Archive for August 22, 2023

« Older Entries

Latest Circana (NPD) Report Ranks Targus As Number One-Selling Laptop Bag Brand in US + Canada

Posted in Commentary with tags on August 22, 2023 by itnerd

Targus today announced that it remains the number-one selling laptop case brand in US and Canada Retail and US B2B Reseller Channels, according to a new retail report from Circana. Circana is the world’s leading advisor on the complexities of consumer behavior which measures point-of-sale (POS) data across 2,000 categories and more than 500,000 stores. 

Targus continues to lead the laptop cases category since pioneering the first laptop case 40 years ago. Its innovative solutions include its patented Dome Protection System™, DefenseGuard™ Antimicrobial Collection of laptop and tablet cases, EcoSmart® laptop bags made out of recycled PET polyester derived from plastic water bottles, and patented checkpoint-friendly bags

The data also find that despite the decline in the tech sector this year, the demand for retail laptop backpacks is up by 9 percent, based on total number of units year-over-year (YOY) as well as 13 percent in market value from the previous year. In addition, Targus maintains the number one spot in US B2B Universal Docks (3rd party only) and has increased its market share to 22 percent.

Leave a comment »

Medcrypt & NetRise Partner to Tackle Critical Cyber Challenges in Healthcare

Posted in Commentary with tags , on August 22, 2023 by itnerd

Medcrypt, Inc., the proactive cybersecurity solution provider for medical device manufacturers (MDMs), today announced its partnership with NetRise, the company providing granular visibility into the world’s XIoT security problem, to address critical cybersecurity challenges in the healthcare industry. This partnership will provide MDMs with a Software Bill of Materials (SBOM) lifecycle management solution that will empower device makers to proactively identify and address potential security risks and ensure the safety and integrity of their medical devices.  

n 2021, the White House released an executive order on the growing need for improved cybersecurity, which included the use of SBOMs “as a formal record containing the details and supply chain relationships of various components used in building software” for each product. The two primary use cases of SBOMs are to identify vulnerabilities from component information within the SBOM and to monitor license usage, especially of open-source software. The value SBOMs provide is two-fold: Supporting R&D teams in the premarket phase as well as supporting postmarket management and vigilance, thus informing cybersecurity activities across teams, including research and development, product quality, and legal teams. For medical device manufacturers, the U.S. Food and Drug Administration (FDA) is mandating that all software-based medical devices must create and maintain an SBOM, and will start refusing submissions that fail to include this information on October 1, 2023

The collaboration between Medcrypt and NetRise aims to revolutionize medical device security by combining Medcrypt’s expertise in vulnerability identification and management with NetRise’s unparalleled capabilities in generating SBOMs for embedded devices and firmware. This partnership provides medical device manufacturers with a comprehensive solution to safeguard their devices against potential cyber risks throughout their entire lifecycle.

Medcrypt will integrate NetRise’s SBOM generation capabilities into Helm, extending the support for SBOMs throughout the entire lifecycle of medical devices. NetRise will offer medical device manufacturers the ability to generate, ingest, enrich, manage, and monitor SBOMs, providing critical visibility into the underlying vulnerabilities of their embedded devices and firmware. 

Learn more about the partnership and how to create and monitor an FDA-approved SBOM through a joint webinar with Medcrypt and NetRise on September 19, 2023. Sign up here

Leave a comment »

Twitter Is fixing a ‘bug’ that wiped out Twitter images from before 2014

Posted in Commentary with tags on August 22, 2023 by itnerd

Over the weekend, I posted a story that spoke to Twitter/X breaking yet again. Specifically Tweets that were from before 2014 which had images in them were broken and the images were gone. Links in said Tweets were unusable as well.

Twitter put this out in response to that:

That’s nice. But it doesn’t change the fact that Twitter/X was broken again. Something that has been a frequent thing since Elon Musk took over, fired most of the staff, and turned the platform into a train wreck next to a dumpster fire full of hate and other objectionable content. You’re going to see more of this type of stuff until Twitter/X ultimately fails. Just like Elon himself predicts.

Buckle up folks. You’re in for a bumpy ride if you’re still on Twitter.

Leave a comment »

Guest Post: ESET Research analyzes Spacecolon toolset, spreading ransomware across the world and stealing sensitive data

Posted in Commentary with tags on August 22, 2023 by itnerd

ESET Research has released its analysis of Spacecolon, a small toolset used to deploy variants of Scarab ransomware to victims all over the world. It likely penetrates victim organizations through operators compromising vulnerable web servers or via brute forcing RDP credentials. Several Spacecolon builds contain many Turkish strings; therefore, ESET believes it is written by a Turkish-speaking developer. ESET was able to track the origins of Spacecolon back to at least May 2020, and its campaigns are ongoing. ESET named Spacecolon’s operators CosmicBeetle to represent the link to “space” and “scarab.” 

