Archive for July, 2024

« Older Entries

Palo Alto Networks Rolls Out Secure AI by Design Portfolio

Posted in Commentary with tags on July 31, 2024 by itnerd

What: Palo Alto Networks is making available to customers its Secure AI by Design product portfolio, aiming to secure organizations’ GenAI usage and development of enterprise AI applications by providing visibility, control, and protection specific to AI, addressing new risks and threats. As businesses increasingly integrate AI, the portfolio enables them to confidently build and use AI-powered apps, while also prioritizing the integrity of AI security frameworks from development to deployment.

Why: The need for securing AI applications has become increasingly important as businesses continue to integrate AI and LLMs into their operations. With employees adopting AI applications at a rapid pace and organizations across various industries gaining a competitive edge through AI-powered applications, the Secure AI by Design portfolio aims to securely enable AI deployments.

While the promises of AI are significant, it’s essential to acknowledge the associated risks with equal emphasis in order to realize its full potential. Bad actors are using AI to ramp up the scale of attacks, so it is important that organizations are proactive in their defense.

How: Organizations will be equipped to create a secure AI ecosystem that prioritizes the integrity of AI security frameworks from development to deployment. Businesses can fully harness the potential of AI without compromising security through the following use cases:

  • Securely enable GenAI applications: With the growing trend of employees using GenAI apps for business purposes, AI Access Security enables organizations to use AI tools with confidence. It gives security teams full visibility, application and data access controls, and continuous data risk monitoring.
  • Fortify AI supply chain: Businesses must be aware and rectify against possible risks. With Prisma Cloud AI Security Posture Management (AI-SPM), organizations can secure their AI ecosystem by identifying vulnerabilities and misconfigurations in models, applications and resources. It improves compliance and minimizes data exposure, thus improving the integrity of your AI security framework.
  • Protect enterprise AI applications: It is critical for organizations to see every component of their AI app ecosystem— including AI applications, models, inference and training datasets. AI Runtime Security is designed to help solve this, and protect against evolving zero-day and AI-specific threats, such as data leakage from AI models and applications, and safeguard models from misuse and attacks.

When: To start the roll out, AI Runtime Security is now available on Google Cloud and will be available later in August on Amazon Web Services (AWS) and Microsoft Azure. To follow, AI-SPM will be available on August 6 and AI Access Security will be available on August 19.

Additional Information: Learn more about our Secure AI by Design portfolio, read our latest blogs on AI Runtime Security and AI-SPM. Explore Precision AI by Palo Alto Networks, which powers our cybersecurity platforms and solutions.

Leave a comment »

Introducing Mission AI Foundation

Posted in Commentary with tags on July 31, 2024 by itnerd

Mission Cloud today announced the launch of Mission AI Foundation, a comprehensive service designed to help businesses optimize their AI solutions on AWS while adhering to best practices and managing costs effectively.

83% of companies claim that AI is a top priority in their business plans. However, this widespread interest in AI adoption is often tempered by significant challenges. Concerns such as financial management, security, and knowledge gaps frequently stand in the way of companies eager to harness AI’s power to accelerate innovation and drive process efficiency.

To address these barriers, Mission AI Foundation combines support, engineering, strategy, and guidance to help organizations manage their cloud infrastructure and build for the future of AI.

The service is built on five pillars of continuous engagement:

  • AI solutions optimization, architecture guidance, and prompt engineering
  • Continuous cost optimization and ongoing financial management
  • Guidance on foundational best practices and cloud governance
  • Round-the-clock Enterprise support, led by Mission Cloud and backed by AWS
  • Cloud strategy for adopting technologies that transform your business

Key features of Mission AI Foundation include:

  • Access to a team of certified Cloud Analysts, Technical Account Managers, Solutions Architects, and AI Engineers
  • Improving token usage to ensure AI operations are economical and high-performing
  • Engineer Assist – AI, offering pay-as-you-go engineering support for AI solutions
  • Continuous guidance on prompting best practices to improve accuracy, optimize template, reduce hallucinations, and enhance overall model performance
  • 24/7 support with AWS Enterprise-level SLAs
  • Large Language Model Operations (LLMOps) to build and maintain your dedicated operations pipeline

Mission AI Foundation leverages Mission Control, the company’s cloud services platform, along with Amazon QuickSight and Amazon Q, to provide detailed cost visualization and management tools. The service also includes carbon footprint tracking, offering insights into the environmental impact of AI workloads.

