New Mandarin Chinese Phishing Kit: UK, US, ES, AU, JPN Victims Across Public, Postal, Banking Sectors

Posted in Commentary with tags on October 31, 2024 by itnerd

Netcraft has published its latest research into a phishing kit used in campaigns targeting the UK, US, Spain, Australia, and Japan from September 2024.

Over 1,500 related IP addresses and phishing domains have been identified, targeting victims with fake charges related to motorists, government payments, and postal scams.

The kit, which uses a branded mascot and interactive features added for entertainment, has identified over 2,000 phishing websites.

Netcraft discovered organizations targeted across the public sector and the postal, digital services, and banking sectors.

Threat actors using the kit to deploy phishing websites often rely on Cloudflare’s anti-bot and hosting obfuscation capabilities to prevent detection.

The kit uses Mandarin Chinese throughout and provides users with an admin panel to configure and manage phishing campaigns.

You can read the details here.

Leave a comment »

TRM Labs and Flashpoint Join Forces to Enhance Visibility into Cyberattacks Involving Cryptocurrencies

Posted in Commentary with tags on October 30, 2024 by itnerd

TRM Labs, the global leader in blockchain intelligence, and Flashpoint, the leader and largest private provider of threat intelligence, have joined forces to integrate their capabilities and give customers unprecedented visibility into cybercriminal activity on blockchain networks.

Disrupting criminal networks is increasingly vital to keep the crypto ecosystem safe from illicit actors and allow it to grow for lawful users. TRM Labs’ Illicit Crypto Economy Report reveals that criminals are handling over $34 billion in cryptocurrency. However, with governments and law enforcement agencies leveraging advanced threat and blockchain intelligence, these figures are beginning to decline as they disrupt and prosecute bad actors using crypto for criminal transactions.

TRM Labs makes it easier for investigators to uncover connections between disparate data sources by reducing the need for manual intelligence checks across multiple platforms. With this partnership, TRM Labs has integrated Flashpoint’s data directly into its blockchain intelligence platform. Investigators that use TRM Labs will now benefit from an enriched repository of threat intelligence data within TRM Forensics, including comprehensive details on threat actors, malicious content, illicit forum conversations, and current and historical information from the dark web and social media sources, with the ability to explore deeper insights through a Flashpoint license.

This partnership bolsters TRM Labs’ existing portfolio of proprietary threat intelligence that includes Chainabuse, the largest scam and fraud victim reporting platform in the blockchain intelligence industry. Chainabuse empowers anyone in the crypto economy to report scams, hacks, or other fraudulent activity as they encounter it. The free tool enables crypto users, victims of financial crimes, and crypto businesses to take an active role in making the crypto ecosystem a safer place to operate.

For more information about this partnership and how it can help enhance investigative outcomes, please visit TRM Labs at https://trmlabs.com.

Leave a comment »

Horizon3.ai Named to the 2025 Fortune Cyber 60 For The Second Consecutive Year

Posted in Commentary with tags on October 30, 2024 by itnerd

Horizon3.ai, a leader in autonomous security solutions, is honored to announce its second consecutive inclusion in the Fortune Cyber 60, presented by Lightspeed. This recognition underscores the company’s continued innovation and influence in the cybersecurity industry. The Fortune Cyber 60 acknowledges the top venture-backed startups delivering enterprise-grade cybersecurity solutions, with Horizon3.ai remaining the only provider of a fully autonomous penetration testing and threat detection platform, NodeZero™.

At the heart of Horizon3.ai’s success is the NodeZero Autonomous Security Platform, which enables organizations to continuously identify, remediate, and validate exploitable vulnerabilities. By using real-world attackers’ tactics, techniques, and procedures (TTPs), NodeZero offers the most comprehensive view of exploitable attack paths, empowering organizations to strengthen their defenses. The platform integrates threat detection, autonomous pentesting, third-party risk management, and governance, risk, and compliance insights, providing organizations with the tools they need to maintain a resilient cybersecurity posture.

So far in 2024, Horizon3.ai has introduced several groundbreaking capabilities that further solidified its position as a pioneer in offensive cybersecurity. These advancements include:

  • NodeZero Tripwires™ – Deploys proactive deception mechanisms that detect attacker activity early, diverting them to decoys and exposing their tactics.
  • Cloud Penetration Testing – Automated vulnerability detection in cloud environments like AWS and Azure, securing critical cloud assets.
  • Rapid Response Service – Provides real-time intelligence on new vulnerabilities, enabling swift responses to zero-day and N-day threats.
  • Phishing Impact Testing – Simulates potential damage from compromised credentials, offering a realistic assessment of organizational risk.

