Archive for January 17, 2024

« Older Entries

Allianz Ranks Cyber Events As Top Risk To Organizations In 2024 

Posted in Commentary with tags on January 17, 2024 by itnerd

According to the 2024 Allianz Risk Barometer, cyber incidents and business interruptions are the biggest worries for companies globally in the coming year.  

Overall, 36% of respondents and 17 countries ranked cyber incidents as the most significant risk globally for the third year in a row, ahead of closely interrelated worry business disruption (31%) and political instability and war (14%).

Specifically, 59% see a data breach as the most concerning cyber threat followed by attacks on critical infrastructure and physical assets (53%). Ransomware attacks saw a resurgence in activity, with insurance claims activity up by more than 50% compared with 2022.

“The growing number of incidents caused by poor cyber security, in mobile devices in particular, a shortage of millions of cyber security professionals, and the threat facing smaller companies because of their reliance on IT outsourcing are also expected to drive cyber activity in 2024,” explains Scott Sayce, Global Head of Cyber, Allianz Commercial.

George McGregor, VP, Approov Mobile Security had this to say:

   “It’s no surprise that companies see cyber incidents as their biggest concern. Allianz highlights poor mobile device security in particular as a key risk factor. Companies should evaluate and address this key attack vector as a priority – the basic security provided by App stores processes and tools is not enough.

   “The mobile ecosystem is complex and evolving quickly, but there are simple and effective solutions which can protect mobile apps and APIs and prevent them being an open door for hackers.”


Emily Phelps, Director, Cyware follows with this:

   “These findings underscore the critical need for businesses to adopt proactive strategies that mitigate cybersecurity risks that undoubtedly can cause business interruption. Businesses should think holistically about their security strategy. This includes prioritizing things like advanced threat intelligence and operationalization, orchestrated response, enhancing data protection measures, and continuously educating employees about cyber risks.

   “Given the shortage of cybersecurity professionals, companies should also consider leveraging automated security solutions and partnering with specialized security partners to outpace cyber threats.


Troy Batterberry, CEO and Founder, EchoMark adds this:

   “The insights from the 2024 Allianz Risk Barometer offer a view into the growing concern of cyber threats that businesses and executive leadership have been reluctant to realize and act on. The concern over cyber risk and incidents continues to increase as evidenced by the ranking of cyber incidents as a top global risk. With advances in adversary attack vectors and methodologies, and threat actors leveraging the efficiencies and scalability of new tech, there is a critical need for innovative cybersecurity strategies covering far left and far right of boom.

   “It’s clear that businesses must prioritize a defense in depth approach against data breaches and infrastructure attacks, particularly as ransomware continues to be a top extortion method. Coupled with the global growing gap in cybersecurity expertise, the rising trend of IT outsourcing particularly impacts smaller companies and requires a strategic approach to risk management – forcing an urgent call for investment in cybersecurity training and education, and development of more intuitive, AI-driven security solutions to bridge the resource gap and bolster defenses.”

It’s good that people know what the threats are. But it’s another thing entirely set up defences against them. Thus I hope that anyone who reads this is making plans to do just that. Because if they don’t, bad things will likely happen to them.

UPDATE: Mark Cooper, President & Founder, PKI Solutions adds this:

   “In today’s complicated cyber security market, there are far too many vendors claiming to have the solution to a corporation’s cyber security issues. The truth is, complexity in security isn’t doing any corporation any favors. Most of the tried-and-true security solutions that have been available for years are still quite valid, but they need to be constantly reviewed and monitored. Adding another new security solution on top of a poorly implemented security solution is actually counterproductive.”

Leave a comment »

BianLian Ransomware Group Pwns US Based Shipper 

Posted in Commentary with tags on January 17, 2024 by itnerd

Reported Chinese ransomware group BianLian has targeted Republic Shipping Consolidators of Miami, FL, a high-profile shipping concern involved in Ocean and Air Fright services across the US, Nicaragua, Asia, and Europe.

According to @HackManac on X, the group’s data leak site posting claimed 117 GB of data from the attack, including accounting, budget, financial data, email and message archives, files from employee PCs, operational and business files, personal, and technical data.

No details on the amount of the ransom or attack methods have been disclosed.

BianLian refers to the Chinese art of face changing, a traditional entertainment form.

John Benkert , CEO, Cigent had this to say:

   “Infrastructure represents a prime target for hackers due to its critical importance and interconnected nature. These systems, encompassing utilities like electricity, water, and transportation networks including shipping, are essential for the functioning of a society and economy. A successful cyber attack on these can lead to significant disruptions, with potentially widespread and severe consequences. Moreover, the increasing digitization and interconnectivity of these systems, while boosting efficiency and monitoring capabilities, also create vulnerabilities.

