AHEAD Achieves AWS Healthcare Competency Status

Posted in Commentary with tags on October 9, 2024 by itnerd

AHEAD, an AWS Premier Tier Services Partner and leading national provider of cloud, data and digital engineering solutions, announced today that it has achieved the Amazon Web Services (AWS) Healthcare Competency.

Achieving this competency differentiates AHEAD as an AWS Partner that provides specialized services that help healthcare organizations adopt, develop and deploy complex projects on AWS. To receive the designation, AWS Partner Network (APN) members must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AHEAD has developed a comprehensive approach that empowers healthcare providers to accelerate digital initiatives, streamline operations, improve data accessibility and deliver more effective and personalized care.

AHEAD offers solutions within electronic health record (EHR) modernization, including Epic migration, and EHR-integrated imaging accessibility. By leveraging AHEAD’s Data & AI solutions, healthcare organizations can make data-driven decisions that directly impact patient care. AHEAD secures healthcare organizations through the construction of scalable, multi-site networks that adhere to AWS best practices and comply with HIPAA, HITRUST and NIST.

AWS is enabling scalable, flexible and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise.

For more information on AHEAD’s partnership with AWS, visit https://ahead.com/partner/aws/.

Leave a comment »

Palo Alto Expedition: From N-Day to ATO, Full Compromise Says Horizon3.ai

Posted in Commentary with tags on October 9, 2024 by itnerd

Horizon3.ai Chief Attack Engineer Zach Hanley has just published “Palo Alto Expedition: From N-Day to Full Compromise.”

 Zach notes: “On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as:

The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks. By using Expedition, everyone can convert a configuration from Checkpoint, Cisco, or any other vendor to a PAN-OS and give you more time to improve the results.

“Further reading the documentation, it became clear that this application might have more attacker value than initially expected. The Expedition application is deployed on Ubuntu server, interacted with via a web service, and users remotely integrate vendor devices by adding each system’s credentials.”

Today’s blog details finding CVE-2024-5910, and also how Zach and his team discovered three additional vulnerabilities which they reported to Palo Alto:

  • CVE-2024-9464: Authenticated Command Injection
  • CVE-2024-9465: Unauthenticated SQL Injection
  • CVE-2024-9466: Cleartext Credentials in Logs

The blog post also includes indicators of compromise (IoCs) for the vulnerabilities.

Horizon3.ai adheres strictly to responsible disclosure of its research, and the disclosure timeline is noted in today’s blog, which you can read here.

Leave a comment »

Nikon Releases New STABILIZED Binoculars Series

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, Nikon Canada Inc. announced the release of the new STABILIZED binocular series with two new models that feature a compact, portable design while incorporating an original STABILIZED function to provide a clear and stable image. This original stabilization system1 in the new 10x and 12x models reduces vibrations caused by hand movement by approx. 80%, letting users view distant objects such as birds and other wildlife, sporting events, concerts and landmarks clearly and comfortably.

These new STABILIZED binoculars weigh only 13.9 oz (STABILIZED 12×25 S model), making it comfortable and easy to track and view subjects for long periods with minimal fatigue of the eyes or arms. For extended viewing, they are powered by 2xAA batteries, providing up to an impressive 12 hours of battery life. 

Primary features of the Nikon STABILIZED Binocular Series:

  • Stylish, compact and comfortable design is extremely small and lightweight, while also having the ability to fold for maximum portability and easy packing.
  • Uses 2x convenient and readily available AA-size batteries, for approx. 12 hours of battery life
  • STABILIZED Technology reduces vibrations caused by hand movement by approx. 80%, making it easy to track and view subjects.
  • Bright and clear field of view, with a Multilayer Coating applied to all lenses and prisms while high-reflectivity silver-alloy mirror coating is applied on the reflective surface of the auxiliary prism for maximum brightness. 
  • Auto-power shut-off function prevents unnecessary battery consumption if left powered on. This function is engaged after approximately 60 minutes, letting the user focus on the view, while minimizing the need to press a button repeatedly to activate the stabilization. 
  • Ergonomic design fits comfortably in the hand, with a large focusing ring that enables quick focusing. 
  • Turn-and-slide rubber eyecups with multi-click facilitate easy positioning of the eyes at the correct eyepoint.

Price and Availability
The new Nikon STABILIZED 10×25 S and STABILIZED 12×25 S models will be available starting in early November, with an MSRP of $849.95 and $859.95 respectively.  For more information about Nikon Sport optics and other models, please visit www.nikon.ca

Leave a comment »

North Korean Hackers Target Tech Job Seekers in New Malware Campaign

Posted in Commentary with tags on October 9, 2024 by itnerd

Unit 42’s latest research was published today on a North Korean cyber campaign targeting tech job seekers. The campaign, known as CL-STA-240 Contagious Interview, involves fake recruiters on platforms like LinkedIn, tricking users into malware infections that steal sensitive data such as, browser passwords and cryptocurrency wallets. Since its initial report in November 2023, Unit 42 has continued to monitor new online activity and code updates to two pieces of malware tied to the campaign. 

