research product. The service has been designed to help channel-focused vendors and technology suppliers accelerate growth and gain a deeper understanding of the key trends shaping the tech landscape. It offers a particular focus on the shift in technology consumption due to the evolution of managed services and insights into new and innovative solution providers.

First announced in May at the 2023 Channel Partners Conference & Expo, the Channel Partner Strategies Intelligence Service comes from the Omdia Channel Research and consulting team. The team is led by Devan Adams, Principal Analyst, and Debbie Kane, Principal Consultant.

Reports available from the new service will provide technology vendors and suppliers with expert channel research, analysis and actionable insights into the key market trends, technology innovations and strategies shaping the evolving channel ecosystem.

The first two major reports, available now, are the “Managed Service Provider (MSP) 501 Survey Insights – 2023” and the “Fastest-Growing Managed Service Providers (MSPs) Survey Insights – 2023.”

“Managed Service Provider (MSP) 501 Survey Insights – 2023”analyzes the results from the industry’s most comprehensive global survey and ranking of MSPs, the Informa Tech Channel Futures MSP 501. The report provides key insights from the global survey, including insight into revenue-producing services, markets served, technology adoption, managed service offerings, customer segments and M&A. For the first time, the report offers a view into the profitability of the managed services market.  

Key insights include:

  • Channel resiliency on display​: Even with economic headwinds such as employee attrition and inflation, average total revenue growth grew significantly, as MSPs reap the benefits of business customers increasing their co-managed and full outsourcing efforts to lower OPEX.  
  • Managed services profitability: The report sheds light on the health of the managed services marketplace through an analysis of the profitability data disclosed by this year’s applicants.

“Fastest-Growing Managed Service Providers (MSPs) Survey Insights – 2023”examines data obtained from theNextGen 101, fast-growing businesses on the verge of making the Channel Futures MSP 501 ranking. The report provides market insights from the unique perspective of fast-growing partner businesses that are owned mainly by a younger generation of individuals and which exemplify the future of the channel.

Key insights include:

  • Managed security is now fundamental: Managed security was ranked as the top (or near the top) revenue-producing service and growth prospect, as increased threats from hackers, data breaches, and ransomware attacks have made managed security services must-have offerings.

More content as part of the Channel Partner Strategies Intelligence Service will be released later this year. The first “Quarterly Market Outlook Survey Insights” report is scheduled for release by the end of September.

Four additional new analyst reports are expected to publish by the end of this year:

  • Event Recap: Channel Futures Leadership + MSP Summit 2023
  • Quarterly Market Outlook Survey Insights – 3Q23
  • Trends to Watch Report – 2023
  • Routes to Market Report – 2023 

For more information about the new Omdia Channel Partner Strategies Intelligence Service, head to the product page on the Omdia website.

Leave a comment »

TweetDeck/XPro Now Requires A Subscription

Posted in Commentary with tags on August 16, 2023 by itnerd

You might recall that I spoke about the one useful tool that Twitter had to monitor multiple Twitter accounts was going behind a paywall in terms of it would require you to pay Elon Musk $8 a month. That tool is TweetDeck which is now called XPro which is in line with the rebranding efforts by Elon Musk of Twitter to X. It now appears that the paywalling of TweetDeck/X Pro has begun as there are reports of TweetDeck/XPro users being prompted to pay Elon $8 a month when they try to use TweetDeck/X Pro. I personally haven’t seen this, but I have to imagine that it’s only a matter of time before I do.

TweetDeck made Twitter usable for people like me who not only had to juggle multiple Twitter accounts, but to track individual issues that are trending in the world. Having to pay for this given Twitter’s declining relevance in the world makes no sense to me. And likely for many others. Thus I really question what the take up in terms of new Twitter subscriptions will be on this move. My guess is that it will be really low, but I am free to be surprised.

Leave a comment »

DHS Announces Investigation Into Cloud Security

Posted in Commentary with tags on August 16, 2023 by itnerd

Recently, the DHS has announced a investigation into cloud security:

“Organizations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure. In its reviews of the Log4j vulnerabilities and activities associated with Lapsus$, the CSRB has proven itself to be ready to tackle and examine critical and timely issues like this one. Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience.”  

