Samsung recently launched the highly awaited Galaxy Ring, budget-friendly Galaxy S24 FE and AI-ready Tab S10 Series. As of today, all 3 devices are officially available in stores across Canada and at Samsung.com. If you want to see my coverage on these devices, click here and here.
What’s more, the recently unveiled Samsung Galaxy Book5 Pro 360 is available for purchase on Samsung.comstarting today. This exciting new laptop will also be available in-stores for retail purchase in the coming weeks.
Galaxy Book5 Pro 360 – Galaxy Book5 Pro 360 changes the game for PC displays. Featuring the Intel Arc GPU, it boasts Galaxy Book’s best graphics performance yet. Users can also create anytime, anywhere, thanks to the Dynamic AMOLED 2X display with Vision Booster, improving visibility and reducing glare, and experience a cinematic-like viewing experience with 3K super resolution and 120Hz adaptive refresh rate. Complete the PC experience with Galaxy’s signature in-box S Pen, which lets you write, draw and fine-tune details with responsive multi-touch gestures. Plus, all-day battery life supports up to 25 hours of video playback, helping users accomplish even more.
Aqua Security’s Nautilus Research Team today released research into the perfctl malware, which has leveraged 20K misconfigurations to exploit Linux servers and could impact millions of servers.
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk.
We discovered numerous incident reports in community forums, all describing indicators of compromise linked to this malware. The community has widely referred to it as the “perfctl malware,” and we have adopted this name.
This post will explore the malware’s architecture, components, defense evasion tactics, persistence mechanisms, and how we managed to detect it. Perfctl is particularly elusive and persistent, employing several sophisticated techniques, including:
It utilizes rootkits to hide its presence.
When a new user logs into the server, it immediately stops all “noisy” activities, lying dormant until the server is idle again.
It utilizes Unix socket for internal communication and TOR for external communication.
After execution, it deletes its binary and continues to run quietly in the background as a service.
It copies itself from memory to various locations on the disk, using deceptive names.
It opens a backdoor on the server and listens for TOR communications.
It attempts to exploit the Polkit vulnerability (CVE-2021-4043) to escalate privileges.
In all the attacks observed, the malware was used to run a cryptominer, and in some cases, we also detected the execution of proxy-jacking software. During one of our sandbox tests, the threat actor utilized one of the malware’s backdoors to access the honeypot and started deploying some new utilities to better understand the nature of our server, trying to understand what exactly we are doing to its malware.
Posted in Commentary with tags AHEAD on October 3, 2024 by itnerd
Today, AHEAD has announced the launch of AHEAD Foundry, an IT infrastructure modernization and deployment solution to address these challenges. A key aspect of Foundry is the development of pre-fab units for data centers with constant monitoring and updates that helps optimize supply chain and extend lifecycle of deployed solutions.
Organizations increasingly pursue digital transformation, and many are finding that modernizing their data centers is more challenging than ever before. The demands of edge computing, cloud adoption, and the need for rapid infrastructure updates are testing the limits of enterprise IT teams, which is why AHEAD stepped up to the plate with Foundry.
BlueCat Networks, a leading provider of mission-critical network infrastructure management, automation, and security solutions, today announced that it has entered into a definitive agreement to acquire LiveAction, Inc., a global provider of network observability and intelligence solutions, from software investor Insight Partners. Insight Partners remains a minority investor and continues to support the combined company’s growth. Moelis & Company acted as financial advisors to LiveAction.
LiveAction provides a leading network observability and intelligence solution that is purpose-built for complex enterprises, leveraging advanced data collection at scale to provide full visibility through a single pane of glass across the entire network. The LiveAction solution is differentiated by its integrated flow and deep packet analysis, dynamic visualizations, precise troubleshooting, root cause analysis, rapid security forensics, and a superior set of integrations that enable both network and security teams to leverage network data across the observability stack. Ultimately, LiveAction enables large organizations to get ahead of network performance and security issues before they impact applications, customers and business services.
