RunSafe Security, a leader in immunizing software from cyberattacks through a patented, frictionless process, today announced the release of the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying software components and related vulnerabilities. This powerful, comprehensive solution includes the authoritative, build-time C/C++ SBOM generation for embedded systems and enhances a system’s resiliency by automating the remediation of memory safety vulnerabilities in compiled code.
Software supply chain transparency can reduce risks and build trust. With regulations such as the Cyber Resiliency Act and the FD&C Act, building and including SBOMs is quickly becoming a business must. These requirements are driven by software supply chain security concerns, which underscores the critical need for SBOMs to identify risks and stay ahead of potential threats.
Leading global software organizations, including Lockheed Martin, Vertiv, and Critical Software, already use the RunSafe Security Platform. “RunSafe’s platform is timely given the new EU Cyber Resilience Act’s product liability,” says Critical Software CEO Joao Carreira. “Not only can organizations generate a complete SBOM, they can immediately mitigate vulnerabilities and future-proof against zero days using automated tools freeing developers to focus on new feature development.”
Powered by 400-plus vulnerability data sources, the RunSafe Security Platform delivers comprehensive cybersecurity solutions for embedded systems deployed across critical infrastructure. By generating an SBOM with complete visibility into software components, the platform reveals software dependencies, identifies vulnerabilities and quantifies risks. Organizations are provided with actionable insights to reduce exploit paths and enhance their security posture using automated tools throughout the development lifecycle.
Key capabilities and benefits include:
RunSafe Identify generates SBOMs for embedded systems at software build time, identifies software vulnerabilities, and quantifies available risk reduction technologies for those vulnerabilities. By offering insights into software components, vulnerabilities, and effective mitigation strategies, RunSafe empowers organizations to enhance their software’s resilience against evolving cyber threats.
RunSafe Protect mitigates cyber exploits by relocating software functions in memory every time the software is run. This results in a unique memory layout to prevent attackers from exploiting memory-based vulnerabilities. This approach maintains system performance and functionality without modifying the original software. RunSafe also offers a repository of pre-hardened open-source packages and containers, providing immediate protection against attacks in open-source software commonly used in proprietary software.
RunSafe Monitor provides real-time crash data and heuristics to determine whether a crash was a software bug or the result of a cyber attack. This capability enables precise triage, minimizing time and effort wasted on false positives. RunSafe’s passive monitoring listens for software crashes, collecting data on stability, reliability, and potential vulnerabilities. When a crash occurs, this data is swiftly directed to incident response teams for accurate and efficient triage, enhancing overall software security and resilience.
Posted in Commentary with tags Hacked on December 17, 2024 by itnerd
Rhode Island officials have revealed that hundreds of thousands of residents’ personal and financial information was likely stolen in a ransomware attack on the state’s government assistance programs. The breached data affects people who have applied for or received benefits since 2016 such as Medicaid, SNAP benefits, TANF, Childcare Assistance, long-term services and supports, HealthSource RI and other benefits. Data involved may include names, addresses, dates of births, social Security numbers and certain banking information.
The online benefits platform, RIBridges, was taken offline on Friday, after the state was informed that there was a major security threat to the system. Applications are being processed on paper until the issue is remediated.
“Ransomware continues to plague many organizations and the strategies of protection against ransomware threat actors continually evolves. A keen focus on endpoint prevention, micro segmentation along with protection and isolation of Identity systems is key to reducing the impact of ransomware threats.”
As we come to the end of the year, I fully expect to see more situations like this where governments are targeted. That’s not good and it means that defenders should act accordingly.
Posted in Commentary with tags Equifax on December 17, 2024 by itnerd
Equifax Canada is excited to announce the successful completion of a multi-year cloud transformation of all customer products and platforms onto the Equifax CloudTM. This ambitious move allows Equifax Canada to help customers and partners leverage unique, proprietary Equifax data and patented EFX.AI capabilities to help them solve their business challenges, manage risk, and grow their business.