Ani Chaudhuri, CEO, Dasera had this to say:

The recent announcement by the Department of Homeland Security regarding the Cyber Safety Review Board’s (CSRB) upcoming review on cloud security highlights the criticality and urgency of bolstering defenses in our modern digital landscape. Cloud environments have become ubiquitous, supporting myriad facets of public and private sector activities. Given this backdrop, we can go into the questions presented.

Significance/Implications for Cloud Providers:

  • Reputation and Trust: Cloud Service Providers (CSPs) have long championed the security of their platforms. This review will highlight their claims’ robustness and scrutinize their methodologies. Those proactive in their security strategies will find validation, while others might face a reckoning.
  • Evolution of Best Practices: The CSRB’s recommendations will likely lead to an industry-wide shift in best practices, nudging CSPs to adopt innovative strategies, especially concerning identity management and authentication.
  • Collaborative Efforts: This initiative underscores the need for public-private collaboration. CSPs should be primed to work closely with governmental agencies, benefiting from a broader pool of expertise.

Implications for Cloud Customers:

  • Enhanced Security Posture: As the CSRB crystallizes its findings into actionable recommendations, cloud customers stand to benefit directly. These guidelines can fortify their defense mechanisms, making them less susceptible to breaches.
  • Clarity and Education: Often, the intricacies of cloud security remain nebulous for many users. This review will bring much-needed clarity, helping organizations comprehend potential vulnerabilities and the ways to mitigate them.
  • Shared Responsibility Realignment: Cloud security operates on a shared responsibility model. This review will sharpen the contours of this model, helping customers discern their part in the grander security schema.

The Outcome of the Review and Potential Changes:

  • While the CSRB doesn’t have regulatory or enforcement powers, its influence stems from its collective expertise and the gravitas of its recommendations. Past reviews, like those into the Log4j vulnerabilities and the activities of Lapsus$, have been instrumental in reshaping cyber defense strategies.
  • Given the recent Microsoft Exchange Online intrusion, we can expect a renewed emphasis on strengthening identity management and authentication in the cloud. This might lead to the inception of new technologies or the broader adoption of extant yet underutilized solutions.
  • More importantly, the findings will likely foster a culture of proactive security vigilance rather than a reactive stance. The cloud industry might see an acceleration in the integration of advanced threat detection, response mechanisms, and continuous security education.

The DHS’s initiative, steered by the CSRB, couldn’t be more timely. In a world where our reliance on cloud infrastructure is deepening, such proactive measures herald a shift from merely responding to threats to preemptively identifying and plugging vulnerabilities. This is not just about technology; it’s about trust and ensuring the cloud remains a haven for innovation and growth.

Seeing as “the cloud” is central to businesses, this is a good move by the DHS. Because everyone needs to make sure that whatever infrastructure that people use are safe and secure 100% of the time.

Leave a comment »

Review: Infinity Loops The Geometric Prepster Apple Watch Band

Posted in Products with tags on August 16, 2023 by itnerd

Last week I reviewed a titanium watch band for the Apple Watch Ultra from Infinity Loops. If you missed that review, you can read it here. Today I am reviewing another one of their bands. The band in question is The Geometric Prepster. An interesting name for an interesting looking band:

While I do have an interest in Apple Watch bands, I don’t recall ever seeing a band that looks like this. And I’m not talking just about the design of the band which is unique and has a bit of a retro vibe being a woven band with a very interesting pattern. Now if this pattern doesn’t work for you, there are 9 others to chose from. The other side of the band is made of leather which is stiff when you get it, but will loosen up over time. That should make the band very comfortable to wear.

All the lugs and the other metal hardware is not only top shelf in terms of quality, but they don’t have any play in them. And all the stitching is well done with no loose threads or anything like that. There’s nothing at all to complain about when it comes to the quality of the band. My only complaint has nothing to do with the band as such. My wife has tiny wrists, and as a result even with the band on the very last hole that the band offers, this band is too loose for her. The reason why that is an issue for her is loose fitting Apple Watches deliver inaccurate health data such as heart rate tracking. I provided this feedback to Infinity Loops and they will “update the description so the size is immediately available.” Given that my wife is a bit of an “edge case” it’s great that Infinity Loops is willing to do that.

