Bluesky Adds 500,000 New Users Because Of Elon Musk’s Stupidity

Posted in Commentary with tags , on October 18, 2024 by itnerd

I’ve used a term called FAAFO in stories related to the stupidity of Elon Musk and how he runs Twitter. And a few days ago I posted two stories related his latest stupid moves. And as a result of those stupid moves, Elon is now in the find out phase. According to this, Bluesky has had an influx of new users:

update: half a million new people in the last day 🤯welcome, いらっしゃいませ, 환영, bem-vindo! 🦋🎉

Bluesky (@bsky.app) 2024-10-17T17:00:19.693Z

You have to wonder if Elon is actually trying to turn Twitter into a profitable company anymore because driving away users from a platform that is dependent on users doesn’t seem like a winning strategy to me. Is Elon so focused on his goal of making Twitter the world’s town square shaped to match his personal views that nothing else matters? Regardless, Elon’s latest stupid idea has now resulted in him finding out how stupid his ideas are.

Leave a comment »

Boston Children’s Hospital’s BHCP Pwned In Cyberattack

Posted in Commentary with tags on October 18, 2024 by itnerd

Boston Children’s Health Physicians (BHCP), part of the Boston Children’s Hospital network of care, announced that a cyberattack on its IT vendor occurred on September 6, resulting in exfiltrated files after unauthorized activity on its network. Those impacted include patients, current and former employees, and guarantors. Exposed data includes full names, SSNs, Addresses, DOBs, driver’s license numbers, MRNs, health insurance data, billing and treatment information. BHCP confirmed that the attack did not impact its electronic medical record systems, as they are hosted on a separate network. The BianLian ransomware gang claimed the cyberattack earlier this week and said that unless a ransom is paid, they will leak stolen files that allegedly include finance and HR data, email correspondence, health and insurance records, and data related to children.

Steve Hahn, VP of Americas, BullWall had this to say:

   “There is a reason HIPPA has strict compliance guidelines and cyber security is supremely important to the security of hospital records. Ransomware attacks on hospitals continue to rise, and are a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information.

  “The impact of these attacks can be devastating. They can leave patients and their families open to new harms at what is likely the most vulnerable point in their lives, and can leave institutions struggling to preserve patient care, protect their data and regain control of their systems. Whether a ransom is paid or not, the costs in terms of potential patient and caregiver impacts (as well as dollars) can severely impact these already struggling patients and their caregiving institutions. It’s particularly egregious that this attack focuses on clinicians serving the youngest, most vulnerable of patients.

   “Healthcare providers MUST expand beyond mere alerting, and institute actual ransomware resilience that can immediately contain an attack and proactively prevent server intrusion. They need MFA to every server, every session, working towards a zero-trust environment and, most importantly, they need containment and recovery strategies in place. In the same way that defense experts ‘war game’ physical attacks, knowing that solely focusing on preventing them isn’t viable, our major healthcare institutions must move to protect their critical infrastructure the patients and caregivers in their charge. This means operating from the vantage point that ransomware attacks are not a case of “if” but “when” – and implement resilience against ransomware to immediately thwart attacks and attempts at propagation, encryption and exfiltration.”

Once again healthcare is the target of a cyberattack. We keep talking about the fact that this is a sector that needs to put more focus on making sure that this isn’t something that keeps being repeated. I’m personally wondering when we will see that actually start to happen.

Leave a comment »

EnGenius Unveils SecuPoint Triad

Posted in Commentary with tags on October 18, 2024 by itnerd

EnGenius Technologies has announced the launch of the SecuPoint Triad (ESP100) a premium networking solution designed specifically for small and medium-sized businesses (SMBs). The SecuPoint Triad is priced at an MSRP of $799, representing a significant savings of 42% compared to purchasing these items individually for $1,382. This competitive pricing, paired with the product’s advanced features available through a unified interface, provides a compelling reason for small and medium-sized businesses and system integrators to transition from off-the-shelf, consumer-grade networks to a professional-grade system. 

This intuitive out-of-the-box solution is perfect for SMBs looking for high-performance hardware, easy cloud management, cost-effective connectivity, and enhanced security features. Unlike other solutions, the SecuPoint Triad provides a low barrier to entry and flexibility to scale as the business grows. 

