Palo Alto Networks Introduces Cortex Cloud

Posted in Commentary with tags on February 13, 2025 by itnerd

Palo Alto Networks is doubling down on cloud security with the introduction of Cortex® Cloud, the next version of Prisma Cloud, that natively brings together new releases of its best-in-class cloud detection and response (CDR) and industry-leading cloud native application protection platform (CNAPP) capabilities on the unified Cortex platform. The new solution, announced today, equips security teams with significant innovations powered by AI and automation that go beyond traditional “peace time” approaches to cloud security and stop attacks in real-time.

Unit 42® reports reveal that 80% of security exposures were found in cloud attack surfaces, with a 66% increase in threats targeting cloud environments. As cloud adoption and AI usage grow, Cortex Cloud unifies data, automates workflows, and applies AI-driven insights to reduce risk, prevent threats, and stop attacks in real time. Cortex Cloud is designed to ingest and analyze data from third-party tools to provide centralized visibility, AI-driven insights and end-to-end remediation across the entire cloud security ecosystem.

Cortex Cloud delivers on Palo Alto Networks platformization strategy by rearchitecting its cloud security solution on the AI-driven Cortex SecOps platform to deliver a powerful unified user experience with persona-driven dashboards and workflows. Cortex Cloud helps customers achieve superior protection at a significantly lower total cost of ownership and provides additional value and new features including:

  • Application security: Build secure apps and prevent issues in development before they become production issues that attackers can target. Cortex Cloud identifies and prioritizes issues across the entire development pipeline with end-to-end context across code, runtime, cloud and newly introduced third-party scanners.
  • Cloud posture: Improve multi-cloud risk management with new AI-powered prioritization, guided fixes to resolve multiple risks with a single action, and automated remediation. Additionally, Cortex Cloud delivers a single user experience with tight integration across all of Prisma Cloud’s cloud posture capabilities.
  • Cloud runtime: Stop attacks in real time. Cortex Cloud natively integrates the unified Cortex XDR agent, enriched with additional cloud data sources, to prevent threats with advanced analytics – as proven by industry-leading results in the most recent MITRE ATT&CK testing. Our new Cloud Runtime Security offering includes the world’s leading CNAPP capabilities at no additional cost, maximizing adoption of end-to-end cloud security on a single platform.
  • SOC: The preferred SOC platform for enterprise and cloud, expanding beyond what any SIEM can deliver. Cortex Cloud natively integrates cloud data, context and workflows within Cortex XSIAM to significantly reduce the mean time to respond (MTTR) to modern threats with a single, unified SecOps solution.

Customer Delivery

Existing Prisma Cloud customers will experience a seamless upgrade to Cortex Cloud, and will now experience the power of streamlined, real-time cloud security. Existing Cortex XSIAM customers who add Cortex Cloud gain the ability to seamlessly adopt CNAPP capabilities that are native-by-design on the world’s most complete AI-powered, enterprise-to-cloud SecOps platform. Cortex Cloud will be available to customers later in Q3 FY25.

Introducing Cortex Cloud Launch Partners

Eager to roll out the differentiated Cortex Cloud to customers are Palo Alto Networks’ esteemed integration partners: CyberCX, DeloitteIBM and Orange Cyberdefense. Together with each partner, Palo Alto Networks will drive end-to-end SecOps transformation across enterprise and cloud environments, enabling organizations to achieve superior risk reduction, rapid threat prevention and streamlined operational efficiency.

To learn more about Cortex Cloud, the Cortex platform and how Palo Alto Networks is transforming cybersecurity through real-time security, read our blog and register for Cortex’s annual signature event, Symphony 2025.

Leave a comment »

Guest Post – AI in the Wrong Hands: How Unregulated Technology Could Fuel Cybercrime

Posted in Commentary with tags on February 13, 2025 by itnerd

By Aras Nazarovas

The recent AI summit in Paris pushed an optimistic vision of the technology’s potential, focusing on how AI can solve big problems in medicine, climate science, and beyond instead of prioritizing security. But the world can’t just be blissfully excited. It’s crucial to remember that AI is also a powerful tool for malicious actors – one that’s already being used in cyberattacks and could evolve into a much bigger threat.

