Archive for September 4, 2024

No Shock Here… Twitter Is The Biggest Source For Election Disinformation

Posted in Commentary with tags on September 4, 2024 by itnerd

Seriously, this doesn’t come as a big shock to anyone who has been watching the downfall of the toxic mess that is Twitter which is of course owned by that not so fine person Elon Musk. Mother Jones is reporting that Elon seems to be okay with Twitter being the biggest source of election disinformation:

Elon Musk is not just the Trump-supporting owner of the social media platform X, formerly known as Twitter. It turns out he is also one of the platform’s biggest peddlers of election-related disinformation, according to a new report published Thursday by the Center for Countering Digital Hate.

The report from CCDH, a nonprofit organization focused on protecting civil liberties and holding social media companies accountable, found that 50 false or misleading posts shared by Musk on X between January 1 and July 31 of this year racked up a staggering 1.2 billion views. The group categorized the posts under three main themes: false claims that Democrats are “importing voters” through illegal immigration (the bulk of the content that researchers examined); false claims that voting is vulnerable to fraud; and a manipulated video, also known as a deepfake, of Vice President Kamala Harris.

According to the report, while independent fact-checkers found the content in all of those 50 posts shared by Musk to be false or misleading, none of the posts in question contained a “community note,” X’s user-generated fact-checking systemthat the company promise’s can contextualize “potentially misleading posts.” Just this week, Musk claimed in a post on X that community notes offer “a clear and immediate way to refute anything false in the replies,” adding, “the same is not true for legacy media who lie relentlessly, but there is no way to counter their propaganda.”

This is simply one more data point proving that Elon Musk isn’t trying to promote free speech. He’s instead trying to promote a specific agenda at any cost. Thus if you’re still on Twitter, it’s time to get off the platform and go someplace else for your social media needs. Bluesky for example is getting a lot of signups from Brazil from what I hear. Mastodon is a good place to go as well. Because Twitter sure isn’t what it used to be.

Leave a comment »

Russian Hacking Group Targets iOS & Android Devices Says Google

Posted in Commentary with tags on September 4, 2024 by itnerd

There have been reports that recent exploit attacks on iOS and Android web browsers by Russian hacking group APT29, have been detected by Google:

The Google TAG report, authored by Clement Lecigne, and published on August 29, revealed that the exploits being deployed by the Russian state-sponsored APT29 hacking group were the same as those used by commercial spyware vendors in the past.

Observed by the Google and Mandiant security analysts between November 2023 and July 2024, the exploits formed part of what is known as a watering hole attack. This is pretty much what you would expect it to be: a cyberattack targeting victims by infecting a website or service that they would ordinarily use and trust. Just like predators who attack their prey by hiding near real watering holes for thirsty animals at their most vulnerable. “The use of watering hole attacks circumvents traditional web security controls like URL categorization filters,” Adam Maruyama, field chief technology officer at Garrison Technology said, “because the owner of the site and the human-readable content hosted there are legitimate, leaving only a few layers of protection between the end user’s device and the malicious webcode.” The threat becoming even more acute on mobile devices, Maruyama continued, “where few users have endpoint protection products to stop even known exploits, leaving unpatched devices vulnerable.”

The prey in these particular attacks were Mongolian government websites, although the same tactic would apply to any targeted victim. State-sponsored groups such as APT29 tend to go for big game, as it were, being commercial and government organizations that benefit their paymasters most. The common denominator was that the victims were using the Safari browser on older versions of iOS (those before 16.6.1) initially and then Android users running the m121 to m123 versions of the Chrome browser. It should be noted that fixes had already been made available for the vulnerabilities exploited in these attacks, but users who were using unpatched versions were at risk.

Alan Bavosa, VP of Security Products at Appdome had this comment:

“While the APT29 group attack is focused on mobile browsers, the real targets ultimately are the Android and iOS apps running on unprotected end-user devices. To counter such threats, comprehensive mobile app protection is vital. App developers need to protect their apps and mobile end users from these and other attacks, using basic mobile app security protections as well as protections against new, sophisticated attacks, such as accessibility malware and social engineering attacks.”