Horizon3.ai’s inclusion in the Fortune Cyber 60 underscores its impressive growth, marked by a 15x revenue increase over the past three years, a customer base of over 2,000, more than 80,000 tests conducted within production networks, and over 1.3 million impacts resulting from discovered exploitable attack paths in real-world environments. Organizations spanning 60+ industries across 30 countries rely on NodeZero to verify and fortify their security continuously.

Leave a comment »

HP Equips Partners for the AI Era with New Amplify AI Program

Posted in Commentary with tags on October 30, 2024 by itnerd

Today HP announced a new HP Amplify program for partners, HP Amplify AI. HP Amplify AI is a customizable program designed to boost partner capabilities in achieving positive AI outcomes offering AI guidance, tools, resources, training, and certification. Other enhancements unveiled today include new AI-powered tools, availability of refreshed HP Future Ready AI MasterClass content in multiple languages, and global expansion of the HP Business Partner Program.
  
Empowering Partners to Drive AI Adoption and Sales
 
With worldwide AI spending expected to reach 632 billion by 2028, partners are exploring opportunities to drive AI adoption both within their own businesses and to help their customers increase productivity by focusing on high-value work. With a history of innovation, strategic partnerships with leading software and hardware providers, and a legacy of trust spanning over eight decades, HP is uniquely positioned to lead in the era of artificial intelligence.
 
To support partners in their increasingly AI-centric advisory role to customers, HP is launching HP Amplify AI, a persona-based program that is tailored to enhance partners’ unique capabilities and drive AI outcomes. Launching on November 1, 2024, this new program will include HP Amplify AI HUB, a centralized resource for AI training, certification, and tools, offering role-based opportunities to help partners sell AI devices and solutions more effectively.
 
On top of a comprehensive suite of assets, eligible partners can benefit from coaching and practical use cases that illustrate how AI PCs can improve productivity and drive positive outcomes for customers. Partners can gain certification opportunities and recognition for HP AI proficiency and AI-powered sales tools to track their progress. By developing the necessary AI credentials, partners can support customers on their AI journey and future-proof their businesses with AI-powered products and solutions. The initial rollout of HP Amplify AI will begin worldwide on November 1, 2024.

Additionally, as refresh cycles present a significant opportunity for partners and customers to prepare for future AI advancements, HP is also delivering targeted sales resources to foster the adoption of HP AI products and solutions while driving business growth for partners and their customers.
 
Improving Partner Experiences and Productivity
 
Creating better outcomes and experiences starts with driving operational productivity. This quarter, HP is rolling out an AI Chatbot to answer queries and guide partners through the HP Partner Portal, making it easier to find information quickly. In addition, HP is improving collaboration with faster pricing turnaround times using the AI-powered Configured Price Quote (CPQ) platform, available in 108 countries.
 
In May, HP released the HP Future Ready AI MasterClass AI training and certification program to help HP employees and HP Amplify partners gain a competitive edge. The program offers tailored role-based online training for sales representatives, account managers and technical consultants. Over the past six months, more than 12,000 users have enrolled in the AI MasterClass, surpassing expectations. In response to increased adoption, HP has rolled out refreshed content available in new languages allowing users globally to augment their expertise and capabilities to stay ahead in the rapidly changing AI landscape.
 
Engaging a Broader Ecosystem
 
The award-winning HP Amplify program drives partner development through a simplified global structure, rewarding performance, collaboration, and capabilities. To provide a clear path to membership, HP has expanded the HP Business Partner Program globally by taking on a larger community of non-HP Amplify partners and boosting SMB growth via Distributors.
 
The HP Business Partner Program offers partner accreditation, brand visibility, and streamlined processes for superior customer experiences. Participants will benefit from quick onboarding, and a consistent global digital experience with instant pricing, product details, training materials, and sales and marketing resources.
 

Leave a comment »

Unmasking the Truth Behind Free Apps

Posted in Commentary with tags on October 30, 2024 by itnerd

Safety Detectives have examined some of the most popular apps and the permissions the apps request. Through this research, they aim to raise awareness about the hidden costs associated with free apps and the importance of data security and privacy in the digital age. 

According to their research: 

  • 98% of global mobile app revenue came from free apps. Taken together, these numbers highlight the fact that many apps generate revenue through means other than direct sales. 
  • More than 75% of social networking apps they reviewed request sensitive information, like physical address and financial information, indicating that their focus on collecting user data prioritizes monetization over enhancing core functionalities. 
  • Over 90% of the apps claim to comply with data protection measures, but gaps in data sharing and security can still expose users to significant risks, including unauthorized profiling, privacy breaches, and regulatory non-compliance. 

Why it matters: 

The findings reveal concerning trends in app permissions and data practices that have significant implications for user privacy and control. Social networking apps, in particular, often request unnecessary sensitive information that is not essential for their operation, indicating a focus on data collection for monetization purposes. 

