Brazil’s President Calls Out Elon Musk…. And I Am Totally Here For It

Posted in Commentary with tags on September 5, 2024 by itnerd


Brazilian President Luiz Inácio Lula da Silva in an interview with CNN called out Elon Musk in epic fashion. Here’s what he said:

“The Brazilian justice system may have given an important signal that the world is not obliged to put up with Musk’s extreme right-wing anything goes just because he is rich,” the president said.

I agree with this 100% simply because the best way to take down Elon Musk is to call out his behaviour and punish him for it. And surprisingly the Brazilians were the first to do that. I had my money on the EU to be first, but at least someone is doing God’s work. Hopefully, this emboldens other countries and the like to make Elon pay for his behaviour. Again, I’m looking at you EU. But the US can step up and do the same thing as well.

Bravo Brazil!

Leave a comment »

Twitter Is Hiring Security And Safety Staff… Is This A Hail Mary?

Posted in Commentary with tags on September 5, 2024 by itnerd

Elon Musk fired a whole lot of people when he took over Twitter. And others, particularly those who were responsible for guardrails around the platform simply left. That has made the platform a train wreck next to a dumpster fire as it has become to every right wing nut job and Nazi among others. That in turn, along with Elon’s antics, have driven away advertisers. But the guardrails may, and I stress may be about to go back into place. Tech Crunch is reporting that Twitter is doing some hiring:

Nearly two years after the layoffs across X’s trust, safety and security teams, Elon Musk’s social media company is now trying to hire new employees to help moderate content and secure its platform, according to X’s official job listings

In the last month, X posted two dozen job openings evenly split across its safety and cybersecurity teams

The jobs on X’s safety team range from director of strategic response on X’s safety team to government affairs managers. On its cybersecurity teams, X is hiring several security engineers and a threat intelligence specialist. 

I personally think that this might be a Hail Mary from Elon. Assuming that he isn’t actively trying to destroy Twitter. Which to be frank, I wouldn’t put it past him to do that. He’s got to make money somehow. And having the appearance of a group of humans who are capable of moderating content on Twitter would help with that as Elon could use that to appease and attract advertisers back to the platform. And in turn make money that way. There’s also the fact that the EU is demanding that Elon moderates content on Twitter. And perhaps he doesn’t want to fight the EU because Elon knows that he’d lose.

The question is, who would want to work for Elon given his behaviour to date? I sure as Hell wouldn’t want to. And I suspect that he might have difficulty filling these roles as a result of that.

Leave a comment »

CIRA’s ‘What’s up with the internet?’ podcast premieres second season exploring today’s most pressing cybersecurity problems

Posted in Commentary with tags on September 5, 2024 by itnerd

Today, CIRA announces the premiere of season two of its podcast, What’s up with the internet? focusing on the enduring subject of cybersecurity, online safety and the evolution of cybercrimes. Hosted by award-winning Canadian tech journalist Takara Small, this season of What’s up with the internet? is a revelatory journey full of eye-opening discussions around a topic that has impacted everything from our economy to our healthcare system—and even our elections.

Across six episodes, What’s up with the internet? explores the headline-grabbing cyber attacks on our public institutions, the government’s role in cybersecurity, the stories of those impacted by cybercrimes, the high stakes world of ransomware negotiations and more. Listeners will also receive expert advice on how to keep themselves safe in a shifting online threat landscape.

Season two features commentary and guest interviews from a variety of experts including Sami Khoury, Head of the Canadian Centre for Cyber Security, security guru Bruce Schneier, David Shipley, CEO and Co-Founder of Beauceron Security, Jon Ferguson, Vice-president, Cyber & DNS, CIRA and more.

Ahead of the release of season two, CIRA surveyed its membership on their experiences with hacking and cybersecurity.

Key facts

  • 61 per cent of CIRA members have been the victim of a hack or an online scam, with the most common being phishing scams
  • 60 per cent of CIRA members don’t trust private organizations with their data, while 39 per cent were only somewhat trusting
  • 45 per cent reported that they had experienced their personal data being breached or stolen online

Listeners can learn more at cira.ca/podcast and subscribe to What’s up with the internet? on all major podcast platforms, including Apple Podcasts and Spotify.

