Archive for July 30, 2024

Cyware Appoints Terrence Driscoll as CISO

Posted in Commentary with tags on July 30, 2024 by itnerd

Cyware today announced the appointment of Terrence Driscoll as Chief Information Security Officer.

Terrence is an accomplished cybersecurity expert with an exceptional record of execution and leadership. He most recently served as Managing Director, Global Head of Security and Controls Assurance for JP Morgan Chase & Company where he led a global team responsible for Security Architecture, Security Testing, Technology Resiliency, and Control Management.  He brings Cyware deep knowledge of Cyber Operations, Threat Intelligence, Security Assurance, and Resiliency. 

At Cyware, Terrence will be responsible for Product and Internal Security and will be working with Cyware’s customers and partners to drive adoption of Cyber Fusion Center Platforms.

He previously served as Senior Director at PayPal, Business Information Security Officer at Citadel, Advisory Board Member at CrowdStrike, and CISO at MacAndrews & Forbes, which owns and operates a diverse array of businesses in the consumer goods, defense, education, entertainment, financial services, gaming, and pharmaceutical industries.  He also spent nine years at Lockheed Martin working on the internal security team and working with Lockheed’s US Government, International and commercial clients to drive adoption of intelligence driven cyber defense.

He holds an B.S. in Mechanical Engineering from Lehigh University, an M.S. in Systems Engineering from the University of Pennsylvania, and an M.B.A. from the Wharton School of Business.

To learn more about Terrence’s role at Cyware, join their September 5 webinar, Navigating Cybersecurity Challenges: Insights from a Cybersecurity Executive.

Leave a comment »

Nuspire’s Q2 2024 Threat Report Reveals Surge in Exploit Activity and Shifts in Ransomware Landscape

Posted in Commentary with tags on July 30, 2024 by itnerd

Nuspire, a leading managed security services provider (MSSP), today released its Q2 2024 Cyber Threat Report. This latest report offers a comprehensive analysis of evolving cyber threats, highlighting a significant jump in exploit activity, shifts in ransomware operations and changes in dark web marketplace dynamics.

The Q2 2024 report indicates a 21.07% increase in exploit activity compared to Q1, underscoring the persistent and growing threat of vulnerability exploitation. Conversely, ransomware publications saw a 10.43% decrease, largely attributed to law enforcement actions against major ransomware groups. Dark web marketplace listings also experienced a 12.93% drop in overall activity, indicating potential shifts in cybercriminal tactics.

Additional findings from Nuspire’s newly-released cyber threat report:

  • Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.
  • Exploit Activity: A total of 14,273,495 exploitation events were detected, marking a 21.07% uptick from Q1. Key drivers included Web Server File Access attempts and attacks targeting the Log4j and Hikvision Camera vulnerabilities.
  • Ransomware Trends: While ransomware publications saw a 10.43% decrease, driven by law enforcement actions against groups like LockBit, Play Ransomware activity rose, stressing the fluid nature of the ransomware ecosystem.
  • Dark Web Listings: Despite an overall 12.93% decrease in dark web activity, there were substantial increases in specific listings:
    • Social Security Numbers: 113,295 listings, up 22.19%
    • Account Access: 21,168 listings, up 59.41%
  • Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.

To access the complete Q2 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.

Leave a comment »

TELUS Announces PureFibre 5 Gigabit Internet

Posted in Commentary with tags on July 30, 2024 by itnerd

TELUS is bringing the fastest PureFibre home internet to Western Canada with the introduction of its PureFibre 5 Gigabit Internet plan, a substantial leap forward in internet technology, offering customers the fastest symmetrical download and upload speeds. As the only 100 per cent pure fibre-to-the-home provider in Western Canada, TELUS continues to push the envelope, delivering unparalleled Internet speeds and sustainable, reliable technology to customers in Alberta and British Columbia. The PureFibre 5 Gigabit Internet plan includes next-generation, award-winning Wi-Fi 6E hardware, allowing individuals and families to seamlessly enjoy gaming, web surfing, video calling, working and learning from home, and streaming in 4K.

TELUS is testing 25 Gigabit PON access technology with Nokia to deliver cutting-edge connectivity solutions. This new speed tier will allow TELUS to meet future high-bandwidth demands for connected homes and applications such as augmented reality (AR), virtual reality (VR), extended reality (XR), the Metaverse, cloud computing and storage, head-mounted displays (HMDs), Internet of Things (IoT) devices, and immersive collaboration.  By leveraging existing fibre optic infrastructure, TELUS can deliver this advanced technology without needing to build a new network, and is set to increase speeds beyond 5 Gigabit, delivering up to 25 Gigabits to customers in the next few years.

