Archive for July 9, 2024

« Older Entries

Today Is Patch Tuesday…. And It’s Far From Trivial This Time Around

Posted in Commentary with tags on July 9, 2024 by itnerd

Today, Microsoft released security updates, addressing more than 142 flaws, 2 actively exploited, and 2 publicly disclosed zero-day vulnerabilities. Alongside the security updates, fixes were provided for 5 critical vulnerabilities in the category of remote code execution. If you want to go into the weeds on these fixes, Bleeping Computer has the details.

Tom Marsland, VP of Technology, Cloud Range, and Board Chairman of VetSec had this comment on today’s Patch Tuesday release:

This month’s patch Tuesday fixed five critical vulnerabilities, all of them being the more dangerous category of “remote code execution” vulnerabilities. These vulnerabilities exist in Microsoft SharePoint Server, Windows Imaging Component, and in three places within the Windows Remote Desktop Licensing Service, where an attacker could gain the ability to execute code on that server. Microsoft recommends disabling the Remote Desktop Licensing Service if it is not required in your environments and updating it as soon as possible. In SharePoint Server, a user with the Site Owner privileges could upload a file allowing them to execute the server’s code. This could be a very critical vector in the area of Insider Threats, where users with relatively low levels of access (in this case, a corporate intranet web editor) could gain system level access on a network infrastructure server. Lack of role separation and password reuse could then enable the threat actor to cause significant damage to the network.

As usually is the case at this time of the month, it’s time to patch all the things.

Leave a comment »

Security Pros Admit to Using Unauthorized SaaS and AI (Despite the Risk) – NextDLP

Posted in Commentary with tags on July 9, 2024 by itnerd

Next DLP today revealed that nearly three-quarters (73%) of security professionals admit to using SaaS applications that had not been provided by their company’s IT team in the past year. This is despite the fact that they are acutely aware of the risks, with respondents naming data loss (65%), lack of visibility and control (62%), and data breaches (52%) as the top risks of using unauthorized tools. Adding to this, one in ten admitted they were certain their organization had suffered a data breach or data loss as a result.

A survey of more than 250 global security professionals, conducted at RSA Conference 2024 and Infosecurity Europe 2024, also revealed that despite having a laissez-faire attitude towards Shadow SaaS, security professionals have taken a more cautious approach to GenAI usage. Half of the respondents highlighted that AI use had been restricted to certain job functions and roles in their organization, while 16% had banned the technology completely. Adding to this, 46% of organizations have implemented tools and policies to control employees’ use of GenAI.

The research also provided a snapshot of how security professionals view their organization’s training and overall understanding of the risks of Shadow SaaS:

  • 40% of security professionals do not think employees properly understand the data security risks associated with Shadow SaaS and AI.
  • Yet, they are doing little to combat this risk. Only 37% of security professionals had developed clear policies and consequences for using these tools, with even less (28%) promoting approved alternatives to combat usage.
  • Only half had received guidance and updated policies on Shadow SaaS and AI in the past six months, with one in five admitting to never receiving this.
  • Additionally, nearly one-fifth of security professionals were unaware of whether their company had updated policies or provided training on these risks, indicating a need for further awareness and education.

For further insights into the survey results, please see the full results report linked here. Or, for more information about Shadow SaaS and AI, and the possible defenses, visit the Next DLP website.

Methodology

The survey of more than 250 global security professionals was conducted at RSA Conference 2024 and Infosecurity Europe 2024. Each respondent was asked the same ten questions surrounding Shadow SaaS and Shadow AI usage within their organization, the implied security risks, and the policies and security tools their company has in place.

Leave a comment »

Bank CEO’s To Testify On Capitol Hill About Fraudulent Zelle Transfers Connected To Scams

Posted in Commentary with tags on July 9, 2024 by itnerd

People get hit by scammers all too frequently these days. I know this because I am often tasked with trying to rescue them from said scams. And the number one way that Americans lose money to scams is via Zelle transfers. For those who haven’t heard of Zelle, here’s what Wikipedia says:

Zelle is a United States–based digital payments network run by a private financial services company owned by the banks Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank, and Wells Fargo. The Zelle service enables individuals to electronically transfer money from their bank account to another registered user’s bank account using a mobile device or the website of a participating banking institution. There is no fee or charge on the transaction. 

