Archive for January, 2024

« Older Entries

The Hack Of Global Affairs Canada Is Actually Pretty Bad

Posted in Commentary with tags , on January 31, 2024 by itnerd

After I posted this story earlier today, I started looking to see if I could find additional details on the pwnage of Global Affairs. And what I did find blew my mind. The National Post has a story that I’ll give you the TL:DR on because you should really go read it for yourself to see how mind blowing this is.

This hack started on December 20th of last year when Global Affair’s VPN was pwned by threat actors. But it wasn’t discovered until January 24th. That’s just over a month. And while that’s nowhere as bad as 23andMe who were pwned for months before they found out, it’s still bad because who knows exactly what these threat actors did in that time. But it is known that the threat actors accessed an unknown number of employees’ emails and data stored on personal and shared servers connected to the VPN. 

Now while the Privacy Commissioner has been notified, there needs to be an investigation as to what in the blue blazes is going on at Global Affairs. I say that because the National Post points out that this is the second time that they’ve been pwned in the last two years. Which of course is bad, and indicates that they perhaps aren’t doing everything possible to keep the bad guys out.

Leave a comment »

Jscrambler Expands Executive Leadership Team

Posted in Commentary with tags on January 31, 2024 by itnerd

Jscrambler today announces expansions to its Executive Leadership team with the appointment of Mukesh Sharman as COO and Tyson Whitten as VP of Global Marketing. These appointments will accelerate Jscrambler’s mission to foster secure digital innovation for the world’s online businesses, safeguarding them against financial and reputational risks associated with client-side cybersecurity threats, data breaches, intellectual property theft, and compliance violations. 

Mukesh Sharma, with over two decades of technology and cybersecurity leadership, has a proven track record of scaling operations and teams at both startups and multi-billion dollar organizations. Focused on prioritizing a customer-centric approach and ensuring operational efficiency, Mukesh is dedicated to aligning strategy with execution. His leadership spans various high-paced and innovative companies, including notable roles at VMware (Broadcom), Puppet (Perforce), Sumo Logic, and Atos. 

Tyson Whitten is a seasoned executive boasting over 20 years of building and scaling marketing at venture-funded cybersecurity companies. Whitten joins Jscrambler on the heels of his four-year tenure with ReversingLabs, where he served as Vice President of Global Marketing, elevating the company’s brand as a software supply chain security leader, while leading product marketing, demand generation, content, and sales enablement. Whitten also held various leadership positions at cybersecurity companies, CA Technologies (Broadcom), SecureWorks, and Guardent (Verisign). 

Both executives will drive Jscrambler’s continued growth in client-side protection and compliance within the application security market. Sharma will be responsible for Jscrambler’s global go-to-market, sales, marketing, partner, and finance operations. Whitten will lead all aspects of brand, messaging, product marketing, demand generation, field marketing, content marketing, and sales enablement. 

Leave a comment »

Botnets Evolve as Malware Increases and Exploits Skyrocket in 2023: Nuspire

Posted in Commentary with tags on January 31, 2024 by itnerd

Nuspire today unveiled its Q4 and Full-Year 2023 Cyber Threat Report. The report provides an in-depth look at the latest trends in malware, botnets, exploits and ransomware, painting a comprehensive picture of the current state of cybersecurity threats. 

The report documents a 187% explosion in exploit activity for the year, buoyed by the widespread use of Secure Shell (SSH) brute forcing and a marked rise in the use of Web Server Password File Access. Botnet activity grew 25% year-over-year, with Torpig Mebroot comprising 56% of all botnet detections in 2023. Conversely, malware dropped 27% from 2022; however, ransomware extortion publications grew nearly 18%, with LockBit, CL0P, ALPHV and BlackBasta driving the most activity.  

Additional findings from Nuspire’s newly-released cyber threat report include: 

  • In Q4 alone, exploits increased by 132.91%. There was a significant shift in threat actor tactics, with a marked rise in the use of Web Server Password File Access, an information disclosure exploit. This exploit saw a steady increase each quarter of the year, culminating in a 133.21% increase since Q1. 
  • While malware decreased year-over-year, it saw a significant surge in Q4, increasing by 89%, with JavaScript phishing variants dominating the activity.  
  • Ransomware remained a critical threat throughout the year, with BlackBasta ransomware’s activity escalating by 353.66% in Q4, making it the second most active ransomware operator for the quarter, and the fourth most active for the year.  
  • Botnets saw a 25% year-over-year increase in activity, with Torpig Mebroot comprising 56% of all botnet detections in 2023. However, there was a noticeable uptick in the activity of other botnets like TorrentLocker, which quadrupled its activity in Q4. 