The Equifax Cloud is a top-tier global technology and security infrastructure backed by a more than $1.5 billion multi-year investment. It has changed nearly every aspect of the Equifax infrastructure and is one of the largest Cloud initiatives ever undertaken in the financial services industry. Today, Canada’s largest consumer credit bureau, and the largest commercial credit bureau are operating on The Equifax Cloud, delivering a new agile foundation of improved speed, security and resiliency, and more powerful insights than ever before.
Equifax partnered with Google Cloud in 2019 for this transformation and received three consecutive Google Cloud Financial Services Customer Awards for demonstrating innovative thinking, technical excellence and transformation execution.
Abstract Security announced today that it has partnered with Analytica42 to help organizations easily integrate their data sources with Google SecOps platform for analytics and storage. With the new integration, Abstract Security makes it easier for customers to migrate to Google SecOps through its pipeline management features which eases the burden of data management and routes quality data to the platform.
Abstract provides over 100 integrations for data sources with industry-leading vendors out of the box, in addition to threat intel feeds and its own in-house ASTRO threat feed. This comprehensive ecosystem enables customers to blend their unique security data with valuable threat intelligence and insights, significantly enhancing their overall security posture and enabling more informed decision-making. Further, Abstract offers customers a fully hosted solution on Google Cloud Platform or the flexibility to deploy into their own cloud environments, giving them complete control over their cybersecurity infrastructure.
Abstract’s security operations platform delivers analytics that quickly correlate data and delivers actionable insights at the business level, ensuring security teams can focus on what matters most. With Abstract’s data pipeline management tool, customers benefit from Abstract’s ability to decouple the data sources from data destinations and normalize the data in real time before it reaches a destination. Through this tool, Abstract removes dependency and makes data easily routable to any destination which saves time and money for data storage.
Abstract has chosen to work with Analytica42 as a global delivery partner to ensure that the transition to a new environment is seamless with as little disruption as possible.
Analytica42 offers many years of experience in the integration and migration of security tools to and from a wide range of SIEMs. This enables customers to unlock their SIEMs full potential, ensuring faster detection, quicker response times & more streamlined workflows. Rather than just simply adopting a one-size-fits-all approach, Analytica42 takes the time to understand the specific requirements, utilizing a comprehensive, pre-built library of use-cases alongside more bespoke solutions to minimize false positives & ensure you have full visibility across your security landscape.
Posted in Commentary with tags HP on December 16, 2024 by itnerd
As cloud workspaces and AI-driven digital transformation continue to accelerate, the need for secure, simple endpoints to drive mission-critical work has never been greater – especially for those working in government, finance, healthcare, retail, and media sectors.
Today, HP introduced the HP Elite t660 Thin Client designed to meet these needs and deliver unmatched security, manageability, and power. As the world’s most secure desktop thin client PC, the Elite t660 is equipped with HP’s exclusive HP Wolf Security platform to protect from threats while also simplifying cloud client management – all while delivering 58% more powerful performance gen-over-gen.
Standout experiences & features include:
Upleveled endpoint security and resiliency: As the first desktop thin client with HP Wolf Security, the Elite t660 integrates security from the ground up to protect against attacks and threats with features like HP Sure Start, HP Sure Admin and HP Secure Erase – unlike other solutions that add third-party security on top of a weak foundation. Built on the HP Wolf Security platform, the new HP Wolf Cloud Endpoint Manager enables simplified cloud client management for administrators across devices and operating systems.
Future-proof productivity: From mission-critical applications to heavy multitasking, traders and federal workers never miss a beat with 13th Gen Intel® CoreTM Processors with five cores [i], up to 32GB of memory, and support for up to four 4K displays for enhanced workspace productivity. The Elite t660 is also HP’s first desktop thin client with 5K display support for maximized clarity when tackling media workflows.
Responsibly crafted: As part of the world’s most sustainable PC portfolio, the Elite t660 contains at least 50% post-consumer recycled plastics and the fanless 45W system design uses 30% less power consumption than a desktop. The device is EPEAT® Gold Registered and ENERGY STAR® Certified.
The Elite t660 is expected to be available on hp.com in March 2025. Pricing will be announced closer to availability.
Posted in Commentary with tags Hacked on December 16, 2024 by itnerd
Cybersecurity researcher Jeremiah Fowler uncovered an exposed database linked to Care1, a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care.