BlueCat’s industry-leading DNS, DHCP and IPAM (“DDI”) solutions are the source of truth for what is on the network while automating and securing the provisioning, orchestration and configuration of foundational network services. Live Action’s fine-grain packet and flow telemetry become the ultimate source of truth for what is happening on the network–further empowering network and security teams alike.
LiveAction was recognized as a Mature Platform offering, Strong Challenger and Outperformer in the 2024 GigaOm Radar Report for Network Observability, which evaluates key vendors in the category. The report discusses LiveAction’s observability strategy in leveraging the network as a vantage point for conducting application and traffic analysis to extract intelligence for network and security teams. The analyst also highlighted LiveAction’s commitment to innovation, citing machine learning and advanced analytics for automated root cause analysis as well as application usage and performance baselining that enables automatic anomaly detection and alerts.
The transaction is expected to close in October, financial terms were not disclosed.
Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google. The results show that Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the research team has discovered that it potentially has remote management capabilities without user awareness or approval.
“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews.
Cybernews has contacted Google about these findings. However, researchers did not obtain a response before publishing this research.
Key research takeaways:
Private information was repeatedly sent in the background, including the user’s email address, phone number, location, app list, and other telemetry and statistics to various Google endpoints, including Device Management, Policy Enforcement, and Face Grouping.
Every 15 minutes, the device sends a regular authentication request to an endpoint called ‘auth.’
The phone also requests a ‘check-in’ endpoint around every 40 minutes.
The phone constantly requests new “experiments and configurations,” tries accessing the staging environment, and connects to device management and policy enforcement endpoints, suggesting Google’s remote control capabilities.
The Pixel device connected to services that were not used, nor explicit consent was given, such as Face Grouping endpoints, causing privacy and ownership concerns.
Another Google feature, Voice Search, was connecting to its servers sporadically – sometimes every few minutes, sometimes it wouldn’t communicate for hours. It sent potentially excessive and sensitive data, including the number of times the device was restarted, the time elapsed since powering on, and a list of apps installed on the device, including the sideloaded ones.
Moreover, the Pixel device periodically calls out to a Staging environment service (‘enterprise-staging.sandbox’) and attempts to download assets that do not yet exist.
This reveals the capability of remotely installing new software packages.
The calculator app, in some conditions, leaks calculations history to unauthenticated users with physical access.
Research methodology
Researchers used a “man-in-the-middle” approach to intercept the traffic between a new Pixel 9 Pro XL and Google’s servers.
On a brand-new phone with a new Google account and default settings, they installed the Magisk app to gain deep (root) access to the phone’s system. Researchers then proxied the inbound and outbound traffic and used a custom security certificate to decrypt and examine the communications.
Rooting the phone disables AI features such as Google Gemini Assistant, Pixel Studio, and potentially some other features. Therefore, this method did not allow for the capture of complete traffic.
The collected traffic was not modified at any point, and researchers did not manually interact with endpoints nor attempt to verify captured secrets.
Posted in Commentary with tags Scam on October 3, 2024 by itnerd
Just last week a friend of mine who reads this blog said “you haven’t had to rescue a client from a scam lately”.
Little did I know that he’d just jinxed my existence.
Yesterday afternoon I got a panic call from a client while I was driving from a data recovery facility on behalf of another client. (That’s a story for another day) The client in a panicked voice described getting an email saying that she had been charged hundreds of dollars for buying Bitcoin using PayPal. She phoned the number and that’s where things went rapidly downhill. I diverted myself from Markham Ontario to downtown Toronto to deal with this. And I’ll give you a bit of a spoiler, she was lucky.
When I arrived, I looked at her Mac and I tried to reverse engineer what happened. Here’s what I found.
She got an email from a random gmail.com account claiming that she had bought Bitcoin using PayPal. There was nothing on the email identifying her other than an email address. That along with the random gmail.com email address should have been the hint that this was a scam. But she didn’t check those details because of how professional the email looked.
