Author Archive

« Older Entries
Newer Entries »

Ticketmaster extortion attempts continue as hacker offers more concert ticket barcodes

Posted in Commentary with tags on July 9, 2024 by itnerd

A group of threat actors named Sp1d3rHunters who are claiming to have hacked Ticketmaster are claiming to be about to leak over 30K tickets for events after claiming to have leaked 170K tickets for Taylor Swift’s concerts.

Rogier Fischer, CEO, Hadrian had this to say:

The statement of Sp1d3rHunters and actions like release of barcodes for high-profile events and the publication of a YouTube guide for using the tickets gives the impression of hacktivism.

However, the activities of the hacker group against Ticketmaster, including the leaking of print-at-home tickets and demanding a ransom, suggest this is more aligned with cyber extortion, Rogier Fischer, CEO of Netherlands-based cybersecurity service Hadrian pointed out.”Hacktivism typically involves hacking activities aimed at promoting political agendas or social change, often without a direct financial motive.

In this case, the primary goal of Sp1d3rHunters appears to be financial gain, as shown by their $2 million ransom demand,” he said”

Additionally, the broader context of Sp1d3rHunters’ actions, including their association with ShinyHunters and the compromise of 560 million Ticketmaster customers’ data, underscores a pattern of financially motivated cybercrime.”

According to him, automating and updating the regular defences in the cybersecurity arsenal such as multi-factor authentication (MFA), penetration testing, attack surface management, and employee training will help stave off most attempts like these.

“Developing and updating an incident response plan is paramount here, along with ensuring all sensitive data is encrypted both in transit and at rest,” he added.

Ticketmaster has a ton of issues right now, including this one that I am personally affected by. Ticketmaster really needs to get a handle on their issues, or else they’re going to really going to have a tough time existing.

Leave a comment »

Horizon3.ai Celebrates Significant Growth and Innovations in First Half of 2024

Posted in Commentary with tags on July 9, 2024 by itnerd

Horizon3.ai marked the close of the first six months of 2024 with a celebration of the Company’s growth across all dimensions.

The Company’s award-winning NodeZero autonomous penetration testing platform empowers organizations to identify exploitable vulnerabilities across their internal, external, and cloud environments. It offers detailed guidance on prioritizing and addressing discovered security issues, and enables users to instantly verify the effectiveness of their fixes.

In the first half of 2024, the NodeZero platform has been enhanced with new features, services, and extensions, including:

Phishing Impact Testing: Provides an accurate assessment of the real-world consequences of compromised credentials within an organization. Business leaders often underestimate the threat posed by employees clicking on malicious links, which undermines security and burdens IT and security teams. The Phishing Impact test precisely identifies the “blast radius” of compromised credentials, demonstrating the potential consequences when attackers gain access to them.

Pentesting Services for Compliance: Meets both internal and external cyber risk assessment and pentesting requirements, aligning with government regulations, industry standards, new security frameworks, and security best practices. This service combines the expertise of Horizon3.ai’s Offensive Security Certified Professional (OSCP) pentesters with the power of NodeZero’s autonomous pentesting. The result is a streamlined, efficient approach to achieving and maintaining compliance.

Rapid Response Service for Cyber Resilience: Gives NodeZero users a strategic advantage with early, actionable intelligence to counteract emerging exploits targeting newly discovered and not yet widely addressed software vulnerabilities. The ability to swiftly identify and remediate emerging threats that pose a real risk to an organization is key to their cyber resilience. NodeZero users receive tailored intelligence on emerging vulnerabilities and can launch targeted tests to measure their exploitability.

