Archive for December 18, 2023

Horizon3.ai Named to New Cyber 60 List

Posted in Commentary with tags on December 18, 2023 by itnerd

Horizon3.ai, a leading provider of autonomous security solutions, today announced that it has been named to the Fortune Cyber 60 2023 list. The Fortune Cyber 60 is a new listing of the most important venture-backed startups that offer enterprise-grade cybersecurity solutions. Horizon3.ai was added to the Early-growth-stage companies category and is the only company on the list that offers an autonomous penetration testing solution like NodeZero™.

The Horizon3.ai NodeZero platform is a SaaS-based autonomous penetration testing solution used to continuously assess an enterprise’s attack surface. NodeZero helps organizations uncover exploitable vulnerabilities, weak and/or reused credentials, deficient security controls, exposed data, misconfigurations, weak security policies, and dangerous product defaults that exist within their networks. NodeZero chains these weaknesses together to discover attack paths an attacker could use to compromise user accounts, applications, domains, on-premises devices, and cloud resources.

To construct the Fortune Cyber 60 list, Lightspeed Venture Partners surveyed over 300 cybersecurity startups based on market data provided by Pitchbook. Lightspeed requested data regarding revenue and current and prior year growth rates and sorted the companies that responded according to their ARR, followed by growth rate, and prior year growth rate as tiebreakers.

About Horizon3.ai

The NodeZero™ platform empowers organizations to continuously find, fix, and verify exploitable attack surfaces. It is the flagship product of Horizon3.ai, founded in 2019 by former industry and U.S. National Security veterans. Our mission is to help organizations see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure that they are prepared to respond to real cyberattacks.

Visit https://www.horizon3.ai/ for more information.

Leave a comment »

If You Want To Buy An Apple Watch Series 9 Or Ultra 2, Buy It Now Because It’s About To Be Banned In The US

Posted in Commentary with tags on December 18, 2023 by itnerd

Bad news for those who want an Apple Watch for Christmas.

In a statement shared with 9to5Mac, Apple said the Series 9 and Ultra 2 will no longer be available to purchase on Apple’s online store in the U.S. starting December 21.

Now why is this happening? Back in October the ITC ordered a ban on some Apple Watch imports into the U.S. after finding that Apple violated Masimo’s patents related to pulse oximetry. This is part of a long running battle between Masimo and Apple that has more plot twists than a Marvel Movie. Now this could be reversed by President Biden, but that may not happen as those sorts of reversals are rare. Thus it means that the Apple Watch could be off store shelves at Apple’s most profitable time of the year. Though Apple is going to appeal this.

If you want more background on this, here’s a couple of videos that explain this further:

1 Comment »

VISO TRUST Netskope Integration ID’s & Addresses 3rd Party Shadow IT And Cyber Risk

Posted in Commentary with tags on December 18, 2023 by itnerd

VISO TRUST, a leading AI-driven third-party cyber risk management (TPRM), today announced its latest integration with Netskope, the platform that is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. This groundbreaking collaboration aims to empower VISO TRUST customers with a comprehensive and streamlined approach to managing third-party cyber risks arising from shadow IT vendors.

As organizations increasingly rely on cloud services and applications, the use of unauthorized or unvetted shadow IT vendors has become a significant concern for IT and security teams. These unapproved vendors can introduce potential security vulnerabilities, data breaches, and compliance risks, making it crucial for businesses to gain visibility and control over their digital ecosystems.

The newly released Netskope integration empowers VISO TRUST customers to seamlessly identify and monitor shadow IT vendors operating within their ecosystem, connecting with their environment or interacting with their users. By leveraging Netskope’s advanced cloud security capabilities, VISO TRUST users can efficiently detect unauthorized applications and services in real time, minimizing the potential for security blind spots.

Key features of the Netskope integration include:

  • Shadow IT Vendor Discovery: The joint solution surfaces and de-silos previously undisclosed data, providing new and in-depth visibility into unauthorized cloud applications, and enabling organizations to uncover hidden shadow IT risks lurking within their infrastructure.
  • Automated Risk Assessment: VISO TRUST users can now pipe detected shadow IT vendors into their third-party cyber risk management workflows effortlessly. The integration streamlines the risk assessment process, identifying potential security gaps and evaluating each vendor’s risk profile.
  • Risk Mitigation Strategies: Armed with comprehensive insights from Netskope’s cloud security platform, VISO TRUST users can apply appropriate risk mitigation strategies to improve their overall cybersecurity posture effectively.
  • Regulatory Compliance Support: The combined power of VISO TRUST and Netskope ensures that organizations can align their cloud usage with industry regulations and compliance standards more efficiently.
  • Real-Time Alerts: Instant notifications enable swift action to address potential risks and security incidents, enhancing incident response times and minimizing the impact of cybersecurity threats.

With the VISO TRUST and Netskope integration, businesses can now confidently embrace the benefits of cloud services while proactively safeguarding their critical data and networks against potential threats.

For more information about the integration and its benefits, please visit www.visotrust.ai.

Leave a comment »

How Well Does The Shell App Work For Contactless Fuel Fill Ups? Let’s Find Out!

Posted in Products with tags on December 18, 2023 by itnerd

Because of recent issues with the Esso/Mobil app during its rollout that resolved themselves, that drove me to trying the Shell App to see if it was any better. And based on my testing, it is and it isn’t. Let me explain.