You can access their detailed report here: https://www.safetydetectives.com/blog/free-apps-permissions-study/

Leave a comment »

Sage Intacct Accountants Launches in Canada

Posted in Commentary with tags on October 29, 2024 by itnerd

Sage today announces the launch of Sage Intacct Accountants in Canada. This innovative program provides accounting practices with comprehensive, cloud-based financial management tools designed to help them expand their service offerings, efficiently manage outsourced mid-market clients, and drive business growth.

Sage Intacct Accountants addresses the key challenges accounting practices face today. According to Sage’s Practice of Now report, 92% of accountants feel they spend too much time on manual administrative and compliance tasks, preventing them from focusing on more strategic, high-value advisory roles. Additionally, 90% report that their heavy workload affects the quality of client services, while 85% express a desire for more opportunities to engage in strategic work. Sage Intacct Accountants is specifically designed to tackle these issues, enabling accountants to automate routine processes, reduce manual workloads, and enhance client offerings through real-time financial insights and AI-driven tools.

Mid-market businesses in Canada contribute significantly to the economy, accounting for 13.4% of the country’s GDP and creating a substantial portion of new jobs. With Sage Intacct Accountants, practice leaders are empowered to support these businesses by offering tailored, scalable solutions that manage financial complexity, automate routine tasks, and provide data-driven decision-making capabilities.

Sage Intacct Accountants empowers accounting practices with the flexibility to choose between two pathways—Standard and Professional—based on their unique business models. With Sage Intacct Accountants, accounting practices can increase their advisory services and net client fees by more than 10x for every dollar spent. As AI adoption in accounting is expected to double within the next five years, its powerful AI capabilities ensure that firms remain competitive and continue delivering high-value services.

For more information on Sage Intacct Accountants, visit sage.com/en-ca/partners/service-delivery-partners/managed-services and for details on Sage’s Practice of Now report visit, sage.com/en-ca/accountants/resources/practice-of-now.

Leave a comment »

Nuspire’s Q3 2024 Threat Report Shows 50% Spike in Exploit Attempts and Rise in Ransomware Extortion Activity

Posted in Commentary with tags on October 29, 2024 by itnerd

Nuspire today released its Q3 2024 Cyber Threat Report, offering an in-depth analysis of cyber threats over the past quarter. Significant findings in the report include a surge in exploit attempts, a change in ransomware group dominance and shifting trends in dark web behavior.

According to the report, exploit activity increased by over 50%, driven by a sharp rise in attacks against VPN technologies. On the ransomware front, a power shift emerged as RansomHub dethroned LockBit as the top extortion publication group, signaling evolving tactics in the ransomware ecosystem.

Key insights from Nuspire’s Q3 2024 Cyber Threat Report include:

  • Exploit Activity:
    • A total of 16,964,624 exploitation events were detected in Q3, marking a 50.96% increase over Q2.
    • Over 60% of these attacks targeted unpatched or outdated systems, focusing on VPN vulnerabilities.
    • The Fortinet FortiOS SSL-VPN vulnerability (CVE-2022-42475) was the most exploited, with a significant uptick in attack attempts.
    • Exploits targeting remote work environments saw a 45% increase, further highlighting the risks posed by hybrid workforces.
  • Ransomware Trends:
    • RansomHub ransomware overtook LockBit as the leading ransomware group, with an 8.06% rise in ransomware publications.
    • Nearly 30% of all ransomware-related extortion in Q3 was attributed to RansomHub’s activity.
    • 40% of successful ransomware attacks were initiated through phishing or exploited vulnerabilities.
    • Smaller ransomware groups are adopting more agile tactics to evade law enforcement and detection.
  • Dark Web Listings:
    • Dark web activity decreased by 5.41% overall, but the Lumma Stealer infostealer saw a resurgence, with a 12% increase in listings.
    • Demand for compromised VPN and cloud service credentials surged, with listings for these credentials increasing by 15%.
    • High-value targets, particularly in healthcare, financial services and critical infrastructure, were prioritized in dark web transactions.

To access the complete Q3 2024 Cyber Threat Report, click here. 

Leave a comment »

New Chenlun/Sinkinto01 TTPs Development to Use Amazon & USPS Lures in Smishing Attacks

Posted in Commentary with tags on October 29, 2024 by itnerd

DomainTools has published new research on the development of phishing attacks to gather personal information attributed to the threat actor Chenlun/Sinkinto01, which continued after DomainTools’ original investigation in December 2023.

After analyzing related domains, DomainTools noticed interesting evolutions in their tactics, techniques, and procedures (TTPs). Chenlun has expanded to use Amazon and the previously identified United States Postal Office (USPS) lures.

DomainTools domain-related data allowed researchers to identify a preference for using subdomains with short life cycles on older apex-level domains. Both subdomains and apex-level domains indicate using a domain generation algorithm (DGA) as an obfuscation method. 