Executive Team Expansion: Several executive-level appointments were made to support Horizon3.ai’s rapid growth as a leader in autonomous cybersecurity solutions. These include:

  • Matt Hartley as Chief Revenue Officer (CRO) – With over 20 years of sales and operations excellence, Matt has consistently built go-to-market (GTM) teams that achieve rapid scale and predictability across the revenue lifecycle. He is a growth-minded leader passionate about helping customers leverage technology to generate demonstrable business value.
  • Jill Passalacqua as Chief Legal Officer (CLO) – Jill’s legal expertise will be crucial in advising the company on key plans, guidelines, and compliance requirements. Known for her strategic legal approach to protecting and promoting companies’ interests, operations, and expansion, Jill’s appointment further bolsters Horizon3.ai’s status as a trustworthy and compliant cybersecurity provider.
  • Erick Dean as Vice President of Product Management – With over 20 years of product development experience, Erick has consistently developed effective product strategies and fostered growth in both startups and large organizations. Dean will specialize in assembling and guiding a high-performance team across product management and UX design to further accelerate the capabilities of NodeZero.
  • Drew Mullen as Vice President of Revenue Operations – With a proven track record in driving revenue growth, optimizing resource allocation, and enhancing sales performance, Drew effectively supports go-to-market strategies and operations throughout the entire customer lifecycle, from demand generation through customer acquisition and ongoing engagement.
  • Torie Runzel as Vice President of People – Torie brings extensive experience in developing strong and successful teams through structures, culture, and programs that attract, retain, and develop top talent. She focuses on recruitment, team alignment, professional and organizational development, performance management, and total rewards.

Awards and Recognitions: Horizon3.ai received several prestigious industry recognitions and honors during the first half of 2024, including:

  • Inclusion in the CRN®2024 Partner Program Guide
  • Govies Award from Security Today Magazine for Autonomous Penetration Testing
  • 2024 Cybersecurity Excellence Awards for Autonomous Penetration Testing
  • Cloud Security Awards for Best Vulnerability Assessment Solution
  • ChannelVision’s Visionary Spotlight Award for Top Innovation
  • ChannelVision’s Visionary Spotlight Award for Cybersecurity
  • AI Global Excellence Award for Best Computer & Network Security Firm 2024
  • Rising in Cyber Award for Top 30 Mid Stage Startups in Cybersecurity
  • Intellyx Digital Innovator Award

Industry Research Contributions: Horizon3.ai’s expert threat researchers conduct deep-level vulnerability research, develop proofs of concept exploits, and provide indicators of compromise that enable organizations to vastly improve their cybersecurity initiatives. The following research was published in the first half of 2024.

Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces – June 14, 2024
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution – June 12, 2024
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X – June 4, 2024
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive – May 28, 2024
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive – May 20, 2024
CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive – March 21, 2024
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” – March 14, 2024
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To – March 11, 2024
CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive – March 6, 2024
ConnectWise ScreenConnect: Authentication Bypass Deep Dive – February 21, 2024
Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities – February 6, 2024
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability – January 29, 2024
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive – January 23, 2024
Analysis of CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE – January 12, 2024
Analysis of CVE-2023-39143: PaperCut WebDAV Vulnerability – January 12, 2024

Leave a comment »

Mission Cloud Gateway Elevates Enterprise AWS Management

Posted in Commentary with tags on July 9, 2024 by itnerd

Mission Cloud has announced the launch of Mission Cloud Gateway, an innovative software platform designed to help businesses optimize their AWS environments and drive efficient growth while adhering to foundational best practices. Mission Cloud Gateway is exclusively available in the AWS Marketplace.

Mission Cloud Gateway combines AWS expertise, consultative guidance, and advanced tooling to address the evolving needs of businesses in the cloud. The platform focuses on managing costs, improving governance, and adopting technologies that transform businesses, all aligned with Mission Cloud’s strategic AWS spending methodology, re: Invest.

Key features of Mission Cloud Gateway include:

  • Mission Cloud Score: A comprehensive assessment tool that measures alignment to AWS best practices across cost, operations, security, reliability, and performance.
  • Tailored Recommendations: Identifies opportunities to improve AWS environments based on specific business goals.
  • Resource Monitoring: Provides a single view to monitor critical AWS resources, evaluate resource-specific recommendations, and track alerts.
  • Engineer Assist: Pay-as-you-go DevOps support for ad-hoc tasks and engagements, allowing businesses to delegate modifications and troubleshooting to Mission Cloud’s team of experts.
  • Managed Reserved Instance Operations: Our experts manage your Reserved Instances (RIs) and Savings Plans (SPs) purchasing, de-risking commitments, and freeing capital for growth initiatives.
  • Expert Guidance and Implementation: Provides coordinated support from Cloud Analysts, Solutions Architects, and DevOps Engineers to ensure each initiative makes the desired impact while preserving performance and improving development lifecycles.