The Geometric Prepster goes for $48 CAD and I’d recommend to all but those with wrists like my wife’s. It’s a quality band that has a unique look from my perspective. Which means that it will attract positive attention wherever you go.

Leave a comment »

Ransomware Is At A Record High

Posted in Commentary with tags on August 16, 2023 by itnerd

According to research provided by The Record, the number of ransomware attacks posted on extortion websites in July reached a record high, with ransomware groups publicly claiming over 15 attacks per day on average.

Recorded Future’s data reveals a total of 484 ransomware attacks in July, up from 408 the previous month. The surge was largely driven by the Russia-based Clop ransomware group, which exploited a vulnerability in the MOVEit file transfer tool to breach global computer networks.

Those attacks accounted for 35% of all publicly reported victims in July, including Shell, Siemens Energy, and a major U.S. public pension fund, with the education sector being particularly impacted. However, there were a total of 484 attacks spread across 38 different groups in July 2023, compared to 214 attacks across 24 groups in July 2022.

Emily Phelps, Director, Cyware had this to say:  

“With ransomware, cybercriminals don’t need to be sophisticated hackers to execute sophisticated attacks. Ransomware has a low barrier for entry, and with the emergence of Ransomware-as-a-Service, it requires virtually no technical skills to execute a successful attack. It’s profitable and harder to trace, with many adversaries dealing in cryptocurrencies.  

“Preventing successful ransomware attacks requires organizations to take multiple actions, which include keeping software and systems patched and updated; regularly maintaining and isolating backups; conducting regular security awareness training; and investing in threat intelligence and detection systems that enable security teams to proactively defend against these types of attacks.”

Carol Volk, EVP, BullWall follows with this: 

“Ransomware attacks continue to rise and the battle continues. We must learn from every event, improving our security posture, as the fallout from such attacks can be devastating to a business in terms of lost revenue, business disruption and long-term reputational damage.  

“While the hope of a magical AI silver bullet to protect us is still just a dream, we have to own our own protection and apply the best defense available within the resources available to us. There are good defensive options, from on-prem teams to Security as a Service (SECaaS) that can provide the full range for a good defense, including detection, backup and containment solutions. Stay current!”

Ransomware is not going away. Organizations need to wrap their heads around this and do whatever is required to make sure that they are not going to be the next victim of a ransomware attack.

Leave a comment »

Websites Being Targeted By Threat Actors To Set Up Phishing Pages

Posted in Commentary with tags on August 16, 2023 by itnerd

There’s new research that is out detailing hackers targeting smaller websites to take them over and set up phishing pages:

Abandoned websites end up captured by cybercriminals fairly often. A lack of maintenance and security patches means they are easy to compromise using a known exploit. Besides, on a long-neglected site, phishing pages can stay up for long periods of time, as no one monitors what gets published, which is exactly what scammers look for.

This does not mean malicious actors do not attack actively maintained sites, though. Smaller websites attracting little traffic are among those exposed to the hacking threat. Their owners may not be able to afford to spend enough money on information security or hiring a security professional, they may be unfamiliar with security settings, or they may be confident that their website is too small to be of any interest to hackers. However, to a phisher, the possibility of hacking the website is more important than its popularity, as links to scam pages are likely to be emailed or sent via instant messaging platforms. Therefore, even smaller websites are an attractive target for scammers.

According to W3Techs, 43.1% of all websites on the internet are powered by the WordPress content management system. There is a huge number of third-party plugins designed for extending the functionality of this popular platform. New vulnerabilities exploited by hackers are discovered both in plugins and in WordPress itself on a regular basis. The rest of this article will deal with phishing pages on hacked websites that are powered by WordPress.