   “Cyber attackers, whether they are state-sponsored actors, terrorists, or cybercriminals, are aware that compromising these systems can lead to chaos, economic damage, or political leverage. As such, it is critical that these entities recognize their status, vulnerabilities and then implement technology to protect their data.  The government needs to be more involved in protecting these assets not only through legislation but by providing cutting edge technology to these critical organizations.”


Emily Phelps, Director, Cyware follow with this:

This cyberattack highlights the critical importance of threat intelligence and intelligence operationalization in the cybersecurity landscape.

Intelligence isn’t just about gathering data; it’s also about understanding and outpacing the tactics, techniques, and procedures of adversaries. By analyzing patterns and sharing this intelligence across sectors, companies can address these risks more quickly and effectively.

This hack highlights the fact that companies need to make it difficult if not impossible for threat actors to get in and do bad things. Because in this case, the outcome is pretty bad, and could get worse for the rest of us if they pay the ransom.

Leave a comment »

BREAKING: Apple Must Stop Selling Apple Watches With Blood Oxygen Feature AGAIN…. Effective Tomorrow

Posted in Commentary with tags on January 17, 2024 by itnerd

The US Court of Appeals for the Federal Circuit has just denied Apple’s request to pause the ban of the Apple Watch Series 9 and Ultra 2. The renewed ban takes effect tomorrow at 5PM EST. Here’s the details:

Apple on Wednesday failed to convince a federal appeals court to allow U.S. imports of Apple Watches with technology for reading blood-oxygen levels while it challenges a government tribunal’s decision that the devices infringe patents belonging to medical technology company Masimo.

The ruling by the U.S. Court of Appeals for the Federal Circuit means the affected watches cannot be imported while Apple appeals the underlying ban issued by the U.S. International Trade Commission.

I guess that this fix that Apple has apparently come up with will come into play starting tomorrow. Otherwise you might want to run to your nearest Apple Store and buy an Apple Watch while you can. Alternately, you should still be able to still get them at places like Best Buy and Amazon. And to be clear, this only applies to the USA. If you live outside of the USA, this is a non-event.

Again, I have to wonder why Apple doesn’t just pay Masimo off and put an end to this. It would be far more efficient than all these legal gymnastics and consumer angst.

1 Comment »

Google Makes Announcements Related To Search

Posted in Commentary with tags on January 17, 2024 by itnerd

A couple of announcements related to search were made by Google today:

  • Circle to Search is a new way to search anything on your Android phone without switching apps. Now, with a simple gesture, you can select what you’re curious about in whatever way comes naturally to you — like circling, highlighting, scribbling or tapping — and get more information right where you are.
  • Related to this is this announcement. When you point your camera on your Android phone (or upload a photo or screenshot) and ask a question using the Google app, the new multisearch experience will show results with AI-powered insights that go beyond just visual matches. This gives you the ability to ask more complex or nuanced questions about what you see, and quickly find and understand key information.

This is launching on January 31 on select premium Android smartphones. Specifically the Pixel 8, Pixel 8 Pro and the new Samsung Galaxy S24 series.

Leave a comment »

LogicGate brings on Jen Renna as Chief Customer Officer 

Posted in Commentary with tags on January 17, 2024 by itnerd

 LogicGate has announced the appointment of Jen Renna as its new Chief Customer Officer, effective December 11th, 2023.

With over 25 years of expertise spanning sales, account management, and customer success, Renna adds a wealth of experience to LogicGate’s leadership team. Renna has a proven track record in establishing scalable global teams in leadership roles at eBay, Acquia, and Zeta Global, and in her most recent position at Rapid7, she spearheaded the customer success organization with a focus on Fortune 500 clients, driving rapid growth with an extensive evolution of the customer experience. Renna’s customer-centric background seamlessly aligns with LogicGate’s core value of empowering customers and her aptitude for unearthing business development opportunities is critical to company growth.

In her new role, Renna will oversee LogicGate’s customer operations, working directly with customer success and services teams. With a renewed focus on evolving the customer experience and proactive churn prevention, she will play a pivotal role in driving relationships and strengthen the company’s client relations with the growing enterprise customer base.

As LogicGate continues to lead the GRC industry, Jen Renna’s appointment marks a pivotal step in their continued journey towards unrivaled customer service and innovative risk management solutions.

Leave a comment »

LinkedIn reveals 2024 list of Jobs on the Rise

Posted in Commentary with tags on January 17, 2024 by itnerd

As we enter the new year, many may take the time to consider ways to reboot and hit the reset button. For those looking to switch up their career paths, navigating change can be a daunting task, especially as Canadians navigate a competitive job market in 2024. To assist job seekers in equipping themselves with the tools needed to find roles with growth potential in 2024, LinkedIn reveals its Jobs on the Rise list, offering fresh insights into the fastest-growing jobs of the past five years.