To access the Q4 and Full-Year 2023 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.  

Leave a comment »

Canada’s Global Affairs Department Gets Pwned

Posted in Commentary with tags , on January 31, 2024 by itnerd

This morning, the pwnage hits close to home this morning. Canada’s Global Affairs department which according to their website does the following:

We manage diplomatic relations, promote international trade and provide consular assistance. We lead international development, humanitarian, and peace and security assistance efforts. We also contribute to national security and the development of international law.

Has been pwned in a cyberattack. Here’s the details from CTV News:

There has been a data breach at Global Affairs Canada involving the personal information of some users, including employees, and affecting remote access to the department’s network, according to the department.

The government has confirmed the breach, amid media reports of an extensive cyber incident involving internal systems, citing unnamed sources within the department.

“The Government of Canada deals with ongoing and persistent cyber risks and threats every day,” reads the statement from GAC spokesperson Marilyne Guèvremont on Tuesday.

“Given its profile, Global Affairs Canada takes a proactive approach and employs a variety of security monitoring measures to detect and address potential risks.”

“The Department is closely monitoring the situation and is conducting an investigation into the matter,” Guèvremont added.

There’s really not a whole lot of detail here. Thus we can only guess how they got pwned, or how long it will take to restore their systems. And we can only guess how this will affect Canadians. Hopefully in the days ahead there will be more details released by the Canadian government that gives Canadians an idea of how bad this is, and what they will do to not get pwned again.

1 Comment »

It Looks Like Beeper Has Given Up On iMessage Integration For Good

Posted in Commentary with tags on January 31, 2024 by itnerd

This requires some explanation. So here we go.

You might recall the folks over at Beeper. These were the guys who were trying to get iMessage on Android. And their story went like this:

So with that out of the way, let’s catch you up to today. Or at least the last couple of weeks. Let’s start with this Tweet:


Now you need to click on the Tweet to get the full details, but here’s the TL:DR.

So what was happening was that Beeper users who were using their own Macs to make the iMessage on Android service work were getting their Macs banned from using iMessage. And it’s interesting that only after The New York Times got involved did those computers get unbanned. I guess that Apple didn’t need the negative media attention. But clearly Beeper is done with this and they have disabled the ability for users to start new iMessage connections from Beeper Cloud. Though there’s nothing stopping them from allowing that again in the future. Thus it looks like Beeper is dead. At least for now.

The thing is that I have said this before and I will say it again. Android users deserve way better than this. But having said that, if Android users really want to get access to iMessage, then they should buy iPhones. Full stop. What Beeper is doing is simply creating a security issue for Apple that they are rightly closing. Because iMessage is not an open standard. It’s Apple’s standard. And they get to decide who does, and more importantly who doesn’t get to use it.

Leave a comment »

Federal Minister of Innovation Joins BPTN and Industry CIOs to Address Anti-Black Racism in AI

Posted in Commentary with tags on January 31, 2024 by itnerd

Black Professionals in Tech Network (BPTN) is proud to announce the upcoming CIO Responsible Development Roundtable on Thursday, February 16, 2024. This pivotal event, featuring Minister François-Philippe Champagne, Federal Minister of Innovation, Science and Industry, will convene 20 esteemed CIOs and CTOs from top US and Canadian companies to discuss AI and address anti-Black racism with its continued development and use.

In October 2023, BPTN brought together over 20 CIOs and senior tech executives to discuss how to build AI responsibly and collectively—the consensus: reducing racism in AI starts with having diverse talent at the center of AI implementation. Paving the way for an inclusive future in AI, BPTN aims to train and hire 10,000 new Black software developers through Obsidi Academy over the next decade, calling for industry leaders to join the charge.

Obsidi Academy is a transformative tech bootcamp designed to address the underrepresentation of Black professionals in the tech industry, particularly in AI development. Created in 2021 by BPTN, this one-of-a-kind acquisition solution provides best-in-class talent with custom industry-leading training to achieve a company’s business-critical goals on day one.

A number of CIOs from organizations, including TELUS and CIBC, have already answered the call. This momentum prompted BPTN to open 100 additional Obsidi Academy training slots this year to empower companies with highly skilled Black tech talent to support ethical AI implementation.

