Archive for May 3, 2024

Palo Alto Networks Delivers The Most Comprehensive SASE Capabilities

Posted in Commentary with tags on May 3, 2024 by itnerd

Palo Alto Networks have announced its latest innovations to future-proof and transform the workforce with the launch of Prisma® SASE 3.0. Prisma SASE 3.0 now delivers Zero Trust to secure both managed and unmanaged devices with the industry’s first natively integrated enterprise browser, AI-powered data security, and acceleration of dynamic applications to perform up to five times faster.

In today’s work environment, employees demand the freedom to be productive from anywhere, using any device, and accessing any application. Current legacy SASE implementations are falling short of meeting these needs, inhibiting innovation and agility. Prisma SASE 3.0 includes enhanced capabilities to combat many challenges enterprises encounter as they rely on data to drive business:

  • Prisma Access Browser protects organizations with a natively integrated enterprise browser that extends Zero Trust protection to unmanaged devices in minutes. AI-powered security identifies up to 2.3 million new and unique attacks every day. Since 2022, more than half of employees, contractors, and third parties access corporate data from BYO devices like personal laptops and mobile devices, according to Forrester.1 With Prisma SASE 3.0 IT professionals can monitor and mitigate threats in real time, safely enabling the workforce to use any device to access any application.
  • AI-Powered Data Security is the breakthrough capability in data classification accuracy for Palo Alto Networks’ already comprehensive Data Security solution. The industry-first LLM-powered classification combines the strengths of context-aware machine learning (ML) models with the power of LLM-based natural language understanding to increase the accuracy of ML behavioral analytics to monitor and protect where sensitive data resides and travels. Prisma SASE 3.0 allows SaaS, GenAI, and cloud applications to drive business growth while securing corporate data.
  • App Acceleration provides up to 5x boost in applications’ performance compared to accessing them directly through the internet to help ensure maximum productivity and security. Prisma SASE with App Acceleration is the industry’s first SASE solution that accelerates applications individually for every user, leveraging patented app-aware technology. Palo Alto Networks is working with leading cloud service providers and enterprise applications, including Amazon Web Services (AWS), Slack, ServiceNow, Google, Zoom and SAP to enhance application performance, benefiting joint customers with faster response rates.

Prisma SASE continues to deliver industry-leading SLAs for security processing and app performance. Prisma SASE 3.0 and its updated capabilities will be generally available in the coming months.

Leave a comment »

A Text Message #Scam Using Scotiabank’s Name That Is Run By Incompetent Scammers Is Making The Rounds

Posted in Commentary with tags , on May 3, 2024 by itnerd

Now that tax season is over in Canada, I guess the scumbag scammers of the world have moved on to text message based phishing scams. Take this one using the name of Scotiabank:

Now this should stretch the boundaries of credibility right out of the gate because it references the first four digits of a Scotiabank debit card number. Why is that important? Every Scotiabank debit card starts with “4536”, which means that the scumbag scammers are hoping that you won’t pay attention to that rather than saying “if this were meant for me specifically, they would be using the last four digits of my debit card as that’s unique to me.” Another area where this text message loses credibility is the website that the scumbag scammers want you to go to. Scotiabank does not own a domain called “Https://auth-scotiabankcanada.com” nor would any communication coming from Scotiabank have a capital H in it. So who owns this domain? For giggles, let’s have a look:

Hmmm…. This traces back to .ru which is Russia the last time I checked. Maybe that’s accurate. Maybe it isn’t. But it sure isn’t Scotiabank.

So right there, we have more than enough evidence to say that this is a scam, and that you should delete this text message. But because that’s not how I roll, let’s see what happens when I click on the link which by the way you should never ever do:

Well, I see that it’s amateur hour with this particular scumbag scammer. I say that because whomever is behind this scam can’t set up a website that uses SSL encryption properly. That means that 99% of people will not get scammed because these clowns are too stupid to set the scam up properly so that a web browser can get to the scam website. More on how they screwed that up in a second.

So after figuring out where they went wrong with their website, and passing by a CAPTCHA (which seems to be a thing with these phishing websites as of late) that even snagged my IP address:

I got this:

I wonder how that compares to the real login screen for the real Scotiabank website…..

