Archive for October 9, 2024

AHEAD Achieves AWS Healthcare Competency Status

Posted in Commentary with tags on October 9, 2024 by itnerd

AHEAD, an AWS Premier Tier Services Partner and leading national provider of cloud, data and digital engineering solutions, announced today that it has achieved the Amazon Web Services (AWS) Healthcare Competency.

Achieving this competency differentiates AHEAD as an AWS Partner that provides specialized services that help healthcare organizations adopt, develop and deploy complex projects on AWS. To receive the designation, AWS Partner Network (APN) members must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AHEAD has developed a comprehensive approach that empowers healthcare providers to accelerate digital initiatives, streamline operations, improve data accessibility and deliver more effective and personalized care.

AHEAD offers solutions within electronic health record (EHR) modernization, including Epic migration, and EHR-integrated imaging accessibility. By leveraging AHEAD’s Data & AI solutions, healthcare organizations can make data-driven decisions that directly impact patient care. AHEAD secures healthcare organizations through the construction of scalable, multi-site networks that adhere to AWS best practices and comply with HIPAA, HITRUST and NIST.

AWS is enabling scalable, flexible and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise.

For more information on AHEAD’s partnership with AWS, visit https://ahead.com/partner/aws/.

Leave a comment »

Palo Alto Expedition: From N-Day to ATO, Full Compromise Says Horizon3.ai

Posted in Commentary with tags on October 9, 2024 by itnerd

Horizon3.ai Chief Attack Engineer Zach Hanley has just published “Palo Alto Expedition: From N-Day to Full Compromise.”

 Zach notes: “On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as:

The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks. By using Expedition, everyone can convert a configuration from Checkpoint, Cisco, or any other vendor to a PAN-OS and give you more time to improve the results.

“Further reading the documentation, it became clear that this application might have more attacker value than initially expected. The Expedition application is deployed on Ubuntu server, interacted with via a web service, and users remotely integrate vendor devices by adding each system’s credentials.”

Today’s blog details finding CVE-2024-5910, and also how Zach and his team discovered three additional vulnerabilities which they reported to Palo Alto:

  • CVE-2024-9464: Authenticated Command Injection
  • CVE-2024-9465: Unauthenticated SQL Injection
  • CVE-2024-9466: Cleartext Credentials in Logs

The blog post also includes indicators of compromise (IoCs) for the vulnerabilities.

Horizon3.ai adheres strictly to responsible disclosure of its research, and the disclosure timeline is noted in today’s blog, which you can read here.

Leave a comment »

Nikon Releases New STABILIZED Binoculars Series

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, Nikon Canada Inc. announced the release of the new STABILIZED binocular series with two new models that feature a compact, portable design while incorporating an original STABILIZED function to provide a clear and stable image. This original stabilization system1 in the new 10x and 12x models reduces vibrations caused by hand movement by approx. 80%, letting users view distant objects such as birds and other wildlife, sporting events, concerts and landmarks clearly and comfortably.

These new STABILIZED binoculars weigh only 13.9 oz (STABILIZED 12×25 S model), making it comfortable and easy to track and view subjects for long periods with minimal fatigue of the eyes or arms. For extended viewing, they are powered by 2xAA batteries, providing up to an impressive 12 hours of battery life. 

Primary features of the Nikon STABILIZED Binocular Series:

  • Stylish, compact and comfortable design is extremely small and lightweight, while also having the ability to fold for maximum portability and easy packing.
  • Uses 2x convenient and readily available AA-size batteries, for approx. 12 hours of battery life
  • STABILIZED Technology reduces vibrations caused by hand movement by approx. 80%, making it easy to track and view subjects.
  • Bright and clear field of view, with a Multilayer Coating applied to all lenses and prisms while high-reflectivity silver-alloy mirror coating is applied on the reflective surface of the auxiliary prism for maximum brightness. 
  • Auto-power shut-off function prevents unnecessary battery consumption if left powered on. This function is engaged after approximately 60 minutes, letting the user focus on the view, while minimizing the need to press a button repeatedly to activate the stabilization. 
  • Ergonomic design fits comfortably in the hand, with a large focusing ring that enables quick focusing. 
  • Turn-and-slide rubber eyecups with multi-click facilitate easy positioning of the eyes at the correct eyepoint.

Price and Availability
The new Nikon STABILIZED 10×25 S and STABILIZED 12×25 S models will be available starting in early November, with an MSRP of $849.95 and $859.95 respectively.  For more information about Nikon Sport optics and other models, please visit www.nikon.ca

Leave a comment »

North Korean Hackers Target Tech Job Seekers in New Malware Campaign

Posted in Commentary with tags on October 9, 2024 by itnerd

Unit 42’s latest research was published today on a North Korean cyber campaign targeting tech job seekers. The campaign, known as CL-STA-240 Contagious Interview, involves fake recruiters on platforms like LinkedIn, tricking users into malware infections that steal sensitive data such as, browser passwords and cryptocurrency wallets. Since its initial report in November 2023, Unit 42 has continued to monitor new online activity and code updates to two pieces of malware tied to the campaign. 