Jack Nicholsen, CISO, Inversion6 had this to say:

Everyone should be concerned about the growing threat of phishing attacks on WordPress sites. These attacks can have a significant impact on businesses, both financially and reputationally. Hackers are increasingly targeting WordPress sites because they are a popular content management system (CMS) that is used by millions of websites. WordPress sites are also often less secure than other websites, as they may not be properly maintained or updated. Kaspersky found that hackers are using a variety of techniques to target WordPress sites, including: 

  • Exploiting vulnerabilities in outdated software and plugins. WordPress plugins are a common way for hackers to gain access to a website. It is important to keep all plugins up to date and to only install plugins from trusted sources. 
  • Phishing emails and social engineering attacks. Hackers will often send phishing emails that appear to be from a legitimate source, such as a bank or credit card company. The emails will often contain a link that, when clicked, takes the victim to a fake website that looks like the real website. Once the victim enters their personal information on the fake website, the attacker can steal it.
  • Brute-force attacks. Hackers will often use brute-force attacks to try to guess the passwords for WordPress accounts. It is important to use strong passwords and to enable two-factor authentication.

 Security teams can take a number of steps to protect their WordPress sites from these attacks, including:

  • Keeping their websites up to date with the latest security patches. WordPress releases security patches regularly, and it is important to install these patches as soon as possible. 
  • Using strong passwords and two-factor authentication. Strong passwords should be at least eight characters long and include a mix of letters (uppercase and lowercase), numbers, and symbols. Two-factor authentication adds an extra layer of security by requiring users to enter a code from their phone in addition to their password.
  • Installing a security plugin for WordPress. There are a number of security plugins available for WordPress that can help to protect your site from attacks.
  • Monitoring their websites for suspicious activity. Security teams should monitor their websites for suspicious activity, such as unusual login attempts or changes to the website’s code. 
  • Training employees on how to identify and avoid phishing emails. Employees should be trained on how to identify and avoid phishing emails. They should be taught to never click on links in emails from unknown senders and to never enter their personal information into websites that they do not trust.

My advice would be that if you have a website that isn’t being maintained, take it down. And for everyone else, you should do everything possible to secure those websites so that they don’t get leveraged by threat actors for evil.

Leave a comment »

The MOVEit Flaw Has Claimed More Victims

Posted in Commentary with tags on August 16, 2023 by itnerd

MOVEit Seems to be the gift that keeps on giving for hackers as two more organizations have been added to the list of victims. Let’s start with The Colorado Department of Health Care Policy & Financing (HCPF)  who was pwned by hackers who targeted IBM according to this notice. And according to this, over 4 million people have been affected.

Ani Chaudhuri, CEO, Dasera had this comment on this massive breach:

Indeed, the MOVEit software breach incident at IBM that led to Colorado HCPF’s data exposure is just the tip of the iceberg in what appears to be a larger vulnerability affecting several organizations. While the specific details about every breached entity might not always be public, it is imperative to understand that the software’s widespread usage makes it an attractive target. The recent disclosure by Colorado State University, which was similarly breached due to the vulnerability in the MOVEit Transfer software, affecting thousands of students and staff, underscores the urgency. If MOVEit’s vulnerability can affect educational institutions of such magnitude, it stands to reason that healthcare providers with a similar reliance on the software could be at equal, if not greater, risk, given the value of health data in the dark market.

In light of these breaches, healthcare providers must take a multi-pronged approach to damage containment:

