Cyware Launches Industry-Tuned Threat Intelligence Platform to Defend Healthcare Organizations from Cyber Threats

Posted in Commentary with tags on December 3, 2024 by itnerd

 Cyware, the leading provider of threat intelligence management, low-code/no-code security automation, and cyber fusion solutions today announced the launch of its Healthcare Threat Intelligence Platform (HC-TIP), a solution specifically designed to facilitate accelerated cyber response in the healthcare sector. With healthcare systems increasingly targeted by sophisticated cyberattacks, including ransomware and medical device exploits, Cyware’s HC-TIP offers a robust platform for healthcare organizations to more efficiently and effectively defend against the specific threats targeting their industry.

The healthcare industry faces unique cybersecurity challenges, including the protection of sensitive patient data, safeguarding connected medical devices, and ensuring the continuous operation of critical healthcare services. The Cyware HC-TIP is tailored to these needs, leveraging healthcare-specific threat feeds, real-time dashboards, and advanced threat intelligence tools to provide a comprehensive security solution.

Pre-configured, the platform integrates industry-specific threat feeds from leading sources along with healthcare-focused feeds like HHS.gov and Healthcare InfoSecurity. These resources help organizations track healthcare-specific threats, including vulnerabilities in electronic health records (EHRs) and medical devices. Additionally, Cyware’s HC-TIP offers built-in tagging for healthcare and pharmaceutical threats, making it easier for organizations to categorize and analyze data.

Key features of Cyware’s Healthcare Threat Intelligence Platform include:

●    Healthcare-Specific Threat Feeds: Aggregates threat intelligence related to ransomware, medical device vulnerabilities, and compliance threats.

●    Industry-Specific Tagging and Saved Searches: Pre-configured tagging and searches to streamline access to relevant data for threat hunting and investigation.

●    Healthcare Threat Landscape Dashboard: A real-time view of threats, vulnerabilities, and ongoing alerts specific to the healthcare sector.

●    Automated TTP Mapping MITRE ATT&CK: Automated mapping to the MITRE ATT&CK framework, with support included for Cyber Kill Chain, and Diamond Model of Intrusion Analysis

By offering these healthcare-focused capabilities, Cyware’s HC-TIP provides timely and accurate threat detection, helps organizations maintain compliance with regulations such as HIPAA and GDPR, and enables faster, data-driven decision-making. The platform is designed to streamline workflows, prioritize high-severity threats, and reduce the attack surface across healthcare networks.

Cyware’s HC-TIP will be available later this month for healthcare organizations looking to fortify their cybersecurity posture with a solution that delivers rapid time-to-value and robust industry-specific protection.

For more information on Cyware’s Healthcare Threat Intelligence Platform, register for their December 17 virtual event or learn more https://www.cyware.com/healthcare.

Leave a comment »

Sage Intacct supports SMB growth with new enhancements and capabilities

Posted in Commentary with tags on December 3, 2024 by itnerd

Sage, the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs), today announces that Sage Copilot is available to early adopters initially in the US and UK on Sage Intacct. As part of a raft of new enhancements and updates for Sage Intacct customers globally, the introduction of this cutting-edge generative AI tool will support customers with actionable insights and intuitive support to help drive productivity and growth.

Sage Copilot is one of the first AI-driven tools designed to transform how accounting and finance teams tackle their daily challenges, from quickly highlighting budget variances for proactive management to providing clear, trustworthy answers to critical how-to questions. Sage Copilot empowers users to work smarter and faster, streamlining tasks and uncovering insights that drive meaningful business results. Sage is working closely with customers to deliver on its vision to help organizations drive productivity, accuracy, and compliance, helping SMBs to focus on growth and profitability.

Sage Copilot launches at a pivotal moment, with Sage research revealing that 80% of CFOs are embracing AI to reclaim time for high-value tasks. The Sage report, The Secrets of Successful CFOs, highlights that this shift allows CFOs to build critical leadership skills as finance roles evolve; 89% report significantly expanded responsibilities due to technology and global complexities.

