Archive for the Commentary Category

Infosec Institute Named a Visionary in EMA’s Vendor Vision Report

Posted in Commentary with tags on May 24, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced they were named a Visionary in the inaugural Vendor Vision report by Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm. The report highlights the top ten preeminent security companies in their respective categories exhibiting during the 2022 RSA Conference at San Francisco’s Moscone Center, June 6-9. 

Recognized for delivering the right training to the right people at the right time, Infosec helps organizations strengthen their security posture, reduce risk and meet compliance by providing cyber-education for every role within an organization. Infosec Skills and Infosec IQ aim to meet learners where they are, providing them with timely and engaging content that works to fill the growing cyber skills gap. 

See the full list of vendors recognized in the report here. Infosec will be exhibiting at the RSA Conference in booth 3324 in the South Expo Hall, and more information regarding the conference can be found here.

Agari & PhishLabs Release Their Threat Trends & Intelligence Report

Posted in Commentary with tags , on May 23, 2022 by itnerd

Agari by HelpSystems and PhishLabs by HelpSystems, have released the results of their latest Quarterly Threat Trends & Intelligence Report.

In Q1, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. Security leaders and practitioners can use this information to better understand these threats and to take proactive measures to reduce risk.

The report can be found here and it does provide a lot of interesting insights.

Guest Post: Top 10 Strange Things That Got Hacked According To Atlas VPN

Posted in Commentary with tags on May 23, 2022 by itnerd

As technologies are taking increasingly more significant parts of our lives, so are cyber threats. Sometimes hackers catch us off guard where we least expect them to. 

With Stranger Things 4th season release approaching, the Atlas VPN team compiled a list of ten strange things that have been hacked. 

Casino hacked via fish tank thermometer 

Everyone knows that computers and smartphones are vulnerable to hacks. But have you ever thought that hackers could steal data via a smart thermometer? This is precisely what happened to a casino in North America.

The cybercriminals found and exploited a vulnerability in a smart thermometer used to monitor the water of a fish tank in the casino’s lobby and got a foothold in the network. They then found a high roller database, which possibly included information about the casino’s biggest spending clientele along with other personal information. The hackers dragged the database across the network through the thermostat and up to the cloud, essentially stealing it.   

Baby monitors allow hackers to interact with children

The last thing that any parent wants is to put their children in danger. However, getting a smart baby monitor might do just that. 

In one instance, a hacker broke into a Nest wireless system used by a Texan couple to monitor their infant son and started shouting sexual swear words to the four-month-old baby. When a couple, who was lying in bed at the time of the event, turned on the light to go upstairs and check on the baby, their own camera turned on, and the hacker threatened to kidnap the child if they did. Thankfully, it was a baby monitor hack, and no physical threat was present. In another case, a family in Minnesota found photos of their baby posted on another website due to a baby monitor compromise. 

Kids toys classified as illegal surveillance devices

In addition to baby monitors, smart kids’ toys also hold many cyber risks. 

In Germany, smart-doll My Friend Cayla was banned since it was found it could be hacked via its Bluetooth connection. The hacker then could listen in on conversations or communicate directly with the child. The German Federal Network Agency classified Cayla as an ‘illegal espionage apparatus’.

In another instance, CloudPets, cute plush toys that come in the form of various animals, came under fire for various security infringements.  Researchers found the toy could be used to transmit the hacker’s voice via a Bluetooth connection. In fact, researchers hacked one of the toys and made it order itself some cat food from a nearby Amazon Echo.

Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her advice on how to protect your smart devices against hacks:

“Keeping smart devices up to date, changing the default passwords and usernames, enabling second-factor authentication, and using VPN when possible are just some things consumers can do to minimize the risk of their smart devices getting hacked. However, whenever getting a smart device, it is important to weigh the benefits against the risks. While a smartphone is more or less a must in today’s world, a smart toy with questionable security might bring more harm than joy.”

