Posted in Commentary with tags CISA on September 3, 2024 by itnerd
The CISA have put out an advisory on Iran-linked threat actors known as Fox Kitten who are using their exploits for both government espionage and commercial ransomware operations:
This advisory outlines activity by a specific group of Iranian cyber actors that has conducted a high volume of computer network intrusion attempts against U.S. organizations since 2017 and as recently as August Compromised organizations include U.S.-based schools, municipal governments, financial institutions, and healthcare facilities. This group is known in the private sector by the names Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm. The actors also refer to themselves by the moniker Br0k3r, and as of 2024, they have been operating under the moniker “xplfinder” in their channels. FBI analysis and investigation indicate the group’s activity is consistent with a cyber actor with Iranian state-sponsorship.
The FBI previously observed these actors attempt to monetize their access to victim organizations on cyber marketplaces. A significant percentage of the group’s US-focused cyber activity is in furtherance of obtaining and maintaining technical access to victim networks to enable future ransomware attacks. The actors offer full domain control privileges, as well as domain admin credentials, to numerous networks worldwide. More recently, the FBI identified these actors collaborating directly with ransomware affiliates to enable encryption operations in exchange for a percentage of the ransom payments.
Adam Maruyama, Field CTO of Garrison Technology had this to say:
“CISA’s recent advisory regarding the joint governmental espionage and commercial ransomware activities of Iran-linked cyber group Fox Kitten shows how groups with the capabilities to attack some of the world’s most hardened networks are turning those capabilities to the broader commercial space. Increasing pressure from Fox Kitten and similarly equipped actors against commercial companies, particularly in non-regulated sectors, raises the stakes significantly in their fight against ransomware and other network intrusions.
“To put it simply, the architecture and technologies commercial companies use to detect and respond to low-to-moderate sophistication cyber attacks lacks the ability to effectively prevent and deter highly sophisticated cyber criminals and nation-state actors.
“If the trend of blurred lines between nation-state and criminal actors continues, commercial entities will need to augment their defenses by using defense-grade, high-assurance technology that aims to prevent, rather than detect, malicious activity using techniques like hardware-enforced isolation/access and content disarm and reconstruction (CDR). Unlike most commercial cybersecurity solutions, which analyze content and determines whether it’s malicious or not, these technologies treat all content as potentially malicious and use innovative methods to recreate safe, inert versions before content enters an organization’s systems.”
This is a great example of “good enough” security not being nearly “good enough” and nation-state exploits being used against a broader target set. Thus organizations need to shift their thinking and defence strategies to not be the next victim of these groups.
Internet providers and app stores servicing Brazil have until Wednesday to comply with the ban, The Verge reports. But over the weekend, Musk’s Starlinkinternet service reportedly told Anatel, Brazil’s telecom agency, that it won’t block X on its network. Starlink has about 250,000 users in Brazil, though not all of those customers necessarily use X. Brazilian legal news outlet JOTA reports that most Brazilians are not currently able to access X, but not all Brazilian internet providers have blocked the platform as of Monday.
We’re going to get to Wednesday and Elon is likely to find out that something really bad is going to happen to Starlink. The Brazilian government has already seized their assets. So it’s only a hop, skip and a jump to imagine that they’d go further. And what then? Does Elon escalate this further? Is he really willing to die on this hill? Perhaps he will because he’s afraid of other nations blocking Twitter. Tune in tomorrow to see if that’s the case.
Posted in Commentary with tags Samsung on September 3, 2024 by itnerd
As the summer winds down, the excitement of a new school year has begun to build. Whether you’re preparing for your child’s first day of school or you yourself are returning for another year, now is the time to stock up on supplies, organize your space, and set the tone for a successful year ahead. Let’s make this school year the best one yet!
To kick off the start of the school year, Samsung has compiled a list of tech essentials to make easing into the school year a smooth experience.
For the music lover: Samsung Music Frame (Starting at $599) – Ideal for the student who loves to entertain, this versatile photo frame doubles as a speaker. Easily swap in your favorite photos or artwork while playing your go-to study jams or party playlists. It’s the perfect blend of personal style and powerful sound for any dorm room or study space.