  • Immediate Assessment: Conduct a rapid and comprehensive assessment to ascertain the extent of the breach. This involves understanding the nature of accessed data, the duration of unauthorized access, and potential secondary access points that the threat actors might have established.
  • Notify Affected Parties: Transparency is essential. Informing affected individuals meets regulatory obligations and allows them to take personal protective measures, such as monitoring for suspicious activities.
  • Enhanced Monitoring: Deploy advanced monitoring solutions to identify suspicious activities or data access patterns. This will help detect any malicious activities from the breach in real-time.
  • Rethink Data Storage and Access: Minimize the exposure of sensitive data by implementing robust data governance principles. This means limiting access based on necessity, employing end-to-end encryption, and frequently auditing data access logs.
  • Software Patching and Updates: Ensure all systems and software are updated with the latest patches. Regularly liaise with software vendors for updates on vulnerabilities and corresponding patches.
  • Employee Training: Often, the success of ransomware campaigns, like the one that exploited the MOVEit vulnerability, hinges on human error. Regular training of staff on the latest cybersecurity threats and maintaining a culture of vigilance can act as the first line of defense.
  • Collaborate and Share Information: Collaborate with other organizations, regulatory bodies, and cybersecurity entities to share knowledge about threats and best practices. This collaborative approach will not only bolster individual defenses but also strengthen the broader healthcare community’s resilience against cyber threats.
  • Cyber Insurance and Legal Counsel: Ensure that cyber liability insurance is in place. A legal team well-versed in cybersecurity issues can also guide on regulatory obligations and potential legal ramifications post-breach.

While the current scenario paints a grim picture, it’s also an opportunity. An opportunity for healthcare providers to reevaluate, reinvent, and fortify their data protection mechanisms, ensuring the sanctity of patient data now and in the future.

Now let’s move on to New York Life who was exposed to the MOVEit Transfer attack via a third-party vendor Pension Benefit Information (PBI):

According to PBI’s letter to the Maine Attorney General, the attack exposed 25,685 NYLIC-related individuals. The breach notification indicates that threat actors accessed individuals’ Social Security numbers (SSNs).

Losing SSNs poses significant risks, as impersonators can use stolen data in tandem with names and driver’s license numbers for identity theft.

Again, Ani Chaudhuri, CEO, Dasera has a comment on this:

The current digital landscape’s complexities have led us into an era where even the most reputable companies are vulnerable to sophisticated cyber-attacks. It’s terrible to see global giants like New York Life Insurance Company (NYLIC), Prudential Insurance, and many others fall prey to the MOVEit Transfer attacks. It underscores the fundamental challenge many corporations face: it’s not just about securing your environment but ensuring that every part of your digital supply chain is equally fortified.

First and foremost, our sympathies should lie with the companies and the millions of individuals impacted by these breaches. Having one’s personal and sensitive information exposed is a severe violation of trust and can have long-lasting repercussions. However, it’s important to remember that in many of these cases, the breached entities themselves were not the primary weak link. Instead, third-party vulnerabilities became the gateway for malicious actors to access data.

In this instance, the trend of targeting third-party vendors and systems, such as PBI, has become increasingly prevalent. It’s a cunning tactic from cybercriminals: why attack the fortress directly when you can exploit a lesser-protected entry point? Herein lies the crux of the issue: in a globally interconnected digital ecosystem, your security posture is only as strong as the weakest link in your chain.

Furthermore, this is not merely an IT or a “tech” problem—it’s a holistic business challenge. Given the increasing interdependence on third-party vendors and platforms for various services, it’s more crucial than ever for organizations to embed data governance and security into their core strategy deeply. As we’ve seen, merely patching software vulnerabilities is a reactive measure; we need proactive, comprehensive approaches that account for the entire data lifecycle and all its touchpoints.

So, what can we take away from this calamity?

  • Third-party Audits: Regularly evaluate and audit the security posture of third-party vendors, especially those with access to sensitive data. Mere assurances or past reputations are no longer sufficient.
  • Comprehensive Data Governance: Implement robust data governance frameworks that provide clear visibility into where and how data is stored, processed, and transmitted—even when outside the direct purview of the company.
  • Shared Responsibility and Collaboration: In the face of such adversities, the business community must come together, share insights, and collectively elevate our defenses against cyber threats. Finger-pointing or laying blame post-facto is counterproductive.

Every organization and individual to empathize with the affected companies and end-users. In today’s intricate digital web, any entity, regardless of size or reputation, can find itself under siege. Instead of distancing ourselves from those affected, we should draw closer, share knowledge, and fortify our collective defense. Cybersecurity isn’t a competitive advantage; it’s a shared responsibility.

In both of these cases, organizations were pwned because some other organization was exposed to MOVEit. Thus you have to wonder how many other organizations are exposed to this threat which right now seems completely out of control.

Leave a comment »