The breach exposed over 4.8 million records, including sensitive patient information such as exam results, personal identifying information (PII), doctor’s notes, home addresses, and Personal Health Numbers (PHNs). These records present serious privacy risks, potentially enabling identity theft or unauthorized access to healthcare services.
Posted in Commentary with tags Samsung on December 15, 2024 by itnerd
Finding the perfect holiday gift can be challenging, and gifting a gift card can feel impersonal.
If only there was a fun, free and sentimental gift you could give your loved ones…
Until December 22nd, Samsung Canada invites Canadians to discover the magic of the perfect holiday gift for their loved one at its cozy and creative Galaxy Gift Station at Toronto’s STACKT Market.
At this limited time pop-up, visitors will have the chance to:
Get cozy with a warm apple cider and create amazing art with the Galaxy Tab S10 Ultra, S Pen and Galaxy AI.
Select a giftable merch item (anything from a tote bag to a T-shirt, to an ornament, to a poster), onto which your unique work will be printed.
Bring to life your personalized holiday gift and take it home for your loved one to enjoy!
Plus, visitors will be able to get their hands on the Galaxy Z Flip6, create a custom holiday card, and enter a contest to win art made by Pony!
Now I did have a chance to head to STACKT to try and get into this event. But unfortunately the lines were an hour plus to get in. Thus you’ll have to settle with these pictures:
Posted in Commentary with tags Foxit on December 15, 2024 by itnerd
As we look toward 2025, marketing and technology are converging in transformative ways. Evan Reiss, VP, Head of Marketing at Foxit, has shared his bold predictions for the future of marketing. They are as follows:
“In 2025, I predict that over 70% of new marketing projects will include collaboration with IT. Marketing is now heavily focused on data, driven by event-level granularity and behavioral data points, and all successful marketing projects in 2025 will include a data component. I also expect to see the first AI agent applied to a company’s brand control and creative, managing social media posts and eventually the entire communication and voice strategy from end to end. These AI brand agents will use structured brand and creative data to maintain a consistent tone of voice and standard for the brand across all channels, including social media.
Additionally, I predict that 35% of brands will leverage Guardian AIs to manage their creative identity and ensure brand standards are upheld. These Guardian AIs will work alongside other AI systems to produce content that aligns with brand guidelines, and new marketing roles will emerge to manage these Guardian AIs across a brand’s portfolio.
Personalization will also shift towards AI-driven models that go beyond basic rule-based segmentation. AI will identify key customer touchpoints, informed by a customer’s journey leading up to that point, and manage personalized experiences tailored to each customer. As a result, advertising is about to get a lot easier and require fewer constraints for media buying teams.
Finally, I expect authenticity and transparency to become top priorities for 85% of brands in 2025. Brands are going to try harder than ever to be authentic because negative customer experiences and bad press will get picked up and exposed by AI models faster than previous years. AI will expose inauthentic businesses with poor ethical practices and put corporations at risk. Transparent, reliable brands will win in 2025.”
Posted in Commentary with tags Ford on December 14, 2024 by itnerd
Electric vehicles are growing in popularity. And Ford is in the game with the Mustang Mach-E. I got the Select trim level for a weekend with eAWD and the 91 kWH extended range battery to drive for a weekend and here’s a look at it:
It definitely has the looks of a Mustang. But it comes in the form of a four door hatchback which makes it way more useful. And that red colour is really cool looking if I may say so. There’s one thing that I am not a fan of from an external perspective:
To open the door you have to press the circle. The door will pop out and then you grab the handle to open it. Now I get why Ford did this as they are trying to get every last kilometre of range via having the Mach-E be as aero as possible. Plus, I can see a scenario where in winter the door is less likely to get stuck because of ice and snow. But my wife and pretty much anyone over the age of 40 who tried to get into the Mach-E had some degree of trouble opening the door because this style of door handle is not what people are used to. Now Ford isn’t the only company that makes an EV that does something like this with their door handles. Having said that, a traditional door handle that is perhaps more aero would be welcome.