The top 5 roles in Canada include:  

  1. Growth Manager – Growth Managers work with sales, marketing, and communications teams to develop marketing and communication strategies that will help to grow their companies’ business revenue.
  1. Energy Advisor – Energy Advisors measure energy use in a home and help reduce consumption.
  2. Wealth Management Associate – Wealth Management Associates provide advice and assist Wealth Managers.
  1. Diversity and Inclusion Specialist – Diversity and Inclusion Specialists work with recruiters to reinforce diversity in the workplace and design company-wide policies that address issues.
  2. Strategy Associate – Strategy Associates develop and execute an organization’s strategic vision to create growth and improve performance.

Methodology

Jobs on the Rise: LinkedIn Economic Graph researchers examined millions of jobs started by LinkedIn members from January 1, 2019, to July 31, 2023, to calculate a growth rate for each job title. To be ranked, a job title needed to see consistent growth across our membership base, as well as have grown to a meaningful size by 2023. Identical job titles across different seniority levels were grouped and ranked together. Internships, volunteer positions, interim roles and student roles were excluded, and jobs where hiring was dominated by a small handful of companies in each country were also excluded. Additional data points for each of the job titles are based on LinkedIn profiles of members holding the title and/or open jobs for that title in the country.

Leave a comment »

Guest Post: Experts Warn Against Digit-only Passcodes

Posted in Commentary with tags on January 17, 2024 by itnerd

“The weak link in any security system isn’t the technology—it’s the people.” This admonishment by Jason Adler of  Repocket warns us about the vulnerability of our digital technology, particularly our smartphones. If you think that a numeric-only passcode is enough to secure your precious data, you might want to reconsider.

Experts assert that passwords that only contain numbers are the most vulnerable to hackers. Possibly a hacker can crack a 12-number password in seconds. A 10-digit password that only uses numbers could be cracked immediately. 

The Perils of Numeric-Only Passcodes

Many phone users rely on simple numeric passcodes to protect their devices. They might feel safe with a four to six-digit passcode, but the truth is, these passwords are logarithmically less secure. Simple mathematics reveals that a 4-digit passcode has only 10,000 possibilities and a six-digit, just a million.

Let’s put this in perspective. A sophisticated hacker can crack a four-digit passcode in less than seven minutes, and a six-digit one in less than 22 hours. And don’t forget, this time decreases exponentially if your code is predictable—like ‘123456’ or the year of your birth.

As Jason Adler points out wisely, “The rapid improvement in cracking technology means that the passcodes once considered secure—like numeric-only passcodes—are alarmingly unsafe today.”

Why Characters Matter

So why are alpha-numeric passcodes safer? Well, even a six-character password with a mix of lower and upper case letters, numbers, and symbols has over 56 billion possibilities! That’s a far cry from the mere one million options of a six-digit passcode. The increased complexity translates to greater security, making it inordinificantly hard for hackers to crack your password.

Tips for a Strong Passcode

Repocket Expert, Jason Adler, recommends the following tips to create a robust passcode:

  • Always opt for alpha-numeric passcodes over numeric-only.
  • Incorporate both uppercase and lowercase letters for added complexity.
  • Include symbols. They significantly increase the number of possible combinations.
  • Avoid using easily guessed personal information like birthdays or anniversaries.
  • Aim for a passcode of at least 8 characters, although 12 is even safer.

Securing Your Phone’s Contents

Regardless of your passcode strength, some hackers might deploy spyware or phishing methods to access your data, so it’s critical to secure your phone’s contents too. Adler suggests regularly updating your phone’s software, encrypting your sensitive files, and never clicking on suspicious links.

We hope this article has shown you the risks of relying solely on numeric passcodes and inspired you to safeguard your technology better. In an age of increasing digital threats, don’t let a weak passcode be the chink in your armour. Let’s put this knowledge into action and secure our phones now. Do you have any passcode-related mistakes or tips to share? It could benefit our readers in their journey to bolster their phone’s security.

Leave a comment »

Cigent Pre-Boot Authentication Gets NSA Commercial Solutions For Classified (CSfC) Components Listing

Posted in Commentary with tags on January 17, 2024 by itnerd

Cigent Technology, Inc. today announced that its pre-boot authentication software has been approved for inclusion on the National Security Agency Central Security Service (NSA/CSS) components list for the Commercial Solutions for Classified (CSfC) program.