For the gamer student: Samsung 49 Inch Odyssey OLED G9 Gaming Monitor (Starting at $1,499) – This monitor is both a study tool and a gaming powerhouse, featuring a lightning-fast 0.03ms (GtG) response time and a 240Hz refresh rate to keep you ahead in every match. This monitor is perfect for balancing schoolwork and gaming without missing a beat.
For the student that needs the extra storage:Samsung 990 EVO Memory Card (Starting at $199.99) – Designed to store everything from class projects to digital memories, this memory card is a must-have for the school year. Compact yet powerful, it keeps your assignments, photos, and adventures secure and ready to share in an instant.
Posted in Products with tags Aqara on September 3, 2024 by itnerd
If you’re someone who has a lot of smart home gear, then the Aqua Hub M3 is something that you might be looking into to add to your smart home setup. The reason being that this hub does the following:
It’s a Matter controller that can work with non-Aqara Matter smart home devices
It’s a Thread border router
It has a two-way 360° infrared blaster that can be exposed to your smart home ecosystem to control devices that support IR control
It of course supports the Zigbee protocol
The first two items might be of value if you don’t already have a Matter controller or a Thread border router in whatever home ecosystem you are in. HomeKit users won’t care about this because if you have a HomePod or a recent AppleTV, you get Matter and Thread support in those devices. Which is why I won’t be testing that functionality as I review this product. On top of that, Aqara says that only a handful of Matter-compatible lights, switches, and thermostats are officially supported. And from what I can figure out, the same appears to be true for Thread devices. So that might limit the use cases that this hub can be used in. But having said that, if you do have devices that this hub supports, or Aqara broadens the support for Matter and Thread devices, this could be the “one hub to rule them all” as all your smart home devices could be run through this hub. The IR blaster could be useful for controlling non “smart” devices. But my use case doesn’t include any such devices. So I didn’t test that either.
Now let’s look at the Aqara Hub M3 hub:
If you compare this to the Aqara M1S Hub for example, it looks way better. Because it is a black square it doesn’t stand out. And the big ring light that was present in the M1S is gone in favour of a single LED on the front. Also included are a mounting bracket and a USB-C to USB-A cable. Not pictured are a set of screws for the mounting bracket as well as documentation.
One cool thing is that this can be powered by USB-C or by PoE. Which means in the case of the latter a single ethernet cable can supply data as well as power for a clean setup. Unless you use USB-C as that requires you to bring your own power adapter to the party. That’s a bit of a #Fail. But if you have a UPS that supports USB, you could power it that way I suppose.
Setting this up was….. Problematic. You need the Aqara app to start the setup process. That went well and guided me through getting the device into the app and updating the firmware. But things went off the rails when I tried to use the Aqara app’s ability to migrate from one hub to another. By migration I mean that if you have an old Aqara hub with a bunch of devices and automations, it will move those over to the M3. In my case, I wanted to move a door sensor with related automations over to the M3. But I tried twice and waited 10 minutes before it failed each time. I then started to troubleshoot by rebooting the M3 hub. At that point, I was prompted for a firmware update in the Aqara app that I promptly did. Why it didn’t prompt me to update to that firmware when I first set the hub up I don’t know. But after I did that the migration process worked and took only a minute. After doing some quick testing, I found that everything worked fine. Though it didn’t “feel” any faster than the M1S that it was replacing.
Next up was to delete the old hub from the Home app, which was painless, and add the new M3, which again didn’t go to plan. There is a HomeKit barcode on the back of the hub, and I tried to use that to add the M3 hub via the Home app on my iPhone.
#Fail.
Next up I tried to use the Aqara app to add the M3 hub to HomeKit.
#Fail.
I rebooted the hub and added it via the HomeKit barcode.
#Success
The other thing that I had to do is to add back all the notifications for things like doors opening and closing in HomeKit, along with setting up my HomeKit scenes to include the M3 as that understandably isn’t part of the migration process.