My only other exterior gripe is the rear lift gate. When you open it, you get a decent amount of space as illustrated here:
You can also fold the rear seats in a 60/40 manner to get additional space. And all of that is good. But the bad part about the rear lift gate is that it’s manual on this trim level. And while I had no issues with it, my wife at 5′ 6″ couldn’t close it as the hatch opened slightly beyond her reach. If that’s a concern for you, you should go up to the Premium trim level which comes with a power lift gate. Speaking of storage:
The Mach-E has a frunk (front trunk) that is pretty deep and useful for storage.
Let’s move inside. The Mach-E is really roomy. With the drivers seat set up for me, I was able to sit behind myself in the back seat with no issue. There was decent leg room and great headroom. The only thing that I will put out there is the model that I had for the weekend didn’t have a sunroof. Thus I have to wonder if a sunroof will affect the headroom. Other things that I noted in the back seats:
You get a pair of USB-C ports to keep your phones and tablets charged.
You also get two cupholders that fold down for use if you don’t have three humans in the back seat. Which by the way should be three kids. I’m not entirely sure three full sized adults would be comfortable back here for a long drive.
Now let’s move to the front. And I am going to get my number one gripe out of the way up front:
This 15.5″ screen is extremely sharp and easy to read. There’s a dial to control the volume that is impossible to miss as well. Apple CarPlay (which is wireless by the way) looks amazing on this screen as well. But my issue with it is that the majority of the Mach-E’s controls are routed through the screen. While I appreciate the fact that HVAC controls are on the screen most of the time, I would have liked to see them as physical buttons as they are way easier to use. That’s because you’ll develop muscle memory when it comes to where they are, which means that you can turn on your seat heater easily while doing 100 KM/h on the highway. That’s harder to do with a screen. Again, Ford isn’t the only company who’s done something like this. But perhaps not routing everything through the screen would result in a better user experience.
The gripes end here. Let’s look at the parts of the interior that I did like:
The screen that acts as the instrument cluster is very sharp and readable. And what I like about is that when you are using Apple Maps, directions are replicated here. Thus you can keep your eyes on the road at all times.
I am in love with this steering wheel as it has all the controls that one needs to do anything from change the volume to adjust the cruise control easily.
Besides a USB-A port and an USB-C port, there’s a wireless charger on the left half of this pad.
The cupholders hold both my wife’s water bottle and my Starbucks Venti insulated travel mug. I point that out because not every car that I test holds that travel mug.
There’s centre console is deep and has a 12V outlet. You can open and close it via a sliding cover.
I will also note is that everything is well put together and feels like it is built really well. And I will point out that there is a lack of shiny hard plastic which will help to keep the car clean and upscale looking.
Now the hero feature of the Mustang Mach-E is BlueCruise which is Ford’s driver assistance system. What I will do is point you towards this review that I did of it a couple of days ago. But let me say that I really liked it and would consider getting it if I were buying this car.
Now onto the actual driving experience. Once I got used to the fact that this car is capable of doing 0 – 100 KM/h in 4.3 seconds, which means that pressing the accelerator too hard will make the Mach-E leap off the line, along with the brakes being grabby because of the regenerative function, I loved it. There’s zero issue passing anything or getting up to speed. The handling is refined and bumps in the road are eaten up by the suspension for the most part. There’s very little body roll even when the Mach-E is pushed. And in terms of noise, vibration and harshness, the only thing that I heard were the tires with a bit of the motors on acceleration. Ford has really done a great job making the Mach-E feel very upscale.
In terms of range, I can only estimate that due to the fact that I recharged the Mach-E when the battery hit 50% to 60%. But I saw numbers of total range between 350 KM and 400 KM of range which I attribute to the fact that I drove this in the cold. The car is rated to do 515 KM of range which is good for a road trip if you plan out where you charge and you have access to a DC fast charger, along with having a level 2 charger at home. The Mach-E can charge at a speed of 115 kWh which means that you could get a full charge in about an hour if you can find a DC fast charger that charges at that speed.
Here’s where the charge port is and its location made it easy for me to plug into a charger whenever I needed a charger. It’s a CCS port on this Mustang Mach-E. But future Mach-E models will move to having a NACS port which is the Tesla standard and have direct access to Tesla’s SuperCharger network. Existing owners with CCS ports will either get a NACS adapter or they can purchase one.