To read about all the 10 strange things that got hacked, head over to: https://atlasvpn.com/blog/top-10-strange-things-that-got-hacked

Pwn2Own Wraps Up With Microsoft Windows, Teams, Apple, Firefox, Ubuntu & Tesla Getting Pwned

Posted in Commentary with tags , on May 22, 2022 by itnerd

Pwn2Own was held over the last three days in Vancouver and Trend Micro who put on the contest handed out $1,115,000 to those who managed to expose a zero day or more. And in terms of what got pwned, here’s a list:

The contest awarded a total of $1,155,000 this year, and the biggest payouts were for serious exploits against Microsoft’s Teams utility. While Teams isn’t technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector “p3rr0” Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility.

Windows 11 itself wasn’t spared, though. Marcin Wiązowski and STAR Labs each earned $40,000 for privilege escalation exploits on Microsoft’s operating system on day one, and on day two, TO found a similar bug for a $40,000 payout of his own. Day three saw no less than three more fresh exploits against Windows 11, all in the serious privilege escalation category; all three winners pocketed another $40,000.

As far as the Tesla Model 3 goes, Synacktiv were able to demonstrate a sandbox escape exploit on the car’s infotainment system. That could allow an attacker to take control of the car’s built-in computer and, given another couple of clever exploits, could feasibly be the first step toward a remote attacker taking control of the car’s autopilot system. The group earned $75,000 for the bug.

Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked).

There were a few failed hacks, but details on those hacks have not been made public. But Trend Micro does have a blog post that describes the successful hacks that’s worth reading.

Expect a big dump of software updates from those who got pwned shortly.

Microsoft Warns Of Fast Spreading Linux Malware

Posted in Commentary with tags on May 21, 2022 by itnerd

The Microsoft 365 Defender Research Team has come across a new type of Linux trojan combining denial-of-service functionality with XOR-based encryption for communication. And there’s a massive increase on how often it’s been seen:

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications.

Here’s how it works:

XorDdos’ modular nature provides attackers with a versatile trojan capable of infecting a variety of Linux system architectures. Its SSH brute force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets.

Adept at stealing sensitive data, installing a rootkit device, using various evasion and persistence mechanisms, and performing DDoS attacks, XorDdos enables adversaries to create potentially significant disruptions on target systems. Moreover, XorDdos may be used to bring in other dangerous threats or to provide a vector for follow-on activities.

Microsoft sums it up how to defend yourself this way:

Defenders can apply the following mitigations to reduce the impact of this threat:

  • Encourage the use of Microsoft Edge—available on Linux and various platforms—or other web browsers that support Microsoft Defender SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that contain exploits and host malware.
  • Use device discovery to find unmanaged Linux devices on your network and onboard them to Microsoft Defender for Endpoint. 
  • Turn on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent for your antivirus product to use cloud-based machine learning protections that can block a huge majority of new and unknown variants. 
  • Run EDR in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode.
  • Enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the internet. 
  • Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. 

Clearly cross platform threats are real. Which means that you have to have a cross platform security. And the days of Linux being secure because nobody targets that platform are over.

DeadBolt Is Back To Attack QNAP NAS Devices

Posted in Commentary with tags on May 20, 2022 by itnerd

QNAP put out a warning yesterday alerting users to secure their devices against attacks pushing the now notorious DeadBolt ransomware which has gone after both QNAP and ASUS NAS devices in the past. The warning from QNAP asks users to do the following:

  • Update the NAS device to the latest software version
  • Ensure that the NAS is not exposed to remote access over the Internet
  • Disable the Port Forwarding function of the router
  • Disable the UPnP function of the QNAP NAS. Though for bonus points, I would also disable UPnP on the router as that’s a huge security risk.
  • Turn off SSH and Telnet connections
  • Change the system port number
  • Change device passwords
  • Enable IP and account access protection

While I applaud QNAP for getting this out there, I have to wonder why QNAP and ASUS seem to be the only companies who are vulnerable to DeadBolt. I don’t hear about this with other NAS vendors, so it’s not only a question worth asking, but it’s also worth considering switching to a NAS that doesn’t have these issues.

Huawei & ZTE Punted From Canadian 5G Networks…. What Took Canada So Long To Do This???

Posted in Commentary with tags , , , on May 20, 2022 by itnerd

Late yesterday news filtered out that both Huawei and ZTE have been banned from Canadian 5G networks over national security concerns. And any telco that are using their gear needs to rip it out ASAP. This mirrors similar moves by the US, UK, New Zealand, and Australia who along with Canada are known as the “Five Eyes” which is an alliance of these five countries to share intelligence. The difference is that Canada was late to this decision while the other four made this call years ago. Thus one has to wonder why it took Canada so long to make this move.