SecuPoint Triad includes a comprehensive lineup of user-friendly hardware that is simple to set up and install and can be easily managed via the EnGenius Cloud. It features a VPN router that can be managed with automatic firmware and security updates, control over usage limits, and peace of mind. The EnGenius Cloud management system offers comprehensive network management. With included (2) Wi-Fi 6 access points and 24-port switch, you can control business devices, monitor switch port usage, and access troubleshooting tools remotely

Secure, Simple, and Sustainable Networking 

1. Robust Security: The SecuPoint Triad provides the highest level of protection for your business data with the VPN router. This router offers multi-gigabit performance, a high-efficiency layer 7 firewall, and L7 policy-based routing capabilities. Its user-friendly Site-to-Site VPN and Client VPN features ensure seamless, encrypted communication, giving users the confidence to connect safely to their business resources while maintaining optimal network performance.

  2.Simple Management: SecuPoint Triad simplifies network management with its integrated cloud management. The system allows centralized control, deployment, troubleshooting, and real-time monitoring and analytics. This is ideal for professional offices with limited or outsourced IT resources. SecuPoint Triad ensures that customers can focus on their business rather than complex IT issues. 

 3. Leading-Edge Features: This comprehensive package offers advanced AVXpress technology integrated with enterprise-grade devices, providing exceptional performance for business applications. With minimal IT setup, reliable VPN, and high-quality audio/video solutions, you can seamlessly conduct business calls, live recordings, and AI-powered tasks, even in remote work environments

4. Flexible Scalability: The SecuPoint Triad is designed to facilitate growth, allowing businesses to expand their network as they evolve. With support for future upgrades and integrations, SMBs can confidently invest in a solution that adapts to their changing needs.

5. Cost-Saving Solution: This solution was designed to reduce downtime, increase uptime, and provide a healthier bottom line with a cost-effective solution that delivers sustainable performance and savings.

Components of the SecuPoint Triad:

  • VPN-Router: Delivers robust security, streamlined VPN and VLAN configuration, and dependable connectivity.
  • 24-Port Switch: Enables lightning-quick and dependable network access for all your office devices. 
  • Wi-Fi 6 2×2 Access Points (2 units): Provides expansive, up to 2500 sq ft. and high-speed wireless coverage.
  • PoE+ Injectors (2 units): Offers energy-efficient power delivery to your network devices.

 The SecuPoint Triad is available to purchase through EnGenius’s online store, resellers, and distributors. For more information about this solution, visit https://store.engeniustech.com/pages/secupoint-triad

Leave a comment »

CISA warns of Iranian initial access brokers targeting critical infrastructure 

Posted in Commentary with tags on October 17, 2024 by itnerd

Yesterday, CISA published a joint advisory stating that Iranian hackers are acting as initial access brokers to gain access to critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks by other threat actors. 

The government agencies warn that since October 2023, Iranian actors have used brute force, such as password spraying, and MFA ‘push bombing’ or fatigue to compromise user accounts and obtain access to organizations.

Once threat actors obtain persistent access, they typically register their own devices with the organization’s MFA system, collect more credentials, escalate privileges, and learn about the breached systems and the network, allowing them to move laterally and identify other points of access and exploitation.

The agencies made numerous recommendations including but not limited to:

  • Reviewing authentication logs for failed logins
  • Looking for MFA registrations with MFA in unexpected locales/devices
  • Checking for suspicious privileged account use after resetting passwords 
  • Applying user account mitigations after password resets
  • Investigating unusual activity in typically dormant accounts
  • Scanning for unusual user agent strings

The alert is co-authored by the FBI, NSA, the Communications Security Establishment Canada, the Australian Federal Police, and the Australian Signals Directorate’s Australian Cyber Security Centre.

Evan Dornbush, former NSA cybersecurity expert has some perspective on this:

   â€œGoogle released a report noting 70% of exploited flaws disclosed in 2023 were zero-days. Mandiant released a report noting attackers have incredibly decreased the time it takes to convert a disclosed flaw into an easily-available exploit product. Microsoft released a report noting that 78% of nation state activity is against the private sector, often in the form of for-profit actions. And CISA in collaboration with the UK and Australia are noting that criminals and governments are working together, sharing tools and access.

“The essential insight here is the necessity to evolve from purely reactive posturing, and shift to take proactive measures as part of one’s applied cybersecurity strategy. The amount of money criminals can earn is getting too little attention. It is too costly to defend, and too cheap to attack, and until we can affect a paradigm shift, things will continue to escalate.”

This is another one of those documents that’s required reading if your job is to keep your organization from getting pwned. Something that is getting harder to do these days.