The PureFibre 5 Gigabit Internet starts from $145 per month on a two year plan. For more information on the internet plan and eligibility, visit www.telus.com/5Gig.

Leave a comment »

Appdome Announces GenAI-Powered Threat Resolution Center

Posted in Commentary with tags on July 30, 2024 by itnerd

Appdome today announced its new Threat Resolution Center, powered by GenAI. The new service enables mobile support teams to instantly identify mobile threats, generate context-specific resolution steps, and improve threat response for all stakeholders. Appdome will be demonstrating the new GenAI powered Threat Resolution Center live at the upcoming Black Hat USA cybersecurity conference in Las Vegas Aug. 7 and 8.

The scope, diversity, and sophistication of mobile threats are exploding. This, combined with the proliferation of malware, spyware and AI-based threats, means that the risk to mobile identity, data and transactions is higher than ever. Legacy mobile app security, anti-fraudand other products don’t consider the user experience. When mobile attacks happen, mobile end users are typically locked out of their accounts and left confused, frustrated, and flying blind. Likewise, understanding, and troubleshooting mobile cyber-attacks and threats is complex, time consuming and costly – for the mobile brand, enterprise and user.

The new Appdome Threat Resolution Center leverages the power of GenAI to provide real-time, context-specific, step-by-step guidance for end users to resolve threats and attacks on mobile devices quickly. This gives mobile support teams and end users the information they need to get past any attack fast. It also shrinks the mobile attack surface by speeding removal of mobile threats on end user devices. Mobile support teams also realize a boost in productivity by delivering faster mean time to resolution (MTTR) and reducing overall cost of threat response for all end users.

Fraud, malware and other attacks, combined with limited attack data and poor resolutions destroy the mobile experience. When cyberattacks happen, fire-drills arise between cyber and support teams. Triage, diagnosis and removing threats from mobile devices is extremely complex, time-consuming and challenging due to the immense diversity and dynamic nature of (a) mobile exploits, tools and malware, (b) mobile devices, (c) mobile operating systems (OS), (d) mobile networks and (e) other factors. To make matters worse, many forms of malware can hide inside other mobile apps, and access mobile apps via accessibility, custom keyboards and other settings. What works to remove a threat on one mobile device, mobile OS and network will not work for a different threat on a different mobile device, mobile OS and network.

How Appdome Threat Resolution Center Works

When an attack or threat is detected by an Appdome-protected mobile app, the Appdome Defense Framework in a mobile app dynamically generates a context-specific ThreatCode™. The ThreatCode is encoded with detailed and specific data about the threat, attack method, device, OS and other information, providing the DNA of each attack on the mobile end user’s device. Support, engineering or cyber personnel at mobile brands and enterprises enter the ThreatCode into Appdome’s Threat Resolution Center where Appdome’s Threat Resolution Agent™ generates the GenAI-prompts using retrieval augmented generation (RAG) to query and optimize responses from GenAI for the attack. The resolution response includes how to identify and understand the attack, how to find the attack, and the step-by-step instructions to remediate or remove the mobile threat on the end user’s device, creating – for the first time – true self-service threat response and real-time threat resolution for mobile end users.

Appdome will be demonstrating its new Threat Resolution Center at the Black Hat Conference in Las Vegas Aug. 7-8, 2024 at booth #1350.

Learn more about Appdome Threat Resolution Center and schedule your demo online.

Leave a comment »

Horizon3.ai Launches NodeZero Cloud Pentesting

Posted in Commentary with tags on July 30, 2024 by itnerd

Horizon3.ai today announced the launch of NodeZero™ Cloud Pentesting. This innovative solution helps organizations identify and resolve complex exploitable vulnerabilities and hidden attack paths in their cloud environments. Horizon3.ai offers the most comprehensive autonomous penetration testing solution, enabling both public and private sectors to thoroughly assess and secure their cloud environments across AWS and Azure.

As organizations expand their digital presence in the cloud, managing security and addressing the unique requirements of each cloud environment becomes increasingly complex for already overburdened security teams. Concurrently, attackers are intensifying their efforts with more frequent and sophisticated attacks. Many organizations struggle to identify and remediate vulnerabilities in both cloud environments and on-premises systems.

NodeZero Cloud Pentesting offers unparalleled testing capabilities for both cloud and hybrid environments. It identifies and chains together exploitable vulnerabilities, security weaknesses, and software misconfigurations, ensuring continuous validation of security programs and compliance initiatives. The solution can also pivot to on-premises networks, to emulate the true behavior of an attacker. This allows organizations to prioritize the remediation of complex attack paths that could be exploited by attackers, significantly reducing cyber risk.