Mission AI Foundation is now available. For more information or to schedule a demo, click here or contact sales@missioncloud.com.

Leave a comment »

Study Shows How Inclusive Social Media Really Is

Posted in Commentary with tags on July 31, 2024 by itnerd

The WizCase Team has conducted some research with the aim to understand “How inclusive is social media really?” by creating fresh social media accounts, and showing differences between platforms before algorithms kick in and take over.

According to their research:

  • White people were represented more than any other group — ranging from 51-60% of all posts.
  • TikTok had the most gender parity, with a 50/50 representation, and YouTube had the least, with 68% males and 32% females.
  • Only 4 posts in our sample from X contained any political messaging, 100% of those were conservative.

Why it matters:

Increasingly, fears of and reactions to “cancel culture” and censorship on social media make headlines. Conservatives claim they are being silenced, while liberals claim that hard-right accounts are being inappropriately boosted. Both sides are saying that more representation is needed for their group.

You can access their detailed report here: https://www.wizcase.com/blog/how-inclusive-is-social-media

Leave a comment »

Microsoft Says Yesterday’s Outage Was Caused By A DDoS Attack

Posted in Commentary with tags on July 31, 2024 by itnerd

Yesterday, Microsoft had a major outage with a lot of their online services. And today, Microsoft is serving up a reason for that outage:

An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes. While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.

So Microsoft was hit by a DDoS attack, and their automatic defences amplified it rather than mitigating it. At least they were honest about it and came out with this statement quickly. You can be sure that Microsoft will correct the issues that they found here so that a DDoS attack doesn’t have the same effect as it did yesterday.

Leave a comment »

OMG! $75 Million Ransom reportedly Paid To The Dark Angels Ransomware Group

Posted in Commentary with tags on July 31, 2024 by itnerd

ZScaler researchers have revealed that an undisclosed victim paid a record $75 million ransom to the Dark Angels ransomware group earlier this year. This figure nearly doubles the previous highest ransom of $40 million, paid by CNA Financial in 2021.

The Dark Angels group, reportedly a rebranded version of the Babuk ransomware family, first emerged in May 2022. The group’s most notorious attack occurred in September 2023, targeting Johnson Controls, an automation and manufacturing company. SentinelOne reported that the attackers “used Dark Angels ransomware to lock the company’s VMWare ESXi servers” and demanded $51 million, though it remains unclear if the ransom was paid.

Steve Hahn, Executive VP, BullWall had this to say:

“Unlike other forms of cyber attacks, Ransomware has ties to Russia in virtually all instances. Whether it’s Russian based groups or Russia based tools or hacking services, nearly every attack has deep Russian ties. The proxy war we are engaged in via Ukraine has amped up Russia’s attacks on “soft targets” in the US that will do the most damage, along with getting the most ransom. Out of control inflation in the US over the last 4 years can be amplified by attacks on the supply chain or production. This, along with the fact that manufacturing can be slightly behind on their security journey, makes them a very easy and obvious target. 

Virtually all Ransomware attacks include a double extortion technique. The threat actors will encrypt the data and steal the data. You’ll pay to decrypt (to get your data back) and you’ll pay again to not have them leak embarrassing information or sell your secrets on the dark web. In addition, virtually all Ransomware attacks are preceded by a command and control element. Threat actors slowly get in to the Network, then use special tools like Cobalt Strike to get admin credentials, with admin credentials they can do whatever they desire. Including encrypting your backup or disabling your security products. 

All of these groups are connected to Russian Hackers. The groups and affiliations merge and morph. They use different encryption payloads but most are nearly undetectable by modern EDRs if they can launch them in the customers environment.

Total Ransomware payments have exploded to over a billion dollars a year, in just known payments, the number of successful attacks has more than doubled in the last 2 years and the average payment has gone up from $850,000 to over $2M in 2024. 

Organizations need defense in depth. Layers and layers of security. They also need to focus on not just preventing Ransomware, but also containment and recovery. They need to treat a successful Ransomware attack as a “when” not “if” scenario and plan accordingly. Table stakes is also MFA, Microsgementation and Zero Trust. But these are silver bullets. They still need to figure out how they react and respond quickly when that event occurs. 