Top tip: No matter how professional an email like this looks, if you know that you didn’t buy something from a vendor, and there’s nothing identifying you as being the purchaser, it’s likely a scam and you should just delete the email. In this case, this is called the refund scam. You’ll see why it’s called that in a moment.
She then called the number and the scammer at the other of the line then started to weave a story about her PayPal account being hacked and how they needed to connect to her computer to “secure it” as well as to “generate a cancellation form” to refund her money. That’s where the refund part of the refund scam comes from. The scammers have zero intention of refunding anything and are instead focused on stealing everything they can.
They then connected to her Mac using Team Viewer and then blanked out the screen to cover up their attempt to install ConnectWise Control on her Mac. But for reasons that I cannot discern, they failed at doing that. I’m guessing that it was because she never provided the scammers her computer’s password as I asked her about whether she gave them her password several times. But if they had succeeded, it would have given the scammers the ability to control the Mac and watch what was going on at will and without her knowledge.
In any case, she was told to log into her PayPal account. And she did. However she hadn’t used it in years and it not only had no funds in it, but wasn’t linked to a credit card or bank account.
Fun Fact: The client asked me to help her to cancel the PayPal account because of this incident and because she didn’t use it.
That’s when the scammers pivoted to trying to get her to log into her bank account. Her husband was nearby and got suspicious. When he started to try and intervene, the scammer then started to weave a story to get her husband to leave the room and take his devices (laptop, phone, etc) as they would get taken over by the hackers. Now this illustrates how scammers can use psychological techniques to advance their goals of stealing your money. Which in turn illustrates how dangerous they can be. Because what the scammers were trying to do is to keep them apart so that he couldn’t put an end to the scam. But that didn’t work and when he mentioned that he was going to call me and the scammer heard that, the scammer flipped out on her claiming that “computer guys know nothing and are out to steal your money.” That’s when my client clued in that this was a scam and hung up the phone.
By the time I had arrived, the client had frozen their credit cards and bank accounts. That’s a good idea in a situation like this as you don’t know what info the scammer might have stolen from you. They were also able to validate with their bank that no money was taken and no charges were on their credit card. In terms of their Mac, Team Viewer was installed on it and I removed it. I also found the installer for Connect Wise Control and nuked that too. I spent a fair amount of time looking at the Mac and found no evidence that the scammers had set anything else up. So I felt confident that the Mac was safe to use. As part of this, I was able to discover the ConnectWise instance that the scammers were using. So I reported that to ConnectWise in order to have them kill it. On top of that, I turned over the other information to the scam bait community so that they can extract some “vigilante” justice as I know that this is the only type of justice that these scammers will get.
At this point it appears that no money was stolen from the client, and her Mac is clear of anything “evil”. So other than a bit of wounded pride, the client survived this incident. But it highlights the need for people to stay vigilant. Trust any phone call that is unsolicited, or any email that seems weird to be a threat and do not engage with it. That’s the best way to stay safe. Especially during these times where scams seem to be out of control.
Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today launched its new “Legit Posture Score,” delivering a dynamic, comprehensive, and fully transparent ASPM rating system. Now security teams can proactively measure and manage their AppSec posture instantly with a holistic score that eliminates security scanning siloes and continuously assesses all associated risks, policies, and controls across today’s sprawling software development lifecycle (SDLC).
Security leaders today struggle simply to see, let alone act or improve on, their application security postures. They’re left with piles of security findings and unpatched vulnerabilities from disconnected application security testing (AST) tools, and no efficient way to prioritize or act on the issues that get surfaced. According to a 2024 ESG Research survey, 42% of security professionals believe that measuring and improving AppSec program efficacy is their toughest challenge today. And with increasingly complex and distributed software factories, mounting supply chain regulations, and agile development teams who continue to prioritize code builds over security checks — the prospect of manually tracking an organization’s application security posture gets less feasible by the day.
