Action1 Now Available For macOS With First 100 Endpoints Free Forever

Posted in Commentary with tags on October 7, 2024 by itnerd

Action1, a provider of an integrated real-time vulnerability discovery and automated patch management solution, today announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. 

As the world’s #1 easiest-to-use patch management solution, according to G2, Action1 is committed to transforming and simplifying the patching routine for organizations of all sizes. Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch management approaches for different platforms.

The newly incorporated macOS support feature helps IT teams streamline vulnerability discovery, prioritization, and remediation for both operating systems and applications across their entire fleet. In addition, it offers extended endpoint management capabilities such as software deployment, scripting, and IT asset inventory for macOS devices. Action1 is available at no cost for the first 100 endpoints, without any functional limits for both macOS and Windows — and never expires.

According to the Action1 Software Vulnerability Ratings Report 2024, macOS experienced a 30% increase in exploited vulnerabilities in 2023, making it increasingly susceptible to attacks targeting known vulnerabilities. 

In addition, Action1’s latest release includes multiple enhancements to boost the product’s functionality, security, and usability, including: 

  • Addressing NVD Vulnerability Backlog. Action1 can now detect software vulnerabilities for applications listed in its Software Repository beyond the National Vulnerability Database (NVD) data, providing crucial visibility and automated remediation amid the NVD’s update delays.
  • Software Installation Customization. This enhancement allows customization of built-in and custom software packages without cloning, available for the entire enterprise, per organization, or per endpoint, to ensure continuous patch compliance while preserving future automatic updates.
  • Real-Time Endpoint Attribute Reporting. Action1’s reporting capabilities are now improved by adding endpoint attributes, including username, comment, OS types, IP address, and more, as selectable columns in custom reports.
  • Expanded API. Action1 implements new capabilities and integration options, with code samples, supporting advanced custom integrations to address complex, enterprise-level needs. 
  • Multiple Usability Enhancements. The release introduces several UI improvements, including moving endpoints between groups, reworked endpoint organization controls, and many more – all designed to further simplify the already easiest-to-use patch management solution. 

To learn more about Action1’s latest release, visit www.action1.com

Leave a comment »

23andMe Is Screwed… What Happens To Customer Data?

Posted in Commentary with tags on October 6, 2024 by itnerd

It’s pretty clear based on this that 23andMe is screwed. But the part that should terrify any customer of this DNA testing service is what happens to that data when the company finally dies. That’s a real concern as according to this NPR report:

Anya Prince, a law professor at the University of Iowa’s College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist.

For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm.

“HIPAA does not protect data that’s held by direct-to-consumer companies like 23andMe,” she said.

Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information.

“If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws,” said Prince.

That’s a bit troubling. Fortunately, there’s something that 23andMe customers can do about it. Close their account ASAPunt:

23andMe has a page with instructions on how users can request an account closure. But in your 23andMe account, navigate to Settings, scroll down to the 23andMe Data section at the bottom, and click View on the right. Enter your birthday and then scroll to the bottom of the next page and click Permanently Delete Data.

Once you submit your request, 23andMe will email you to confirm it. Doing so will prompt the company to discard a customer’s genetic testing samples and prevent the company from using their data for future research projects. It could take up to 30 days to go into effect, though.

There is a catch though:

Although customers can request the company to delete their data, 23andMe won’t necessarily erase all your information. The company has been telling users who request an account deletion: “23andMe and the contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with legal obligations, pursuant to the federal Clinical Laboratory Improvement Amendments of 1988 and California laboratory regulations.”

And that is going to be a worry for any 23andMe customer. Especially since any bankruptcy proceeding or sale of the company likely would involve selling that data as part of the assets of the company. But at least requesting that your account be closed is something.

Bottom line. This is a cautionary tale that illustrates that these sorts of companies operate in a “grey area” and more regulation is required to govern how companies like this operate.

Leave a comment »

Review: Twelve South MagicBridge Extended

Posted in Products with tags on October 5, 2024 by itnerd

I’ve been working on upgrading my desk setup and I’ll be doing a story on that shortly. But in the meantime, I’ve been looking for a way to better use the Apple Magic Keyboard and Magic Trackpad that I’ve recently acquired. The main issue that I’ve had is that one or the other would move. Thus I couldn’t use muscle memory to control and type on my Mac. Thus figuring that I wasn’t the only person with this issue, I did some hunting around and came across the Twelve South Magic Bridge Extended.

The MagicBridge Extended is a plastic tray that fits the MagicKeyboard that I have along with the Magic Trackpad. The grey section is where the keyboard goes if you’re right handed. Or you can move it to the left to set it up the other way around.

The bottom has holes that allow you to push out the keyboard and trackpad should you need to.

