Archive for September 8, 2023

Review: Otofly Apple Watch Silicone Band

Posted in Commentary with tags on September 8, 2023 by itnerd

Recently I was contacted by Otofly who makes Apple Watch bands and iPhone cases. After a quick discussion, I was sent a couple of Apple Watch bands and a couple of iPhone cases to review. Today, I’m going to start with one of the Apple Watch bands that I got which is the Silicone Band.

The band is made of silicone and it has this pin to affix it together:

The pin is made of metal and in my testing while doing two bike rides didn’t come loose. I found it to be soft and comfortable to wear. And because it is silicone, it will dry quickly. That makes this the sort of band that you’d want to wear during a vigorous workout. Other things that I did notice is that the ends fit into the Apple Watch solidly and everything has a quality feel to it.

The Otofly Silicone Band is available in 15 colours and goes for $29.99 which is down from $55.99 and they have availability for any Apple Watch type and size. If you need an Apple Watch band for sports or working out, and you don’t want to spend a lot of money, this band is totally worth looking at.

Leave a comment »

Microsoft tightens Zero-Trust protocol after releasing gov hack findings

Posted in Commentary with tags on September 8, 2023 by itnerd

In a report released Wednesday, Microsoft published the findings of its internal investigation which detailed that, for more than two years, Chinese hackers accessed high-level, US and European governmental agencies’ email accounts before the breach was discovered in June.
 
The Chinese-based criminal, Storm-0558, first gained access to the Microsoft emails in April 2021. The breach affecting 33 U.S. and global entities happened when a bug caused Microsoft’s email system to crash, resulting in a data purge that inexplicably contained email access keys. The hacker then forged security tokens that allowed backdoor access to Outlook.com.
 
As Microsoft admitted, at the time, the system didn’t alert IT to the issue as it should have, and the crack went unnoticed until just two months ago. Microsoft said that it released the investigative findings “as part of our commitment to transparency and trust,” adding that the company was working to tighten up its security protocols.
 
“For this reason — by policy and as part of our Zero-Trust and ‘assume breach’ mindset — key material should not leave our production environment. While these tools are important, they also make users vulnerable to spear phishing, token stealing malware, and other account compromise vectors,” Microsoft said, referring to emails, conferencing, and web research tools that were used previously by corporate-level employees.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “The two most disconcerting parts of the report are that: Storm-0558 could forge tokens to access email accounts of high-level officials; and that the breach persisted for years without being discovered. This would lead one to question how many other accounts are being compromised today with forged tokens, and how do you go about identifying additional compromised accounts?

   “The findings reinforce that constant vigilance is required to stay ahead of sophisticated attackers, and keys and tokens need to be rotated frequently to prevent persistent access to compromised accounts.”

Microsoft should get some kudos for posting this info as it is not easy to admit where you’ve gone wrong. But let’s see what Microsoft does going forward to make sure that this situation isn’t repeated.

Leave a comment »

Board and CISO disconnect on cybersecurity preparedness ‘rings alarm bells’

Posted in Commentary with tags on September 8, 2023 by itnerd

Proofpoint published its second annual Cybersecurity: The 2023 Board Perspective report and found that almost 75% of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, up from 65% the previous year and 53% of those board members believe their organization is not prepared, a slight increase over the prior year. Meanwhile, 61% of CISOs feel underprepared, up from 50% in 2020.

“That those closest to the action, CISOs, feel even more underprepared should be great cause for concern.

“Still, that board members and CISOs feel largely unable to defend and remediate these all-but-inevitable cyber threats should ring alarm bells,” states the report.

The disconnect is further highlighted by the report’s attention to communication and collaboration between board members and CISOs with just 53% of board members regularly interacting with their CISOs, and nearly a third of board members say they see the CISO only as part of report.  

“Growing even stronger board-CISO relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they’re investing in the right priorities,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint in a press release.

Proofpoint’s survey also noted:

  • 70% of respondents agreed that cybersecurity is a priority for their board
  • 70% believe that they have adequately invested in cybersecurity
  • 84% reported believing that their cybersecurity budgets would increase in the next year
  • 60% say malware was listed as the most pressing concern

George McGregor, VP, Approov had this to say:

   “It seems that the real issue here is the engagement of board  members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability –  So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”

Emily Phelps, Director, Cyware follows with this:

   “Proofpoint’s report illustrates how important communication and collaboration are across all levels of an organization. The rise in board awareness is a great first step to addressing cyber attacks; ultimately, we want to capitalize on the growing awareness so that enterprises can more quickly get to meaningful action that reduces risk.

   “As the report notes, new technologies pose new security risks, and while new technologies can also aid in security defense, it’s more important to ensure the technologies CISOs and security teams adopt work well together. The more collaborative the tools are, the better organizations can address people, tech, and data silos, making it easier to get the right information to the right people at the right time so organizations can take the right action with confidence.”

Everyone has to be on the same page in order to make cybersecurity work. Otherwise bad things will happen. This survey highlight this fact.

Leave a comment »