Now with the new Legit Posture Score, no longer are AppSec teams stuck piecing together slices of visibility from disparate security scanners and veiled, proprietary scores. The Legit Posture Score sets a new, universal, and fully transparent application security scoring standard for security teams to measure, operationalize, and accelerate AppSec maturity throughout the SDLC. It accounts for thousands of ASPM factors, consolidating broad CI/CD pipeline context from code to cloud, including asset criticality, security scanning findings, vulnerability severity, and more, all while dynamically mapping the mitigating controls and requirements from best-practice industry standards and regulatory frameworks into one holistic ASPM score.
The new Legit Posture Score empowers AppSec teams to rapidly, with the glance of an eye, identify posture gaps and trends, benchmark performance, and drive continuous improvement throughout their software development environments. With a holistic posture score accounting for a wide spectrum of cybersecurity, regulatory, and operational risks, AppSec teams now intuitively—and automatically—view, prioritize, and remediate the issues most impactful to the business, first.
Key features of the new Legit Posture Score:
Real-time AppSec posture assessment from code to cloud: The new Legit Posture Score evaluates every aspect of an organization’s application security posture, from the development pipeline to the repository level. This top-down approach allows for detailed understanding of AppSec risks to answer the same critical question asked at every level of the organization: Is my software being developed securely?
Transparent, explainable framework — no veiled or proprietary scoring: The scoring methodology for the Legit Posture Score is completely transparent. With detailed documentation and full visibility into how every variable and calculation is made, AppSec teams now set priorities and take action in confidence with a score they believe in and can make it their own.
Dynamic, customizable model: Security teams can easily adjust the scoring model according to their specific security goals. They can associate new and existing controls to the intricate requirements of any number of industry standards and regulatory frameworks (e.g., FedRAMP, SOC 2 Type II, etc.), ensuring that the Legit Posture Score always remains in tight alignment with their strategic security goals and obligations.
Intuitive, actionable insights: The Legit Posture Score is designed for all developers and security pros to quickly and intuitively glean insights, triage issues, and prioritize fixes with surgical precision throughout their SDLC. With modern dashboards and intuitive, drill-down navigation, AppSec leaders can seamlessly benchmark and compare posture performance by any number of predefined applications, asset groups, pipelines, or organizational segments.
Broad inclusion of cross-industry best practices and standards: The Legit Posture Score incorporates application security best practices and requirements from the most important regulations and industry frameworks on the market today (including NIST SSDF, SLSA, OSSF S2C2F, ISO 27001, and more), setting a new vision for what a secure, efficient software factory looks like today.
This new feature further enhances the Legit ASPM platform, providing security and development teams with the ability to measure, compare, and improve their application security posture over time, ensuring their software factories and applications in development are being built with the highest security standards in mind.
To learn more about Legit Security and its market-leading ASPM platform, please visit www.legitsecurity.com.
Posted in Commentary with tags Quorum on October 3, 2024 by itnerd
Quorum Cyber – with offices in Edinburgh, UK, Ontario, Canada, and Goodyear, Arizona – today announced its webinar addressing the escalating cyber threats surrounding the November U.S. presidential election. Experts from Microsoft’s Democracy Forward team and Quorum Cyber’s Incident Response and Threat Intelligence teams will discuss current cybercriminal and nation-state actor attempts to undermine democratic processes and the integrity of elections. The live event will be held on Wednesday, October 9th at 3:30 – 4:30 PM BST / 10:30 – 11:30 AM ET. The insights shared are essential for anyone concerned with securing the future of democratic elections. Attendees may register online at https://bit.ly/47HpZDV or visit www.quorumcyber.com/events/.
Cyber threats to the U.S. presidential election and the electoral system pose significant risks, potentially undermining public trust and influencing outcomes. But how can democracy be defended against increasingly sophisticated cybercriminals and more frequent cyberattacks?
The panel of cybersecurity experts will discuss the evolving nature of cyber threats in the context of U.S. elections, recent incidents, case studies highlighting cyber threats, and strategies for worldwide election security. In addition, attendees will:
Learn from experts about effective measures to protect the electoral process.