Registration is very easy. After you install the app you’re prompted to enter you email address to set up the app. And you are able to add your CAA membership number and your AirMiles membership numbers to earn rewards. In my case, I entered my CAA membership number as I can save 3 cents a litre on every fill up. One big plus is that you can create an AirMiles account on the fly if you want one.

In terms of being able to drive up and fill my car with gas, that part is stupid simple:

  • You drive up to the pump
  • You open the app
  • Pick the pump number
  • Authorize the pump using a stored credit card or Apple Pay. I selected Apple Pay as that is more secure.
  • Wait for the authorization to go through and then wait for the pump to tell you to select the grade of gas that you want to fill up with. Choose the grade and start pumping.

All of this was smooth and easy. I had no issues whatsoever filling up every time I used the app. So that part of the user experience was good. However, paying in store was not as good. The way it is supposed to work is that you choose to pay inside and a barcode appears to allow you to pay inside. If you’ve used the Starbucks app, it’s kind of like that. But for me, it has a fatal flaw:

Apparently you cannot pay using Apple Pay. Why I don’t know. But what it means for me is that I will not be using the app to pay inside a Shell gas station. After Petro Canada got pwned, there is zero chance I will be storing my credit card details in this or any other app. If Shell were smart, they would add Apple Pay support to the part of the app that runs in store payments because I am sure that I am not the only one who feels this way.

To conclude, if I had to rank this app relative to the Petro Canada app and the old Esso app, it’s able the Petro Canada app but below the Esso app. If Shell would allow you to pay using Apple Pay in store, it would be above the Esso app. But to be fair, I need to review the new Esso/Mobil app. I’ll be doing that in the coming days and we’ll revisit this.

Leave a comment »

If You Receive An Unprompted MFA OTP Code, You’ve Likely Have Been Pwned

Posted in Commentary on December 18, 2023 by itnerd

I was recently called by a client to debug why they were getting emails like this randomly:

Now this email, or one like it, or a text message, or a smartphone notification is sent to you when you try to log into account that is protected by Multi Factor Authentication or MFA. It’s one-time passcode or OTP) that combined with a password allows you to log into an account. And if you get emails like this out of the blue when you’re not trying to log into said account, it means that someone has gotten their hands on your password and is trying to log into the account. But they were stopped by the fact that you had MFA enabled on your account.

The fix for this is simple. You should immediately change the password. And if you have other accounts that use the same password, you should change those as well immediately.

Top Tip #1: Change your password by going directly to the site and not clicking on anything in the email.

Top Tip #2: if you get a smartphone notification to approve a request to login that you did not initiate, immediately decline the request and change your password ASAP.

So the question is, how did the bad guy get their hands on your password. The answer is simple, it was likely obtained in a data breach of some sort, or in a phishing attack, or via malware. And the bad guy is using it in what is called a credential stuffing attack where they try a password that they obtained in an attack on multiple sites hoping to get lucky. And they did, sort of. But got stopped by MFA and OTP being enabled on the account. Thus showing the value of MFA as well as OTP been enabled on all your online accounts. Thus if you want to maximize the security of your online accounts, enable MFA and OTP if either is offered. That way if your password ever leaks, you will still have some degree of security in place.

Leave a comment »

EU Investigates Twitter Over Disinformation… While Trying To Keep Bankers On Side

Posted in Commentary with tags on December 18, 2023 by itnerd

Elon Musk is a man with lots of problems. Here’s two more for him to deal with. And to be honest, I don’t know which is more of a threat to him. Let’s start with the EU investigating Twitter over disinformation:

The European Commission has opened formal proceedings to assess whether X may have breached the Digital Services Act (DSA) in areas linked to risk management, content moderation, dark patterns, advertising transparency and data access for researchers.

On the basis of the preliminary investigation conducted so far, including on the basis of an analysis of the risk assessment report submitted by X in September, X’s Transparency report published on 3 November, and X’s replies to a formal request for information, which, among others, concerned the dissemination of illegal content in the context of Hamas’ terrorist attacks against Israel, the Commission has decided to open formal infringement proceedings against X under the Digital Services Act.

That’s not good for Elon as if the EU finds that Twitter has violated the DSA, Twitter will have to not only cut a rather hefty cheque, but it is likely that the EU will make Elon do things that he doesn’t want to do, or be forced to pull out of Europe.

Now over to his other problem de jour:

Amid concerns over X’s flailing business, Elon Musk has reportedly been in discussions with bankers who financed his takeover of the social media platform, offering reassurances about their investment.

What Happened: Musk attempted to assure certain bankers, who provided him with a $13 billion loan for his leveraged buyout of Twitter (now known as X) in private conversations that they would not incur any financial losses in the deal, the Financial Times reported on Friday. 

This comes as the banks face the prospect of significant losses from their involvement in the deal.

The Wall Street Journal earlier reported that these financial backers are now confronting the possibility of a $2 billion loss if they were to sell their debt currently.

Alienating the banks that financed the Twitter takeover is not a good idea as they’ll be inclined to get their money back from Elon in some fashion. Yes, they could eat this debt. But I don’t see that happening. Thus this is another thing that is likely keeping Elon awake at night.

It’s a safe bet that Elon is reconsidering his life choices right now.

Leave a comment »