Archive for January 11, 2024

Ivanti VPN Software Has Zero Days That Are Allowing State Sponsored Hackers To Pwn All The Things

Posted in Commentary with tags on January 11, 2024 by itnerd

Ivanti isn’t have a great new year so far. Hot off the heels of this news, comes news that the company has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance. But the news is actually worse than that. Apparently there are no patches available and the vulnerabilities are being used by state sponsored actors to pwn companies.

Yikes!

Here’s the details:

Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet. Ivanti said it is aware of “less than 10 customers” impacted so far by the “zero day” vulnerabilities, described as such given Ivanti had zero time to fix the flaws before they were maliciously exploited.

So according to the company, “less than 10 customers” have been impacted by this that they are aware of. Meaning that there could be way more who are impacted and either don’t know that they have been pwned, or haven’t told Ivanti that they got pwned.

That’s not good.

What’s even worse is that patches for the two vulnerabilities will be released on a staggered basis starting the week of January 22 and running through mid-February. But companies should follow their mitigation guidance in the meantime. Plus the U.S. cybersecurity agency CISA has also published an advisory on this. But you have to ask why Ivanti is waiting to roll out patches for what is clearly a today problem? I don’t know and the company won’t say. That has to be a major concern and perhaps push you to look at some other VPN or remote access solution.

1 Comment »

Guest Post: Ranking Canadian Cities Based on Children’s Screen Time – The Results May Surprise You!

Posted in Commentary with tags on January 11, 2024 by itnerd

The boundary between beneficial and adverse effects of screen time lies in the balance,” states Jason Adler, a Repocket Software Engineer. The digital age trend for children glued to screens is a global concern, and Canadian cities are no exception. With this article, you’ll get to know how various Canadian cities stack against each other based on kids’ screen times.

Recent studies analyzing kids’ engagement with digital devices have produced the screen time ranking for Canadian cities.

  1. Toronto: A Digital Epicenter

Taking the lead in this digital era, Toronto emerges as a city where kids are immersed in screens for an alarming average of 4 hours and 28 minutes daily. This substantial screen time raises concerns about the potential impact on children’s physical and mental health, underlining the urgency for parents and educators to address this digital dependency.

  1. Vancouver: Navigating the Digital Landscape

Following closely, Vancouver reports children spending approximately 4 hours and 15 minutes on screens daily. Despite its reputation for outdoor activities, the data suggests a significant digital presence. Parents in Vancouver may need to strike a balance between the allure of screens and the beauty of the city’s natural surroundings.

  1. Calgary: Digital Dilemma

Calgary faces its own digital dilemma, with children averaging 4 hours of screen time daily. This data urges parents in Calgary to reconsider screen time management strategies, emphasizing the need for a more balanced approach to ensure their children’s overall well-being.

  1. Ottawa: The Capital’s Digital Landscape

Ottawa, as the nation’s capital, witnesses children spending around 3 hours and 45 minutes daily on screens. While this figure is lower than Toronto and Vancouver, it still highlights the pervasive nature of digital devices in the lives of Ottawa’s youngest residents.

  1. Montreal: Cultural Capital with Screen Savvy Kids

Montreal presents a relatively better report, with children averaging 3 hours and 30 minutes of screen time daily. The city’s rich cultural offerings may contribute to engaging children in diverse offline activities, striking a balance that other cities can learn from.

  1. Edmonton: Three Hours in the Digital Realm

Children in Edmonton spend an average of 3 hours daily before screens, signaling a digital presence that falls between the extremes observed in other Canadian cities. This moderate screen time offers an opportunity for Edmonton to assess and enhance its strategies for managing children’s digital engagement.

  1. Winnipeg: Striking a Balance

Winnipeg emerges as a city where children spend an average of 2 hours and 45 minutes per day on screens. This lower figure positions Winnipeg as a potential model for finding a balance between digital engagement and other offline activities, promoting a healthier lifestyle for its young population.