Highlights include: 

  • New malware variant, BeaverTail, targets both macOS and Windows, capable of stealing data and cryptocurrency from 13 different wallets
  • Social Engineering: Attackers pose as recruiters on platforms like LinkedIn and set up fake interviews, convincing victims to download malware disguised as legitimate software like MiroTalk and FreeConference 
  • InvisibleFerret Backdoor: Written in Python, this malware now includes new features like downloading additional remote-control software (AnyDesk) and stealing browser credentials and credit card information 
  • Financial Motive: North Korea threat actors likely have a financial motive given the malware’s focus on stealing cryptocurrency from a growing number of wallets

You can read the research here.

Leave a comment »

New Report From BforeAI Highlights Growing Threat On US Banking Industry

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, BforeAI released the firm’s latest report, “Financial Domain Spoofing Trends of 2024, ” highlighting the growing concern on targeted spoofing and impersonation attacks using high-profile financial organization’s brands, such as BVA, HSBC, and PayPal, as a vector for malicious activity. 

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing. The industry is becoming more of a persistent threat and phishing tactics are becoming increasingly advanced due to AI.

Researchers at BforeAI analyzed 62,074 domains with finance-related keywords. 62% of those observed domains were involved in phishing attacks targeting legitimate institutions through spoofing websites. 

You can read the full report here: https://bfore.ai/financial-domain-spoofing-trends-of-2024/

Leave a comment »

CIRA and Commissionaires join forces to close cybersecurity gaps for Canadian small businesses

Posted in Commentary with tags on October 9, 2024 by itnerd

As malicious actors wreak havoc on organizations of all sizes across the country, Canadian businesses are struggling to improve their cybersecurity posture leading to an increased risk of losing customers. Today, CIRA and Commissionaires announce a partnership that will help make cybersecurity training and protection readily available to small businesses regardless of their budget so they can keep their data, networks and customers safe.

With over 120 years of combined expertise in physical and online security, and a common goal to keep Canadians safe, both not-for-profit organizations have been working together to offer affordable, easy-to-deploy cybersecurity solutions tailored to the Canadian market to a wider range of businesses.

Commissionaires, Canada’s largest private sector employer of veterans and the only national not-for-profit security company, is responding to the increased sophistication and frequency of human engineering attacks by reinforcing businesses’ human cybersecurity layer: employees. This ensures employees receive the regular training they need to stay engaged while teaching them to view digital content critically.

This partnership with CIRA will kick off with two flagship solutions:

  • CIRA Cybersecurity Awareness Training: designed to reduce human cybersecurity risks, this all-in-one platform leverages end-user gamification to include Canadian stories, privacy laws and institutions while providing risk assessment tools and bilingual courses. Over 200,000 Canadians at more than 400 organizations already trust the platform to affect positive behavioural changes.
  • CIRA DNS Firewall: the cost-effective, low-maintenance layer of protection analyzes the DNS traffic of enterprises while also blocking users’ devices and applications from accessing malicious domains, preventing phishing attacks and stopping malware in its tracks. Located in Canadian data centres and peered to Canadian internet exchange points, CIRA DNS Firewall is powered by world-class threat intelligence. 

By leveraging CIRA’s solutions, Commissionaires plans to train thousands of Canadian workers on good security hygiene starting later this month and hopes to reach many more in the coming years.

CIRA and Commissionaires will attend the Colloque Cybersécurité et protection des données personnelles in Québec City on October 10 to discuss the partnership with local ministries, public, parapublic and private organizations.

Additional resources

Leave a comment »

BEWARE: Bell Scammers Are Becoming More Sophisticated

Posted in Commentary with tags on October 9, 2024 by itnerd

Now I’ve been posting about threat actors running a number of scams where the threat actors pretend to be Bell Canada in order to advance the scam. Here’s a list of scams that I have come across:

These scams were easy to spot. But I am not receiving Intel that they’ve gotten a lot harder to spot. I have been informed by a number of readers that the threat actors are now spoofing the phone numbers that show up on your caller ID screen and are typically associated with Bell. Specifically the following numbers:

  • 1-866-310-2555
  • 1-866-667-0123

The threat actors are doing this because in the past they were using random local numbers to try and carry out the scam. That made the scammers easy to spot because the real Bell Canada would not use random phone numbers. So I am guessing that they are doing this because what they were doing before wasn’t working. Or at least not to the scale that they were hoping.

Based on this, I am going to double down on the advice that I gave you here:

Because I come to the rescue of people who come in contact with scammers on a regular basis, I can say that trusting your instincts is one of the best things that you can do to protect you from being a victim of a scam. If you get the sense that something is wrong, go with it because you’re likely right. And trusting your instincts can save you from a very bad situation. On top of that, if you get a call from someone claiming to be from Bell, and what you hear doesn’t sound right, hang up and call Bell directly at 310-Bell. Finally, this advice doesn’t just apply to Bell, but to any situation that you might find yourself in where you get contacted out of the blue by someone claiming to have some great deal for you, or wanting to take some course of action that doesn’t sound right.

I am continuing to track this and other Bell related scams that are out there. Along with scams related to Rogers and TELUS. And when I get hard facts, I will post them here so that you can stay safe.

