Intelligent Waves and Horizon3.ai Partner to Bring Next-Generation Autonomous Penetration Testing to the Department of Defense and IC Community

Posted in Commentary with tags on August 28, 2024 by itnerd

Intelligent Waves (IW), a leading tech integrator providing mission-focused, multi-domain operational expertise and innovation to the Department of Defense (DoD), has announced a strategic partnership with Horizon3.ai, a pioneer in autonomous security testing. This collaboration aims to deliver advanced, continuous, and autonomous penetration testing capabilities to enhance the DoD’s cybersecurity defenses.

Revolutionizing Cyber Defense with Autonomous Penetration Testing

The partnership will enable Intelligent Waves to rebrand Horizon3.ai’s NodeZero™ platform into Shadow powered by NodeZero, leveraging IW’s extensive experience in delivering secure and reliable IT services to the DoD. NodeZero is a pioneering autonomous penetration testing platform that continuously assesses and improves an organization’s security posture by preemptively discovering exploitable vulnerabilities and weaknesses within its network infrastructures before it falls victim to a cyber-attack.

Enhancing DoD Cybersecurity Posture

Shadow empowers organizations to conduct unlimited, orchestrated penetration tests, continuously uncovering blind spots and weaknesses within their networks. This platform prioritizes attack paths with the most significant potential impact, providing clear guidance on what to fix first. With full visibility into penetration test progress and exploits, Shadow delivers real-time insights and actionable remediation guidance.

Benefits of the Partnership

  • Continuous Security Assessments: Unlike traditional, periodic penetration testing, Shadow provides ongoing, real-time assessments, ensuring the DoD’s cyber defenses are always up to date.
  • Cost Efficiency: Automation of penetration testing diminishes the need for expensive, manual testing processes, optimizing resource allocation for the DoD.
  • Enhanced Readiness: Immediate verification of fixes ensures that vulnerabilities are effectively addressed, maintaining the integrity of defense systems.
  • Seamless Scalability: The NodeZero platform can scale to test extensive networks, making it ideal for large and complex DoD environments.

Intelligent Waves delivers mission-focused multi-domain operational expertise and innovation to the Government through high-impact technology solutions in cybersecurity, data science, enterprise network & systems engineering, software development, and platform mission support. Always ready. Anytime. Anywhere. Any domain. To learn more, visit www.intelligentwaves.com.

The NodeZero autonomous penetration testing platform empowers the public and private sectors to continuously assess their exploitable attack surfaces. It is the flagship product of Horizon3.ai, founded in 2019 by former industry and U.S. National Security veterans. NodeZero helps organizations see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure that they are prepared to respond to real cyberattacks. Find out more at www.horizon3.ai.

Leave a comment »

Rogers Welcomes Newcomers with International Credit Recognition

Posted in Commentary with tags on August 28, 2024 by itnerd

Rogers Communications has announced a new partnership with Nova Credit, a cross-border credit bureau, to help newcomers to Canada build credit and finance a new smartphone, making their transition easier.

The collaboration enables Rogers to offer newcomers maximum credit by considering their international credit history when applying for a Rogers Red credit card, helping them establish a strong financial foundation in Canada. They can also take advantage of 0% interest financing on new Rogers devices through the Rogers Red credit card, to stay connected from day one while spreading payments over a longer time period. Newcomers can visit any Rogers retail store to apply.

At launch, Rogers will support newcomers by recognizing their credit history from nine countries, including Australia, India, Kenya, Nigeria, the Philippines, Spain, Switzerland, Ukraine and the United Kingdom. Rogers has plans to expand the program to additional countries in the future.

Newcomers approved for a Rogers Red credit card can access flexible device financing on new phones for up to 48 months at 0% interest. Customers can be approved instantly for a Rogers Red credit card in a Rogers retail store, allowing them to leave with both a new device and a credit card on their phone’s mobile wallet.

Rogers customers with a Rogers Red credit card can enjoy 3% cash back value when they redeem with Rogers, and the card has no annual fee. Customers can also stay connected with five Roam Like Home days at no extra cost every year with an eligible Rogers mobile plan. In 2024, Rewards Canada named the Rogers Red World Elite Mastercard the country’s Top No Fee Cash Back Credit Card.

For more information, please visit a Rogers retail store, or visit RogersBank.com/Newcomers and Rogers.com/Newcomers.