In my opinion, one factor had to be the Michael Kovrig and Michael Spavor situation where those two Canadian citizens were essentially held hostage by the Chinese government in retaliation for the arrest of Meng Wanzhou who is the CFO of Huawei in Vancouver and at the request of the US government. That eventually got sorted when the US cut a deal with Wanzhou which allowed the two Michael’s to be released by China as that’s how “hostage diplomacy” works. But even then, that was over a year ago and they are only banning Huawei and ZTE now. So that can’t be the only reason. Though it’s not clear to me what other reasons exist.

Regardless of what reasons exist, here’s the thing that really bothers me about this rather late decision by the Canadian government to ban Huawei and ZTE. If you accept that both of these companies are arms of Chinese intelligence, which I happen to believe to some degree, then this inaction by the Canadian government has given both these companies an inside look at not only the telecommunications networks in Canada, but how Canadians use those networks. Not to mention that they could have been doing who knows what to gather whatever information that the Chinese government wanted them to gather. All while the Canadian government sat on its hands and did nothing. So even though they’re now banned, Huawei, ZTE, and the Chinese government still win. And that highlights how the Canadian government has failed miserably on this issue.

When it comes to national security, governments have to take it seriously. They have to make decisions that lean towards ensuring security and they have to make those decisions quickly. That didn’t happen here, and I have to wonder if it is going to cost Canada down the road. Because it’s pretty clear that the Canadian government dropped the ball here, and there needs to be some accountability on that front.

HP Announces New Spectre And Envy Laptops

Posted in Commentary with tags on May 19, 2022 by itnerd

HP Inc. today debuted its newest HP Spectre and HP Envy laptops built with the flexibility to create and live seamlessly in today’s hybrid world.

The last few years have seen the rise of the creator economy, introducing endless possibilities for people topursue their passions as a part-time or full-time opportunity. Sixty-eight percent of creators started or expanded their freelance business during the pandemic, with 98% of them monetizing their content creation part-time. These hustlers need tools that allow them to collaborate with others easily as 56% of creators feel less engaged with the speaker if their video is turned off. And performance equals productivity, which is why 60% of creators prize performance in a computer.

Create in a smooth, seamless, and collaborative way with the newest lineup of Spectre and Envy PCs. These devices are built with HP Presence and HP GlamCam to deliver amazing video and audio call experiences, with features like:

  • A 5 MP camerafor picture-perfect claritywhen collaborating with colleagues or pitching clients.
  • HP Auto Frame and HP Dynamic Voice Leveling for an interactive video and sound experience no matter where you are in the room.
  • Backlight Adjustment to autocorrect video images in any environment where you may be taking a call.
  • Appearance Filter for the 60% of us who are more self-conscious on camera than in real life. This feature allows you to easily touch up skin, teeth, and eyes.
  • Bi-directional AI noise reduction, directional beamforming mics, and quad speakers for a superbsound experience during video or audio calls.
  • Network Booster fornetwork bandwidth optimization to reduce screen freezes and dropped calls.
  • AI-based privacy alerts to collaborate and create in public spaces, blurring the screen when someone is behind you.

No matter what type of creator you are, performance is key. The newest Spectre and Envy PCs offer a wide range of options including processors, displays, and more to make sure your device fits how you want to use it. This includes:

  • Up to a 4K OLED display for a more natural viewing experience, and a 120 Hz display for a 2x faster display refresh rate for smooth, response actions.
  • A touch display to leverage multi-gestures like pinch-to-zoom, double tap, and press and hold to create and easily manipulate drawings and other creative content. Easily take notes or sketch with pen-abled PCs.
  • A variety of screen sizes and aspect ratios offer the best fit for your creative flow. Choose from a3:2 aspect ratio device for web browsing and productivity tasks; a 16:9 aspect ratio for watching videos and entertainment; and a 16:10 for video and audio editing.
  • Intel® Evo™ platforms featuring 12th Gen Intel® Core™ processors for improved multi-tasking and performance.