Spacecolon incidents identified by ESET telemetry encompass the globe, with high prevalence in European Union countries, such as Spain, France, Belgium, Poland and Hungary; elsewhere, ESET has detected high prevalence in Turkey and Mexico. CosmicBeetle appears to be preparing the distribution of new ransomware — ScRansom. Post-compromise, along with installing ransomware, Spacecolon offers a large variety of third-party tools that allow the attackers to disable security products, extract sensitive information and gain further access.

“We have not observed any pattern to Spacecolon’s victims besides them being vulnerable to the initial access methods employed by CosmicBeetle. Neither have we found any pattern among the targets’ areas of focus or size. However, to name a few (by type and geography), we have observed Spacecolon at a hospital and tourist resort in Thailand, an insurance company in Israel, a local governmental institution in Poland, an entertainment provider in Brazil, an environmental company in Turkey and a school in Mexico,” says ESET researcher Jakub Souček, author of the analysis.

CosmicBeetle probably compromises web servers vulnerable to the ZeroLogon vulnerability or those with RDP credentials that it is able to brute force. Additionally, Spacecolon can provide backdoor access for its operators. CosmicBeetle doesn’t make any considerable effort to hide its malware and leaves plenty of artifacts on compromised systems. 

After CosmicBeetle compromises a vulnerable web server, it deploys ScHackTool. ScHackTool is the main Spacecolon component that CosmicBeetle uses. It relies heavily on its GUI and active participation of its operators; it allows them to orchestrate the attack, downloading and executing additional tools to the compromised machine on demand as they see fit. If the target is deemed valuable, CosmicBeetle can deploy ScInstaller and use it to install ScService, which provides further remote access.

The final payload CosmicBeetle deploys is a variant of Scarab ransomware. This variant internally deploys a ClipBanker, a type of malware that monitors the content of the clipboard and changes content that it deems likely to be a cryptocurrency wallet address to an attacker-controlled address.

Furthermore, a new ransomware family is being developed, with samples being uploaded to VirusTotal from Turkey. ESET Research believes with high confidence that it is written by the same developers as Spacecolon, and ESET has named it ScRansom. ScRansom attempts to encrypt all hard, removable and remote drives. ESET has not observed this ransomware being deployed in the wild, and it appears to still be in a development stage.

For more technical information about Spacecolon and CosmicBeetle, check out the blogpost “Scarabs colon-izing vulnerable servers” on WeLiveSecurity.

Distribution of Spacecolon victims

Leave a comment »

Trend Micro Launches New Partner Program – Trend Vision One

Posted in Commentary with tags on August 22, 2023 by itnerd

Trend Micro Incorporated today announced an extension to its partner program and launched a new offering designed to empower MSSPs, service partners and pure-play managed detection and response (MDR) companies to build or grow their MDR and SOC-as-a-service offerings. The new program will further enable the global ecosystem of MSSP partners that customers rely on amidst a cybersecurity skills shortage. 

Trend Vision One for Service Providers provides turnkey threat detection and response with extended SOAR capabilities built for managed security service partners, offering multi-tenant SOC capabilities and hundreds of 3rd party integrations across the IT environment and with other security vendors.  

  • Out-of-the-box value, via incident response playbooks which reduce the need to build custom solutions
  • Comprehensive, end-to-end SOC technology, from XDR to protection
  • Improved customer outcomes, with MTTR (mean time to respond, repair, resolve, recover) measured not in weeks but hours
  • Extensive integrations – hundreds of integrations that offer visibility, analysis and automation across Trend and a wide range of third-party products
  • Greater SOC inspection and analytics thanks to log inspection & analytics which capture event data from a wide range of sources across the organization, from Trend and third-party solutions
  • MSSP-ready capabilities – a multi-tenant offering delivered via a single pane of glass  

Partners who sign up to Trend Vision One for Service Providers will also receive industry-leading benefits including:  

  • White-glove onboarding and enablement, leveraging Trend’s industry know-how working with hundreds of SOCs to help partners accelerate adoption and delivery of SOCaaS and MDR  
  • Highly competitive pricing to allow new and existing MSSPs to penetrate the market quicker
  • Choice of partnership, which means partners can choose the partnership right for their business:
    • Fully managed MDR or SOCaa
    • API integration to offer co-managed services for “bring your own technology” clients, where MSSPs help configure and manage Trend’s SOAR solution deployed on customers’ premises 

Leave a comment »

Ransomware Takes Center Stage in Q2 2023: Nuspire

Posted in Commentary with tags on August 22, 2023 by itnerd

 Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2023 Cyber Threat Report. The quarterly report provides a comprehensive analysis of the threat landscape, examining threat data encompassing malware, botnets and exploits, as well as specific tactics, techniques and procedures (TTPs) organizations should watch out for. 