Organizations can comprehensively assess their cloud and hybrid environments using the advanced capabilities of NodeZero by conducting both internal and external pentests, along with operations such as AD Password Audits and Phishing Impact tests. The solution uncovers previously unknown cloud security weaknesses, highlights overexposed or misconfigured assets, and identifies exploitable identity and access management (IAM) policies that could lead to privilege escalation. This comprehensive testing ensures effective defense in depth, reduces potential attack blast radiuses, and helps organizations mitigate the risks of insider threats and credential-based attacks.

NodeZero Cloud Pentesting Key Features

Internal Pentests:

NodeZero’s internal pentests provide a holistic view of how attackers can chain together exploitable vulnerabilities across the entire digital infrastructure, identifying complex attack paths and pivoting between on-premises and cloud environments.

External Pentests:

Similar to the internal tests but launched from Horizon3.ai’s cloud infrastructure, this pentest uncovers externally exposed weaknesses and validates the security of public-facing systems.

AWS Pentests:

This pentest utilizes AWS CloudFormation to gain a privileged perspective, identifying exploitable vulnerabilities, weak controls, insecure IAM policies, and overexposed assets.

Azure Entra ID Pentests:

This pentest targets Microsoft Entra ID from a privileged perspective, testing susceptibility to Azure-native attacks, and validating the security of applications and services using Microsoft Entra identities.

Designed by Horizon3.ai’s world-renowned attack team and certified offensive security engineers, NodeZero Cloud Pentesting includes safe and effective purpose-built exploits, advanced remote access tools, and an array of attacks designed to leverage lateral movement and privilege escalation. With over 65,000 autonomous penetration tests performed and tens of thousands of on-premises and cloud terrains fully mapped, NodeZero significantly enhances security and reduces risk for organizations of all sizes. With NodeZero’s find, fix, and verify capabilities, no other pentesting solution matches the power, efficacy, and effectiveness that NodeZero delivers.

For both defensive and offensive security professionals interested in seeing NodeZero Cloud Pentesting in action, please visit booth 3045 at Black Hat USA 2024.

For those not attending, request a demo of NodeZero Cloud Pentesting today. 

To learn more about NodeZero Cloud Pentesting please visit here.

Leave a comment »

BREAKING: Microsoft Is Currently Dealing With A Massive Outage

Posted in Commentary with tags on July 30, 2024 by itnerd

If I have a look at DownDetector right now, I see this:

You’ll note that Microsoft Azure, Microsoft 365 and some other Microsoft services like Xbox Live and Minecraft have issues at the moment. And this is confirmed via Microsoft themselves:

This seems pretty bad. And what’s worse is that I am having issues connecting to the Microsoft 365 admin centre and opening the Service Health Status page. And I am not alone. The net result is that I can’t even tell you what the ETA to resolution is. That’s in stark contrast to the Office service health and the Microsoft 365 network health status pages currently showing no issues. Even though there are issues.

 I’ll be keeping an eye on this and updating this story as I get more information.

UPDATE: Microsoft has posted this on Twitter in response to a user complaining about the outage:

The outage seems to be centred in Europe, and this status page that the Tweet referenced indicates what Microsoft is admitting to. That more or less matches what I’m seeing on Down Detector. More updates as they come.

1 Comment »

Delta Airlines Lawyers Up To Sue CrowdStrike And Microsoft

Posted in Commentary with tags , on July 30, 2024 by itnerd

Given the fact that CrowdStrike took out an insane amount of PCs across the planet with a software update that they didn’t QA, lawsuits over this were inevitable. And sure enough, it looks like Delta Airlines is getting ready to go down that road:

Delta Air Lines has reportedly hired a lawyer to seek compensation from Microsoft and CrowdStrike after Windows computers with CrowdStrike’s cybersecurity features crashed around the world this month, resulting in thousands of delayed and cancelled flights as computers faced the “blue screen of death.”

Delta hasn’t filed a lawsuit just yet, but the company plans to seek damages from Microsoft and CrowdStrike because of the disruption its normal business operations beginning July 19, CNBC reports. Delta has hired attorney David Boies, who fought against Microsoft on behalf of the FTC in its antitrust case against the tech giant decades ago. Delta declined to comment.