Not only do creators need great battery lifeto power their creations, they also need all the tools at their disposal to extend the charge on their battery. Available on devices with Intel processors, HP offers intelligent power management features:

  • Power Saver mode extends the battery life whenever there is a concern about charging accessibility.
  • In-bag detection leveraging Intel® Dynamic Tuning Technology to adjust the PC’s power to avoid overheating or battery drain when put in a bag.
  • Adaptive Battery Optimizer monitors battery temperature, battery-charging status, and usage time to preserve your battery’s health.
  • Smart Sense optimizes a device’s performance, temperature, and more based on the application being used.

Creation isn’t just limited to one device.More than 60% of creators use more than two devices to create. And 60% said that computers can go from good to awesome through great software. The new Spectre and Envy devices all come with HP Palette pre-installed, a proprietary digital workspace to help simplify the creative flow and allows you for smooth cross-device collaboration.Find any face in photographs with HP PhotoMatch. Enjoy infinite, flexible sketching with Concepts. Drop anything to any device seamlessly, wirelessly with HP QuickDrop. Expand your workspace, connect to another device for more creative options with Duet for HP.

Today everybody is a creator, and HP has created the perfect device for you to create and collaborate that fits the way you work and play:

  • The new HP Spectre x360 13.5-inch 2-in-1 Laptop PC looks great and sounds great anywhere. The HP Spectre x360 13.5” engineered on the Intel® Evo™ platform is expected to be available for purchase on May 19at HP.com for a starting price of $1,249.99. The device will also be available at BestBuy.com and select Best Buy retail locations.
  • The HP Spectre x360 16-inch 2-in-1 Laptop PC engineered on the Intel® Evo™ platform Is newly refreshed with the latest 12th Gen Intel® Core™ processors and up to Intel®Arc™ Graphics, bringing you the best in AI-based hands-free controls along with AI-based Privacy Alert, and screen time and distance reminders. The HP Spectre x360 16” is expected to be available for purchase on May 19 at HP.com for a starting price of $1,649.99. The device will also be available at BestBuy.com and select Best Buy retail locations.
  • The HPEnvy x360 13.3-inch 2-in-1 Laptop PC designed on the Intel® Evo™ platform was co-engineered and optimized with Intel® to offer up to 20.5 hours of battery life for all-day creation. The HP Envy x360 13” is expected to be available be available for purchase on May 19 at HP.com for a starting price of $899.99. The device will also be available at BestBuy.com and select Best Buy retail locations.
  • The HP Envy x360 15.6-inch 2-in-1 Laptop PCis available with the latest Intel or up to AMD Ryzen™ 7 processors. The HP Envy x360 15.6” with AMD is expected to be available be available for purchase on May 19 at HP.com for a starting price of $849.99; the Intel version is expected to be available for purchase on May 19 at HP.com for a starting price of $899.99. Both versions will also be available at BestBuy.com (AMD Ryzen™ 5, AMD Ryzen™ 7, Intel® Core™ i5, and Intel® Core™ i7) and select Best Buy retail locations.
  • The HP Envy 16-inch Laptop PC offers up to Intel®Arc™ Graphics or NVIDIA® GeForce RTX™3060 Laptop GPU. Coupled with DDR5 memory support and a gaming grade thermal solution, this device delivers optimal performance for multitasking, rendering 3D models, or when using powerful creative tools like Adobe Photoshop. The HP Envy 16” is expected to be available for purchase on May 19 at HP.com for a starting price of $1,399.99. The device will also be available at Amazon and other NA retailers.
  • The HP Envy 17.3-inch Laptop PC gives you the power to create on a big screen. The HP Envy 17” is expected to be available for purchase on May 19 at HP.com for a starting price of $1,099.99. The device will also be available at BestBuy.com and select Best Buy retail locations.

Sixty-six percent ofconsumers consider sustainability when they make a purchase and 81% expect to buy more environmentally friendly products over the next five years. Building on the world’s most sustainable PC portfolio, all of today’s announced PCs are crafted from recycled metal and ocean-bound plastics and are EPEAT® Gold Certified and ENERGY STAR® rated.