Now the banks above have been under pressure to refund money to consumers who have been defrauded in this manner via scammers who use Zelle to send money from consumers to themselves. But they’ve pushed back on this to some degree:

JPMorgan Chase, Bank of America and Wells Fargo have reportedly agreed to testify at a US Senate hearing over hundreds of millions of dollars in fraud on the payments network Zelle.

Executives involved in the banks’ payment operations are expected to appear on July 23rd, reports Politico, citing sources who were allowed to speak anonymously about the plan.

The hearing will be held by the Permanent Subcommittee on Investigations, which says the banking giants’ customers reported $456 million in fraudulent transactions on Zelle in 2022 – with the banks refusing to reimburse $115 million in claims.

That’s where The Electronic Fund Transfer Act comes in. This is meant to protect consumers from this sort of thing. Here’s what John Gunn, CEO, Token had to say:

Consumers are very well protected in the United States, much more so than other Western Countries. Because the cybercriminals are most frequently based in enemy states, criminal prosecutions are very few and far between.

The ETPA has been remarkably effective in protecting consumers. It is likely that consumers have received billions of dollars of reimbursements over the years. But you also have to look at the level of involvement of the consumer and their actions. The ETPA was not enacted to absolve consumers for any responsibility in safeguarding their accounts. This is the digital age, when someone is a victim of fraud it invariably involves funds being transferred electronically from a victim to a criminal. Banks cannot possibly take on responsibility for every instance of fraud involving electronic funds transfers.

Banks and the media invest considerable time and effort in training consumers to spot scams and fraud. Consumers need to invest more time in learning how to spot fraud and to follow basic rules about not clicking on unknown links and not trusting unknown individuals who claim to work for their bank.

Banks do a lot of work to educate their customers. If you have used Zelle, you have seen, and hopefully read, the obvious warnings. Collectively, banks invest billions in fighting fraud and protecting their customers. Cybercriminals are now using generative AI and other advanced tools that pull the victim’s information from social media to attack consumers and this requires a higher level of care and diligence by consumers.

The regulatory framework is already very strong and should not be changed to protect consumers from their own negligent behavior. If we subscribe to this way of thinking then every customer has to pay for this. Why should those who are careful to avoid scams and fraud pay for the carelessness of those who are not?

Because I deal with scams, I would argue that there are all sorts of areas where improvements could be made. Education is one as there isn’t enough of that. But regulation is another as that needs to always evolve to meet new and emerging threats. I for one will be really interested to see what comes of these hearings, and what these CEO’s have to say.

Leave a comment »

Ticketmaster extortion attempts continue as hacker offers more concert ticket barcodes

Posted in Commentary with tags on July 9, 2024 by itnerd

A group of threat actors named Sp1d3rHunters who are claiming to have hacked Ticketmaster are claiming to be about to leak over 30K tickets for events after claiming to have leaked 170K tickets for Taylor Swift’s concerts.

Rogier Fischer, CEO, Hadrian had this to say:

The statement of Sp1d3rHunters and actions like release of barcodes for high-profile events and the publication of a YouTube guide for using the tickets gives the impression of hacktivism.

However, the activities of the hacker group against Ticketmaster, including the leaking of print-at-home tickets and demanding a ransom, suggest this is more aligned with cyber extortion, Rogier Fischer, CEO of Netherlands-based cybersecurity service Hadrian pointed out.”Hacktivism typically involves hacking activities aimed at promoting political agendas or social change, often without a direct financial motive.

In this case, the primary goal of Sp1d3rHunters appears to be financial gain, as shown by their $2 million ransom demand,” he said”

Additionally, the broader context of Sp1d3rHunters’ actions, including their association with ShinyHunters and the compromise of 560 million Ticketmaster customers’ data, underscores a pattern of financially motivated cybercrime.”

According to him, automating and updating the regular defences in the cybersecurity arsenal such as multi-factor authentication (MFA), penetration testing, attack surface management, and employee training will help stave off most attempts like these.

“Developing and updating an incident response plan is paramount here, along with ensuring all sensitive data is encrypted both in transit and at rest,” he added.

Ticketmaster has a ton of issues right now, including this one that I am personally affected by. Ticketmaster really needs to get a handle on their issues, or else they’re going to really going to have a tough time existing.

Leave a comment »

Horizon3.ai Celebrates Significant Growth and Innovations in First Half of 2024

Posted in Commentary with tags on July 9, 2024 by itnerd

Horizon3.ai marked the close of the first six months of 2024 with a celebration of the Company’s growth across all dimensions.