Today, AI is being deployed to amplify cyberattacks in various ways. A study from the University of Cambridge showed how AI-driven cyberattacks are becoming more sophisticated. Attackers are increasingly using machine learning algorithms to automate phishing attacks, targeting individuals and organizations with highly personalized content. These AI-driven systems can analyze vast amounts of data – on social media profiles, browsing history, and even email patterns – to create convincing attacks that are harder to detect than traditional ones. 

AI tools lower the barrier to entry for cybercrime by enabling less experienced attackers to launch attacks they wouldn’t otherwise have the skills or knowledge to carry out. For instance, individuals who lack programming skills, can now simply ask AI tools like ChatGPT to write bots that automate the process of breaching servers. While these attacks may not be novel, they still increase the volume of potential threats companies need to defend against, draining the resources of already underfunded security teams. 

Striking the Right Balance Between Innovation and Security 

As AI tools become more embedded in business operations, the stakes grow even higher. For instance, KPMG’s recent survey of financial leaders revealed that 84% plan to increase their investments in generative AI (GenAI). 

While they and presumably other industries are in the process of accelerating  the adoption of AI tools, the World Economic Forum reports that nearly 47% of surveyed organizations have already noticed adversarial advances powered by GenAI as their primary concern, enabling more sophisticated and scalable attacks. Moreover, the same report states that only 37% of organizations have processes in place to assess the security of AI tools before deployment. 

Meanwhile, the EU’s AI Act, which aims to regulate high-risk AI systems, is being phased in over several years, with full implementation not expected until 2027. However, there is a growing debate in Europe about how to balance regulation with fostering innovation. During the Paris AI summit, French President Emmanuel Macron remarked that Europe might reduce regulatory burdens to allow AI to flourish in the region. 

This presents a potential challenge: while Europe struggles with over-regulation concerns, its wait-and-see approach might cause them to miss the boat as AI technology evolves at an incredible speed. By the time the AI Act is fully in place, we could be facing an entirely new wave of AI-powered cyberattacks, many beyond the scope of current regulations. 

So, what does this mean for cybersecurity if AI is regulated by a light-touch regulatory framework? While innovation is essential, the absence of security-focused regulation means AI tools are already in the hands of cybercriminals who can weaponize them with minimal oversight.

At the moment, the capacity of AI systems for automating and optimizing cyberattacks already extends far beyond aforementioned phishing. AI-powered tools can be used to exploit vulnerabilities in critical infrastructure systems, launch bigger Distributed Denial of Service (DDoS) attacks, or even manipulate financial markets. In 2023, the US Department of Homeland Security issued a warning that AI-powered systems could soon be capable of launching autonomous cyberattacks that are difficult to counteract using conventional defense mechanisms. Such threats present a security nightmare that policymakers can’t afford to ignore.

If AI systems evolve to the point where they can autonomously compromise digital infrastructure, we could see an escalation in both the frequency and severity of cyberattacks, potentially crippling global systems.

Cybersecurity Must Evolve – Now

Whether AI is robustly regulated or not, businesses should do more than a bare minimum for cybersecurity. First, it’s essential to invest in additional, AI-driven security tools rather than replacing existing ones with AI-powered solutions. While AI and machine learning can be incredibly useful for detecting and preventing attacks in real time, they can also make incorrect decisions. AI should serve as an additional resource to enhance cybersecurity efforts, not as a replacement for traditional tools. By analyzing patterns in network traffic, AI can identify anomalies that may signal a breach. As cyberattacks become more automated, AI can help security teams identify threats faster and more efficiently, allowing them to do more with the same amount of resources.

Another step is to start incorporating AI threat modeling into security protocols. AI can be leveraged to predict and prevent attacks. Security teams need to think like attackers, using AI to simulate how their systems might be breached and proactively patching those vulnerabilities before they can be exploited.

Finally, companies must invest in continuous training for their security teams. As AI-driven attacks evolve, it’s not enough to simply rely on firewalls and antivirus software. Security professionals need to be prepared to deal with more sophisticated, AI-powered threats. This includes staying ahead of trends, understanding how AI tools are being used against them, and developing strategies that go beyond traditional defenses.

Undoubtedly, AI has the potential to revolutionize cybersecurity and every other industry, but it also introduces a new wave of risks. While policymakers may be caught up in the AI race, cybersecurity professionals must act now. AI can be an ally in the fight against cybercrime and in enabling business operations, but it can also become an adversary if left unchecked. As we race toward a future shaped by AI, securing our systems against its darker side should be a top priority.