Sage Intacct Release 4 2024 Enhancements Include: 

  • Sage Copilot Variance Analysis: Helping to streamline financial oversight for budget managers, Sage Copilot variance analysis provides real-time insights and automatic alerts on budget variances, enabling faster, informed decision-making across the organisation. It enables budget managers to quickly identify errors and variances by comparing budgeted with actuals or period-over-period data, providing real-time insights and reducing manual analysis for faster, better financial decisions.

    Availability: Early Adopters in the US & UK
  • Sage Copilot Search Help: Providing users with direct, conversational answers, Sage Copilot Search Help users save time, enables them to focus on more valuable work and boost overall productivity.

    Availability: Early Adopters in the US
  • Sage Intelligent Time Enhancements: With enhanced new features such as time clocks and rate cards, Sage Intelligent Time meets the needs of professional services, retail, andmanufacturing industries. These improvements help ensure compliance with labour regulations, provide accurate time tracking, and simplify billing processes. Streamlined operations in these industries directly contribute to improved profitability and business growth.

    Availability: US, CAN, UK, AUS, ZA
  • New Industry Solutions with Continental Utility Integration: Sage Intacct’s new connector for Continental Utility Solutions, Inc. (CUSI) streamlines data flow between utility billing and financial management. This integration provides utility companies with a complete financial overview, reducing manual data entry, improving accuracy in billing and payments, and ultimately freeing up resources to focus on growth.

    Availability: US
  • Language Accessibility Improvements: To eliminate barriers for non-English-speaking users, Sage Intacct now supports French-Canadian and Spanish (Spain) languages in an open beta available to all users, making the platform accessible to a broader audience and addressing linguistic nuances. This expanded language support helps ensure that finance teams can work efficiently in their preferred language, reducing potential miscommunication and supporting smoother growth in diverse markets.

    Availability: In all regions 
  • Expanded Developer Capabilities with REST API: Sage Intacct’s REST API, built with Open API Specification 3.0, offers developers enhanced flexibility to create custom integrations, enabling businesses to expand their capabilities and grow with tailored solutions. With interactive documentation and versioned updates, it minimises integration challenges and allows developers to quickly build solutions that meet specific business needs.

    Availability: Early adopter in all regions
  • Localised Features for France: Sage Intacct manual lettrage allows for tracking the evolution of general ledger accounts and production of accurate entries. It helps French organisations to save time by facilitating the control of accounting entries through a chronological and systematic order of all transactions, promoting automatic verification and matching of each entry. Additionally, the bank transaction assistant helps simplify financial reconciliation, reduce manual workloads, and ensure compliance with local financial regulations, allowing businesses to focus more on growth and less on administrative tasks.

    Availability: France

Visit Sage Intacct for more information.

Leave a comment »

5 Tips to Secure your Organization this Holiday Season

Posted in Commentary with tags on December 3, 2024 by itnerd

As the holiday season approaches, organizations and employees take a well-deserved break, but threat actors do not; instead, seizing the opportunity to target businesses and individuals with phishing scams, data breaches, ransomware and other cyberattacks – all this at a high season for ecommerce and mirth. In fact, data breaches have already exposed more than 422 million records worldwide during Q3 of 2024 alone.

Christian Geyer, CEO and Founder at Actfore, offers Five Crucial Insights and Tips to keep organizations and their employees secure and ‘merrily’ on their way this holiday season. 