Zero Trust is important. It will certainly lessen the chances of an attack. But this journey is typically very long for customers and still not a silver bullet. Zero day attacks, Shadow IT, personal devices, IoT devices, these are all attack vectors for Ransomware and once the encryption begins at the shares drives, whether those are cloud or local, it’s only a matter of time before all of the data is encrypted, even with zero trust network architecture in place. 

And of course, AI will increase the volume of phishing attacks and allow each and every email a custom look. AI tools can search all public information about their “target”, LinkedIn, Yelp, Facebook, Venmo payments. Anything public to find recipients to interact with and form a custom phishing email to the user. This means the number of highly targeted attacks will explode in the coming years. Along with that, AI can create Ransomware variants in milliseconds that will appear to EDR and antivirus as something they’ve never seen, making it incredibly difficult for them to stop those attacks. Along with that, dark web brokers are connecting people with footholds and access in companies to those with the payloads. The Facebook Marketplace for hackers.”

There’s a lot to unpack from Mr. Hahn, but it is very much worth reading. Organizations need to be prepared for all eventualities. As in keeping the bad guys out, and what to do if they get in. And most importantly, they should never, ever pay up as that simply encourages these threat actors. Frankly, your best defence is to do everything possible to not be a victim.

Leave a comment »

Cyware Appoints Terrence Driscoll as CISO

Posted in Commentary with tags on July 30, 2024 by itnerd

Cyware today announced the appointment of Terrence Driscoll as Chief Information Security Officer.

Terrence is an accomplished cybersecurity expert with an exceptional record of execution and leadership. He most recently served as Managing Director, Global Head of Security and Controls Assurance for JP Morgan Chase & Company where he led a global team responsible for Security Architecture, Security Testing, Technology Resiliency, and Control Management.  He brings Cyware deep knowledge of Cyber Operations, Threat Intelligence, Security Assurance, and Resiliency. 

At Cyware, Terrence will be responsible for Product and Internal Security and will be working with Cyware’s customers and partners to drive adoption of Cyber Fusion Center Platforms.

He previously served as Senior Director at PayPal, Business Information Security Officer at Citadel, Advisory Board Member at CrowdStrike, and CISO at MacAndrews & Forbes, which owns and operates a diverse array of businesses in the consumer goods, defense, education, entertainment, financial services, gaming, and pharmaceutical industries.  He also spent nine years at Lockheed Martin working on the internal security team and working with Lockheed’s US Government, International and commercial clients to drive adoption of intelligence driven cyber defense.

He holds an B.S. in Mechanical Engineering from Lehigh University, an M.S. in Systems Engineering from the University of Pennsylvania, and an M.B.A. from the Wharton School of Business.

To learn more about Terrence’s role at Cyware, join their September 5 webinar, Navigating Cybersecurity Challenges: Insights from a Cybersecurity Executive.

Leave a comment »

Nuspire’s Q2 2024 Threat Report Reveals Surge in Exploit Activity and Shifts in Ransomware Landscape

Posted in Commentary with tags on July 30, 2024 by itnerd

Nuspire, a leading managed security services provider (MSSP), today released its Q2 2024 Cyber Threat Report. This latest report offers a comprehensive analysis of evolving cyber threats, highlighting a significant jump in exploit activity, shifts in ransomware operations and changes in dark web marketplace dynamics.

The Q2 2024 report indicates a 21.07% increase in exploit activity compared to Q1, underscoring the persistent and growing threat of vulnerability exploitation. Conversely, ransomware publications saw a 10.43% decrease, largely attributed to law enforcement actions against major ransomware groups. Dark web marketplace listings also experienced a 12.93% drop in overall activity, indicating potential shifts in cybercriminal tactics.

Additional findings from Nuspire’s newly-released cyber threat report:

  • Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.
  • Exploit Activity: A total of 14,273,495 exploitation events were detected, marking a 21.07% uptick from Q1. Key drivers included Web Server File Access attempts and attacks targeting the Log4j and Hikvision Camera vulnerabilities.
  • Ransomware Trends: While ransomware publications saw a 10.43% decrease, driven by law enforcement actions against groups like LockBit, Play Ransomware activity rose, stressing the fluid nature of the ransomware ecosystem.
  • Dark Web Listings: Despite an overall 12.93% decrease in dark web activity, there were substantial increases in specific listings:
    • Social Security Numbers: 113,295 listings, up 22.19%
    • Account Access: 21,168 listings, up 59.41%
  • Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.