ABOUT THE EXPERT

Aras Nazarovas is an Information Security Researcher at Cybernews, a research-driven online publication. Aras specializes in cybersecurity and threat analysis. He investigates online services, malicious campaigns, and hardware security while compiling data on the most prevalent cybersecurity threats. Aras along with the Cybernews research team have uncovered significant online privacy and security issues impacting organizations and platforms such as NASA, Google Play, and PayPal. The Cybernews research team conducts over 7,000 investigations and publishes more than 600 studies annually, helping consumers and businesses better understand and mitigate data security risks. 

Previous Cybernews research: 

  1. Recently, Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia. 
  2. The team analyzed the new Pixel 9 Pro XL smartphone’s web traffic, and found that Google’s latest flagship smartphone frequently transmits private user data to the tech giant before any app is installed.
  3. The team revealed that a massive data leak at MC2 Data, a background check firm, affects one-third of the US population.
  4. The Cybernews security research team discovered that 50 most popular Android apps require 11 dangerous permissions on average.
  5. They revealed that two online PDF makers leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
  6. An analysis by Cybernews research discovered over a million publicly exposed secrets from over 58 thousand websites’ exposed environment (.env) files.
  7. The team revealed that Australia’s football governing body, Football Australia, has leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers’ personal data and players’ contracts and documents.
  8. The Cybernews research team, in collaboration with cybersecurity researcher Bob Dyachenko, discovered a massive data leak containing information from numerous past breaches, comprising 12 terabytes of data and spanning over 26 billion records.
  9. The team analyzed NASA’s website, and discovered an open redirect vulnerability plaguing NASA’s Astrobiology website.
  10. The team investigated 30,000 Android Apps, and discovered that over half of them are leaking secrets that could have huge repercussions for both app developers and their customers.

Leave a comment »

Lessons From Companies That Missed The Technological Inflection Point 

Posted in Commentary with tags on February 13, 2025 by itnerd

The VPN Mentor research team analyzed the decline of companies across a variety of sectors, focusing on their failure to adapt to technological transformations or market shifts that led to significant restructuring or closure.

Key findings at a glance:

  • Over 81.5% of companies were headquartered in the USA, many of them went from multi-billion dollar peaks to bankruptcy within a few years, while other regions like the UK, Japan and Canada contributed smaller percentages.
  • US companies often face challenges adapting to rapid technological shifts due to their reliance on legacy systems and established practices, while European companies face regulatory constraints and high operational costs.
  • The Technology and Retail sector showed the highest impact, as failure to innovate was a common pattern seen across companies in these sectors.
  • The 2000s saw the dominance of ecommerce, this was a heavy blow to the Retail and entertainment companies which underestimated the shift and the new era of digital consumption.

The analysis of companies that failed to adapt to technological shifts provides valuable lessons for businesses today. The inability to recognize and respond to emerging trends often leads to missed opportunities and decline. On the other hand, businesses that embrace innovation early and stay ahead of market changes can emerge as leaders.

You can access their report here: https://www.vpnmentor.com/blog/companies-missing-technological-turnpoint-research/

Leave a comment »

Over 1,200% Surge in Crypto-Enabled BEC Scams Says Fortra

Posted in Commentary with tags on February 13, 2025 by itnerd

There’s been a staggering 1,216% increase in cryptocurrency scams over the past year according to the latest threat intelligence from global cybersecurity company Fortra.

Fortra sent me a report that detailed what they were seeing in terms of BEC related activity. And I have to admit that even though I live in this space, what they reported blew my mind. Specifically:

  • Attackers are shifting to crypto for its ease of laundering and growing financial appeal, with Bitcoin’s recent rise to $100K making it an even bigger target.
  • 158 cryptocurrency-related scams identified in January 2025 alone.
  • 122 unique wallets recorded, with transactions ranging from $0.17 to $53,438. The most active wallet received 0.09 BTC (~$9,047) in just two transactions.
  • AI is enabling scalable, highly persuasive scam emails, while dark web “Sextortion Kits” are fueling large-scale extortion campaigns.