It’s a very, very good copy of the real Scotiabank website. Though the real site uses SSL encryption as evidenced by the padlock in the address bar at the top left. And the fake one doesn’t use SSL encryption at all. This is noteworthy because the text message that the scammers send you uses “HTTPS” in the link that is in the text message. That means that if you click on it, the web browser will request an SSL encrypted web page. And when it doesn’t get it, the browser throws an error message like the one that I took a screen shot of. Now this combined with the fact that web browsers in 2024 want only deal with SSL encrypted web pages, and warn you when they don’t get one as it’s a bit of a security risk, shows you that these scumbag scammers really didn’t do their homework. Thus as a result they screwed up the execution of this scam.

Regardless, I can see how someone might be fooled by this scam website. Not to mention the fact that if you look at the address bar, you’ll see “https://auth.scotiaonline.scotiabank.com” which is very similar to the scammer’s website which is “https://auth-scotiabankcanada.com”. This is an old trick that scammers use where they will come up with a URL that unless you’re paying attention, you might not notice that it’s not the same as the website that you are used to going to. That highlights the fact that you need to look at the URL closely before you type your credentials into a website. Or better yet, bookmark the websites that you go to and only use your bookmarks so that you know that they can be trusted.

Back to the scam. I entered some bogus credentials and got this:

Based on the questions, it looks like the scumbag scammers are running an identity theft scam for starters. I am basing that on asking for your mother’s maiden name which is a common security question. I entered some bogus info and got this:

So it’s not just your identity that they’re after. They want your card number right down to your ATM PIN number. That suggests to me that anyone who is unlucky enough to fall for this scam might be dealing with a group of scumbag scammers who are going to use this info to drain your bank account dry. Possibly by going to an ATM with a card that they create with this information. That implies that the scammers might be in Canada. And the Russian registration may be a ruse.

So, given the incompetence of the scammers behind this, combined with the fact that I reported this scam website to Google via this link, and to Microsoft via this link, I suspect that this website will have few if any victims. But it illustrates that you really need to question the legitimacy of anything and everything, along with doing some detective work if required to stay safe online. I say that because even incompetent scumbag scammers like these ones can get lucky and get a great payday at your expense.

Leave a comment »

Guest Post: Are You Heading for a Compliance Disaster?

Posted in Commentary with tags on May 3, 2024 by itnerd

By STEVE LEEPER, VP, PRODUCT MARKETING – Datadobi

How StorageMAP Helps You Steer Clear – Transforming Compliance Nightmares into Strategic Wins with Next-Gen Unstructured Data Management

Even with top-notch experts leading the charge – managing data in regulated industries is no walk in the park.

For instance, take healthcare providers in the U.S. They have to deal with different rules for how long to keep patient records, depending on the state, all under HIPAA regulations. Over in Europe, companies have to be careful with how long they hold onto personal data, thanks to the GDPR, making sure not to keep it a day longer than needed. And, there are rules like SEC 17a-4 in the finance sector that require certain data to be kept just as it is – no changes or deletions allowed. Each industry has its own set of data rules to play by, and it can get pretty tricky to keep everything straight.

And, the stakes are high! A slip-up doesn’t just result in a slap on the wrist – it could lead to crippling fines, irreparable reputational damage, and protracted legal battles.

Businesses are between a rock and a hard place. On the one hand, they could get hit with penalties if they don’t keep data long enough. On the other, they might face fines if they hang onto it too long. And with rules always changing and business demands ramping up, the pressure just continues to escalate.

In fact, according to Accenture, the cost just to stay compliant could jump by as much as 30% in the next few years, with the demand for regulatory technology (RegTech) expected to triple, hitting an estimated $204 billion by 2026.

So… what are your options? Where should you begin? A step in the wrong direction could lead to rather serious, and highly expensive ramifications (not to mention, be a tad career-limiting).