Leave a comment »

Cyber Threat Researcher Finds 650,000 Emails Exposed in Recent Cyberattacks on Schools and Universities as “Back to School” Hits

Posted in Commentary with tags on August 28, 2024 by itnerd

Abnormal Security has released its latest blog showing an exponential surge of cyberattacks in the educational sector, exposing over 650,000 records in the last 60 days. 

Mike Britton, CISO at Abnormal Security discusses how educational institutions across the US are becoming easy prey for cybercriminals as the school year approaches, making phishing a big threat to students, teachers, and staff.

The blog dives deep into four instances of schools, all the way from Elementary schools to University, whose students and staff that were exposed, making them vulnerable to potential phishing attacks:

  • Data Breach exploiting 46,169 University students on a cybercrime forum
  • 576,735 records exposed in Elementary school teachers’
  • Data Breach Targeting Rowan College at Burlington County Compromises 27,000 Records
  • $200 Million IT System Breach Impacting 25,000

You can read the blog here.

Leave a comment »

The FBI’s Data Handling Practices Ripped By The DoJ

Posted in Commentary with tags , on August 28, 2024 by itnerd

The FBI has faced significant lapses in handling and disposing of electronic storage media seized during investigations, according to a scathing audit by the Department of Justice’s Office of the Inspector General (OIG). The audit reveals that storage devices containing sensitive information, including national security data, Foreign Intelligence Surveillance Act (FISA) material, and documents classified as Secret, were often improperly labeled or not labeled at all, heightening the risk of loss or theft.

The OIG’s report was addressed to FBI Director Christopher Wray and underscores the gravity of these findings. Despite FBI protocols mandating strict procedures for labeling and securing such data, the agency failed to consistently adhere to these guidelines. The report highlights instances where media containing classified information was stored in unapproved containers or locations, significantly compromising security. Additionally, the FBI’s process for the destruction of these devices was found to be inadequate, with critical gaps that could potentially expose sensitive information to unauthorized access.

Cigent CGO Brett Hansen had this comment:

“Meeting mission requirements and the ever-evolving threat landscape can make ensuring the integrity of data throughout its lifecycle a daunting task. Organizations like the FBI first need to universally adopt proven techniques and technology for safeguarding vulnerable data at the edge. These include Hardware Full Drive Encryption with Pre-boot Authentication and Multi Factor Authentication. Proper disposal of data is also imperative and again there are technologies that can verify all data is permanently erased.”

The FBI of all people need to do a much better job of safeguarding data. Hopefully this report not only “encourages” them to do better. But sends a message to everyone else to step up their game.

Leave a comment »

Publicly Available GenAI Exploitable By Anyone With Internet Access

Posted in Commentary with tags on August 28, 2024 by itnerd

Legit Security has published new research on AI platforms for security issues and potential data leakage with actual vulnerabilities as part of the investigation, with examples encountered in the wild where such attacks were possible.

Naphtali Deutsch, formerly Israeli Military Intelligence Unit 8200 and Security Researcher at Legit, discusses the risks surrounding publicly accessible AI services, exploitable by anyone with Internet access, honing in on two types: vector databases and LLM tools. 

Popular publicly exposed vector datasets involving AI models: Legit’s analysis of unprotected vector databases found that thirty servers contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information. Three vector databases from two of the most popular platforms belonging to companies in engineering services, fashion, and the industrial equipment sector contain documents, media summaries, customer details, and purchase information.

Legit scanned the data on these servers and found dozens of secrets (passwords, API keys), including OpenAI and Pinecone (vector database SaaS) API keys, GitHub access tokens, and URLs with database passwords. It also found all the configurations and LLM prompts of these applications, which can help exploit prompt vulnerabilities down the road. 

You can read the research here.

Leave a comment »

Global Field Service Provider Exposes Nearly 32M Records 

Posted in Commentary with tags on August 28, 2024 by itnerd

Cybersecurity researcher Jeremiah Fowler recently uncovered a data breach involving nearly 32 million records from ServiceBridge (by GPS Insight), a global field service management provider based in the USA. The breach exposed documents containing personally identifiable information (PII) such as names, physical addresses, email addresses, and even HIPAA patient consent forms.