To access the complete Q2 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.

Leave a comment »

TELUS Announces PureFibre 5 Gigabit Internet

Posted in Commentary with tags on July 30, 2024 by itnerd

TELUS is bringing the fastest PureFibre home internet to Western Canada with the introduction of its PureFibre 5 Gigabit Internet plan, a substantial leap forward in internet technology, offering customers the fastest symmetrical download and upload speeds. As the only 100 per cent pure fibre-to-the-home provider in Western Canada, TELUS continues to push the envelope, delivering unparalleled Internet speeds and sustainable, reliable technology to customers in Alberta and British Columbia. The PureFibre 5 Gigabit Internet plan includes next-generation, award-winning Wi-Fi 6E hardware, allowing individuals and families to seamlessly enjoy gaming, web surfing, video calling, working and learning from home, and streaming in 4K.

TELUS is testing 25 Gigabit PON access technology with Nokia to deliver cutting-edge connectivity solutions. This new speed tier will allow TELUS to meet future high-bandwidth demands for connected homes and applications such as augmented reality (AR), virtual reality (VR), extended reality (XR), the Metaverse, cloud computing and storage, head-mounted displays (HMDs), Internet of Things (IoT) devices, and immersive collaboration.  By leveraging existing fibre optic infrastructure, TELUS can deliver this advanced technology without needing to build a new network, and is set to increase speeds beyond 5 Gigabit, delivering up to 25 Gigabits to customers in the next few years.

The PureFibre 5 Gigabit Internet starts from $145 per month on a two year plan. For more information on the internet plan and eligibility, visit www.telus.com/5Gig.

Leave a comment »

Appdome Announces GenAI-Powered Threat Resolution Center

Posted in Commentary with tags on July 30, 2024 by itnerd

Appdome today announced its new Threat Resolution Center, powered by GenAI. The new service enables mobile support teams to instantly identify mobile threats, generate context-specific resolution steps, and improve threat response for all stakeholders. Appdome will be demonstrating the new GenAI powered Threat Resolution Center live at the upcoming Black Hat USA cybersecurity conference in Las Vegas Aug. 7 and 8.

The scope, diversity, and sophistication of mobile threats are exploding. This, combined with the proliferation of malware, spyware and AI-based threats, means that the risk to mobile identity, data and transactions is higher than ever. Legacy mobile app security, anti-fraudand other products don’t consider the user experience. When mobile attacks happen, mobile end users are typically locked out of their accounts and left confused, frustrated, and flying blind. Likewise, understanding, and troubleshooting mobile cyber-attacks and threats is complex, time consuming and costly – for the mobile brand, enterprise and user.

The new Appdome Threat Resolution Center leverages the power of GenAI to provide real-time, context-specific, step-by-step guidance for end users to resolve threats and attacks on mobile devices quickly. This gives mobile support teams and end users the information they need to get past any attack fast. It also shrinks the mobile attack surface by speeding removal of mobile threats on end user devices. Mobile support teams also realize a boost in productivity by delivering faster mean time to resolution (MTTR) and reducing overall cost of threat response for all end users.

Fraud, malware and other attacks, combined with limited attack data and poor resolutions destroy the mobile experience. When cyberattacks happen, fire-drills arise between cyber and support teams. Triage, diagnosis and removing threats from mobile devices is extremely complex, time-consuming and challenging due to the immense diversity and dynamic nature of (a) mobile exploits, tools and malware, (b) mobile devices, (c) mobile operating systems (OS), (d) mobile networks and (e) other factors. To make matters worse, many forms of malware can hide inside other mobile apps, and access mobile apps via accessibility, custom keyboards and other settings. What works to remove a threat on one mobile device, mobile OS and network will not work for a different threat on a different mobile device, mobile OS and network.