I would respectfully offer you should really take a look at StorageMAP. StorageMAP is unparalleled in its ability to help businesses get their arms around their data while slashing risks and costs. It really makes a hard job a whole lot easier. Here’s how:

  • Full Insights – provides comprehensive visibility into your data landscape, illuminating everything from ownership to activity levels – crucial for heavily regulated industries that must account for every bit of data they handle
  • Customizable Dashboards and Reporting – offers fully customizable dashboards for monitoring and reporting, providing insights into compliance status, data health, and operational efficiency
  • Data Organization – organizes data efficiently, tagging and classifying it according to business and legal requirements – key in industries where data must be meticulously managed to comply with strict regulations
  • Risk and Cost Reduction – ensures data is in the right location and managing inactive or orphaned data, StorageMAP reduces both the risk of non-compliance and the costs associated with data storage and management
  • Data Mobility – data mobility capabilities are built to handle the scale and complexity of unstructured data, enabling actions like data migration, archival, and cleanup in compliance with regulatory requirements
  • Advanced Integrity Protection (AIP) – ensures the highest level of data security, crucial for industries where data breaches can lead to significant legal and financial penalties
  • Vendor Agnostic – operates across heterogeneous storage systems and clouds – ensuring optimal capabilities, protection, and security, as well as vendor lock-in avoidance, cost-efficiency, and maximum ROI
  • Policy-Based Data Movement – facilitates archival, cleanup, and other data management actions based on predefined policies – ensuring ongoing compliance with industry regulations

Regulations are really piling up everywhere, becoming stricter and more widespread across almost every industry around the world. Why is that? Well, it’s a combination of factors. Technology is advancing rapidly. International trade is becoming more complex. People are more concerned about the environment. And, there’s a stronger emphasis on privacy and data security. As a result, governments and regulators keep rolling out new rules to tackle the latest issues, protect consumers, and promote greener practices. For you and your business, it just means there are even more hoops to jump through to make sure you’re staying compliant.

Not to worry… With StorageMAP, you get all the capabilities you need to more easily navigate the compliance landscape. And, as regulations keep evolving, StorageMAP has your back… making sure you don’t just survive but thrive.

Leave a comment »

Dropbox Sign Has Been Pwned…. And It’s Not Good If You’re A User Of This Service

Posted in Commentary with tags , on May 3, 2024 by itnerd

If you pay a visit to this link, you’ll see that Cloud storage firm Dropbox has disclosed that hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information:

On April 24th, we became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. Upon further investigation, we discovered that a threat actor had accessed data including Dropbox Sign customer information such as emails, usernames, phone numbers and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

For those who received or signed a document through Dropbox Sign, but never created an account, email addresses and names were also exposed. Additionally, if you created a Dropbox Sign or HelloSign account, but did not set up a password with us (e.g. “Sign up with Google”), no password was stored or exposed. We’ve found no evidence of unauthorized access to the contents of customers’ accounts (i.e. their documents or agreements), or their payment information.  

From a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.

Well, that’s pretty bad. But at least they admitted to it rather than kicking that can down the road for as long as they could get away with doing so. Melvin Lammerts, Hacking Lead, Hadrian had this to say:


“Dropbox was upfront about their security breach, which is good. The fact that hackers gained access through a backend service account is worrisome. The leaked customer information could lead to possible account takeovers, highlighting the importance of robust security measures for backend service accounts and effective methods for detecting unusual activity. This incident demonstrates why companies need to be constantly testing their security in all systems, including those not (fully) publicly accessible.”

Ted Miracco, CEO, Approov Mobile Security:

   “Considering this is the second breach in two years, a comprehensive security review of Dropbox’s entire ecosystem is advisable. This review should be conducted with external cybersecurity experts to ensure impartiality and a fresh perspective on security challenges. Dropbox has already taken some crucial initial steps such as resetting users’ passwords, logging users out of devices, and rotating API keys and OAuth tokens. These actions are essential to securing accounts and preventing further unauthorized access.”

If you use Dropbox Sign, you might want to put your head on a swivel for the next little while as I am certain that secondary attacks are coming. As for Dropbox, the fact that they put this out there is good. But they will have a lot of questions that they need to answer in the coming days and weeks, along with reassuring their customers that this won’t happen again because they’ve taken all required steps to secure customer data.

Leave a comment »