Leave a comment »

No Shock Here… Twitter Is The Biggest Source For Election Disinformation

Posted in Commentary with tags on September 4, 2024 by itnerd

Seriously, this doesn’t come as a big shock to anyone who has been watching the downfall of the toxic mess that is Twitter which is of course owned by that not so fine person Elon Musk. Mother Jones is reporting that Elon seems to be okay with Twitter being the biggest source of election disinformation:

Elon Musk is not just the Trump-supporting owner of the social media platform X, formerly known as Twitter. It turns out he is also one of the platform’s biggest peddlers of election-related disinformation, according to a new report published Thursday by the Center for Countering Digital Hate.

The report from CCDH, a nonprofit organization focused on protecting civil liberties and holding social media companies accountable, found that 50 false or misleading posts shared by Musk on X between January 1 and July 31 of this year racked up a staggering 1.2 billion views. The group categorized the posts under three main themes: false claims that Democrats are “importing voters” through illegal immigration (the bulk of the content that researchers examined); false claims that voting is vulnerable to fraud; and a manipulated video, also known as a deepfake, of Vice President Kamala Harris.

According to the report, while independent fact-checkers found the content in all of those 50 posts shared by Musk to be false or misleading, none of the posts in question contained a “community note,” X’s user-generated fact-checking systemthat the company promise’s can contextualize “potentially misleading posts.” Just this week, Musk claimed in a post on X that community notes offer “a clear and immediate way to refute anything false in the replies,” adding, “the same is not true for legacy media who lie relentlessly, but there is no way to counter their propaganda.”

This is simply one more data point proving that Elon Musk isn’t trying to promote free speech. He’s instead trying to promote a specific agenda at any cost. Thus if you’re still on Twitter, it’s time to get off the platform and go someplace else for your social media needs. Bluesky for example is getting a lot of signups from Brazil from what I hear. Mastodon is a good place to go as well. Because Twitter sure isn’t what it used to be.

Leave a comment »

Russian Hacking Group Targets iOS & Android Devices Says Google

Posted in Commentary with tags on September 4, 2024 by itnerd

There have been reports that recent exploit attacks on iOS and Android web browsers by Russian hacking group APT29, have been detected by Google:

The Google TAG report, authored by Clement Lecigne, and published on August 29, revealed that the exploits being deployed by the Russian state-sponsored APT29 hacking group were the same as those used by commercial spyware vendors in the past.

Observed by the Google and Mandiant security analysts between November 2023 and July 2024, the exploits formed part of what is known as a watering hole attack. This is pretty much what you would expect it to be: a cyberattack targeting victims by infecting a website or service that they would ordinarily use and trust. Just like predators who attack their prey by hiding near real watering holes for thirsty animals at their most vulnerable. “The use of watering hole attacks circumvents traditional web security controls like URL categorization filters,” Adam Maruyama, field chief technology officer at Garrison Technology said, “because the owner of the site and the human-readable content hosted there are legitimate, leaving only a few layers of protection between the end user’s device and the malicious webcode.” The threat becoming even more acute on mobile devices, Maruyama continued, “where few users have endpoint protection products to stop even known exploits, leaving unpatched devices vulnerable.”

The prey in these particular attacks were Mongolian government websites, although the same tactic would apply to any targeted victim. State-sponsored groups such as APT29 tend to go for big game, as it were, being commercial and government organizations that benefit their paymasters most. The common denominator was that the victims were using the Safari browser on older versions of iOS (those before 16.6.1) initially and then Android users running the m121 to m123 versions of the Chrome browser. It should be noted that fixes had already been made available for the vulnerabilities exploited in these attacks, but users who were using unpatched versions were at risk.