  • High Season for Phishing Emails and Scams: Phishing scams continue to be one of the most common forms of cybercrime, especially during the busy holiday shopping season. Specifically in this season, many scams target employees’ professional email accounts with fake information and scams in a ploy to gain personal information. Organizations should train employees to recognize phishing attempts year-round but conducting a refresher on what to look for this season is highly recommended. These scams can often appear as unsolicited emails, text messages, package delivery updates, or receipts from online retailers like Amazon or shipping companies such as FedEx.
  • Heightened Risks of Mixing Business with Pleasure: The cross-contamination of personal and professional activities drastically increases during the holiday season opening potential opportunities for threat actors. The mixing of business and personal accounts and information, drastically increases attack vulnerability because it adds yet another propped-open-door to businesses and their sensitive information. Generally speaking, it is best to encourage (or enforce) separation of employee’s personal and professional digital trails and accounts. For example, it is best practice to refrain from adding one’s business postal address for personal shopping deliveries or refraining from creating doctor’s (medical practice) portal profiles with one’s business email address.
  • Trust in Snapshot Backups: Snapshots, which capture data at specific points in time, are essential for quickly restoring business after a breach incident. During the holiday season, when cyberattacks spike, any minute you can reduce from business downtime due to a cyber incident is critical. So, keeping up with your snapshots, and as some practice, increasing your snapshot rate can make huge impact. it’s critical to ensure cloud backups are up-to-date and reliable, offering a secure point of recovery in case of a breach.
  • Prepare for Ransomware: Ransomware surge during the holidays. Regularly updated snapshots can mitigate data loss, and even reduce the likelihood of needing to pay a ransom. With up-to-date backups in place, organizations can reduce or avoid prolonged business down-time negotiating with attackers or paying for recovery.
  • Create a Response Plan and Playbook: A well-prepared post-breach response plan is crucial. Organizations should develop a playbook that outlines clear steps for managing a breach, including contact information for forensics vendors, legal counsel, and cyber insurance carriers. Key stakeholders and teams should be notified, and the playbook should be printed and easily accessible in case digital systems go down.

Leave a comment »

30M protected links exposed by ‘safe’ link-sharing provider

Posted in Commentary with tags on December 3, 2024 by itnerd

Cybernews research has shown that a safe linking service accidentally leaked millions of links that were meant to be private and exposed who created them. 

Researchers discovered that Safelinking.net, a platform designed to protect and manage links, had publicly leaked a tremendous amount of user data that was supposed to be protected.

Apart from making 30 million private links public, the platform also exposed the account data of over 156,000 users.

Safe linking services allow you to create protected links with various safety controls, such as passwords, PINs, IP address limitations, or real-time URL scanning, to secure access and protect users from malicious links. 

Microsoft and Google integrated safe linking to their products long ago. For those who do not subscribe to the tech giants’ solutions, there are platforms on the internet that provide similar services. However, using third-party services can pose risks, particularly when human error occurs.

What data was leaked?

  • Usernames
  • Emails
  • Encrypted password with salt and API hashes
  • Notification settings
  • Security settings associated with the links
  • Social media account IDs
  • Protected links

Malicious bots find the data

The leak was caused by a poorly configured and passwordless MongoDB database. After investigating the leak, the research team discovered traces of malicious bots that had already targeted the unprotected database. 

Misconfigured MongoDB databases are often targeted by automated bots, which insert README notes with a ransom demand. If the database owner does not pay the ransom, the bots destroy the database’s content by sending a “delete” command. 

Such a note was discovered in the leaked database belonging to Safelinking. The note demanded payment of 0.0057 BTC, which at the time of publishing, was nearly $660. “In 48 hours, your data will be publicly disclosed and deleted,” reads the ransom note.

Following the ransom demand, a malicious bot destroyed the open database, which is now not publicly available. Cybernews have contacted the company for a comment, but they have yet to receive a response.

To read the full research, please click here.

Leave a comment »

Wiz Defend Offering Debuts with Tamnoon as a Launch Partner

Posted in Commentary with tags on December 2, 2024 by itnerd

Tamnoon, a leader in Managed Cloud Security Remediation, today announced its status as a launch partner for Wiz Defend. The new solution from Wiz draws upon the power of Wiz Integration Network (WIN) partners to better detect and respond to cloud threats in real-time. Tamnoon was selected as a launch partner due to its leading Managed Cloud Security Remediation capabilities, seamlessly integrating with Wiz Defend to empower customers and their SOC/Incident Response teams.

The WIN platform enables bi-directional sharing of security findings across the cloud security ecosystem comprised of hundreds of industry-leading partners like Tamnoon that help mutual customers gain security insight and visibility. With the introduction of Wiz Defend, Wiz is now extending its value to SOC and IR teams for better preparation, investigation, detection, and response to cloud incidents. 