Approov Announces Runtime Secrets Protection 

Posted in Commentary with tags on May 19, 2022 by itnerd

Approov, creators of advanced mobile app and API shielding solutions, today introduced Approov Runtime Secrets Protection, enabling comprehensive protection of the API credentials and secrets that are typically targeted by threat actors for malicious exploitation.

Recent breaches have highlighted the risk of stolen keys and secrets being exploited by hackers. It is clear that such secrets are not being effectively protected at rest and in transit, resulting in bad actors acquiring them and exploiting them to access APIs and applications.

The wide use of third-party APIs by mobile apps adds another dimension to the problem. Mobile app developers can suffer both financial losses and brand reputation damage if they are seen to be the cause of 3rd party app breaches or service disruptions caused by Distributed Denial of Service (DDoS) attacks using stolen secrets.

Recent research from Osterman Research illustrates the extent of the issue:

“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code,” Michael Sampson, senior analyst at Osterman Research, said. “These two things together constitute a massive attack surface for bad actors to exploit. And third-party API threats against mobile apps aren’t as well understood by companies as they should be. The new functionality from Approov allows API keys to be managed and updated dynamically and ensures they are never extractable from the app. This is a major step forward in protecting APIs from abuse.”

Developers have frequently been urged not to store hard coded keys in a mobile app or device, but as the research shows this “best-practice” is not widespread, since up to now, there has been no easy way to conveniently store such secrets safely outside the app code.

Introducing Approov Runtime Secrets Protection: Just in Time Keys Secrets That Thwart Mobile API Attacks

This is why Approov is releasing new functionality in Approov 3.0 which addresses this issue by making management of API keys and other secrets easy and secure, at rest, or in transit.

Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.

All secrets are stored by the Approov cloud service and are easy to manage dynamically. If changes to these are needed, they are easily and immediately changed across all deployed apps, preventing abuse.

This approach marks a major improvement over keys that are hard coded in the app itself, because should those keys be “leaked” the app must be updated with an entirely new version – a process which is complex and time-consuming, and involves juggling new and old keys during the time it takes for the installed base to be transferred to the new version.

Upcoming Webinar

Join the live webinar from Approov on June 9th “Best Practices for Secure Access of 3rd Party APIs from Mobile Apps” which will discuss the reputational and financial risks associated with API use and how to mitigate those risks. Sign up here.

Pricing and Availability

The pricing of the Approov solution is designed to be completely aligned with your business growth, based on the number of genuine active apps in a monthly billing period. Approov 3.0 is available now.

U.S. Warns Businesses Against Inadvertently Hiring IT Staff From North Korea

Posted in Commentary with tags on May 19, 2022 by itnerd

I have to admit that reading this story from The Guardian was not on my bingo card when I woke up this morning. U.S. officials have warned businesses against inadvertently hiring IT staff from North Korea, claiming that rogue freelancers were taking advantage of remote work opportunities to hide their true identities with the intent of earning money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and east Asia.”

North Korean workers pretended to be from South Korea, Japan, or other Asian countries, the advisory said. It laid out a series of red flags that employers should watch for, including a refusal to participate in video calls and requests to receive payments in virtual currency.

Kevin Bocek, VP, Security Strategy and Threat Intelligence for Venafi had this comment:

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organisations. They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within. Our recent research shows that cybercrime has become a primary means of revenue generation in North Korea, and APT groups are helping it to work outside of international sanctions, funding political and military gains. In fact, it’s estimated that up to $2bn makes its way directly into North Korea’s weapons program each year as a result of nation state cybercrime.

“Ultimately, there’s no telling what these rogue freelancers are after. The targets that spring to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have made use of stolen code signing identities in devastating nation state attacks, so they’re likely to be on the table as well. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blind spot in software supply chain attacks.

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer. For companies looking to protect against the impact these threat actors could have if armed with stolen code signing certificates, machine identity management remains the best defense. Businesses must have visibility over their environments in order to spot changes and react fast, both from a human identity and a machine identity perspective. Without the effective management of both machines and humans, we’ll continue to see APT groups thrive, and high-profile nation-state attacks will continue to affect businesses and government. The automation of machine identity management can help to take this element of security out of already overstretched security teams hands.”

It does beg the question if other countries with dodgy reputations like Russia and China are doing something similar. I’d be interested in knowing that answer as it likely would influence how safe we all are.