Mission Cloud Gateway is ideal for enterprise customers looking to optimize complex AWS environments. It takes the guesswork out of billing, usage, and forecasting, tracks infrastructural health, and helps businesses adopt best practices and native services that maximize their investment in AWS.

For more information about Mission Cloud Gateway or to schedule a demo, visit https://www.missioncloud.com/mission-control/gateway or contact sales@missioncloud.com.

Leave a comment »

Magnite Chosen as the Preferred Technology Partner to Enhance TELUS’ Connected TV Offering

Posted in Commentary with tags on July 9, 2024 by itnerd

Magnite today announced TELUS has selected Magnite’s SpringServe ad server and Magnite Streaming SSP as its preferred ad technology solutions in Canada. TELUS will utilize Magnite’s ad server for its Free Ad-Supported TV (FAST) and online video advertising inventory.

The partnership comes at a time when the TV industry is undergoing a seismic shift, with consumers increasingly watchingTV content through ad-supported streaming. According to research conducted by Magnite, 74% of Canadian consumers are watching streaming TV compared to only 51% who are watching paid traditional TV. Since rolling out FAST channels to TELUS TV+ customers in April, TELUS has enabled additional TV offerings at no cost to customers. The FAST channels, including TIME, Tastemade, The Washington Post, and more, also provide a unique opportunity for advertisers and agencies to elevate their digital strategies and connect with TV audiences.

Magnite’s SpringServe ad serving platform is built for connected TV (CTV) and video advertising, providing TELUS with better insight, transparency, and control to deliver more optimal video ad experiences. Magnite’s Streaming SSP enables TELUS to manage and monetize its CTV inventory with tools specifically designed to support premium, long-form video, and high-quality viewing experiences. 

For more information about TELUS, visit www.telus.com and Magnite at www.magnite.com

Leave a comment »

BlackFog’s State of Ransomware Report for June is out

Posted in Commentary with tags on July 9, 2024 by itnerd

Blackfog’s State of Ransomware Report for June has just been released, revealing the second highest June on record in terms of overall threat numbers for the year with 45 total attacks.

In terms of ransomware gangs, LockBit continues to dominate, but the Play ransomware group was the ‘biggest mover’, according to Darren Williams, CEO, presenting a 33% increase in attacks across the month.

Moreover, Healthcare dominates attack numbers by sector, increasing 25% from May, whilst  the ratio of unreported attacks generally remains at 774%. 

Dr Darren Williams, CEO and Founder, Blackfog

     “In June we saw an easing of the overall threat numbers for the year with 45 total attacks. Historically still very high, it represents the second highest June on record. It demonstrates just how normalised these attacks have become. Despite the lower number of attacks for the month, the ratio of unreported attacks remains high at 774%, reflecting the sheer volume of attacks that still go unreported.

Healthcare takes centre stage this month with an increase of 25% from May, followed by government and technology with increases of 23% and 21% respectively. Unlike most months the education sector took a well-earned break from the record books with only an 8% increase.

In terms of variants, Play was the biggest mover this month with a 33% increase in attacks followed by Black Basta and Medusa with 14% and 13% respectively. This follows the large increase in unreported attacks from Medusa last month, typically a leading indicator of disclosed attacks in subsequent months. While Lockbit is still the leading variant by a significant margin, we only saw a modest gain of 3% this month.

Finally, data exfiltration is now involved in 93% of all attacks with PowerShell the leading vector at 62%, an 11% gain from the previous month. China and Russia also continue to dominate as the leading destinations for exfiltrated data with 15% and 6% respectively.”

You can read the report here.

Leave a comment »

OpenAI Got Pwned But Didn’t Tell Anyone For A Year

Posted in Commentary with tags , on July 9, 2024 by itnerd

Thursday, the New York Times reported that last year a hacker had gained access to the internal messaging systems at OpenAI and stole details about the design of the company’s AI technologies.