WIN enables mutual customers of Tamnoon and Wiz to receive the following benefits: 

  • Enhanced Cloud Visibility: Wiz’s agentless scanning gives teams immediate visibility into all workloads and cloud services, ensuring no security issues are missed across their infrastructure. Combining this visibility with AI-driven, human-verified managed cloud security from Tamnoon allows customers to bring down critical threats faster than ever.
  • Reduced Alert Fatigue: Wiz Issues combine toxic risk combinations that lead to open attack paths, helping teams identify what to prioritize and fix. Tamnoon enriches all Wiz Issues with proactive, human, and AI-driven investigation, correlating current and past alerts and factoring in information about critical assets, ownership, encryption, public exposure, and more. To enhance the collaboration between security and engineering, Tamnoon offers curated, highly relevant remediation playbooks that facilitate quick handover between teams, closing the loop on the original issues.
  • Cloud Exposure Remediation: The integration automates the remediation of Wiz issues by leveraging Tamnoon’s managed cloud remediation that allows for safe and scalable remediation and ongoing incident response monitoring, including exposure reduction SLAs and KPIs for continuous improvement — all driving critical cloud threats and exposures to zero within months. 

The combined value of these two offerings will streamline security for organizations seeking to eliminate blind spots and telemetry gaps in order to improve cloud incident response readiness, multi-cloud threat detection, investigation, and threat hunting.

Leave a comment »

Vancouver Canucks Announces Fortinet as Its Preferred Partner

Posted in Commentary with tags on December 2, 2024 by itnerd

Vancouver Canucks and Fortinet today announced that Fortinet has become the new Preferred Partner for the 2024–2025 season. Canucks Sports & Entertainment (CSE) has chosen Fortinet’s industry-leading Security Fabric platform to reduce complexity and streamline the identification and remediation of network and security issues across the group’s facilities.

CSE is one of the premier sports and entertainment companies in North America. In support of their goal to create inspiring moments and unforgettable experiences for their fans, CSE has deployed several Fortinet solutions at its central data center to help secure the Rogers Arena, home to NHL Vancouver Canucks and its fans, the Canucks Training Camp facilities, and the eSports team Vancouver Surge.

The Fortinet Security Fabric Wins Over Vancouver Canucks 
The Fortinet Security Fabric platform and Fortinet’s unique ability to converge networking and security help organizations like CSE reduce management complexity by consolidating siloed security tools, increasing visibility, improving performance, and decreasing the mean time to detect and respond to security incidents.

The Canucks’s implementation includes a central FortiGate Next-Generation Firewall (NGFW) cluster at its data center to protect and segment its network and build a Secure SD-WAN platform to simplify, accelerate, and secure communications between locations. Supported by the Fortinet Security Fabric platform, CSE has a single pane of glass to help consolidate management, visibility, analytics, and control for the entire environment.

Fortinet Leads the Cybersecurity Evolution in Canada
Fortinet has a long history of investing in Canada over the last 20 years. With more than 2,600 employees and over $200 million in infrastructure investments across Canada, including a regional data center, offices, a security operations center, and center of research and development excellence, Fortinet has been dedicated to protecting Canadian enterprises, nonprofits, educational institutions, and government agencies. 

Fortinet also remains steadfast in its commitment to close the cybersecurity skills gap and has pledged to train 1 million people globally by 2026 through its award-winning Training Institute program. As part of this, with more than 30 Canadian academic partners, no-cost training to all K-12 school boards in Canada, and an emphasis on helping military members, veterans, and spouses transition into the cyber field, Fortinet is helping grow cybersecurity awareness and resilience across the nation.

Leave a comment »

DMZ’s Women Innovation Summit returns for year three

Posted in Commentary with tags on December 2, 2024 by itnerd

 DMZ, a global startup ecosystem, announced its third annual Women Innovation Summit, set to take place on March 6, 2025. Hosted at DMZ’s headquarters in downtown Toronto, the Summit will bring together women-led startups, innovators, investors, corporate partners, allies and policymakers for a full day event in honour of International Women’s Day. 

Committed to celebrating women entrepreneurs and serving as a catalyst for women’s innovation, the 2025 Summit will unite attendees through intimate roundtable discussions, a pitch competition providing women-led startups with funding opportunities and the official unveiling of DMZ’s 2025 Women of the Year honourees.