This is the end result with the keyboard on the left, and my Snapping everything in is simple because TwelveSouth put out this video that shows you how to set things up:

I had no issues setting things up after I watched this video and it only took a couple of minutes.

The back of the MagicBridge Extended has holes that not only allow Bluetooth signals through, but also give you access to the on/off switch as well as the Lightning port for charging.

So I have used this setup for a couple of days. And once I found a position where I could type and use the Magic Trackpad without it feeling weird, I found that it worked quite well. By “weird” I mean that you have centre the keyboard part of this setup so that typing feels normal. That puts the trackpad out to the right in my case as I am right handed. I can see how that might be an issue for some. And for those who have a bit of OCD about centring everything on your desk, that might be a bit of an issue too. Since the keyboard and trackpad are one piece, I can use it on my lap if I so choose. It also allows me to move the keyboard and trackpad out of the way quickly if I need the surface of the desk for something else. But the main goal was to keep the keyboard and the trackpad in a consistent place where muscle memory would allow me to be productive as nothing was moving about. And it succeeds on that front. Overall, I like the setup.

The MagicBridge Extended is $50 USD directly from Twelve South. But if you have the Magic Keyboard without the number pad, they have a version for that use case as well which is simply called the MagicBridge. If you own a Magic Keyboard and Magic Trackpad and you want to make them even more useful, The MagicBridge Extended or MagicBridge is absolutely worth looking at.

1 Comment »

Travelers Canada Risk Index Features Cyber Threats as the Top Business Concern

Posted in Commentary with tags on October 4, 2024 by itnerd

The Travelers Companies, Inc. today announced the results of the 2024 Travelers Canada Risk Index, showing cyber threats as the leading concern among business leaders for the second consecutive year. The survey, which was first published in 2023, asks business decision-makers from small- and medium-sized Canadian companies across various industries about the issues that worry them most.

Nearly two-thirds (65 per cent) of respondents said they worry somewhat or a great deal about cyber risks – an increase from 61 per cent last year. Cyber concerns were followed this year by broad economic uncertainty (62 per cent), the impact of the global economy on their companies (58 per cent), financial issues (57 per cent) and supply chain risks (56 per cent).

Cyber Coverage

Two-thirds (66 per cent) reported their companies have purchased cyber insurance, a decrease from 72 per cent a year earlier. Among those who said that their companies did not purchase a cyber policy, 32 per cent indicated it was due to the cost of coverage, and 29 per cent said it was because their companies already have adequate protection in place.

Cyber Incidents

Nearly three in 10 respondents (29 per cent) said their companies or organizations have experienced a cybersecurity event. Medium-sized businesses (36 per cent) were more likely to have suffered a cyber incident than small businesses (20 per cent).

Nearly one in five (19 per cent) admitted their companies experienced a cyber event but did not report it, due largely to fear of damaging their brand or compromising intellectual property.

The most common type of incident was a security breach (36 per cent), where someone gained unauthorized access into a company’s computer system.

Top Cyber Concerns

Eighty-four per cent of respondents agreed having proper cyber controls in place is critical to their companies’ well-being.

The top cyber-specific concern was an unauthorized user gaining access to company banking accounts or financial control systems – up from sixth just one year ago – with 60 per cent of respondents citing it as a worry. Additional cyber concerns included:

  • The potential for compromise, theft or loss of control of customer or client records (59 per cent).
  • A security breach where an unauthorized user gains access to computer systems (59 per cent).
  • A system glitch or error causing computers to go down (58 per cent).

For more information about cyber insurance coverage options with Travelers Canada, click here.

About the Survey

Hart Research conducted a national online survey of 1,000 Canadian business decision-makers August 7-19, 2024, regarding their top challenges. The Travelers Canada Risk Index survey was commissioned by Travelers.

Leave a comment »

70 Countries Attend Counter Ransomware Initiative And Release Response guidance

Posted in Commentary with tags on October 4, 2024 by itnerd

This week, cybersecurity experts from almost 70 countries are attending the fourth annual International Counter Ransomware Initiative meeting at the White House, and yesterday, the UK and Singapore released a voluntary guidance document designed to help victims respond to ransomware attacks and minimize the impact.

Under the new voluntary ransomware guidance, victims are encouraged to:

  1. Report attacks on a more timely basis to law enforcement agencies
  2. Record incident response decisions and data captured for post-incident reviews
  3. Involve more advisers such as cyber insurance carriers and other outside firms that can assist 
  4. Consider if the decision to pay the ransom “is likely to change the outcome”
  5. Review local regulatory requirements for compliance

“External experts such as insurers, national technical authorities, law enforcement or cyber incident response companies familiar with ransomware incidents can improve the quality of decision-making,” according to the new guidance. 