Two people familiar with the incident said the stolen information includes details from internal, online discussion forums where employees talked about OpenAI’s latest technologies. Hackers did not get into the systems where OpenAI houses and builds its AI.

According to the report, in April 2023, OpenAI executives informed both employees and board members about the breach, but executives decided not to share the news publicly as no information about customers or partners had been stolen.

OpenAI executives did not inform the federal law enforcement agencies about the breach and did not consider the incident a national security threat, believing the hacker was a private individual with no known ties to a foreign government.

In May, OpenAI said it had disrupted five covert influence operations that sought to use its AI models for “deceptive activity” across the internet, and in the same month 16 companies developing AI pledged to develop the technology safely.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “OpenAI’s silence on this security breach speaks volumes. While they trumpet AI safety pledges, their own house may not be in order. True security isn’t just about appearances—it’s about transparency and proactive measures, even when it’s uncomfortable. A global tech company isn’t most qualified to determine national security risks. By failing to inform law enforcement, OpenAI prioritized its own interests over potential broader implications, raising questions about their commitment to responsible AI development.

   “This incident is just another example of a tech company making unilateral decisions on matters that might warrant broader scrutiny or regulatory involvement. The complex dynamic underscores the ongoing debate about how to effectively regulate and govern the tech industry, especially in rapidly evolving fields like AI.”

I have to admit that OpenAI’s response to this is suspect at best. It makes me less likely to trust them. Especially since it was recently found that their ChatGPT Mac client stored conversation data in plain text. That is now fixed. But you have to wonder what else is out there that would reduce the trust level of OpenAI further?

Leave a comment »

CompTIA and the National Association of Career Colleges team up

Posted in Commentary with tags on July 9, 2024 by itnerd

Students at hundreds of career colleges across Canada will soon have new options for training in cybersecurity and other dynamic technology disciplines through a new program from the National Association of Career Colleges (NACC) and CompTIA, the organizations announced today.

The non-profit organizations are jointly developing a technology-focused curriculum aligned with CompTIA’s industry-leading skills certifications for tech professionals. The initial focus is on education and training for careers in cybersecurity, with the intent to make the resources available to all 550 NACC member institutions across every province.

Canada’s technology workforce expanded by nearly 300,000 net new jobs between 2017 and 2022 and now totals nearly 1.4 million workers. Among the fastest growing occupations were jobs for cybersecurity specialists, which grew by 146% in that time span. The estimated median annual wage for a tech worker in Canada is $88,233, which is 48% higher than the median national wage for all occupations.

CompTIA is the largest vendor-neutral technology certifying body in the world, with nearly 3.5 million CompTIA certifications earned by IT professionals globally, including 800,000 in cybersecurity skills.

Leave a comment »

You Know You’re Going To Have A Bad Day When You Get A Data Breach Notification In Your Inbox

Posted in Commentary with tags on July 9, 2024 by itnerd

Late yesterday, I got a data breach notification in my inbox. This isn’t the first time that this has happened and it won’t be the last time that this happens given how bad things are when it comes to company NOT protecting your personal information.

This data breach notification comes from Ticketmaster who recently got pwned in epic fashion. I haven’t dealt with Ticketmaster for years. In fact, the last time I dealt with them was 2016 when the Pet Shop Boys came to town. So on one hand, I was surprised to see that I was affected. But on the other hand I wasn’t as clearly Ticketmaster was holding on to my personal data since then. Which says a lot about their data handling practices. In any case, here’s the email that I got:

So I did sign up for their credit monitoring service. That seems to be a sensible thing to do. But at the same time I have to admit that my exposure to this is pretty limited. The credit cards that I would have used at the time has been replaced for example. So there should be no opportunity for fraud on that front. But the key word is SHOULD. I’ve learned over the years that threat actors will find ways to take information and use it to make your life miserable.

This situation has made me a lot more interested in this Ticketmaster situation as it isn’t just a news story anymore as it personally affects me. Thus I will be keeping a close eye on this going forward. And I will also be looking to see if Ticketmaster pays a price for this data leak. But honestly, they need to pay a price.