So would I get a Mustang Mach-E? Well, this is the only electric vehicle that I have reviewed, but I am walking away from this experience with positive vibes. So I would consider a Mach-E for sure. But I wouldn’t get this trim level. Instead I would get the Premium trim level as that has all the features that I think would be of value to most drivers who are in the market for an electric vehicle. This trim level starts $52,690. But the exact copy that I am driving which comes with the eAWD and the 91 kWH extended range battery is $65,790. And that’s before the $5000 rebate that the Canadian Federal Government is offering at the moment. If you’re in the market for an electric vehicle, the Mustang Mach-E has to be on your list. Ford has come up with a very compelling vehicle in this market that is worthy of your time and attention.
Here’s some 2025 Technology Predictions from Tim Golden, CEO of Compliance Scorecard, on trends in the governance, risk and compliance industry as it relates to MSPs.
Intensified Regulatory Enforcement and Fines Regulatory bodies are expected to increase enforcement of cybersecurity laws, such as CMMC and FTC 3.14, with a focus on stricter audits and leveraging mechanisms like whistleblowing. This will intensify scrutiny on compliance practices across the board. MSPs will face heightened risk of fines and legal actions if they fail to meet these regulatory demands, making proactive compliance a business-critical priority.
Increased Legal Accountability and Liability In 2025,evolving legal frameworks will place greater responsibility on MSPs for their clients’ cybersecurity, holding them liable for security breaches and compliance lapses. This heightened accountability is set to redefine service contracts and risk management strategies. MSPs without a thorough understanding of legal obligations may find themselves vulnerable to lawsuits and significant financial losses, emphasizing the need for legal expertise in their operations.
Resource Constraints Hindering Compliance Efforts The ongoing shortage of skilled cybersecurity professionals will exacerbate staffing challenges for MSPs, leaving teams stretched thin and under-resourced. This could hamper their ability to meet compliance demands effectively. Resource limitations may result in compliance gaps and heightened vulnerability to security breaches, making workforce development a pressing need for MSPs in 2025.
Over-Reliance on Tools Without Adequate Processes and Personnel MSPs will increasingly depend on tools to address compliance and cybersecurity challenges, often at the expense of establishing strong processes and trained personnel. This approach could prove counterproductive. Tools without robust processes and skilled management may lead to misconfigurations, overlooked risks, and a false sense of security, underscoring the importance of a balanced strategy involving people, processes, and technology.
RunSafe Security Launches New Software Supply Chain Security Platform
Posted in Commentary with tags RunSafe Security on December 17, 2024 by itnerdRunSafe Security, a leader in immunizing software from cyberattacks through a patented, frictionless process, today announced the release of the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying software components and related vulnerabilities. This powerful, comprehensive solution includes the authoritative, build-time C/C++ SBOM generation for embedded systems and enhances a system’s resiliency by automating the remediation of memory safety vulnerabilities in compiled code.
Software supply chain transparency can reduce risks and build trust. With regulations such as the Cyber Resiliency Act and the FD&C Act, building and including SBOMs is quickly becoming a business must. These requirements are driven by software supply chain security concerns, which underscores the critical need for SBOMs to identify risks and stay ahead of potential threats.
Leading global software organizations, including Lockheed Martin, Vertiv, and Critical Software, already use the RunSafe Security Platform. “RunSafe’s platform is timely given the new EU Cyber Resilience Act’s product liability,” says Critical Software CEO Joao Carreira. “Not only can organizations generate a complete SBOM, they can immediately mitigate vulnerabilities and future-proof against zero days using automated tools freeing developers to focus on new feature development.”
Powered by 400-plus vulnerability data sources, the RunSafe Security Platform delivers comprehensive cybersecurity solutions for embedded systems deployed across critical infrastructure. By generating an SBOM with complete visibility into software components, the platform reveals software dependencies, identifies vulnerabilities and quantifies risks. Organizations are provided with actionable insights to reduce exploit paths and enhance their security posture using automated tools throughout the development lifecycle.
Key capabilities and benefits include:
The RunSafe Security Platform will be generally available on December 16, 2024. To learn more, visit https://runsafesecurity.com/runsafe-platform/.
Leave a comment »