How Appdome Threat Resolution Center Works

When an attack or threat is detected by an Appdome-protected mobile app, the Appdome Defense Framework in a mobile app dynamically generates a context-specific ThreatCode™. The ThreatCode is encoded with detailed and specific data about the threat, attack method, device, OS and other information, providing the DNA of each attack on the mobile end user’s device. Support, engineering or cyber personnel at mobile brands and enterprises enter the ThreatCode into Appdome’s Threat Resolution Center where Appdome’s Threat Resolution Agent™ generates the GenAI-prompts using retrieval augmented generation (RAG) to query and optimize responses from GenAI for the attack. The resolution response includes how to identify and understand the attack, how to find the attack, and the step-by-step instructions to remediate or remove the mobile threat on the end user’s device, creating – for the first time – true self-service threat response and real-time threat resolution for mobile end users.

Appdome will be demonstrating its new Threat Resolution Center at the Black Hat Conference in Las Vegas Aug. 7-8, 2024 at booth #1350.

Learn more about Appdome Threat Resolution Center and schedule your demo online.

Leave a comment »

Horizon3.ai Launches NodeZero Cloud Pentesting

Posted in Commentary with tags on July 30, 2024 by itnerd

Horizon3.ai today announced the launch of NodeZero™ Cloud Pentesting. This innovative solution helps organizations identify and resolve complex exploitable vulnerabilities and hidden attack paths in their cloud environments. Horizon3.ai offers the most comprehensive autonomous penetration testing solution, enabling both public and private sectors to thoroughly assess and secure their cloud environments across AWS and Azure.

As organizations expand their digital presence in the cloud, managing security and addressing the unique requirements of each cloud environment becomes increasingly complex for already overburdened security teams. Concurrently, attackers are intensifying their efforts with more frequent and sophisticated attacks. Many organizations struggle to identify and remediate vulnerabilities in both cloud environments and on-premises systems.

NodeZero Cloud Pentesting offers unparalleled testing capabilities for both cloud and hybrid environments. It identifies and chains together exploitable vulnerabilities, security weaknesses, and software misconfigurations, ensuring continuous validation of security programs and compliance initiatives. The solution can also pivot to on-premises networks, to emulate the true behavior of an attacker. This allows organizations to prioritize the remediation of complex attack paths that could be exploited by attackers, significantly reducing cyber risk.

Organizations can comprehensively assess their cloud and hybrid environments using the advanced capabilities of NodeZero by conducting both internal and external pentests, along with operations such as AD Password Audits and Phishing Impact tests. The solution uncovers previously unknown cloud security weaknesses, highlights overexposed or misconfigured assets, and identifies exploitable identity and access management (IAM) policies that could lead to privilege escalation. This comprehensive testing ensures effective defense in depth, reduces potential attack blast radiuses, and helps organizations mitigate the risks of insider threats and credential-based attacks.

NodeZero Cloud Pentesting Key Features

Internal Pentests:

NodeZero’s internal pentests provide a holistic view of how attackers can chain together exploitable vulnerabilities across the entire digital infrastructure, identifying complex attack paths and pivoting between on-premises and cloud environments.

External Pentests:

Similar to the internal tests but launched from Horizon3.ai’s cloud infrastructure, this pentest uncovers externally exposed weaknesses and validates the security of public-facing systems.

AWS Pentests:

This pentest utilizes AWS CloudFormation to gain a privileged perspective, identifying exploitable vulnerabilities, weak controls, insecure IAM policies, and overexposed assets.

Azure Entra ID Pentests:

This pentest targets Microsoft Entra ID from a privileged perspective, testing susceptibility to Azure-native attacks, and validating the security of applications and services using Microsoft Entra identities.

Designed by Horizon3.ai’s world-renowned attack team and certified offensive security engineers, NodeZero Cloud Pentesting includes safe and effective purpose-built exploits, advanced remote access tools, and an array of attacks designed to leverage lateral movement and privilege escalation. With over 65,000 autonomous penetration tests performed and tens of thousands of on-premises and cloud terrains fully mapped, NodeZero significantly enhances security and reduces risk for organizations of all sizes. With NodeZero’s find, fix, and verify capabilities, no other pentesting solution matches the power, efficacy, and effectiveness that NodeZero delivers.

For both defensive and offensive security professionals interested in seeing NodeZero Cloud Pentesting in action, please visit booth 3045 at Black Hat USA 2024.

For those not attending, request a demo of NodeZero Cloud Pentesting today. 

To learn more about NodeZero Cloud Pentesting please visit here.

Leave a comment »

« Older Entries