UPDATE: I have two more comments on this. Starting with Avishai Avivi, CISO, SafeBreach:

“The CISA alert of Iranian cyber actors’ brute force and credential access activity is a good reminder – especially during cybersecurity awareness month – that these malicious actors are working to abuse ‘Multifactor Authentication (MFA) Exhaustion.’ If, as a good cyber-aware person, you’ve enabled MFA on your social networking, WhatsApp or other messaging apps, and bank accounts, you may have grown used to getting and approving MFA requests. The malicious actors hope you won’t pay attention and approve any MFA push notification you may receive. So, as a reminder, when you are prompted to authorize a session, please take a quick second to verify that you are the one who made that request. Malicious actors are constantly testing credentials they’ve obtained through breaches. They hope that the combination of these credentials and MFA exhaustion will let them take over your account. While the CISA alert specifically mentions critical infrastructure as the target of these malicious actors, this diligence is important to prevent access to your work and personal accounts.”

Followed by James Winebrenner, Chief Executive Officer, Elisity:

“On October 16, 2024, FBI, CISA, NSA, and other global government agencies published an advisory about how Iranian cyber actors recently compromised critical infrastructure organizations using brute force attacks and MFA bombing, then performed network discovery and lateral movement. This is just one more example of a nation-state cyber attack that used lateral movement. Also in 2024, China’s Volt Typhoon group compromised IT networks of multiple critical infrastructure organizations in the U.S., using lateral movement to access operational technology assets for potential disruptive attacks. North Korean hackers targeted aerospace and defense organizations with a new ransomware variant called FakePenny, using lateral movement for intelligence gathering. A modern identity-based microsegmentation platform would detect and prevent such unauthorized lateral movement attempts, preventing attackers from accessing sensitive systems even if initial credentials are compromised. CISOs and security architects want to look for a platform that provides comprehensive asset discovery and visibility and enables identity-based policies that enforce least-privilege access across users, devices, and applications, significantly reducing the attack surface and stopping threat actors from moving laterally within the network.”

Finally Ryan Patrick, VP of Adoption, HITRUST:

“In response to the recent joint advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and their international counterparts, HITRUST acknowledges the escalating threat posed by Iranian cyber actors who are actively targeting critical infrastructure sectors, including healthcare and public health (HPH).

We recognize the critical importance of safeguarding sensitive data and systems in these highly targeted industries. The advisory highlights the need for organizations across healthcare, government, energy, and information technology to reinforce their defenses against advanced tactics, including brute force credential attacks. Cybercriminals are increasingly sophisticated in their efforts to exploit vulnerabilities and sell access to compromised networks, putting critical infrastructure at risk. A key aspect of preventing these attacks lies in integrating threat intelligence into cybersecurity strategies. HITRUST emphasizes that assessments and controls informed by up-to-date threat intelligence are crucial in identifying and mitigating emerging risks. By embedding intelligence-driven controls into their operational security, organizations can proactively defend against evolving tactics used by cybercriminals, including brute force attacks. This continuous monitoring and refinement process allows for stronger protection of sensitive data and critical infrastructure.

We encourage all organizations, especially those in the healthcare and public health sectors, to review the joint cybersecurity advisory and ensure that appropriate safeguards are in place, including the use of strong authentication methods, continuous monitoring, and proactive threat intelligence. HITRUST will continue to support these efforts by delivering the tools and resources necessary to meet the highest standards of information protection and compliance.”

Leave a comment »

New Q3 Report From GuidePoint Highlights Rise in Social Engineered Ransomware Attacks

Posted in Commentary with tags on October 17, 2024 by itnerd

Today, GuidePoint Security published its quarterly GRIT Ransomware report, diving into the evolving ransomware ecosystem and the top tactics and procedures threat actors are leveraging. Additionally, research unveils a rise in social engineering tactics by an emerging Ransomware-as-a-Service (RaaS) “middle class.”  

Highlights of the report:

  • Ransomware remains a threat, with 49 active groups impacting more than 1,000 publicly posted victims in Q3 2024.
  • A strong “middle class” has surfaced in the RaaS ecosystem, distributing ransomware victims across a greater number of diverse groups.
  • The industries most impacted by ransomware in Q3 2024 were manufacturing, technology and healthcare, respectively. Manufacturing remains the most impacted industry.

You can download the report here: https://www.guidepointsecurity.com/resources/ransomware-cyber-threat-insights-the-rise-of-ransomwares-middle-class/

Leave a comment »

Foxit to Showcase PDF Accessibility Innovations At EDUCAUSE 2024

Posted in Commentary with tags on October 17, 2024 by itnerd

Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced it will be showcasing its cutting-edge PDF accessibility features at EDUCAUSE 2024 in San Antonio, Texas. Foxit will be highlighting its newly enhanced Accessible Math capabilities, which leverage the latest PDF 2.0 standards to make complex mathematical formulas accessible to individuals with disabilities, including those who are blind, visually impaired, or have learning disabilities.