Cigent’s Pre-Boot Authentication (PBA), a key element in the Cigent Data Defense™ platform, is now available for use by agencies seeking the highest data security for classified Data at Rest stored in laptops, desktops, and other devices to avert compromise.  

The CSfC program enables agencies to utilize commercial products in specific configurations to protect classified data. Commercial products must undergo stringent evaluations and be selected for inclusion on the NSA’s approved components List. CSfC certification enables military and government agencies to procure and deploy the technology they need to secure their sensitive endpoint data. 

Cigent PBA brings a new level of security for endpoints containing classified data. The solution utilizes hardware-based full drive encryption (FDE). What makes this solution different however, is the capabilities that enable Cigent PBA to lock down data ranges on the drive firmware itself, protecting the encrypted data at rest (DAR) from being accessed, cloned, wiped, or viewed, even by disk utilities or other methods. 

Beyond the CSfC requirements, the Cigent Data Defense™ platform includes additional data security capabilities to protect classified data. These include creating up to 8 hidden drive partitions, complete erasure verification, nefarious insider threat logging, and automated threat response, all built directly into the drive. These capabilities are available from Cigent Ready partners whose secure SSD drives are also on the CSfC components list. As a result, government customers can now take advantage of these unique capabilities. 

Leave a comment »

7 in 10 Canadians Want Future Financial Tools To Be A Hybrid Of Financial Advisors And GenAI: Intuit

Posted in Commentary with tags on January 17, 2024 by itnerd

Intuit has released a new survey on how Canadians view using artificial intelligence (AI) to manage their finances. 

The survey found that when it comes to the role of human experts in financial management, most Canadians want their financial advisors to be augmented, not replaced, by generative AI (GenAI).

The data revealed:

  • 69% of Canadians want future financial tools to be a hybrid of financial advisors and GenAI.
  • Only 12% believe that financial advisors will be replaced by GenAI or other technology.
  • Confidence among Canadians to use GenAI as a personal financial management tool would be greatly increased by on-demand access to human expertise.

Intuit’s AI platform works hand-in-hand with experts to help them better advise clients—from uncovering strategic business insights to creating time-saving efficiencies and workflows.

ABOUT THE STUDY

The study, conducted leveraging the Leger Opinion Panel on behalf of Intuit, included a 15-minute survey among 1,500 nationally representative Canadians to develop a deeper understanding of Canadians’ relationship/comfortability with using generative AI. The survey was conducted in English and French and took place online September 28–October 4, 2023. For comparison purposes only, a probability sample of this size would carry a margin of error (95% confidence interval) of +/- 2.51%.

Leave a comment »

A New Variant Of The Extortion Phishing Email #Scam Has Appeared

Posted in Commentary with tags on January 17, 2024 by itnerd

Over the years I’ve documented many variants of the extortion phishing email scam. But here’s a new one that I am sure will catch a few more people out because it addresses many of the ways that make these sorts of emails easy to spot. Let’s start with the email itself:

On the surface, this looks like your cookie cutter extortion phishing scam email. But if you look closer there’s some differences. Starting with this:

So let’s unpack this. This email lists my personal email address (which I’ve redacted), and it lists a password that the threat actor claims was in use on my email. Which is completely false. It was in use in another online account that I know had a data breach. More on that in a moment. But what I believe that the threat actor is doing is using a password that you know that they likely acquired on the dark web in a data breach dump in order to scare you into paying up.

Now how did I know that this password was in a data breach and I wasn’t using this password on my personal email? Well I use a password manager to keep track of all of my passwords, and I’ve spent the last few years making all my passwords unique. Thus if one of my passwords leak, I can be sure to spot where it leaked from. And it stops the possibility of credential stuffing attacks where a threat actor takes credentials gained from a data breach and tries them elsewhere under the logic of humans having a tendency to reuse passwords in multiple places. The 23andMe hack is a prime example of this. The other thing that I do is keep a history of password changes so that I know what passwords that I have used in the past. That’s another way for me to spot if I’ve been compromised in some way.

Now besides the usual threats of leaking data that is embarrassing to you because they allegedly recorded you, which is a lie by the way, along with demands of payment by Bitcoin which is standard for these sorts of scams, there’s this:

The 14 copies of this email that I have received have come from different email addresses. That’s meant to add to the illusion that this threat actor is some sort of hacker. When in reality he’s just some loser with a mass email application who bought some credentials off the dark web and is hoping to make a buck by scamming people. Speaking of which, I checked the Bitcoin wallet that he’s using and he’s made no money thus far. That means that nobody is falling for this, which is good.

Other than that, it’s your typical extortion phishing email that I have written about in the past. Take this example, or this one, or this one. You get the idea. Thus if you get one of these emails, delete it and move on with your life.

Leave a comment »

« Older Entries