Though I unfortunately don’t have a link to the report that these figures came from. I can point you towards this blog post where Fortra does detail other BEC related trends that they have documented.

Leave a comment »

FortiOS Security Fabric Vulnerability Enabled Escalated Privileges to Super-Admin 

Posted in Commentary with tags on February 12, 2025 by itnerd

Well, this isn’t good. News is out via this link that An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targeted FortiGate to a malicious upstream FortiGate they control.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“The  FortiOS Security Fabric Vulnerability that was patched is an excellent example of the value to a critical software provider in pen testing applications performed by an internal or external resource. In this case, a Fortinet employee, Justin Lum, discovered the vulnerability and initiated a process to produce the necessary patches to the impacted software versions. 

  • FortiOS 7.6.0
  • FortiOS 7.4.0–7.4.4
  • FortiOS 7.2.0–7.2.9
  • FortiOS 7.0.0–7.0.15
  • FortiOS 6.4 (all versions; requires migration)

The primary purpose of the FortiOS Security Fabric is to make it easier for enterprise administrators to configure the software for optimal usage across Fortinet software modules. Fortinet is a market leading (20%) provider of firewall technology for enterprises large and small. They also offer enterprises additional network management software like SD-WAN components. 

The potential for exploitability for a set of cyber security capabilities designed to protect enterprises reaches a critical threshold with “super admin” privileged access, once the vulnerability is exploited by a threat actor. Threat actors dream about and strive for obtaining “super admin” privilege especially for software designed to protect enterprises.”

The link above as well as this link has all the details to make sure that you don’t get pwned. Thus it is now time to patch all the things.

Leave a comment »

TELUS Private Wireless Network Announced For Calgary International Airport

Posted in Commentary with tags on February 12, 2025 by itnerd

TELUS and Calgary Airport Authority have joined forces in a groundbreaking 10-year partnership that will transform YYC Calgary International Airport into Canada’s first airport equipped with a high-performance 5G private wireless network. This ultra-fast, low-latency network will deliver consistent, enterprise-grade connectivity throughout the airport campus. As Canada’s leader in private wireless networks and the company behind the county’s largest private 5G network deployment, TELUS brings proven expertise to this ground-breaking initiative, which supports YYC’s position as one of Canada’s fastest-growing airports, establishing it as a pioneer in digital aviation infrastructure.

This first-of-its-kind deployment will create a cutting-edge wireless foundation, enhancing the passenger experience and streamlining airport operations while preparing for future technological innovations.

The innovative solution maximizes TELUS’ existing airport infrastructure while introducing new coverage enhancements both inside and outside the terminal, ensuring comprehensive wireless coverage for all airport users. 

The private wireless network will be deployed in phases, with initial operations beginning May 1, 2025. This landmark project sets a new benchmark for airport technology in Canada and creates a blueprint for digital transformation in critical infrastructure facilities.

Leave a comment »

Ericsson Private 5G to support JLR’s Digital Manufacturing Transformation

Posted in Commentary with tags on February 12, 2025 by itnerd

JLR is accelerating industrial connectivity at its plant in Solihull, England, with the implementation of Ericsson Private 5G. This cutting-edge networking technology is enhancing the production of Range Rover vehicles by supporting business-critical applications such as vision systems, IoT sensors, and production tools. Leveraging Ericsson’s high-speed, low-latency, and secure private 5G solution, JLR is setting new standards in modern automotive manufacturing. 

The deployment of Ericsson Private 5G is a pivotal step for JLR in embracing Industry 4.0. JLR is creating a more agile and innovative manufacturing environment to support IoT devices, artificial intelligence (AI), and automation with an eye toward automated guided vehicles (AGVs). The limitations of traditional wired networks drove JLR to “cut the copper” by replacing those networks with Ericsson’s robust 5G capabilities, allowing for seamless and real-time data transmission. This transformation ensures that JLR’s manufacturing processes are not only connected but also agile and efficient, leading to streamlined operations. 

Private 5G is driving greater workflow efficiency at JLR, with manufacturing teams already sharing positive feedback. Through enhanced connectivity, maintenance and production managers can now turn data insights and simulations into tangible operational efficiencies with DataOps platforms such as Litmus. Consolidating and analyzing data empowers JLR decision-makers on the factory floor to quickly innovate and optimize manufacturing processes. Additionally, private 5G enables JLR to quickly swap and provision new or broken connected tools, significantly reducing downtime and enabling quicker modifications to the production line. 