The next CIO Responsible Development Roundtable event takes place on February 16, 2024, at BPTN’s head office in Toronto, Canada, and will gather senior executive leaders and the Federal Minister of Innovation, Science and Industry.

In partnership with the Federal Minister and leading CIOs, BPTN is determined to champion proactive strategies against anti-Black racism in AI. The first step is assisting companies in growing their Black full-stack developer talent pool, and step two will be defined at the February 2024 CIO roundtable.

To receive an invitation and secure a spot at the February 16, 2024, CIO Responsible Development Roundtable, please contact Middlé Lemoine, Marketing Operations Lead at BPTN, at marketing@bptn.com.

Leave a comment »

OX Security Unveils The First Active Application Security Posture Management Platform 

Posted in Commentary on January 31, 2024 by itnerd

OX Security, the pioneer in scaling application security (AppSec) practices and a founding member of the Open Software Supply Chain Attack Reference (OSC&R) framework, announced the next iteration of their solution with the first ever Active ASPM Platform. Incorporating active analysis in an ASPM solution marks a critical step forward for AppSec by delivering a proactive and converged solution that moves beyond the limitations of existing solutions on the market. 

By unifying AppSec practices with comprehensive visibility and traceability, contextual prioritization, and automated, no-code workflow-driven response, this “active” approach facilitates the continuous and accurate targeting of critical threats, significantly reducing alert fatigue. Recognized as a Gartner Cool Vendor, OX Security is setting new standards in addressing the pressing needs of the market. OX Active ASPM empowers development and security teams to deliver secure applications while significantly reducing operational friction. 

OX Active ASPM also helps organizations keep pace with an ever-changing regulatory environment by providing a dynamic software lineage list that aligns with emerging standards like the EU Cybersecurity Act, CISA, and NIST Cybersecurity Framework. This proactive adaptability to global regulations ensures organizations are prepared for today’s demands and future regulatory shifts.

Key features and capabilities of OX’s Active ASPM include: 

  • Continuous End-to-End Coverage: OX’s native scanners seamlessly integrate with the user’s source control, CI/CD, registry, and cloud environments, providing users with comprehensive visibility, traceability, and actionable insights, reducing the need for manual oversight and analysis and eliminating the need for multiple tools that may result in coverage gaps and technical debt. 
  • Attack Path Analysis: Comprehensive attack path analysis enables users to visualize and quickly address security concerns from a single screen, significantly speeding up response time and improving efficiency in managing security tasks.
  • Active Context Analysis: OX utilizes a 3-layer model to evaluate threats beyond the surface level, incorporating environmental, business, and threat considerations. It effectively assesses vulnerability, exploitability, reachability, and business impact, reducing noise by over 95%. The analysis offers comprehensive Dockerfile insights, including SBOM and SCA for various components. OX uniquely identifies plaintext secrets in code, containers, and logs, providing context on each finding’s impact. It also includes detailed open-source security analysis, advanced taint analysis, and data flow tracking to secure the SDLC against vulnerabilities proactively. 
  • Pipeline Bill of Materials (PBOM): OX’s proprietary PBOM ensures greater software integrity and minimizes attack surfaces. Going beyond the capabilities of a standard SBOM, a PBOM acts as a dynamic inventory, encompassing every aspect of software development. It provides a real-time list of software lineage, tracing each phase from code inception to release and pinpointing vulnerabilities. Thorough tracking enhances transparency and trust and empowers teams with crucial insights, enabling them to address vulnerabilities and maintain compliance standards preemptively. 
  • No-Code Workflow Automation: A simple drag-and-drop interface simplifies the creation of tailored remediation and response workflows, significantly reducing manual tasks by automating ticketing and notifications and enforcing granular policies to prevent security issues from reaching production. By automating these processes without needing custom code, OX simplifies the creation of custom workflows and enhances security by preventing lapses in production, leading to quicker version releases and a more efficient, secure development environment. 

To learn more about OX Security’s Active ASPM, please visit Beyond Static Application Security: Unleashing Active ASPM to sign up for their webinar on January 31 or watch the replay.