Nuspire’s latest report reveals a surge in ransomware activity, with a staggering 65% increase in activity from a newer entrant to the list of top ransomware groups: CL0P. A deep dive into the financial industry showed a 43% increase in ransomware extortions.  

Notable findings from Nuspire’s newly-released cyber threat report include: 

  • Total ransomware extortion publications increased by nearly 18%.
  • Apache vulnerabilities comprise 25% of exploits. Apache Software can be found in approximately 31% of all global websites, making this finding particularly concerning. 
  • Botnets grew approximately 16% in Q2, with Torpig Mebroot, a trojan renowned for its data-theft capabilities maintaining its position as the top botnet detected. 

Access Nuspire’s Q2 2023 Cyber Threat Report here to view the data and learn key mitigation strategies for protecting your organization’s environment. 

Leave a comment »

Record 40 Million Individuals Exposed in Healthcare Cyber Breaches Despite Overall Decline: Critical Insight

Posted in Commentary with tags on August 22, 2023 by itnerd

Critical Insight, the Cybersecurity-as-a-Service provider specializing in helping critical organizations Prepare, Detect, and Respond in today’s threat environment, today announced the launch of its H1 2023 Healthcare Data Cyber Breach Report. In this report, Critical Insight builds on its biannual analysis of data breaches reported by healthcare organizations to the U.S. Department of Health and Human Services (HHS).

Critical Insight unveils the state of cybersecurity in the healthcare industry and its complex dynamics through a comprehensive analysis of current cyber threats. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers’ strategies from encryption to extortion.

While the first six months of the year saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels. The report found that 2023 is on pace to break the record for individuals affected by breaches. 

Critical Insight’s analysis of breach data supplied to HHS reveals the following key findings.

  • Breach Numbers Decrease: Total breaches dropped 15% in the first six months of 2023 compared to the second half of 2022, which is a positive trend considering the steady increase in attacks over the past few years. The reduced number of breaches in the first half of this year suggests that the overall number may be lower for the entire year. This year is on track to record the fewest breaches since 2019 and experience fewer provider breaches compared to the previous three years.
  • Exposed Records Increase: Individual records compromised in data breaches surged by 31% in 1H 2023 compared to 2H 2022. Despite declining over the latest reporting period, the number of individuals affected increased from 31M in 2H 2022 to 40M in 1H 2023. With the first half of this year at 40 million, the number in just a six-month reporting period is already 74% of the total number of individuals affected in 2022, representing the highest number on record for six months. 
  • Data Breach Causes: Hacking/IT incidents were the primary cause, accounting for 73% of breaches in 1H 2023. Compared to the first-most affected breach type in the previous reporting period, unauthorized access/disclosure was the second-most prevalent type in 1H 2023. Theft, losing records, and improper disposal were relatively insignificant contributors to data breaches.
  • Hacker Entry Points: The focus on network server vulnerabilities and the adaptation of defense against email-related hacks point to a continual evolution in the cyber landscape. Hackers have shifted their tactics towards targeting network vulnerabilities. Network server breaches are responsible for a staggering 97% of individual records affected, while only 2% can be attributed to email breaches.
  • Evolved Attacker Tactics: Hackers have intensified their attacks on third-party business associates as breaches associated with business associates have steadily risen and were significantly higher than individuals affected in healthcare provider and health plan-related breaches. Of the 40 million exposed records, 48% were linked to business associates, while 43% were associated with healthcare providers. In the first half of 2023, 50% of individuals impacted by a breach had a business associate present. 

To adequately prepare, organizations should: start with an incident response plan and a NIST-CSF-based risk assessment to build a multi-year strategy; track the cyber hygiene of its critical partners essential to maintaining a more secure environment; place robust focus on safeguarding third-party vendors, business associates, and suppliers from vulnerabilities; ensure support from the board, emphasizing the most critical impact for the investment.  

To download the report, please visit https://cybersecurity.criticalinsight.com/healthcare-breach-report-h1-2023.   

Leave a comment »

Cerby Announces $17 Million In Series A Funding 

Posted in Commentary with tags on August 22, 2023 by itnerd

Cerby, the comprehensive access management platform for nonstandard applications, today announced that the company has raised $17 million in Series A funding. Two Sigma Ventures led the round with significant participation from Outpost Ventures, an investment platform of Neuberger Berman. Participating investors include Ridge Ventures, Founders Fund, Bowery Capital, AV8, Salesforce Ventures, Tau Ventures, Okta Ventures, Incubate Fund, and Ben Johnson, co-founder of Obsidian Security and Carbon Black.

Cerby received significant inbound interest and preemptive terms sheets due to the unique risk they address in the identity and access management (IAM) market – nonstandard applications. These applications do not support common identity and security standards like APIs, Single Sign-on (SSO), and protocols for automating employee onboarding and offboarding from critical applications.