Recent data on kids’ screen time in Canadian cities shows a wide range, from almost 4.5 hours in Toronto to under 3 hours in Winnipeg. Adler suggests tailoring strategies for each city’s dynamics to manage screen time effectively. This collaborative effort among parents, educators, and policymakers can create an environment that fosters balanced digital habits, ensuring the well-being of Canadian children in the digital age.

Leave a comment »

New Purpose-Built HP Fortis Chromebooks & PCs: Unleashing Productivity for Mobile Workers, Students

Posted in Commentary with tags on January 11, 2024 by itnerd

The demand for durable, reliable devices that can support the work of today’s mobile workers and students is reaching a critical point. With business users operating in the field, healthcare workers and first responders on the move, or students opening and closing devices while moving in-between classrooms, the need for solutions that can effortlessly handle their workloads is crucial. And, with 35% of IT decision-makers spending significant time on device repairs and replacements, dependable devices are essential to minimize downtime, maintenance costs, and the frequency of refreshing devices in both the business and education sectors.

HP Fortis Chromebooks & PCs are purpose-built to meet these needs. Today, HP introduced three new Chromebooks to the lineup, responsibly designed and built to last for business and education: the HP Fortis x360 11-inch G5 Chromebook and HP Fortis 11-inch G10 Chromebook

With the new HP Fortis devices, users can count on their Chromebooks & PCs to adapt to demanding workloads, ensuring uninterrupted productivity even when on the go. Key experiences and features include:

  • Upleveled productivity with the right balance of speed, capacity, and efficiency to get work done thanks to an Intel® Processor N-series, up to 16GB LPDDR5 RAM with 128GB UFS storage, and Wi-Fi® 6E and optional 4G LTE. Users also get up to 11 hours of lasting battery life, with HP Fast Charge providing 90% charge in 90 minutes.
  • Engineered for durability with ruggedly designed components that undergo MIL-STD 810 and drop testing. The full-skirted anchored keyboard resists key-picking, spills of up to 350ml (11.8 oz), and dust.
  • Versatile design maximizes flexibility and connectivity with two USB-C® ports, two USB-A ports, and an additional HDMI port. The HP Fortis x360 11-inch G5 Chromebook features a 360-degree hinge adapting to workstyles in laptop, tablet, tent, or stand mode.

Having the right device is critical for work and education, and so are the right accessories. HP also unveiled new HP Campus Backpacks designed to lighten the load of hefty schoolwork and promote eco-conscious travel:

  • HP Campus Backpack: This sustainably engineered backpack provides 17L of organized storage space, a secure lockable zipper, and a padded pocket for your laptop. Not only does it look stylish, but it also feels great to use as it is made from 50% recycled materials, equivalent to 19 plastic bottles.
  • HP Campus XL Backpack: With a sleek design, this backpack blends style with environmental consciousness. Crafted from 50% recycled materials, equivalent to 24 plastic bottles, it offers a 20L capacity, secure lockable zipper, and padded pocket for your laptop, making organization and tech protection easy.

Pricing & Availability

Leave a comment »

School Safety Software Database Exposed In Major Data Breach

Posted in Commentary with tags on January 11, 2024 by itnerd

Over 4 Million records belonging to Raptor Technologies, a US school safety software provider, were exposed according to cybersecurity researcher Jeremiah Fowler, putting students, parents and staff from different schools at risk of many online threats. 

The key findings are the following: 

  • 4,024,001 records totalling 827GB; 
  • Documents that revealed students, parents and school staff PIIs, along with school incident response plans, infrastructure challenges, and much more; 
  • Documents regarding at-risk students, detailing their personal and medical conditions. 

If you want to know more about Jeremiah Fowler’s findings, you will find all the details here: https://www.vpnmentor.com/news/report-raptortech-breach/

Thank you for your time and consideration. We look forward to hearing back from you soon. 