The Company’s award-winning NodeZero autonomous penetration testing platform empowers organizations to identify exploitable vulnerabilities across their internal, external, and cloud environments. It offers detailed guidance on prioritizing and addressing discovered security issues, and enables users to instantly verify the effectiveness of their fixes.

In the first half of 2024, the NodeZero platform has been enhanced with new features, services, and extensions, including:

Phishing Impact Testing: Provides an accurate assessment of the real-world consequences of compromised credentials within an organization. Business leaders often underestimate the threat posed by employees clicking on malicious links, which undermines security and burdens IT and security teams. The Phishing Impact test precisely identifies the “blast radius” of compromised credentials, demonstrating the potential consequences when attackers gain access to them.

Pentesting Services for Compliance: Meets both internal and external cyber risk assessment and pentesting requirements, aligning with government regulations, industry standards, new security frameworks, and security best practices. This service combines the expertise of Horizon3.ai’s Offensive Security Certified Professional (OSCP) pentesters with the power of NodeZero’s autonomous pentesting. The result is a streamlined, efficient approach to achieving and maintaining compliance.

Rapid Response Service for Cyber Resilience: Gives NodeZero users a strategic advantage with early, actionable intelligence to counteract emerging exploits targeting newly discovered and not yet widely addressed software vulnerabilities. The ability to swiftly identify and remediate emerging threats that pose a real risk to an organization is key to their cyber resilience. NodeZero users receive tailored intelligence on emerging vulnerabilities and can launch targeted tests to measure their exploitability.

Executive Team Expansion: Several executive-level appointments were made to support Horizon3.ai’s rapid growth as a leader in autonomous cybersecurity solutions. These include:

  • Matt Hartley as Chief Revenue Officer (CRO) – With over 20 years of sales and operations excellence, Matt has consistently built go-to-market (GTM) teams that achieve rapid scale and predictability across the revenue lifecycle. He is a growth-minded leader passionate about helping customers leverage technology to generate demonstrable business value.
  • Jill Passalacqua as Chief Legal Officer (CLO) – Jill’s legal expertise will be crucial in advising the company on key plans, guidelines, and compliance requirements. Known for her strategic legal approach to protecting and promoting companies’ interests, operations, and expansion, Jill’s appointment further bolsters Horizon3.ai’s status as a trustworthy and compliant cybersecurity provider.
  • Erick Dean as Vice President of Product Management – With over 20 years of product development experience, Erick has consistently developed effective product strategies and fostered growth in both startups and large organizations. Dean will specialize in assembling and guiding a high-performance team across product management and UX design to further accelerate the capabilities of NodeZero.
  • Drew Mullen as Vice President of Revenue Operations – With a proven track record in driving revenue growth, optimizing resource allocation, and enhancing sales performance, Drew effectively supports go-to-market strategies and operations throughout the entire customer lifecycle, from demand generation through customer acquisition and ongoing engagement.
  • Torie Runzel as Vice President of People – Torie brings extensive experience in developing strong and successful teams through structures, culture, and programs that attract, retain, and develop top talent. She focuses on recruitment, team alignment, professional and organizational development, performance management, and total rewards.

Awards and Recognitions: Horizon3.ai received several prestigious industry recognitions and honors during the first half of 2024, including:

  • Inclusion in the CRN®2024 Partner Program Guide
  • Govies Award from Security Today Magazine for Autonomous Penetration Testing
  • 2024 Cybersecurity Excellence Awards for Autonomous Penetration Testing
  • Cloud Security Awards for Best Vulnerability Assessment Solution
  • ChannelVision’s Visionary Spotlight Award for Top Innovation
  • ChannelVision’s Visionary Spotlight Award for Cybersecurity
  • AI Global Excellence Award for Best Computer & Network Security Firm 2024
  • Rising in Cyber Award for Top 30 Mid Stage Startups in Cybersecurity
  • Intellyx Digital Innovator Award

Industry Research Contributions: Horizon3.ai’s expert threat researchers conduct deep-level vulnerability research, develop proofs of concept exploits, and provide indicators of compromise that enable organizations to vastly improve their cybersecurity initiatives. The following research was published in the first half of 2024.

Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces – June 14, 2024
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution – June 12, 2024
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X – June 4, 2024
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive – May 28, 2024
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive – May 20, 2024
CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive – March 21, 2024
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” – March 14, 2024
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To – March 11, 2024
CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive – March 6, 2024
ConnectWise ScreenConnect: Authentication Bypass Deep Dive – February 21, 2024
Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities – February 6, 2024
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability – January 29, 2024
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive – January 23, 2024
Analysis of CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE – January 12, 2024
Analysis of CVE-2023-39143: PaperCut WebDAV Vulnerability – January 12, 2024

Leave a comment »

Mission Cloud Gateway Elevates Enterprise AWS Management

Posted in Commentary with tags on July 9, 2024 by itnerd

Mission Cloud has announced the launch of Mission Cloud Gateway, an innovative software platform designed to help businesses optimize their AWS environments and drive efficient growth while adhering to foundational best practices. Mission Cloud Gateway is exclusively available in the AWS Marketplace.

Mission Cloud Gateway combines AWS expertise, consultative guidance, and advanced tooling to address the evolving needs of businesses in the cloud. The platform focuses on managing costs, improving governance, and adopting technologies that transform businesses, all aligned with Mission Cloud’s strategic AWS spending methodology, re: Invest.

Key features of Mission Cloud Gateway include:

  • Mission Cloud Score: A comprehensive assessment tool that measures alignment to AWS best practices across cost, operations, security, reliability, and performance.
  • Tailored Recommendations: Identifies opportunities to improve AWS environments based on specific business goals.
  • Resource Monitoring: Provides a single view to monitor critical AWS resources, evaluate resource-specific recommendations, and track alerts.
  • Engineer Assist: Pay-as-you-go DevOps support for ad-hoc tasks and engagements, allowing businesses to delegate modifications and troubleshooting to Mission Cloud’s team of experts.
  • Managed Reserved Instance Operations: Our experts manage your Reserved Instances (RIs) and Savings Plans (SPs) purchasing, de-risking commitments, and freeing capital for growth initiatives.
  • Expert Guidance and Implementation: Provides coordinated support from Cloud Analysts, Solutions Architects, and DevOps Engineers to ensure each initiative makes the desired impact while preserving performance and improving development lifecycles.

Mission Cloud Gateway is ideal for enterprise customers looking to optimize complex AWS environments. It takes the guesswork out of billing, usage, and forecasting, tracks infrastructural health, and helps businesses adopt best practices and native services that maximize their investment in AWS.

For more information about Mission Cloud Gateway or to schedule a demo, visit https://www.missioncloud.com/mission-control/gateway or contact sales@missioncloud.com.

Leave a comment »

Magnite Chosen as the Preferred Technology Partner to Enhance TELUS’ Connected TV Offering

Posted in Commentary with tags on July 9, 2024 by itnerd

Magnite today announced TELUS has selected Magnite’s SpringServe ad server and Magnite Streaming SSP as its preferred ad technology solutions in Canada. TELUS will utilize Magnite’s ad server for its Free Ad-Supported TV (FAST) and online video advertising inventory.

The partnership comes at a time when the TV industry is undergoing a seismic shift, with consumers increasingly watchingTV content through ad-supported streaming. According to research conducted by Magnite, 74% of Canadian consumers are watching streaming TV compared to only 51% who are watching paid traditional TV. Since rolling out FAST channels to TELUS TV+ customers in April, TELUS has enabled additional TV offerings at no cost to customers. The FAST channels, including TIME, Tastemade, The Washington Post, and more, also provide a unique opportunity for advertisers and agencies to elevate their digital strategies and connect with TV audiences.

Magnite’s SpringServe ad serving platform is built for connected TV (CTV) and video advertising, providing TELUS with better insight, transparency, and control to deliver more optimal video ad experiences. Magnite’s Streaming SSP enables TELUS to manage and monetize its CTV inventory with tools specifically designed to support premium, long-form video, and high-quality viewing experiences. 

For more information about TELUS, visit www.telus.com and Magnite at www.magnite.com

Leave a comment »

BlackFog’s State of Ransomware Report for June is out

Posted in Commentary with tags on July 9, 2024 by itnerd

Blackfog’s State of Ransomware Report for June has just been released, revealing the second highest June on record in terms of overall threat numbers for the year with 45 total attacks.

In terms of ransomware gangs, LockBit continues to dominate, but the Play ransomware group was the ‘biggest mover’, according to Darren Williams, CEO, presenting a 33% increase in attacks across the month.