Highlights include: 

  • New malware variant, BeaverTail, targets both macOS and Windows, capable of stealing data and cryptocurrency from 13 different wallets
  • Social Engineering: Attackers pose as recruiters on platforms like LinkedIn and set up fake interviews, convincing victims to download malware disguised as legitimate software like MiroTalk and FreeConference 
  • InvisibleFerret Backdoor: Written in Python, this malware now includes new features like downloading additional remote-control software (AnyDesk) and stealing browser credentials and credit card information 
  • Financial Motive: North Korea threat actors likely have a financial motive given the malware’s focus on stealing cryptocurrency from a growing number of wallets

You can read the research here.

Leave a comment »

New Report From BforeAI Highlights Growing Threat On US Banking Industry

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, BforeAI released the firm’s latest report, “Financial Domain Spoofing Trends of 2024, ” highlighting the growing concern on targeted spoofing and impersonation attacks using high-profile financial organization’s brands, such as BVA, HSBC, and PayPal, as a vector for malicious activity. 

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing. The industry is becoming more of a persistent threat and phishing tactics are becoming increasingly advanced due to AI.

Researchers at BforeAI analyzed 62,074 domains with finance-related keywords. 62% of those observed domains were involved in phishing attacks targeting legitimate institutions through spoofing websites. 

You can read the full report here: https://bfore.ai/financial-domain-spoofing-trends-of-2024/

Leave a comment »

CIRA and Commissionaires join forces to close cybersecurity gaps for Canadian small businesses

Posted in Commentary with tags on October 9, 2024 by itnerd

As malicious actors wreak havoc on organizations of all sizes across the country, Canadian businesses are struggling to improve their cybersecurity posture leading to an increased risk of losing customers. Today, CIRA and Commissionaires announce a partnership that will help make cybersecurity training and protection readily available to small businesses regardless of their budget so they can keep their data, networks and customers safe.

With over 120 years of combined expertise in physical and online security, and a common goal to keep Canadians safe, both not-for-profit organizations have been working together to offer affordable, easy-to-deploy cybersecurity solutions tailored to the Canadian market to a wider range of businesses.

Commissionaires, Canada’s largest private sector employer of veterans and the only national not-for-profit security company, is responding to the increased sophistication and frequency of human engineering attacks by reinforcing businesses’ human cybersecurity layer: employees. This ensures employees receive the regular training they need to stay engaged while teaching them to view digital content critically.

This partnership with CIRA will kick off with two flagship solutions:

  • CIRA Cybersecurity Awareness Training: designed to reduce human cybersecurity risks, this all-in-one platform leverages end-user gamification to include Canadian stories, privacy laws and institutions while providing risk assessment tools and bilingual courses. Over 200,000 Canadians at more than 400 organizations already trust the platform to affect positive behavioural changes.
  • CIRA DNS Firewall: the cost-effective, low-maintenance layer of protection analyzes the DNS traffic of enterprises while also blocking users’ devices and applications from accessing malicious domains, preventing phishing attacks and stopping malware in its tracks. Located in Canadian data centres and peered to Canadian internet exchange points, CIRA DNS Firewall is powered by world-class threat intelligence. 

By leveraging CIRA’s solutions, Commissionaires plans to train thousands of Canadian workers on good security hygiene starting later this month and hopes to reach many more in the coming years.

CIRA and Commissionaires will attend the Colloque Cybersécurité et protection des données personnelles in Québec City on October 10 to discuss the partnership with local ministries, public, parapublic and private organizations.

Additional resources

Leave a comment »

BEWARE: Bell Scammers Are Becoming More Sophisticated

Posted in Commentary with tags on October 9, 2024 by itnerd

Now I’ve been posting about threat actors running a number of scams where the threat actors pretend to be Bell Canada in order to advance the scam. Here’s a list of scams that I have come across:

These scams were easy to spot. But I am not receiving Intel that they’ve gotten a lot harder to spot. I have been informed by a number of readers that the threat actors are now spoofing the phone numbers that show up on your caller ID screen and are typically associated with Bell. Specifically the following numbers:

  • 1-866-310-2555
  • 1-866-667-0123

The threat actors are doing this because in the past they were using random local numbers to try and carry out the scam. That made the scammers easy to spot because the real Bell Canada would not use random phone numbers. So I am guessing that they are doing this because what they were doing before wasn’t working. Or at least not to the scale that they were hoping.

Based on this, I am going to double down on the advice that I gave you here:

Because I come to the rescue of people who come in contact with scammers on a regular basis, I can say that trusting your instincts is one of the best things that you can do to protect you from being a victim of a scam. If you get the sense that something is wrong, go with it because you’re likely right. And trusting your instincts can save you from a very bad situation. On top of that, if you get a call from someone claiming to be from Bell, and what you hear doesn’t sound right, hang up and call Bell directly at 310-Bell. Finally, this advice doesn’t just apply to Bell, but to any situation that you might find yourself in where you get contacted out of the blue by someone claiming to have some great deal for you, or wanting to take some course of action that doesn’t sound right.

I am continuing to track this and other Bell related scams that are out there. Along with scams related to Rogers and TELUS. And when I get hard facts, I will post them here so that you can stay safe.

Leave a comment »