Leave a comment »

NetRise Awarded AFWERX STTR Phase I Contract to Bolster XIoT Security

Posted in Commentary with tags on January 11, 2024 by itnerd

NetRise, the company providing granular visibility into the world’s Extended Internet of Things (XIoT) security problem — encompassing the modern firmware and software component security challenges of IT, OT, IoT, and other connected cyber-physical systems — today announced it has been selected by AFWERX for an STTR Phase I in the amount of $110,000 focused on identifying and managing the risk in firmware and software of connected devices to address the most pressing challenges in the Department of the Air Force (DAF). 

The Air Force Research Laboratory and AFWERX have partnered to streamline the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) process by accelerating the small business experience through faster proposal to award timelines, changing the pool of potential applicants by expanding opportunities to small business and eliminating bureaucratic overhead by continually implementing process improvement changes in contract execution. The DAF began offering the Open Topic SBIR/STTR program in 2018, which expanded the range of innovations the DAF funded, and now on 15 December 2023, NetRise will start its journey to create and provide innovative capabilities that will strengthen the national defense of the United States of America.

Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community, and U.S. federal government to solve the firmware security problem. The company is partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites, and many more. https://www.netrise.io/

Leave a comment »

The “McFlurry Bandit” Claims To Have Pwned McDonalds

Posted in Commentary with tags on January 11, 2024 by itnerd

If you think your GitHub repo is secure. Think again. As proof of this, I present “the McFlurry Bandit” who claims to have pwned McDonald’s GitHub repo:

Ken Westin, Field CISO, Panther Labs had this to say:

We are seeing more threat actors targeting source code, dev infrastructure, and developers themselves. Gaining access to code or infrastructure not only provides attackers with access to sensitive and valuable data, but can also inject malicious code to compromise additional targets downstream. 

I went looking for a comment from McDonalds to see if they had anything to say about this. But I couldn’t find one. Those either they don’t know, or they’re trying to figure out how bad this is. The former isn’t a good look and this could be equally as true for the latter if it’s really bad. I’m watching to find out which it is.

Leave a comment »

DOE Announces $70 Million To Combat Physical And Cyber Threats

Posted in Commentary with tags on January 11, 2024 by itnerd

The Department of Energy announced it is offering $70 million for research and development into technologies that would protect energy delivery infrastructure against physical and cyber-related threats as part of an emphasis on taking care of “the operational technology side of the house.”

The All-Hazards Energy Resilience funding opportunity will be managed by the DOE’s Office of Cybersecurity, Energy Security and Emergency Response (CESER). The agency is specifically seeking OT-related proposals that address how one might implement a zero-trust architecture in an electrical or fuel environment.

“The entry vectors into the sector are many. There are IT pathways where you’re coming in the IT front door, traversing the network and getting into the OT network. There are other kinds of pathways to enter the infrastructure, all of which are being considered in this funding opportunity announcement, but also in the broader portfolio of research we run in our office,” the CESER senior official said.

Mark Cooper, President & Founder, PKI Solutions had this to say:

   “There is technology today, if implemented correctly, that would solve this problem such as tried and true Public Key Infrastructure (PKI).  The issue is that the problem is complex and many companies who implement these effective technologies do so without taking into consideration all the aspects of the technology or neglect to implement it fully or, worst of all, neglect to monitor it after it’s installed. Simply implementing any technology is not a one-and-done exercise.

   “OT environments that enable a resilient energy grid rely on foundational cryptography systems like PKI, but historically these systems have had challenges in monitoring threats and resilience. An investment like this by the DOE should help show the importance of real-time threat detection in OT environments.”

Companies need to get the message that there are technologies out there that make hacks a whole lot harder to pull off. Thus they should be investing in that technology before bad things happen to them.

Leave a comment »

Radiant Logic Announces RadiantOne AI

Posted in Commentary with tags on January 11, 2024 by itnerd

 Radiant Logic has unveiled RadiantOne AI, its data lake powered Artificial Intelligence engine, and AIDA, its generative AI data assistant. RadiantOne AI is designed to complement your existing tech stack and governance products by correlating data across multiple sources and providing contextual information to drive better decision making. The result is a radical reduction in the time and resources needed to gather the data required to effectively meet audit demands—meaning fewer security gaps and increased compliance with organizational policies. 