Moreover, Healthcare dominates attack numbers by sector, increasing 25% from May, whilst  the ratio of unreported attacks generally remains at 774%. 

Dr Darren Williams, CEO and Founder, Blackfog

     “In June we saw an easing of the overall threat numbers for the year with 45 total attacks. Historically still very high, it represents the second highest June on record. It demonstrates just how normalised these attacks have become. Despite the lower number of attacks for the month, the ratio of unreported attacks remains high at 774%, reflecting the sheer volume of attacks that still go unreported.

Healthcare takes centre stage this month with an increase of 25% from May, followed by government and technology with increases of 23% and 21% respectively. Unlike most months the education sector took a well-earned break from the record books with only an 8% increase.

In terms of variants, Play was the biggest mover this month with a 33% increase in attacks followed by Black Basta and Medusa with 14% and 13% respectively. This follows the large increase in unreported attacks from Medusa last month, typically a leading indicator of disclosed attacks in subsequent months. While Lockbit is still the leading variant by a significant margin, we only saw a modest gain of 3% this month.

Finally, data exfiltration is now involved in 93% of all attacks with PowerShell the leading vector at 62%, an 11% gain from the previous month. China and Russia also continue to dominate as the leading destinations for exfiltrated data with 15% and 6% respectively.”

You can read the report here.

Leave a comment »

OpenAI Got Pwned But Didn’t Tell Anyone For A Year

Posted in Commentary with tags , on July 9, 2024 by itnerd

Thursday, the New York Times reported that last year a hacker had gained access to the internal messaging systems at OpenAI and stole details about the design of the company’s AI technologies.

Two people familiar with the incident said the stolen information includes details from internal, online discussion forums where employees talked about OpenAI’s latest technologies. Hackers did not get into the systems where OpenAI houses and builds its AI.

According to the report, in April 2023, OpenAI executives informed both employees and board members about the breach, but executives decided not to share the news publicly as no information about customers or partners had been stolen.

OpenAI executives did not inform the federal law enforcement agencies about the breach and did not consider the incident a national security threat, believing the hacker was a private individual with no known ties to a foreign government.

In May, OpenAI said it had disrupted five covert influence operations that sought to use its AI models for “deceptive activity” across the internet, and in the same month 16 companies developing AI pledged to develop the technology safely.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “OpenAI’s silence on this security breach speaks volumes. While they trumpet AI safety pledges, their own house may not be in order. True security isn’t just about appearances—it’s about transparency and proactive measures, even when it’s uncomfortable. A global tech company isn’t most qualified to determine national security risks. By failing to inform law enforcement, OpenAI prioritized its own interests over potential broader implications, raising questions about their commitment to responsible AI development.

   “This incident is just another example of a tech company making unilateral decisions on matters that might warrant broader scrutiny or regulatory involvement. The complex dynamic underscores the ongoing debate about how to effectively regulate and govern the tech industry, especially in rapidly evolving fields like AI.”

I have to admit that OpenAI’s response to this is suspect at best. It makes me less likely to trust them. Especially since it was recently found that their ChatGPT Mac client stored conversation data in plain text. That is now fixed. But you have to wonder what else is out there that would reduce the trust level of OpenAI further?

Leave a comment »

CompTIA and the National Association of Career Colleges team up

Posted in Commentary with tags on July 9, 2024 by itnerd

Students at hundreds of career colleges across Canada will soon have new options for training in cybersecurity and other dynamic technology disciplines through a new program from the National Association of Career Colleges (NACC) and CompTIA, the organizations announced today.

The non-profit organizations are jointly developing a technology-focused curriculum aligned with CompTIA’s industry-leading skills certifications for tech professionals. The initial focus is on education and training for careers in cybersecurity, with the intent to make the resources available to all 550 NACC member institutions across every province.

Canada’s technology workforce expanded by nearly 300,000 net new jobs between 2017 and 2022 and now totals nearly 1.4 million workers. Among the fastest growing occupations were jobs for cybersecurity specialists, which grew by 146% in that time span. The estimated median annual wage for a tech worker in Canada is $88,233, which is 48% higher than the median national wage for all occupations.

CompTIA is the largest vendor-neutral technology certifying body in the world, with nearly 3.5 million CompTIA certifications earned by IT professionals globally, including 800,000 in cybersecurity skills.

Leave a comment »

« Older Entries