Applications for the Women Innovation Pitch Competition and nominations for DMZ’s Women of the Year are now open at dmz.to/WIS. The deadline to apply or nominate is January 19, 2025.

For the third consecutive year, The Firehood—a national network dedicated to advancing women in technology—will join DMZ as an investment partner, committing $100,000 in cash investments for the Women Innovation Pitch Competition. The Firehood has awarded $330,000 in funding to women-led startups through DMZ’s Women Innovation Summit, which has welcomed more than 600 attendees over its first two years.

Women Innovation Pitch Competition

Open to women founders across Canada, the pitch competition provides a unique opportunity to secure funding and accelerate business growth. From the applicants, 25 women founders will be chosen to receive personalized pitch advisory sessions, participate in curated roundtable discussions and gain valuable marketing and PR exposure. Of these, 10 finalists will pitch live at the Summit to angel investors from The Firehood. In 2024, three remarkable women-led startups—LyfeMDRoga and Granularity—secured funding through the Women Innovation Summit, showcasing the incredible talent driving Canada’s innovation ecosystem. 

Women of the Year Awards

DMZ’s Women of the Year Awards honours outstanding women who are driving meaningful change in Canada’s tech and business sectors. Honourees represent trailblazers who are disrupting their industries, leading multi-million dollar companies, revolutionizing technology and inspiring the next generation of women in innovation. Previous awardees include Sylvia Ng, CEO of ReturnBear; Fatima Zaidi, CEO and Founder of Quill; and Mirela Pirlea, Lead Partnerships Innovation and Entrepreneurship for Ontario – Atlantic – West Canada at Desjardins. 2025 award recipients will be revealed at the Women Innovation Summit on March 6, 2025. 

Applications for the Women Innovation Pitch Competition and nominations for Women of the Year are open until January 19, 2025. Learn more and apply at dmz.to/WIS.

DMZ’s Women Innovation Summit was funded in part by the Government of Canada’s Women Entrepreneurship Strategy.

Leave a comment »

Canadian Black Friday Data From Salesforce Is Now In

Posted in Commentary with tags on December 1, 2024 by itnerd

Salesforce has followed up with their results from Black Friday. If you missed the first part of this, you can view it here.

Black Friday Results | Key Findings for Canada + Global: 

  • Canadian online Black Friday sales were down 6% YoY.
  • Globally, online Black Friday sales grew 5% YoY, garnering $74.4 billion in online sales. 
  • Discounts in Canada fell 11% YoY, down to 21% average discount.
  • In contrast, global discounts fell 3% YoY, at 27%. 
  • Salesforce estimates Cyber Week sales in Canada will be down 6% YoY in total growth.
  • Global sales are expected to drive $51 billion, up from $48.4 billion globally in 2023.

Stay tuned for a follow up for Cyber Monday.

Leave a comment »

Answering Your Questions About The M4 Mac Mini

Posted in Tips with tags on November 30, 2024 by itnerd

Something that has generated a lot of email in my inbox is which M4 Mac mini should people buy. It seems that there is a fair amount of confusion around this computer. And this hasn’t been helped by people noticing that depending on the upgrades that you choose, you can easily spend the price of two Mac mini’s without trying too hard. That prompted me to write this post to try and answer these questions as best as I can.