A blog post that may be of interest – https://www.ox.security/eliminating-manual-appsec-practices-with-active-aspm 

Leave a comment »

Judge To Elon Musk: You Can’t Get Paid $55 Billion To Be CEO Of Tesla

Posted in Commentary with tags on January 31, 2024 by itnerd

A judge in Delaware just delivered a hard kick to Elon Musk’s ego yesterday by ruling that his compensation scheme at Tesla that should have delivered him $55 billon cannot stand. Here’s the details:

The ruling by Chancellor Kathaleen St. Jude McCormick comes more than five years after a shareholder lawsuit targeted Tesla CEO Musk and directors of the company. They were accused of breaching their duties to the maker of electric vehicles and solar panels, resulting in a waste of corporate assets and unjust enrichment for Musk.

The shareholder’s lawyers argued that the compensation package should be voided because it was dictated by Musk and was the product of sham negotiations with directors who were not independent of him. They also said it was approved by shareholders who were given misleading and incomplete disclosures in a proxy statement.

Defense attorneys countered that the pay plan was fairly negotiated by a compensation committee whose members were independent, contained performance milestones so lofty that they were ridiculed by some Wall Street investors, and blessed by a shareholder vote that was not even required under Delaware law. They also argued that Musk was not a controlling shareholder because he owned less than one-third of the company at the time.

An attorney for Musk and other Tesla defendants did not immediately respond to an email seeking comment.

But Elon Musk being Elon Musk reacted on Twitter:

Then he posted a poll:

Then he threw some shade on the state of Delaware:

I can only conclude that he’s not happy with this ruling. Likely because he needs the cash to float the operations of Twitter which he’s driven into the ground, and as a result is bleeding money. But that’s just a guess. Back to the ruling. Here’s the specifics of why Elon got smacked down:

McCormick determined, however, that because Musk was a controlling shareholder with a potential conflict of interest, the pay package must be subject to a more rigorous standard.

“The process leading to the approval of Musk’s compensation plan was deeply flawed,” McCormick wrote in the colorfully written 200-page decision. “Musk had extensive ties with the persons tasked with negotiating on Tesla’s behalf.”

McCormick specifically cited Musk’s long business and personal relationships with compensation committee chairman Ira Ehrenpreis and fellow committee member Antonio Gracias. She also noted that the working group working on the pay package included general counsel Todd Maron who was Musk’s former divorce attorney.

“In fact, Maron was a primary go-between Musk and the committee, and it is unclear on whose side Maron viewed himself,” the judge wrote. “Yet many of the documents cited by the defendants as proof of a fair process were drafted by Maron.”

McCormick concluded that the only suitable remedy was for Musk’s compensation package to be rescinded. “In the final analysis, Musk launched a self-driving process, recalibrating the speed and direction along the way as he saw fit,” she wrote. “The process arrived at an unfair price. And through this litigation, the plaintiff requests a recall.”

I am not a lawyer, but this sort of ruling doesn’t happen every day. Thus this must be so far outside the bounds of what is considered reasonable that the judge really had no choice but to deliver a ruling like this. Which sucks if you’re Elon as his bank account is one of the things that validates him as human being.

Leave a comment »

Guest Post: The Gmail.com DMARC Policy Update You May Not Know About

Posted in Commentary with tags on January 31, 2024 by itnerd

By Seth Blank, CTO Valimail

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early in 2024, requirements that, for now, are focused on bulk senders. 

This announcement and its subsequent updates have rightly gotten the full attention of the email industry. However, there was one other item buried in Google’s announcement that we don’t think people are talking about enough. One of the bullet items in Gmail’s guidelines for all senders reads as follows:

Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.

Long story short: If you have a small business, and you use an email sending service to email contacts, but your From address is NameOfSmallBusiness@gmail.com instead of something like hello@NameOfSmallBusiness.com, your email may be sent to the spam folder beginning in February 2024.

If you’re sending with a From address ending in gmail.com from any platform other than Google, you’re likely going to run into some issues.

What Does It Mean to Impersonate Gmail From: Headers?

Sending mail from any platform other than a Google platform with a From address in the gmail.com domain is impersonating Gmail From: headers. 

A typical example would be a small business sending from a platform like Mailchimp, Braze, or Klaviyo using a From address like: “NameOfSmallBusiness@gmail.com”.

This type of email could never pass DMARC authentication because the platform’s servers are not in the SPF record for gmail.com, and the platform cannot DKIM sign such messages using the domain gmail.com

By definition, a message that can’t pass DMARC authentication is deemed an impersonation of that domain, and so sending mail in such a manner is impersonating Gmail From: headers.

What Action Is Google Taking Here?

For years now, there has been a DMARC policy record for gmail.com, one that has had “p=none” as its policy statement. In DMARC jargon, this means “The domain owner requests that the DMARC validation results for any message using this domain do not influence the message’s disposition.” 