The first capability to be unveiled on RadiantOne AI is a truly automated User Access Review (UAR) process, expertly guided by AIDA. Many business leaders are familiar with the tedious UAR process – it’s crucial for demonstrating compliance and improving organizational security posture. But laborious processes can often end in a “bulk approval” to save time and check an audit box instead of accurately reviewing access rights to ensure the right business outcomes. RadiantOne’s AI-driven approach will be a paradigm shift in the way people work, forever transforming and streamlining the usually time-consuming UAR process down to days and minutes instead of months. 

With RadiantOne AI, conducting a User Access Review becomes as easy as following AIDA’s guidance. Using the power of large language models to drive advanced data correlation, contextualization and analysis, combined with an intuitive data visualization dashboard, AIDA will reinvent the user access review ritual. Based on an organization’s proprietary data, the fully guided UAR experience will allow reviewers to interact and pose questions to AIDA using natural human language, like “where does this access come from?” or “show me who else has these access rights?” AIDA will highlight any potential user access risks, offer expert insight, and suggest remediations or access modifications based on an organization’s policies.  Any changes, such as low risk bulk access approvals or revoking atypical access rights, are completed via a click of a button, so there’s less training required to complete the reviews and less risk of human error during the process.  

RadiantOne AI’s AIDA-guided user access review capability works to provide enterprise organizations with: 

  • Automated workflows: Leverage vast data sets and contextual insights to make intelligent and confident decisions about access rights. 
  • Simplified compliance: Easily detect over-privileged accounts or atypical access rights with intuitive data visualization techniques.  
  • Greater visibility into user actions: Get beyond roles quickly to see who has access to what and how they received that access so insights and remediations are easily actionable.  
  • Click-button remediation: Based on the insights and recommendations from AIDA, reviewers can approve or revoke access or atypical rights individually or take bulk approval/rejection actions with the click of a button.  
  • Data into the hands of business owners: Put relevant, risk-based identity data insights into the hands of business users in the language they understand to make it a breeze to adhere to compliance policies.  

RadiantOne AI comes on the heels of the completion of the integration of Brainwave Identity Analytics into the RadiantOne Identity Data Platform. AIDA will initially be available as a complement to the RadiantOne Identity Analytics solution.  

Sign up here to be added to the exclusive wait list for RadiantOne AI.  

For more information, please visit their website.  

Leave a comment »

TELUS Health And Clinia Join Forces

Posted in Commentary with tags on January 11, 2024 by itnerd

TELUS Health, a global leader in health technology, and Clinia, a leading provider of health-grade search technologies have announced an exclusive strategic partnership to revolutionize health navigation and deliver personalized care throughout individuals’ health journeys. By harnessing Clinia’s AI-powered technology stack, TELUS Health aims to streamline provider registry networks management, facilitate seamless interconnectivity and drive improved cost sustainability for payors and providers, eliminating the problems associated with traditional provider registry networks.

With the combined TELUS Health and Clinia infrastructure, time and effort spent on administrative tasks and manual data entry is optimized through turnkey solutions for their provider registry, allowing more effective allocation of resources. This solution eliminates the problems associated with traditional provider registry networks, which are expensive to maintain yet don’t give connected and complete information. Now, payors can leverage a complete single solution to power their own trusted experiences, including referrals and resource management for care teams, and give members direct access to vetted care providers that are personalized to the benefits plan of an employer or individual.

TELUS Ventures, the strategic investment arm of TELUS Corporation and one of Canada’s most active and longest-standing corporate venture capital (CVC) funds, is leading a $10M Series A financing round for Clinia with participation from existing investors including AQC Capital, Anges Québec, Groupe Benoit, Kastello and Formentera Capital. This capital demonstrates the power of Canadian innovation and will accelerate growth connecting the company into TELUS’ ecosystem to foster further innovation benefiting customers globally.

Leave a comment »