How much compensation is Delta looking for? How about $350 million to half a billion dollars? A non trivial amount. But it illustrates what a precarious position that CrowdStrike may be in. If a bunch of companies do something similar, CrowdStrike may cease to exist. Beyond that, I find it interesting that Microsoft is being included in this. At first glance, Microsoft seems to be collateral damage in this CrowdStrik fiasco. But if someone can prove that the software giant did or didn’t do something that contributed to this fiasco, I can see how they would end up being part of this lawsuit.

Get the popcorn ready. This is about to get fun. Unless you’re CrowdStrike or Microsoft.

2 Comments »

HealthEquity Data Breach Affects 4.3 Million 

Posted in Commentary with tags on July 30, 2024 by itnerd

HealthEquity, Inc., a company that provides health savings accounts (HSAs) and other health financial services, is notifying approximately 4.3 million individuals that their personal and health information was compromised due to a data breach at a third-party vendor. 

HealthEquity responded by taking immediate actions, including “disabling all potentially compromised vendor accounts and terminating all active sessions; blocking all IP addresses associated with threat actor activity; and implementing a global password reset for the impacted vendor.”

The breach was identified on March 25, as disclosed in a regulatory filing with the Maine Attorney General’s Office.

The compromised data may include names, addresses, phone numbers, Social Security numbers, employee IDs, employer details, dependent information, and payment card information. 

The company has not disclosed the identity of the affected vendor but will begin mailing notification letters to the impacted individuals starting August 9.

Ted Miracco, CEO, Approov had this to say:

   “The HealthEquity breach starkly illustrates the dangers of relying solely on passwords for API access within the supply chain. This incident, which compromised not only PHI and PII but also financial information, highlights the extensive potential damage such vulnerabilities can cause. Robust multi-factor authentication, threat analytics for rapid response, and the use of short-lived tokens for API protection are imperative to safeguard sensitive data from similar breaches.”

I will be very interested to see who this vendor is, because this is pretty bad. And it reinforces the fact that when you use third parties, you have to be able to trust those third parties. Because you’re exposed to whatever they haven’t done to protect themselves from getting pwned.

Leave a comment »

Uber Freight Drives Significant Growth in Canada with Innovative LTL Solutions

Posted in Commentary with tags on July 30, 2024 by itnerd

Uber Freight, the leading end-to-end enterprise suite powering intelligent logistics, today announced growth in the Canadian market, propelled by its innovative collaborative shipping model. Since 2021, Uber Freight’s engineered Less-Than-Truckload (LTL) network has expanded by 50%, contributing significantly to the company’s overall Canadian market growth. This translates to approximately $800M (CAD) in total freight under management (FUM).

Uber Freight’s multi-stop LTL network moves more than 10,000 pallets out of the Greater Toronto Area per week, with over 4,500 pallets transported southbound into the United States. By combining shipments from multiple shippers into optimized, multi-stop routes, Uber Freight reduces unnecessary stops and improves overall shipment performance.

Enhancing Cost-Efficiency and Reliability

Traditional LTL shipping often faces challenges such as rate increases and added terminal stops for load sorting and consolidation, impacting on-time performance and cost-effectiveness. Uber Freight’s approach eliminates these extra steps by leveraging its scale and marketplace technology to consolidate shipments based on load size, type, and destination. This streamlines pickup and drop-off processes, resulting in a 95-97% on-time performance (OTP) and saving shippers an average of 10-20% compared to traditional LTL methods.

Real-World Impact

Shippers can manage their LTL loads directly within the Uber Freight Transportation Management System (TMS) for best-in-class freight planning, visibility, and execution, and have access to an expansive pool of domestic and cross-border carriers. Furthermore, Uber Freight’s carrier network supports a variety of goods, including food-grade, chilled, ambient, and frozen LTL shipments.

Uber Freight carriers benefit from an optimal combination of shipments, advanced routing technology, and demand from Uber Freight’s extensive network of shippers. This ensures seamless coordination of backhaul loads, maximizing revenue in both directions.

Pioneering a New Standard in Logistics

Uber Freight is setting a new benchmark in supply chain technology and service, leveraging innovative logistics tools and domain expertise to meet the evolving needs of shippers and carriers. Today, major Canadian-based companies like Bimbo Bakehouse, Dr. Oetker, and Furlani Foods depend on Uber Freight’s collaborative shipping model to move goods across Canada and the United States. With more than $18 billion in global FUM, Uber Freight continues to expand its footprint across North America, committed to delivering industry-leading solutions to shippers and carriers of all sizes.

To get started with Uber Freight LTL, visit https://www.uberfreight.com/carrier-network/ltl-freight.

Leave a comment »