Leave a comment »

BREAKING: Twitter Is Back Online In Brazil

Posted in Commentary with tags on October 8, 2024 by itnerd

It appears the fight between Twitter and the Brazilian Government is over…. For now. CBC News is reporting this:

Brazil’s Supreme Court on Tuesday cleared X to resume service in the country after the social media platform reversed course and started complying with court rulings that billionaire owner Elon Musk had previously vowed not to accept.

Yeah. Elon wasn’t going to accept anything that moderated anything on Twitter in Brazil. That was before Elon folded up like a cheap suit after Brazilians signed up en masse for Bluesky and Tumblr among other social media platforms after Twitter got banned. I guess that shows that Elon talks the talk but lacks a spine. Given that we all know that Twitter is worth next to nothing at the moment I expect to see Elon do a lot more of walking back stuff he says to try and keep Twitter alive.

Leave a comment »

Google Could Be Forced To Allow Third Parties To Access The Play Store

Posted in Commentary with tags on October 8, 2024 by itnerd

Google has been ordered by U.S. District Judge James Donato to make it easier for mobile app store developers to sell to users of phones and tablets that use the company’s Android software, giving “Fortnite” developer Epic Games the win in its antitrust suit. Google reportedly plans to appeal the ruling.

Google is ordered to allow third parties to access the company’s Play Store catalog of apps to build competing offerings, and is prohibited from paying incentives either to app developers to release an app first or exclusively on its Play Store, or to device manufacturers to pre-load the Google Play Store or not pre-load a competing app store.

The injunction is scheduled to take effect in November, but a Google spokesperson said the company is asking that the court “pause implementing the remedies to maintain a consistent and safe experience for users and developers as the legal process moves forward.”

Epic will launch its own app store through the Play Store next year, Epic CEO Tim Sweeney said.

Ted Miracco, CEO of Approov, a mobile app market and security expert, offers this comment:

  “This ruling is a significant step toward reshaping the mobile app economy globally. While the immediate impact is US focused and centered on app developers avoiding high fees on Android, the long-term implications could be transformative. We may see a shift toward either a direct-to-consumer model or the rise of alternative app stores, not only on Android but potentially across both Android and iOS globally. These changes may fundamentally alter the balance of power between app developers and platform owners. They can also foster greater competition, innovation, security and consumer choice in the mobile ecosystem.

  “In addition to this ruling, there is mounting pressure on the mobile app duopoly of Google and Apple from multiple fronts. The European Union’s Digital Markets Act (DMA), the UK’s Digital Markets, Competition and Consumers Bill (DMCC), and U.S. antitrust efforts—both through private litigation and the Department of Justice—are collectively (!) working to dismantle the stranglehold these companies have on app distribution. These efforts represent a serious threat to the vast profits generated by the App Store and Play Store.

  “The dominance of these platforms not only inflates costs for consumers but also stifles innovation and undermines security and privacy by concentrating control in the hands of a few. Breaking up these dual monopolies could lead to a more open and competitive ecosystem that better serves developers and consumers alike.”

This is still subject to appeal, so Mr. Sweeney shouldn’t pop the champagne yet. But if this goes through, this would be a seismic shift in terms of the app economy.

Leave a comment »

A Canada Customs Text Message #Scam Is Making The Rounds… And This #Scam Is In The US As Well

Posted in Commentary with tags on October 8, 2024 by itnerd

Just this morning after taking a look at this scam, I came across a text message scam that is in Canada. It starts with this text message:

Some random observations here:

  • This was sent as an iMessage. That means the sender can potentially see if you’ve read this or not. Though they want you to reply with a “Y” so that they are sure that the number that they sent it to is live or not.
  • The fact that this is an iMessage also makes it very easy to deal with. Simply click “Report Junk” and you’re done with it as it will delete it from the messages app on iPhone and Apple will presumably handle everything else. I recommend that this is the course of action that anyone who gets this message should take.
  • It’s being sent a country code which is +63 which is the Philippines. Which means that this message was not being sent by “Canadian Customs.” Which by the way is called the Canada Border Services Agency. Clearly the threat actor isn’t aware of that.
  • Canada doesn’t have ZIP codes. We have postal codes. Another sign that this is a scam. And another sign that the threat actors don’t have a clue about Canada.

Now unlike the scam that I covered earlier today which went away and came back, I wasn’t able to investigate this one as it appears that someone has redirected it to the real Canada Post website. So nobody who gets this message will fall for this scam. But the thing is, this scam is operating in other places. While researching this, I came across a Reddit thread that has this:

Different phone number. Slightly different text. But it comes from the same country and it’s clearly the same scam. Just with a US spin to it. The person who posted this to Reddit replied with an insult that I will not translate. But that was a dumb move as the threat actors now know that this number is live. Which means even if Apple blocks the number that this message was sent from, the threat actors will simply send stuff from another number. But what this illustrates is the fact that these threat actors are acting on a large scale to see if they can get a payday. Thus regardless of where you are, you need to keep your wits about you so that you don’t become a victim of a scam like this.

Leave a comment »

« Older Entries
Newer Entries »