WHEN:

October 22, 2024 | 9:00 a.m. – 5:15 p.m.

October 23, 2024 | 9:00 a.m. – 4:45 p.m.

WHERE:

San Antonio, TX – EDUCAUSE 2024 Exhibit Hall

Henry B. Gonzalez Convention Center

Booth #10068 (across from Dell) 

BOOTH HIGHLIGHTS:

Accessible Math Capabilities:

  • Discover how Foxit is pioneering the future of Accessible Math. With the implementation of PDF 2.0 and MathML, Foxit is enabling complex mathematical formulas to be accurately navigated and read aloud by screen readers, making it easier for students and professionals to access and engage with scientific and technical content. To learn more about Foxit’s Accessible Math advancements, read its blog titled, “Foxit’s Role in the Future of Accessible Math” here: https://www.foxit.com/blog/foxits-role-in-the-future-of-accessible-math/ 

Foxit AI Assistant Live Demos:

  • See Foxit’s AI Assistant in action! Live laptop demos will be available for attendees to try out Foxit’s AI features firsthand.

Learn About PDF Accessibility Initiatives:

  • Sign up at the booth for an exclusive upcoming webinar on PDF Accessibility, hosted by The Accessibility Guy.

“6x Student” Promotion:

  • Learn more about Foxit’s “6x Student” promotion, where purchasing licenses for at least half of your campus employees gets you six times that amount in free licenses for students. Limited time offer!

Giveaways:

  • Let Foxit scan your badge to enter a drawing for Raycon Everyday Earbuds.
  • Participate in a 60-second on-camera interview to share your experiences with digital documents, and you’ll be entered to win a $500 Amazon Gift Card! (Signing a digital waiver is required.)

FOXIT PDF EDITOR+ FOR EDUCATION – SPECIAL DISCOUNTED RATE:

Learn more about Foxit PDF Editor+ for education; as well as how colleges, universities, and K-12 schools can get it for faculty, staff, and students at a special discounted rate, here: https://www.foxit.com/edu/.

DIGITAL ACCESSIBILITY COMPLIANCE:

Foxit solutions adhere to major digital accessibility standards, including (but not limited to): Section 508, PDF/UA, and WCAG 2.0 and WCAG 2.1 Standards. 

JOIN FOXIT’S PDF ACCESSIBILITY WORKSHOP WITH THE ACCESSIBILITY GUY:

Tue, Oct 29, 2024 2:00 PM – 3:00 PM EDT

Are your PDFs truly accessible? Don’t miss out on this opportunity to learn the ins and outs of creating inclusive, compliant, and user-friendly PDFs that everyone can access. In this hands-on workshop, Shawn Jordison, aka The Accessibility Guy, will guide you through the essentials of PDF accessibility, including legal requirements, best practices for document properties, tagging, and using Foxit’s built-in tools to ensure your PDFs are optimized for all users. Key takeaways: 

  • Understand the importance of PDF accessibility for inclusivity and compliance 
  • Learn how to set up your workstation for efficient accessibility workflows 
  • Master the use of tags, reading order, alt text, and more 
  • Discover how Foxit’s tools can streamline your accessibility tasks

Whether you’re new to accessibility or looking to sharpen your skills, this workshop is for you. Sign up today and take your PDFs to the next level! https://register.gotowebinar.com/register/2900939826726438749 

Leave a comment »

Election Security Risks Revealed By Illinois Voters Data Breach

Posted in Commentary with tags on October 17, 2024 by itnerd

In a previous report, cybersecurity researcher Jeremiah Fowler uncovered a significant breach where 4.6 million Illinois voter records were exposed due to unsecured databases, exposing Voter’s sensitive data. +This incident underscores election security vulnerabilities and the risks associated with it such as identity theft and fraud among many others. 

VPN Mentor’s new report provides valuable insights and protection tips from Jeremiah related to this situation.

You can read the report here: https://www.vpnmentor.com/news/votersdb-lessons/ 

Leave a comment »

Here’s A Couple Of New Reasons To Dump Twitter ASAP

Posted in Commentary with tags on October 17, 2024 by itnerd

If you’re one of the few people left on Twitter, you might have noticed that a pop up informing you of a change to the Twitter terms of service is happening.