If you’d like to understand more about the risks and implications of this breach, you can read his full report here: https://www.websiteplanet.com/news/servicebridge-breach-report/

Leave a comment »

Dragos Platform Streamlines OT Threat and Vulnerability Workflows and Expands Asset Visibility

Posted in Commentary with tags on August 28, 2024 by itnerd

Dragos Inc. today announced the latest release of the Dragos Platform, the industry’s most effective OT network visibility and cybersecurity platform. The updates provide industrial and critical infrastructure organizations with even deeper and enriched visibility into all assets in their OT environments, streamlined workflows for threat detection and vulnerability management that allow for efficient and effective response, and powerful integration of Dragos WorldView intelligence and Neighborhood Keeper community intelligence on current and emerging threats. 

Industrial organizations worldwide are grappling with the rise of threat groups that scale attacks on widely-used technologies and common security weaknesses in OT environments, as well as a 50% year-over-year increase in reported ransomware attacks on these organizations. At the same time, they must balance the need for safety, quality, intellectual property protection, and financial and reputational safeguards with the competing priorities of uptime and availability of complex industrial infrastructure. IT cybersecurity approaches do not adequately protect these systems; threat and vulnerability methods not tailored to OT environments can disrupt essential processes and overburden security teams with irrelevant alerts.

The Dragos Platform provides comprehensive OT-native cybersecurity as a non-intrusive overlay to operations environments. Updates include new local collector and file ingestion capabilities that expand data collection options for increased flexibility; also included are new filtering capabilities that create powerful asset inventory views to answer key visibility questions for IT security and operations alike. The evolved integration of the Platform with Dragos’s Neighborhood Keeper and WorldView threat intelligence streamlines vulnerability management, threat detection, and response workflows to meet emerging threats like FrostyGoop and PIPEDREAM malware; Unitronics vulnerabilities; and VOLTZITE, CyberAveng3rs, and CHERNOVITE threat groups targeting OT environments.  

Enhancing Asset Inventory Capabilities

Sixty-one percent of industrial organizations struggle to effectively monitor their critical assets, limiting visibility into their risk. The latest updates to the Dragos Platform introduce advanced features that streamline and enhance asset inventory management:

  • Expanded asset enrichment with project file and data import: The new file ingest feature allows for seamless import and enrichment of asset data from existing project files or other devices, simplifying the process of maintaining a comprehensive and up-to-date asset inventory.
  • New lightweight collector for enhanced monitoring: A containerized traffic forwarding solution, this collector operates on edge switches and routers to provide data collection for space-constrained locations deep within OT environments. It captures and processes critical data, ensuring that even the most remote assets are monitored effectively with minimal impact on operations.
  • Expanded environment support: Dragos sensors now support Hyper-V and ESXi environments, allowing for broader deployment across different OT infrastructures.

Advancing Vulnerability Management and Asset Operationalization

The Dragos Platform’s latest enhancements also focus on turning asset data into actionable insights, enabling more effective and targeted cybersecurity measures through Dragos’s corrected severity scoring with “now next never” prioritization, alternative mitigation.

  • Advanced asset filtering features: The introduction of customizable filters allows users to efficiently manage and analyze asset data, facilitating the identification and prioritization of assets and their vulnerabilities. 
  • Automated alerts with Neighborhood Keeper trusted insights – Context of newly discovered vulnerabilities or threat activity relevant to users’ environment can be pushed via Neighborhood Keeper to their Platform console from Dragos directly or from our Trusted Insight Partners, often before the vulnerabilities or threat activity are disclosed publicly. 
  • Added intelligence context with pivots to WorldView OT analysis – In-Platform pivots to WorldView intelligence analysis & reporting on specific vulnerabilities providing deep intelligence analysis to enable risk management (additional license required).

Leading the Market in Threat Detection

As threats to OT environments continue to evolve, Dragos remains at the forefront of OT-specific threat detection:

  • Over 1,000 new threat detections, vulnerabilities and response playbooks added: The latest updates introduce over 1,000 new threat detections, addressing emerging threats such as CyberAveng3rs, FrostyGoop and other advanced threats. The Dragos Platform’s rapid development and deployment of threat analytics enable organizations to respond swiftly to emerging threats. This capability is vital in maintaining the security and integrity of OT environments, ensuring that critical operations are protected from disruption.