Because there has been a DMARC policy record in place for a long time, messages that impersonate Gmail From: headers have been failing DMARC for a long time; however, because the policy statement up until now has been p=none, these failures have had little to no impact on these messages.

Starting on February 1, 2024, Google will be changing this policy statement to “p=quarantine”, which means that they’re requesting that messages using gmail.com in From domain that fail DMARC be placed in the spam folder. What this means is that messages that impersonate Gmail From: headers are likely to end up in recipients’ spam folders, rather than their inboxes.

Am I Affected By This?

If you’re in the habit of sending email from a platform that isn’t Gmail while using a From email address that ends in gmail.com, then you’re going to be affected by this.

In the above example, if you’re sending emails to contacts from an email platform using  “NameOfSmallBusiness@gmail.com”, any mail you send will likely be delivered to the spam folder at any mailbox provider that honors DMARC policies. 

I’m Affected! What Do I Do?

The short answer here is that if you’re sending mail from a third-party platform, especially mail that’s related to your business, you should use a domain that can properly authenticate on that platform. 

The best choice for this would be a domain that you own. Many small businesses have their own domain for a website; they just never bothered setting up the domain for email. There are lots of small businesses out there sending email as “NameOfSmallBusiness@gmail.com” telling their customers to check out their website at www.NameOfSmallBusiness.com. Instead, you should use something like “hello@NameOfSmallBusiness.com.” 

If you don’t currently have your own domain for your business, you should get one. Registering a domain only costs a few dollars per year, and it’s industry best practice to send business-related emails using a domain name that is clearly and recognizably associated with the business. Your customers are much more likely to engage with your email if it’s sent from an email address using your own domain rather than Gmail’s.

Once you’ve decided on a domain to use, contact your ESP for help not only with setting up sending mail using your domain, but also making sure that you transition properly to doing so. 

They can advise you on how best to notify your customers to update their address books or email filters, how to make sure that your domain’s mail properly authenticates using DMARC (something Valimail can certainly help with), and how to warm up your domain for sending to get best results.

If you’re still unsure of what all this means and where to get started, check out our new eBook: The Email Marketer’s Guide to DMARC. Here you’ll learn what DMARC is, what the benefits are, and how to implement it correctly.

LEARN MORE ABOUT DMARC

Leave a comment »

Keenan & Associates Pwned By Ransomware… 1.5 Million Affected

Posted in Commentary with tags on January 31, 2024 by itnerd

Insurance broker Keenan & Associates is notifying more than 1.5 million clients and employees that a  ransomware attack that occurred late August compromised their personal and health data.

The California-based insurer that handles employee benefits, workers’ compensation and property liability said information potentially compromised in the incident includes:

  • Names
  • Birthdates
  • Social Security numbers
  • Passport numbers
  • Driver’s licenses
  • Health insurance information
  • General health information

The broker said that on Aug. 27 it had discovered certain disruptions occurring on their network servers, and within a few hours they identified it as a cybersecurity incident, contained it and notified the FBI.

An investigation determined that the bad actors had gained access to certain internal systems at various times for about a week before the discovery.

Emily Phelps, VP, Cyware had this comment:

   “Hospitals and clinics are big targets for malicious hackers because of their access to important and private data. Threat actors often work together, and despite its value, threat intelligence sharing adoption is slow across the cybersecurity space. To address these threats, it’s crucial to commit to ongoing security education for staff, equipping them with the knowledge to identify and sidestep prevalent cyber schemes like phishing. Furthermore, forging alliances with external security firms and ISACs can supplement internal capabilities, providing access to specialized skills and relevant threat intelligence that are otherwise challenging to maintain in-house.”


David Ratner, CEO, HYAS Infosec follows with this comment:

   “Kudos to Keenan & Associates to reacting quickly to contain the breach before it got larger, but this event only serves to remind us that not only is everyone vulnerable, but substantial data exfiltration doesn’t need to take months and can occur quite quickly.  It’s why organizations need to move toward proactive cyber resiliency, to detect breaches and anomalies in the earliest phases and before data exfiltration or other damage occurs.”

The one comment that I have about this is that they discovered that they were pwned within a week. While not nearly as bad as 23andMe who were pwned for months before they found out, it highlights that if you can’t keep the bad guys out, at least you should be able to detect them rapidly and take action to limit the damage.

Leave a comment »

« Older Entries