1 Comment »

Florida Health Department data published after refusing ransom demands

Posted in Commentary with tags on July 9, 2024 by itnerd

Last week, the hacking group RansomHub claimed it exfiltrated and published 100 gigabytes of sensitive data from the Florida Department of Health after it refused to meet ransom demands.

While the exact data stolen in unclear, Department of Health press secretary Jae Williams confirmed that the attack affected the state’s online Vital Statistics system which is used to issue birth and death certificates.
 
The Tampa Bay Times reported Tuesday that state tax collectors’ offices and funeral homes have been unable to issue birth and death certificates when the Department of Health’s online system went down the previous week. As of Wednesday, at least two health offices regained the ability to print birth and death certificates.
 
Meanwhile, this is the latest in a string of incidents targeting government agencies. On Wednesday, the New Mexico public defender’s office was hit with a ransomware attack and that same day, the Alabama Department of Education announced it had been targeted in a cyberattack last month.
 
According to Emsisoft, 2,207 U.S. hospitals, schools and governments were affected by ransomware attacks last year.
 
The Florida Department of Health is responsible for the state’s 67 county health departments and in February, a new state budget for the 2025 fiscal year proposed reverting $40 million, part of Florida’s Local Government Cybersecurity Grant, back into the state’s general fund.

BullWall Executive, Carol Volk had this to say:

   “Breaches such as this one by RansomHub, that exfiltratied 100GB of data from the Florida Department of Health, is another persistent reminder of the vulnerability within the public sector. The disruption of the Vital Statistics system, crucial for issuing birth and death certificates, highlights not only the operational impact but also the personal ramifications for residents.

   “This incident adds to a growing list of ransomware attacks on government entities, with the New Mexico public defender’s office and the Alabama Department of Education also recently recently targeted. Statistics from Emsisoft reported that over 2,200 U.S. hospitals, schools, and governments fell victim to ransomware last year and underscores the urgency for improved cybersecurity measures. Knowing that this trend will continue, we need to be adding measures such as MFA, encryption and ransomware containment to ensure we have protective layers against data access and exfiltration once the attackers are in-system.

   “It’s also concerning that Florida’s 2025 fiscal budget proposes diverting $40 million from the Local Government Cybersecurity Grant back to the general fund, potentially weakening defenses further. We must have sustained investment in cybersecurity to protect critical infrastructure and sensitive data.”

I’ll say two things about this. The first is that RansomHub is on a tear as of late as their victim list continues to grow. The second is that the fact that their victim list continues to grow highlights the fact that not enough time, effort and money are being spent by organizations to keep threat actors out. That needs to change, and moves like diverting $40 million from cybersecurity efforts are ill advised to say the least.

The only good news in this story is that the ransom was not paid. That’s good because threat actors should never profit from their evil deeds.

Leave a comment »

Former Nuance employee arrested After Geisinger data breach

Posted in Commentary with tags on July 9, 2024 by itnerd

A former Nuance employee has been arrested after Geisinger, a Pennsylvania Healthcare Provider, experienced a data breach which exposed 1.2 million records. The former employee had accessed certain Geisinger patient information two days after the employee had been terminated, according to the company incident notice. The information that was potentially accessed and stolen included names, addresses, dates of birth, phone numbers, race, gender, admit and discharge or transfer codes, and medical record numbers.

Chad McDonald, CISO and COO, Radiant Logic had this to say:

“Insider threats can quickly take hold of organizations if identity data and access rights are not properly managed and monitored. As seen with the Nuance breach, all it took was two days of an ex-employee’s access rights not being changed for the company and individual consumers to face extreme consequences. By utilizing modern day solutions to automate user access reviews and management, organizations can handle these situations urgently and with the precision needed to avoid dire situations.”

This sort of situation happens more often than you realize. I’ve seen a number of situations where one disgruntled employee causes a nightmare situation for an organization. What makes this situation a bit different is that this employee was outside the organization that got pwned. Thus organizations should consider this situation a cautionary tale.

Leave a comment »

« Older Entries
Newer Entries »