DomainTools identified redirect domains used after visiting the domain mentioned in the SMS message to further obfuscate the path traveled by the victim before being asked for personal information.

Last year, DomainTools published research on a phishing campaign that targeted individuals by using SMS messages to impersonate the USPS. The original article details the likely responsible threat actor, Chenlun/Sinkinto01. 

You can read the details here.

Leave a comment »

TELUS and Photonic join forces to build Canada’s quantum future

Posted in Commentary with tags on October 28, 2024 by itnerd

TELUS is has announced a collaboration with Photonic Inc., a pioneering BC-based company, to accelerate the development of next-generation quantum communications in Canada. TELUS will provide Photonic dedicated access to its advanced fibre-optic network, enabling the testing of groundbreaking quantum technologies and emerging solutions that promise to reshape Canada’s digital landscape, improve productivity and drive economic growth.

Over the past several years, quantum technology has moved beyond academic research and is entering the commercial realm, with companies like Photonic leading the charge. The collaboration with TELUS provides a path for industries such as finance, security and logistics to prepare for a quantum-secure future. With TELUS’ infrastructure enabling the testing of real-world applications, Photonic is helping accelerate the commercialization of quantum technologies, set to reshape how industries approach computing and secure communication, both in Canada and worldwide.

As part of this collaboration, TELUS is providing Photonic access to a 30-kilometre dedicated fibre network in British Columbia – configured to test increasingly complex quantum networking that leverage quantum encryption for ultra-secure, tamper-evident transfer of information over long distances. This state-of-the-art infrastructure will enable Photonic to advance critical capabilities in quantum computing (solving complex problems beyond the reach of today’s computers), quantum networking, and quantum key distribution (using quantum signals to create secure encryption) – technologies crucial for the future of digital security and innovation. 

This effort marks a major milestone for both companies as they work to lay the foundation for a quantum internet. The dedicated fibre network is connected to TELUS’ national infrastructure, offering potential for broader, nationwide testing and marking the first time a Canadian startup has been granted access to a major telecom operator’s network for the purpose of developing quantum communication capabilities. It follows impressive milestones recently achieved by Photonic,including a successful demonstration of entanglement distribution between independent systems in a commercial setting (entanglement allows particles to share quantum information across distances), an essential component of scaling quantum networks.

Quantum technology holds the potential to solve some of the world’s most complex computation problems, ranging from materials development to climate-friendly catalyst development. However, it also presents new challenges, including the ability to break existing encryption methods within the next decade. This collaboration between TELUS and Photonic helps position Canada as a global leader in the quantum race, ensuring everyday Canadians and businesses are prepared for a quantum-secure future. 

Leave a comment »

Cyber insurers bridge security gap in water sector with hands-on cyber-risk practices 

Posted in Commentary with tags on October 28, 2024 by itnerd

Today, Bloomberg posted recent findings pertaining to cyber insurers’ role in policyholders’ security posture, specifically those within the US water systems industry.

Unlike many other CNI entities, the water sector is extremely fragmented, with at least 150,000 utilities spread throughout the country with smaller systems serving as few as just dozens of customers, operating with low budgets that often don’t account for cybersecurity.

A May EPA alert found over 70% of systems inspected since September 2023 violated the Safe Drinking Water Act’s requirements to develop risk assessments and emergency response plans.

Amidst meager cybersecurity regulations from federal agencies, many cyber insurers have moved on from a traditional, application-based underwriting model in favor of new, hands-on cyber risk practices to help spread the risk and improve resilience of the US water sector, including testing existing systems and helping policyholders address shortcomings.

Sezaneh Seymour, head of regulatory risk and policy at cyber carrier Coalition Inc. said Coalition was able to reduce vulnerabilities of water entities it covered by over 90% in six months through risk pooling.

Despite a growing appetite from insurers to cover cyber risk, many entities, especially in the water sector, still can’t obtain coverage due to lack of resources, knowledge, and dated operational systems that won’t meet the minimum qualifications to attain cyber insurance.

“It’s just a matter of time before a determined adversary bypasses the safety functions that have kept systems, people, and the environment safe thus far,” said Jennifer Lyn Walker, the director of infrastructure cyber defense at WaterISAC.

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

“Although there’s a strong desire for the water sector to adopt the latest IT technologies and security practices, this isn’t always practical. Autonomous risk assessment solutions provide a way to determine if older operating systems and unsupported software are truly exploitable based on their specific deployment scenarios. While a component of the infrastructure might be flagged as being “vulnerable”, that doesn’t necessarily mean it can be exploited from the outside in.”

Anything that is considered to be a critical sector needs to step up their game to manage cyber risk. That includes really getting onto the bandwagon of being up to date in terms of the threat landscape and taking the required steps to mitigate those threats. That needs to happen ASAP.

Leave a comment »

« Older Entries
Newer Entries »