The Dragos Platform’s ability to quickly turn threat intelligence into actionable guidance for customers was most recently demonstrated in response to FrostyGoop, the ninth known ICS malware, which directly interacts with industrial control systems (ICS) using Modbus TCP over port 502, and was discovered by Dragos in April 2024. Dragos Threat Intelligence experts quickly developed new detection analytics and response playbooks and pushed them to Platform users through a Knowledge Pack update. New to this release, opted-in organizations in Neighborhood Keeper can automatically receive these pushed content updates within their Platform instances for immediate coverage. 

The Dragos Platform was awarded Best Industrial Security Solution by SC Awards (2023), won gold in two categories – Critical Infrastructure Security and ICS/SCADA Security – in the Cybersecurity Excellence Awards (2024); recognized as Market Leader in OT Security and Most Comprehensive Industrial Cybersecurity solution by Cyber Defense Magazine’s Global InfoSec Awards (2023); and was a Platinum award winner in ASTOR’s American Security Today Homeland Security Awards for Best ICS/SCADA Cybersecurity (2023).The latest updates further enhance the Dragos ecosystem, equipping it to more effectively tackle critical OT cybersecurity challenges. To gain deeper insights into the newest version of the Dragos Platform, Dragos is offering a public webinar. During this session, Dragos will discuss how new features operationalize asset data for prioritizing and addressing vulnerabilities, as well as how the platform’s threat analytics are developed and deployed to safeguard essential operations.

Leave a comment »

A SECOND Person Posts To Reddit About Their Galaxy Watch Ultra Losing A Button

Posted in Commentary with tags on August 27, 2024 by itnerd

Not even a week after I posted this story about a Reddit user who had a button fall off his Galaxy Watch Ultra, and Samsung seeming to duck and dive taking responsibility for it comes this Reddit post where history appears to be repeating itself:

So I am sitting here at the hotel, drinking a beer and checking my notifications when the back button of my Watch Ultra was gone and now when I try to put it back it falls out again. O.o WtF Samsung?

Now if something happens once, it’s likely a fluke. But if it happens again, you have to start wondering what the deal is. Especially since Samsung advertises this watch as being rugged. I’m now watching this sub Reddit with interest because if I see more reports of buttons falling off, it would imply that Samsung would have to do some explaining in terms of how their “rugged” watch doesn’t appear to be so “rugged”.

1 Comment »

Seattle-Tacoma Airport May Have Been Pwned In A Cyberattack

Posted in Commentary with tags on August 27, 2024 by itnerd

This Tweet popped up on the Seattle-Tacoma Airport Twitter feed yesterday:

It appears that this is due to some sort of cyberattack according to Bleeping Computer:

An FBI spokesperson confirmed to The Seattle Times that they “are aware of the incident and working with partners to determine what happened,” without disclosing any additional information.

The FBI would not be investigating this for giggles. So there has to be something there. My suggestion would be to keep an eye on this as this has been ongoing for a while now.

Leave a comment »

Park N’ Fly Pwned And Customer Data Leaked

Posted in Commentary with tags on August 26, 2024 by itnerd

Bad news for those who use Park N’ Fly. CTV News is reporting that there’s been a data breach as a result of “unauthorized access”:

The company confirms a third party accessed its network through unauthorized remote VPN access between July 11 and July 13.

When the hack was detected the company said its information technology team and a cyber security partner launched an investigation to find out what information was accessed.

According to the company, the information compromised could include basic customer information such as names, email and mailing addresses as well as Aeroplan and CAA numbers.

Park’N Fly said it “can confirm with certainty” that payment information was not compromised as it does not store customer credit cards or passwords on its servers.

I can’t count the number of times that a company that has been pwned says that a limited amount of customer information has been accessed, only to find out later that way more customer information has been accessed. Thus I take anything that the company says with a grain of salt until they provide definitive proof that what they are saying is true. If you’re affected by this, you should have already received an email about this. And I would do the usual things like monitor your credit cards, maybe get credit monitoring, etc while you wait on the company to provide more and hopefully robust details about what happened.

UPDATE: Rogier Fischer, CEO, Hadrian had this comment:

“While Park’N Fly has taken steps to improve security post-incident, proactive measures such as regular security audits, stronger authentication for VPN access, and customer education on cybersecurity could help mitigate similar risks in the future,” said Rogier Fischer, CEO of Netherlands-based cybersecurity service Hadrian.

“The company may face legal obligations to report the breach under data protection laws, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Additionally, the incident could harm their reputation, affecting customer trust and future business if not handled transparently and effectively.”

Leave a comment »

« Older Entries
Newer Entries »