Now I encourage you to read their blog post on this here. But that doesn’t tell the whole story. For that you have to go to the actual terms of service and scroll down to the section called “Your Rights and Grant of Rights in the Content” you will see this:

The key part of this paragraph is here:

In short, if you post content to Twitter, Elon gets to use it to train his AI models. I’ve read this a few times, along with looking at the Twitter app and it doesn’t seem that there is any way that you can opt out of this. Though I am free to be proven wrong about this via posting a comment below showing me where you can opt out of this. But assuming that I am right about this, this is really inexcusable and Elon has really crossed the line here.

But that’s not all. If you continue to read these terms of service, you’ll also see this.

If you view more than 1 million posts, which includes replies, within 24 hours, you will be charged $15,000 USD per 1 million posts. No human could actually do that. Thus one plausible explanation is that this is there to stop organizations from scraping his site using automated tools. For example organizations that are looking at Twitter to see how racist, homophobic, or whatever else that dumpster fire of a site has become. I say that because this sounds sort of like Elon charging for Twitter API access, and these sorts of organizations finding ways around that. Another plausible explanation is that it would stop people like me from embedding Tweets in their stories. Particularly big news organizations that gets millions of views on something they post so that Elon either gets paid, or he can hid the bad behaviour that is pretty pervasive on Twitter these days. If you have other possible explanations for this, please post them in the comments below.

It wouldn’t surprise me if this drives more signups on platforms like Threads, Bluesky, and Mastodon once word of the changes to Twitter’s terms of service start to circulate. Because this is the sort of stuff that upsets people and drives them away. Which if a problem if you’re Elon and you desperately need eyeballs on Twitter to sell advertising. I wonder how he’s going to square that circle?

The new terms of service go into effect on November 15th. But you’re going to see the backlash happen way before then.

Leave a comment »

Twitter Changes How The Block Function Works And Gets Trolled By Bluesky On Twitter As A Result

Posted in Commentary with tags , on October 17, 2024 by itnerd

Elon Musk must really want to destroy the social media platform that he bought for $44 billion. I say that because Elon has decided to change how Twitter’s block function works as per this Tweet:

To be frank, this is stupid. I block accounts because they harass me, or I don’t want to see their content. But more specifically because I don’t want them to see what I am doing. This must be about Elon and the fact that I suspect that he gets blocked a lot and feels that this change needs to be made to address the fact that he has the thinnest skin on the planet. Well, if you look at the replies to this, it’s not going over well. And rival social network Bluesky who has a presence on Twitter joined in:

And they also posted this:

And the fact that Bluesky is trending on Twitter as evidenced here shows that people are at least going to take a look at this rival social network:

Once again, Elon has found a new and creative way to drive people off of Twitter and into the hands of his competition. Which continues to illustrate that Elon isn’t all that smart. I for one cannot wait to see the boost to Bluesky’s numbers that comes from this ill advised move by Elon.

1 Comment »

275% Rise In Ransomware-Related Attacks: Microsoft

Posted in Commentary with tags on October 17, 2024 by itnerd

Yesterday, Microsoft published its annual Digital Defense Report analyzing trends among its customers from June 2022 to July 2023 with the company noting a 275% year-over-year rise in human-operated ransomware-linked encounters.

On a positive note, over the past two years, the number of ransomware attacks that reached the encryption stage fell by 300%, primarily due to advancements in automatic attack disruption technologies.

In over 90% of cases where attacks advanced to the ransom stage, the attackers exploited unmanaged devices within the network, either to gain initial access or to remotely encrypt assets during the impact phase.

The most common initial access techniques continue to be social engineering, identity compromise and exploiting vulnerabilities in publicly facing applications or unpatched operating systems.

According to Tom Burt, Microsoft’s corporate vice president of customer security and trust, the ransomware issue underscores the connection between nation-state activities and financially motivated cybercrime. This problem is exacerbated by countries leveraging these operations for profit, as well as those that take little to no action against cybercrime occurring within their borders.

Expert Evan Dornbush, former NSA cybersecurity expert, offers perspectives on the matter:

  “This report signals one trend currently getting little attention and likely to define the future of cyber: the amount of money criminals can earn.

  “Per the Microsoft report, government, as a sector, only makes up 12% of the aggressors’ targeting sets. The vast majority of victims are in the private sector.

  “Tom writes “improved defense will not be enough”. Until the economic model is fundamentally altered, making it cheaper to defend or more expensive to attack, the advantage will increasingly drift towards the criminal.”

The Microsoft Digital Defense Report is required reading as it provides facts on how dangerous and complex the threat is. And by understanding that, it will allow organizations to better prepare for the attacks that are headed their way.

Leave a comment »

« Older Entries
Newer Entries »