Engage in meaningful discussions with cybersecurity professionals monitoring U.S. election threats.
Stay informed about the latest trends and developments in election security.
Posted in Commentary with tags Sage on October 2, 2024 by itnerd
Sage, the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs), today announces Cinzia Bazzo as its Managing Director for Canada. This strategic hire underlines Sage’s commitment to its growing Canadian market, which is a cornerstone of the company’s North American success.
In her new role, Bazzo will oversee Sage’s Canadian business, a critical region for growth. She will focus on accelerating sales and revenue by attracting new customers and strengthening relationships with existing ones. Bazzo will also play a key role in enhancing the customer experience, advancing Sage’s position as the most trusted and thriving network for SMBs. Additionally, she will manage the region’s performance, making strategic decisions to capitalize on strong results, address challenges, and provide leadership to over 250 employees across Canada. She will lead the implementation of global and local colleague programs, including engagement, performance management, DEI, and talent development, while fostering Sage’s culture and values.
Bazzo brings a wealth of experience to Sage, with an impressive track record of driving sales growth and delivering exceptional customer experiences. In her most recent role as Country Leader for Workday in Canada, she led her team to achieve record-breaking sales. Prior to that, she held various leadership positions at Oracle, Salesforce and SAP. Bazzo is also an active member of the Business Council of Canada, a network of enterprise executives focused on strengthening the country’s economic fabric by supporting small business and entrepreneurs in communities of all sizes.
Bazzo is based in Toronto and will play a key role on Sage’s North America Leadership Team, reporting into Mark Hickman, Managing Director of North America as Sage.
Posted in Commentary with tags TikTok on October 2, 2024 by itnerd
TikTok is home to a community of curious minds. From discovering new stories on #BookTok to exploring new cultures and finding new life hacks,#LearnonTikTok encourages our community to continue their journey of joyful discovery. Millions of Canadians come to TikTok each month to express themselves authentically, be entertained and learn new things.
Today, TikTok is thrilled to announce the launch of TikTok’s dedicated STEM feed in Canada. This feed offers a viewing experience exclusive to STEM – science, technology, engineering and mathematics – and comes to Canada to empower continued discovery on TikTok and connect a dynamic community of individuals over their shared passion for learning. Canadian users will be able to click into the STEM feed, which will be turned on by default for all Canadian users, to open up a dedicated world of knowledge and education.
To help ensure high-quality STEM content for our community, TikTok continues to partner with Common Sense Networks and Poynter. Common Sense reviews all content and ensures it’s appropriate for the STEM feed. And Poynter continues to partner to assess the reliability of information presented. If content does not pass both checkpoints, it will not be eligible for the STEM feed.
Samsung Announces Galaxy Book5 Pro 360
Posted in Commentary with tags Samsung on October 3, 2024 by itnerdSamsung recently launched the highly awaited Galaxy Ring, budget-friendly Galaxy S24 FE and AI-ready Tab S10 Series. As of today, all 3 devices are officially available in stores across Canada and at Samsung.com. If you want to see my coverage on these devices, click here and here.
What’s more, the recently unveiled Samsung Galaxy Book5 Pro 360 is available for purchase on Samsung.comstarting today. This exciting new laptop will also be available in-stores for retail purchase in the coming weeks.
Galaxy Book5 Pro 360 – Galaxy Book5 Pro 360 changes the game for PC displays. Featuring the Intel Arc GPU, it boasts Galaxy Book’s best graphics performance yet. Users can also create anytime, anywhere, thanks to the Dynamic AMOLED 2X display with Vision Booster, improving visibility and reducing glare, and experience a cinematic-like viewing experience with 3K super resolution and 120Hz adaptive refresh rate. Complete the PC experience with Galaxy’s signature in-box S Pen, which lets you write, draw and fine-tune details with responsive multi-touch gestures. Plus, all-day battery life supports up to 25 hours of video playback, helping users accomplish even more.
Pricing: $2,499.99
Leave a comment »