During the event, the participants tackled several initiatives including:

  • The completion of a project on secure software and labeling principles
  • The launch of a member portal by Australia for information sharing 
  • A new U.S. government fund to strengthen members’ cybersecurity capabilities

Morten Gammelgaard, EMEA, co-founder, BullWall had this comment:

  “The International Counter Ransomware Initiative is important, and the steps taken are crucial for improving the worlds collective response against ransomware. The new initiatives coming from the meet, together with new regulatory requirement for better Ransomware resilience will help to drive the fight against Ransomware.

  “However, Ransomware continues to successfully bring down organizations at pace. The world is experiencing a level of disruption and business risk from Ransomware never seen before, and the overall loss from ransomware is at an all-time high for the last 4 years. Some companies fare better than others when attacked and are therefore able to recover faster with less cost. Often, these are the companies that invest in being resilient. Ransomware resilience is directly related to:

  1. The strength of the backup systems and are they available after the attack. Often the organizations that fare well have multiple different options in use such as Cloud back up and Tape backup.
  2. How many files are encrypted during the attack. The less files encrypted the quicker the restoration and recovery time, which means, if the attack can be contained quickly, a organization can recover quickly 

   “Too few organizations test run restoring millions of files and therefore they don’t realize the time and costs associated with the process until it is too late. As a result, they often encounter very high recovery costs when attacked successfully. Companies must adopt an “Assume Breach” posture as all attack can no longer be prevented.

Here’s the thing. Making sure that your organization is in a place where you never have to pay the threat actor is not just good for you. It’s good for all of us as crime shouldn’t pay. I encourage organizations big and small to look at this document and follow it. And if that’s not enough, there’s a broader document which you can read here which gives additional guidance that is useful.

Leave a comment »

Wayne County Pwned In A Ransomware Attack

Posted in Commentary with tags on October 4, 2024 by itnerd

According to local media, Wayne County government has been dealing with a ransomware cyber attack that has taken many services offline since yesterday.

“The county information technology team is aware of a cyber incident targeting some internal systems. We are currently investigating the scope of the incident with our cybersecurity partners which include the FBI and Michigan State Police,” county spokesman Doda Lulgjuraj said.

The full scope of the cyberattack is not fully understood, but for example, at the Sheriff’s Office, jail inmates could not be bonded out as the servers were comprised, and defense attorneys said they couldn’t schedule visits with their clients following the hack.

The Register of Deeds Office closed due to the hack so residents weren’t able to record real estate sales or obtain property records. Furthermore, the Treasurer’s Office reported that tax payments could not be collected online and needed to be made in person.

It is not clear who is behind the attack, but a source says the hacker has made a ransom demand.

Steve Hahn, Executive VP, BullWall:

  “In the last two years Cities and States have moved up as one of the top targets of Ransomware gangs. Most of these gangs are Russian based and as such they view their attacks as a financial element but also as vehicles to disrupt essential services, seed chaos, exacerbate inflation and cause maximum loss of life. When cities, states or counties are hit, essential services like 911 are often impacted and often times, like as was the case for the City of Oakland, they will need to declare a state of emergency. The threat actor also knows that these government bodies do not have the people, staff or tools to stop their attacks. With enough patience and focus, they can take down cities and state services all across the US. Hundreds have been hit in the last two years alone.

  “As we head into the holiday season, threat actors will increase attacks dramatically. A vast majority of attacks take place during off hours and holidays so IT staffs have less ability to respond. We expect to see an unprecedented level of attacks as conflicts continue to rise and tensions with Russia continue to increase.

  “Too often Cities and States think they can prevent these attacks just with traditional security tools like gateways, firewalls and Endpoint Security. The reality is a determined threat actor with patience will find the crack that gets them in. This is why we’ve seen a 200% increase in successful ransomware attacks in the last two years and also why cities and states need to adopt an “when not if” strategy to these events and understand how to contain and recover from them quickly to minimize disruption.”

The phrase “stop the madness” comes to mind as it is madness that we keep having situations like these when organizations should be taking precautions to not get pwned. This honestly needs to end as the continued rampage of threat actors pwning all the things is not something that we can allow to become part of our everyday lives.

Leave a comment »

Samsung Announces Galaxy Book5 Pro 360

Posted in Commentary with tags on October 3, 2024 by itnerd

Samsung recently launched the highly awaited Galaxy Ring, budget-friendly Galaxy S24 FE and AI-ready Tab S10 Series. As of today, all 3 devices are officially available in stores across Canada and at Samsung.com. If you want to see my coverage on these devices, click here and here.

What’s more, the recently unveiled Samsung Galaxy Book5 Pro 360 is available for purchase on Samsung.comstarting today. This exciting new laptop will also be available in-stores for retail purchase in the coming weeks.