“The nature of today’s mobile attack landscape means that it is difficult, if not impossible, for mobile end users to protect themselves.”

“Consumers are holding mobile brands accountable for mobile app defense. In order for mobile developers to keep up, they must implement automated mobile app defense systems to combat today’s increasingly sophisticated cyber threats rather than using SDKs or protecting their apps from scratch.”

This is a wakeup call for consumers and brands on how vulnerable the little rectangles we carry around with us everywhere we go really are. Thus updates need to be issued and applied and app companies need to make sure that their apps are secure.

Leave a comment »

The August BlackFog State of Ransomware Report Is Out

Posted in Commentary with tags on September 4, 2024 by itnerd

BlackFog has today released the State of Ransomware report for August 2024.Additionally, Darren Williams, CEO and Founder, BlackFog, has provided his thoughts on the state of ransomware in August, below:

     “August witnessed the 3rd highest number of attacks for the year with 63 publicly disclosed attacks, already surpassing the total number of attacks in 2020, 2021 and 2022. It also represents the second highest number of undisclosed attacks of the year with 464, with a ratio of 737% undisclosed to disclosed attacks.

From a sector perspective Healthcare had the biggest increase this month with 20%, or 16 verified attacks. This makes Healthcare the most targeted sector by a significant margin, followed by Government and Education, which saw only modest increases of 10% and 12% respectively.

In terms of variants, this month we saw RansomHub, a new entrant rocket to 7.9% of all attacks, followed by Medusa and Rhysida at 7.6% and 6.0% respectively. While LockBit still maintains its lead with 18.4% of all attacks, we only saw one confirmed attack this month.

A similar trend was observed in unreported attacks with RansomHub commanding 8.4% of attacks.

Lastly, we saw data exfiltration rates to China increase significantly to 20% this month (an increase of 4%) and Russia stable at 6%, with 93% of all attacks involving data exfiltration.”

BlackFog State of Ransomware Report August 2024: https://privacy.blackfog.com/wp-content/uploads/2024/09/BlackFogRansomwareReport-Aug-2024.pdf

Leave a comment »

TrustGrid Brings End-to-End Decentralized Digital Ecosystem Solution to Department of Air Force

Posted in Commentary with tags on September 4, 2024 by itnerd

TrustGrid, an established leader in decentralized digital ecosystem solutions, has been selected by AFWERX for a Direct-to-Phase II contract focused on decentralized digital identity and communications to address the most pressing challenges in the Department of the Air Force (DAF). The Air Force Research Laboratory and AFWERX have partnered to streamline the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) process by accelerating the small business experience through faster proposal to award timelines, changing the pool of potential applicants by expanding opportunities to small business and eliminating bureaucratic overhead by continually implementing process improvement changes in contract execution. The DAF began offering the Open Topic SBIR/STTR program in 2018 which expanded the range of innovations the DAF funded. TrustGrid will start its journey to create and provide innovative capabilities that will strengthen the national defense of the United States of America.

About TrustGrid

TrustGrid enables government entities, enterprises, organizations, and individuals alike to create secure digital ecosystems anywhere in the world with sovereign control of data and maximized privacy. Leveraging industry standards for Decentralized Identity (DID), Verified Credentials (VC), and Web3 capabilities, TrustGrid’s decentralized ecosystem simplifies and secures the management of shared information and peer-to-peer communications and transactions. TrustGrid delivers superior confidentiality, enabling access to and use of critical data while maintaining the privacy and security of individuals and organizational data. For further information about TrustGrid and their digital identity solution, please visit www.trustgrid.com.

About AFRL

The Air Force Research Laboratory is the primary scientific research and development center for the Department of the Air Force. AFRL plays an integral role in leading the discovery, development, and integration of affordable warfighting technologies for our air, space and cyberspace force. With a workforce of more than 12,500 across nine technology areas and 40 other operations across the globe, AFRL provides a diverse portfolio of science and technology ranging from fundamental to advanced research and technology development. For more information, visit www.afresearchlab.com.  