Fujitsu has partnered with Ericsson to deliver the connectivity of this comprehensive, end-to-end private 5G-based operations at the Solihull plant. This collaboration paves the way for JLR to explore use cases at other sites in the future. 

Leave a comment »

Ericsson Cradlepoint X20 5G Router Announced

Posted in Commentary with tags on February 12, 2025 by itnerd

Ericsson today announced the launch of the Cradlepoint X20 5G Router, enabling enterprise-class fixed wireless access (FWA) connectivity for small- to medium-sized and home-based businesses, temporary sites, and remote workers. The Ericsson Cradlepoint X20 delivers powerful, plug-and-play FWA 5G connectivity with advanced network slicing and security capabilities. Featuring cutting-edge routing, switching, and Wi-Fi 7, the X20 ensures robust, easy-to-maintain connectivity essential for critical business operations. Now enterprises can quickly deploy high-bandwidth 5G connectivity, with unprecedented reliability enabled by dual-SIM failover capabilities and an eight-hour battery backup. 

Organizations are increasingly seeking agile, scalable connectivity to keep pace with evolving digital demands. IDC reports that by 2026, 75 per cent of enterprises will have assigned all deployment responsibility, operational control, and technology innovation for at least one major network domain to a trusted management partner. With the availability and cutting-edge capabilities of the Cradlepoint X20, service providers can offer managed services with tiered service packages catering to diverse customer needs and differentiate themselves in a rapidly expanding market. 

Capabilities of the Cradlepoint X20 Router span different types of business use cases including the following: 

  • Small-to-Medium Sized Businesses: The X20 5G Router provides SMBs, such as retail stores and small offices, with reliable, high-speed connectivity without traditional wired infrastructure. Easy installation and scalability allow businesses to enhance operations and adapt as they grow.
  • Temporary Sites: Perfect for pop-up stores, mobile clinics, and construction sites, the X20 ensures rapid deployment and flexibility. Its wireless design supports critical operations with high-speed 5G connectivity in dynamic environments. 
  • Remote Workers and Home-Based Businesses: Ideal for remote and hybrid workers, the X20 offers easy setup and portable, high-speed internet for seamless access to cloud applications, video calls, and collaborative tools. 

The Ericsson Cradlepoint X20 5G Router will be available in April 2025. For more information, visit https://cradlepoint.com/product/endpoints/x20/.  

Leave a comment »

2.7 Billion Records Exposed in IoT Devices Data Breach 

Posted in Commentary with tags on February 12, 2025 by itnerd

Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database belonging to Mars Hydro, a China-based company offering IoT grow lights and software applications. It contained 2.7 Billion records with a total size of 1.17 TB exposing Wi-Fi SSID network names, passwords, IP addresses, device ID numbers, email addresses and some more.

The unprotected database contained WiFi network names, passwords, IP addresses, device IDs, and API details, posing serious security risks. Unauthorized access to devices or networks, phishing attacks, intercepting data, eavesdropping or impersonation via MITM (man in the middle attacks). 

You can read the report here: https://www.vpnmentor.com/news/report-marshydro-breach/

Leave a comment »

Valentine’s Day Fraud Prevention Tips From Visa Canada

Posted in Commentary with tags on February 12, 2025 by itnerd

Romance scams cost Canadians over $58.4M in 2024, with median losses exceeding $2,000 per victim. Visa is sharing expert insights to help consumers recognize red flags and protect themselves from romance scams this Valentine’s Day.

Red Flags 🚩 

  • Tragic backstories – Be cautious of early tragic stories, especially if they lead to requests for money. Scammers use emotional tales to elicit sympathy and financial aid. 
  • Too good to be true –  Scammers often create profiles with model-like photos and flawless backgrounds, while genuine profiles usually have a mix of candid and professional photos 
  • Too soon “I Love You” – Scammers use flattery and quick declarations of love to emotionally manipulate victims. If someone professes love too soon, be cautious. 
  • Avoiding video calls – If your match avoids video calls or meetings, they may be hiding something. Scammers dodge face-to-face interactions to sustain their deception. 

Read more tips from Visa here.  

2 Comments »

« Older Entries
Newer Entries »