Galaxy Book5 Pro 360 – Galaxy Book5 Pro 360 changes the game for PC displays. Featuring the Intel Arc GPU, it boasts Galaxy Book’s best graphics performance yet. Users can also create anytime, anywhere, thanks to the Dynamic AMOLED 2X display with Vision Booster, improving visibility and reducing glare, and experience a cinematic-like viewing experience with 3K super resolution and 120Hz adaptive refresh rate. Complete the PC experience with Galaxy’s signature in-box S Pen, which lets you write, draw and fine-tune details with responsive multi-touch gestures. Plus, all-day battery life supports up to 25 hours of video playback, helping users accomplish even more.

Pricing: $2,499.99

Leave a comment »

Linux Servers being exploited by misconfigurations by perfctl malware

Posted in Commentary with tags on October 3, 2024 by itnerd

Aqua Security’s Nautilus Research Team today released research into the perfctl malware, which has leveraged 20K misconfigurations to exploit Linux servers and could impact millions of servers. 

In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk.

We discovered numerous incident reports in community forums, all describing indicators of compromise linked to this malware. The community has widely referred to it as the “perfctl malware,” and we have adopted this name. 

This post will explore the malware’s architecture, components, defense evasion tactics, persistence mechanisms, and how we managed to detect it. Perfctl is particularly elusive and persistent, employing several sophisticated techniques, including: 

  • It utilizes rootkits to hide its presence. 
  • When a new user logs into the server, it immediately stops all “noisy” activities, lying dormant until the server is idle again. 
  • It utilizes Unix socket for internal communication and TOR for external communication. 
  • After execution, it deletes its binary and continues to run quietly in the background as a service. 
  • It copies itself from memory to various locations on the disk, using deceptive names. 
  • It opens a backdoor on the server and listens for TOR communications. 
  • It attempts to exploit the Polkit vulnerability (CVE-2021-4043) to escalate privileges. 

In all the attacks observed, the malware was used to run a cryptominer, and in some cases, we also detected the execution of proxy-jacking software. During one of our sandbox tests, the threat actor utilized one of the malware’s backdoors to access the honeypot and started deploying some new utilities to better understand the nature of our server, trying to understand what exactly we are doing to its malware. 

You can read the details here.

Leave a comment »

AHEAD Unveils Foundry

Posted in Commentary with tags on October 3, 2024 by itnerd

Today, AHEAD has announced the launch of AHEAD Foundry, an IT infrastructure modernization and deployment solution to address these challenges. A key aspect of Foundry is the development of pre-fab units for data centers with constant monitoring and updates that helps optimize supply chain and extend lifecycle of deployed solutions.  

Organizations increasingly pursue digital transformation, and many are finding that modernizing their data centers is more challenging than ever before. The demands of edge computing, cloud adoption, and the need for rapid infrastructure updates are testing the limits of enterprise IT teams, which is why AHEAD stepped up to the plate with Foundry. 

You can read more details here.

Leave a comment »

BlueCat enters agreement to acquire LiveAction

Posted in Commentary with tags on October 3, 2024 by itnerd

BlueCat Networks, a leading provider of mission-critical network infrastructure management, automation, and security solutions, today announced that it has entered into a definitive agreement to acquire LiveAction, Inc., a global provider of network observability and intelligence solutions, from software investor Insight Partners. Insight Partners remains a minority investor and continues to support the combined company’s growth. Moelis & Company acted as financial advisors to LiveAction.

LiveAction provides a leading network observability and intelligence solution that is purpose-built for complex enterprises, leveraging advanced data collection at scale to provide full visibility through a single pane of glass across the entire network.  The LiveAction solution is differentiated by its integrated flow and deep packet analysis, dynamic visualizations, precise troubleshooting, root cause analysis, rapid security forensics, and a superior set of integrations that enable both network and security teams to leverage network data across the observability stack.   Ultimately, LiveAction enables large organizations to get ahead of network performance and security issues before they impact applications, customers and business services.

BlueCat’s industry-leading DNS, DHCP and IPAM (“DDI”) solutions are the source of truth for what is on the network while automating and securing the provisioning, orchestration and configuration of foundational network services. Live Action’s fine-grain packet and flow telemetry become the ultimate source of truth for what is happening on the network–further empowering network and security teams alike. 

LiveAction was recognized as a Mature Platform offering, Strong Challenger and Outperformer in the 2024 GigaOm Radar Report for Network Observability, which evaluates key vendors in the category. The report discusses LiveAction’s observability strategy in leveraging the network as a vantage point for conducting application and traffic analysis to extract intelligence for network and security teams.  The analyst also highlighted LiveAction’s commitment to innovation, citing machine learning and advanced analytics for automated root cause analysis as well as application usage and performance baselining that enables automatic anomaly detection and alerts.  

The transaction is expected to close in October, financial terms were not disclosed.  

Leave a comment »

« Older Entries
Newer Entries »