About AFWERX

As the innovation arm of the DAF and a directorate within the Air Force Research Laboratory, AFWERX brings cutting-edge American ingenuity from small businesses and start-ups to address the most pressing challenges of the DAF. AFWERX employs approximately 370 military, civilian and contractor personnel at five hubs and sites executing an annual $1.4 billion budget. Since 2019, AFWERX has executed over 6,100 new contracts worth more than $4 billion to strengthen the U.S. defense industrial base and drive faster technology transition to operational capability. For more information, visit: www.afwerx.com.  

Leave a comment »

Starlink Will Now Block Twitter In Brazil…. Or So They Say

Posted in Commentary with tags on September 4, 2024 by itnerd

Well this didn’t take long.

After I posted a story that detailed the fact that Elon Musk owned Starlink wasn’t blocking Twitter which is also owned by Elon Musk in Brazil as per the Brazilian courts, they have flipped flopped and are now blocking Twitter in Brazil:

“Regardless of the illegal treatment of Starlink in freezing of our assets, we are complying with the order to block access to X in Brazil,” Starlink, which has more than 200,000 customers in the Latin American nation, said in a post on X.

This is one of these times where I will default to being skeptical. Starlink is blocking Twitter for now, but at some point Elon’s going to get ticked off and demand that they undo that because of his rather perverse version of free speech that he is a fanboy of. Then it’s all going to kick off with the Brazilians. And I strongly suspect that Elon will come out on the losing end when that happens.

I’ll go get the popcorn ready.

Leave a comment »

CBIZ Pwned…. And It’s Really Bad

Posted in Commentary with tags on September 4, 2024 by itnerd

Professional services giant CBIZ Benefits & Insurance Services (CBIZ), a management consulting company specializing in tax, financial, benefits, HR services and insurance services, has confirmed a data breach in which a threat actor accessed client information in certain data bases by exploiting a vulnerability in a CBIZ web page. CBIZ has 120 U.S. offices employing 6,700 people, with $1.59 billion in revenue in 2023:

On June 24, 2024, CBIZ learned that an unauthorized party may have acquired information from certain databases. CBIZ promptly launched an investigation with the assistance of cybersecurity professionals. CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages, and acquired information from certain databases between June 2, 2024 and June 21, 2024. 

CBIZ conducted a review of the data acquired and determined that individuals associated with multiple CBIZ clients were impacted by the incident. Beginning on July 24, 2024, CBIZ began notifying its clients of the incident and the data involved for each client. The information varied by CBIZ client and included information related to retiree health and welfare plans which, depending on the individual, may have included their name, contact information, Social Security number, date of birth, and/or date of death. 

On August 28, 2024, CBIZ began mailing letters with information about the incident to individuals on behalf of CBIZ’s clients. CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security number was involved.

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

    A seemingly harmless vulnerability in a public-facing website – that has access to downstream databases – can be the enabler of data breaches. Critical vulnerabilities like remote code execution and/or arbitrary code execution in web applications can enable these sorts of outcomes. Improper input sanitization would also be high on the list of being a likely culprit. 

Evan Dornbush, former NSA cybersecurity expert follows with this:

   The lack of transparency surrounding the CBIZ data breach is alarming.

Despite the mandatory SEC 8-K filing for material events, it appears that CBIZ has yet to disclose this significant incident. The company’s silence on the technical details of the vulnerability not only fails to help the community understand and take action but also undermines trust at a time when cybersecurity initiatives like CISA KEV are gaining prominence. As concerns grow, there are already law firms soliciting potential plaintiffs for a suit against CBIZ.

This is all sorts of problematic, which honestly requires the relevant authorities to investigate further as the lack of transparency along with the sorts of data that were swiped make me wonder if there’s more to this than we know.

Leave a comment »