  • M4 or M4 Pro?: To be honest, most people should go for the M4 model. The only reason why anyone should go for the M4 Pro model is that you need the performance for 4K (or higher) video editing, 3D rendering, or anything that will take advantage of the extra graphics and performance cores that the M4 Pro has. If that’s not you, save your money and go for the M4 model.
  • Does Thunderbolt 5 matter?: I wrote an article on Thunderbolt 5, which by the way is only available on the M4 Pro model, here, but the short answer is that it doesn’t matter for anyone with the exception of the three people on planet Earth who have Thunderbolt 5 accessories. It will matter in a year or two when more accessories such as drives, docks and monitors appear that leverage Thunderbolt 5. I should also point out that the people who would care about Thunderbolt 5 are the same ones who would be in the target market for the M4 Pro model.
  • About that power button: To me, the whole discussion about the power button is a total non issue. Modern Macs are incredibly power efficient that leaving it on would not make any noticeable difference in your power bill. Besides, when was the last time you turned off your computer? Rarely if ever I suspect.
  • Should I Upgrade The RAM and Storage?: Here’s some random thoughts on this before I get to my recommendations. Upgrades from Apple are expensive, largely because you cannot upgrade after the fact. And before anyone mentions it, the fact that the storage in the Mac mini is removable does not mean you can upgrade it for less by going aftermarket. In fact, no aftermarket upgrade options exist as far as I am aware. Apple knows that so they get you for as much as they can get away with. The flip side of that is that Apple’s storage is way faster than it has any right to be. Ditto for their RAM because it’s basically packaged up with the CPU. That makes it very difficult to compare against say a garden variety PC with upgradable RAM and storage where neither is as fast. Now having said that, here’s my recommendations:
    • 16GB of RAM is fine for most people. Unless you are doing something really RAM intensive, there’s no logical reason for most people to upgrade the RAM.
    • Storage is another matter. The fact is that 256 GB of storage isn’t enough in my opinion. So, besides giving Apple your money to upgrade to 512GB, you might want to consider external storage such as a Thunderbolt 4 or USB 4 drive as that’s going to be way cheaper per gigabyte versus what Apple charges.
    • If you really must upgrade both because you have a use case that demands more RAM and more storage, the M4 Pro variant is what you should be considering.

Hopefully I’ve answered all of your questions regarding the M4 Mac mini. If I missed something, please leave a comment below and I will help you as best as I can. Or if you’re still not sure which Mac mini you should get, leave a comment below with your specific use case and I will help you as best as I can.

Leave a comment »

Canadian Black Friday Data From Salesforce Including Early Results & Predictions

Posted in Commentary with tags on November 29, 2024 by itnerd

Here’s Salesforce’s latest holiday findings, based on the global shopping data from more than 1.5 billion consumers across Commerce Cloud, Marketing Cloud, and Service Cloud, as well as a link to their holiday insights hub.

Key Findings (Canada, US and Global):

  • Early Cyber Week data shows that consumers planned and waited for Cyber Week deals.
  • US Thanksgiving finished strong with global online sales growing 6% YoY to $33.6B.
  • 30% of all Thursday sales in Canada were captured between the hours of 6pm and 10pm eastern
  • Global discounts remain steady globally on US Thanksgiving, but down in Canada:
  • The average global discount rate was 26% (flat% YoY), 28% in the US (flat YoY), and 21% in Canada (-11% YoY).
  • Social shopping grows:
  • Social channels referred 12% of all ecommerce traffic in Canada
  • Mobile traffic and orders peaked for the week:
  • Yesterday, mobile drove 72% of global online orders (up 3% YoY) and 80% of all online traffic (up 1% YoY).
  • 59% of online orders in Canada were from mobile (up 2% YoY).
  • AI makes an impact for global retailers:
  • Early holiday shopping season data showed that 1 in 5 holiday purchases are being influenced by consumers engaging with AI and agents.

Global Findings: 

  • Global sales are expected to reach $71.5B globally today.
  • For Black Friday, the majority of consumers will turn to online shopping during the hours 9 AM and 3 PM EST, with 42% of all online Black Friday shopping happening during this timeframe.
  • Global average selling price increased by only 2% YoY on US Thanksgiving, marking one of the smallest increases we’ve seen since 2022.
  • Social shopping grows:
  • For retailers that have adopted in-app social buying capabilities such as TikTok Shop or checkout via Instagram, about 19% of their US Thanksgiving day sales globally came from these social commerce apps.
  • Global top performing verticals by sales growth:
  • Home Dining, Art, and Decor (+39%)
  • Makeup (+22%)
  • Health & beauty (+21%)
  • Top global categories by average discount rate are currently:
  • Makeup (40%)
  • Home Dining, Art, and Decor (36%)
  • Skincare (35%)

2 Comments »

« Older Entries
Newer Entries »