A recent study by the Ponemon Institute found that 52% of organizations have experienced a cybersecurity incident caused by their inability to secure nonstandard applications, posing an increasingly challenging risk in every business. This spotlights the growing need for a fully connected identity mesh that works for all applications: on-premises, OT, legacy, and cloud – not just those supporting standards. 

This latest round brings the company’s total funding to $32.5 million. The funds will be used to scale Cerby’s go-to-market efforts, including expanding sales and marketing efforts; accelerating innovation of Cerby’s access management solution for nonstandard applications; further building on customer momentum and industry research; continue investing in generative AI to enhance development speed and maintenance of integrations; and reinforce international teams and customers with additional support.

Founded in 2020, Cerby has evolved from its inception with a focus on managing access to applications for marketing teams to expand its reach to sales, product, financial services, and healthcare applications, catering to public SaaS and privately hosted applications. The investment highlights Cerby’s need in the financial services sector, which is often heavily dependent on nonstandard applications. Recent achievements in addition to fundraising include the company becoming Okta partner-approved and filing two patents to advance its IP strategy. 

Leave a comment »

Veridas Drives Biometric Inclusivity Mission by Joining OIX Community

Posted in Commentary with tags on August 22, 2023 by itnerd

 Veridas, a leading global provider of AI-driven identity verification solutions, is pleased to announce it has joined Open Identity Exchange (OIX), a global community driving positive and inclusive developments for trusted digital identities. 

Veridas Digital Identity Verification and Biometrics Authentication solutions provide both facial and voice verification and authentication, utilising the natural, inclusive features of all users. 

Serving organisations across 25 countries, Veridas is solving one of the most urgent security issues their customers worldwide have today – simplifying access for legitimate users while blocking digital attacks and physical breaches. 

Veridas was recently ranked as one of the top four best biometrics providers in the world, according to the National Institute of Standards and Technology (NIST). Its technology uniquely addresses an ever-apparent privacy issue, ensuring its customers are consistently compliant with emerging data privacy laws. As such, Veridas is the partner of choice for many banks, retailers, contact centres and government agencies in the most rigorous of environments, including the EU and the US.

Growing rapidly as an organisation, Veridas envisions a future without passwords, where everyone can privately, securely and voluntarily use their identities in both digital and physical environments. By joining the OIX community, Veridas can contribute to and collaborate with OIX’s global networks to exchange knowledge, share best practices and engage in joint projects. This strategic alignment further positions Veridas as a trusted provider of biometric identity verification.

To help support the understanding and adoption of digital ID by organisations that will come to rely on it, the OIX is holding its #IdentityTrust2023 Conference on Thursday 28th September 2023 in the South Bank wing (3rd floor) of London’s iconic County Hall, which served as the headquarters of local government for London for 64 years until the late 1980’s. 

Leave a comment »

HiatusRAT Malware Is Back  

Posted in Commentary with tags on August 22, 2023 by itnerd

The HiatusRAT malware is back and has been targeting Taiwan-based organizations and a U.S. military procurement system. Like whack-a-mole, you see it here and then over there:

New research released by Lumen Black Lotus Labs shows the malware has been re-compiled for different architectures and is being hosted on new virtual private servers (VPSs). This current activity is a shift from prior campaigns tracked by Lotus Labs that primarily targeted Latin America and European organizations, and appears synonymous with the strategic interest of the People’s Republic of China according to the 2023 ODNI threat assessment.

Current targets have included semiconductor and chemical manufacturers, a municipal government organization in Taiwan and a U.S. Department of Defense (DoD) server associated defense contracts.

First disclosed by Lotus Labs in March 2023 as a spying campaign on victims in Latin America and Europe, the activity is reported to have begun in July of 2022. That campaign infected as over 100 edge routers to passively collect traffic, functioning “as a covert network of command and control (C2) infrastructure.”

“Despite prior disclosures of tools and capabilities, the threat actor took the most minor of steps to swap out existing payload servers and carried on with their operations, without even attempting to re-configure their C2 infrastructure. This highlights the difficulty of dealing with edge and IoT-based malware, as there currently is no universal mechanism to clean up these devices.”

Dave Ratner, CEO, HYAS had this to say:

“There may be no good universal mechanism to clean up edge and IOT-based devices, and bad actors will continue to find new ways to infect and infiltrate. Nevertheless, focusing on the adversary infrastructure — the command-and-control (C2) structures that are used — and identifying and blocking the communication with C2 is an important part of a security-in-depth strategy.  Organizations who haven’t deployed advanced Protective DNS solutions to do just that will find themselves vulnerable time and again.”

This highlights how difficult it is to get rid of threat actors. Thus prevention has to be strategy until we get to a place where we can take the fight to them.

Leave a comment »

« Older Entries