Total time invested: 45 Minutes
Given that this is supposed to be a consumer device, which means that it should be easy to set up to make sure that said consumers don’t flood a tech support line looking for help, these sorts of glitches and oddities should be the exception and not the rule. But in this case, they seem to be the rule. Which is of course bad.
Some other notes:
The M3 features 8GB of encrypted local storage for device lists, configuration parameters and automation data. Which means that if you have no Internet connection, your automations should still work.
The M3 claims to have a 95dB speaker, but in my testing, I could only register a max of 87dB. But that’s useful enough for an alarm system, which is how I am using this.
You can set the M3 up with one or more Aqara hubs to create a more resilient and efficient setup. In other words if one fails, another can take over.
From a WiFi perspective, it supports 2.4 GHz and 5 GHz bands. I set the hub up on the latter to take one more device off of the 2.4 GHz band as I want to have as few devices on 2.4 GHz as possible on my WiFi network.
Here’s the bottom line. With all the glitches that I came across, it makes the Aqara Hub M3 a bit difficult to recommend. If Aqara can sort out these issues, that would likely make it a worthy upgrade for existing Aqara owners. For new owners, the M3 is only worth looking at if you need a Matter controller or a Thread border router. That won’t be the case for HomeKit users. But for other home ecosystems, it is worth looking at as long as you have Thread or Matter devices that the hub plays nice with. This hub goes for $169 CAD on Amazon. It’s worth a look if you have a use case for this hub, and you’re willing to deal with the bugs and oddities that seem to be part of the deal at the time of writing this review.
CISA Issues Warning About Iranian Sponsored Threat Actor “Fox Kitten”
Posted in Commentary with tags CISA on September 3, 2024 by itnerdThe CISA have put out an advisory on Iran-linked threat actors known as Fox Kitten who are using their exploits for both government espionage and commercial ransomware operations:
This advisory outlines activity by a specific group of Iranian cyber actors that has conducted a high volume of computer network intrusion attempts against U.S. organizations since 2017 and as recently as August Compromised organizations include U.S.-based schools, municipal governments, financial institutions, and healthcare facilities. This group is known in the private sector by the names Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm. The actors also refer to themselves by the moniker Br0k3r, and as of 2024, they have been operating under the moniker “xplfinder” in their channels. FBI analysis and investigation indicate the group’s activity is consistent with a cyber actor with Iranian state-sponsorship.
The FBI previously observed these actors attempt to monetize their access to victim organizations on cyber marketplaces. A significant percentage of the group’s US-focused cyber activity is in furtherance of obtaining and maintaining technical access to victim networks to enable future ransomware attacks. The actors offer full domain control privileges, as well as domain admin credentials, to numerous networks worldwide. More recently, the FBI identified these actors collaborating directly with ransomware affiliates to enable encryption operations in exchange for a percentage of the ransom payments.
Adam Maruyama, Field CTO of Garrison Technology had this to say:
“CISA’s recent advisory regarding the joint governmental espionage and commercial ransomware activities of Iran-linked cyber group Fox Kitten shows how groups with the capabilities to attack some of the world’s most hardened networks are turning those capabilities to the broader commercial space. Increasing pressure from Fox Kitten and similarly equipped actors against commercial companies, particularly in non-regulated sectors, raises the stakes significantly in their fight against ransomware and other network intrusions.
“To put it simply, the architecture and technologies commercial companies use to detect and respond to low-to-moderate sophistication cyber attacks lacks the ability to effectively prevent and deter highly sophisticated cyber criminals and nation-state actors.
“If the trend of blurred lines between nation-state and criminal actors continues, commercial entities will need to augment their defenses by using defense-grade, high-assurance technology that aims to prevent, rather than detect, malicious activity using techniques like hardware-enforced isolation/access and content disarm and reconstruction (CDR). Unlike most commercial cybersecurity solutions, which analyze content and determines whether it’s malicious or not, these technologies treat all content as potentially malicious and use innovative methods to recreate safe, inert versions before content enters an organization’s systems.”
This is a great example of “good enough” security not being nearly “good enough” and nation-state exploits being used against a broader target set. Thus organizations need to shift their thinking and defence strategies to not be the next victim of these groups.
Leave a comment »