Alan Bavosa, VP of Security Products at Appdome had this comment:

“While the APT29 group attack is focused on mobile browsers, the real targets ultimately are the Android and iOS apps running on unprotected end-user devices. To counter such threats, comprehensive mobile app protection is vital. App developers need to protect their apps and mobile end users from these and other attacks, using basic mobile app security protections as well as protections against new, sophisticated attacks, such as accessibility malware and social engineering attacks.”

“The nature of today’s mobile attack landscape means that it is difficult, if not impossible, for mobile end users to protect themselves.”

“Consumers are holding mobile brands accountable for mobile app defense. In order for mobile developers to keep up, they must implement automated mobile app defense systems to combat today’s increasingly sophisticated cyber threats rather than using SDKs or protecting their apps from scratch.”

This is a wakeup call for consumers and brands on how vulnerable the little rectangles we carry around with us everywhere we go really are. Thus updates need to be issued and applied and app companies need to make sure that their apps are secure.

Leave a comment »

The August BlackFog State of Ransomware Report Is Out

Posted in Commentary with tags on September 4, 2024 by itnerd

BlackFog has today released the State of Ransomware report for August 2024.Additionally, Darren Williams, CEO and Founder, BlackFog, has provided his thoughts on the state of ransomware in August, below:

     “August witnessed the 3rd highest number of attacks for the year with 63 publicly disclosed attacks, already surpassing the total number of attacks in 2020, 2021 and 2022. It also represents the second highest number of undisclosed attacks of the year with 464, with a ratio of 737% undisclosed to disclosed attacks.

From a sector perspective Healthcare had the biggest increase this month with 20%, or 16 verified attacks. This makes Healthcare the most targeted sector by a significant margin, followed by Government and Education, which saw only modest increases of 10% and 12% respectively.

In terms of variants, this month we saw RansomHub, a new entrant rocket to 7.9% of all attacks, followed by Medusa and Rhysida at 7.6% and 6.0% respectively. While LockBit still maintains its lead with 18.4% of all attacks, we only saw one confirmed attack this month.

A similar trend was observed in unreported attacks with RansomHub commanding 8.4% of attacks.

Lastly, we saw data exfiltration rates to China increase significantly to 20% this month (an increase of 4%) and Russia stable at 6%, with 93% of all attacks involving data exfiltration.”

BlackFog State of Ransomware Report August 2024: https://privacy.blackfog.com/wp-content/uploads/2024/09/BlackFogRansomwareReport-Aug-2024.pdf

Leave a comment »

TrustGrid Brings End-to-End Decentralized Digital Ecosystem Solution to Department of Air Force

Posted in Commentary with tags on September 4, 2024 by itnerd

TrustGrid, an established leader in decentralized digital ecosystem solutions, has been selected by AFWERX for a Direct-to-Phase II contract focused on decentralized digital identity and communications to address the most pressing challenges in the Department of the Air Force (DAF). The Air Force Research Laboratory and AFWERX have partnered to streamline the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) process by accelerating the small business experience through faster proposal to award timelines, changing the pool of potential applicants by expanding opportunities to small business and eliminating bureaucratic overhead by continually implementing process improvement changes in contract execution. The DAF began offering the Open Topic SBIR/STTR program in 2018 which expanded the range of innovations the DAF funded. TrustGrid will start its journey to create and provide innovative capabilities that will strengthen the national defense of the United States of America.

About TrustGrid

TrustGrid enables government entities, enterprises, organizations, and individuals alike to create secure digital ecosystems anywhere in the world with sovereign control of data and maximized privacy. Leveraging industry standards for Decentralized Identity (DID), Verified Credentials (VC), and Web3 capabilities, TrustGrid’s decentralized ecosystem simplifies and secures the management of shared information and peer-to-peer communications and transactions. TrustGrid delivers superior confidentiality, enabling access to and use of critical data while maintaining the privacy and security of individuals and organizational data. For further information about TrustGrid and their digital identity solution, please visit www.trustgrid.com.

About AFRL

The Air Force Research Laboratory is the primary scientific research and development center for the Department of the Air Force. AFRL plays an integral role in leading the discovery, development, and integration of affordable warfighting technologies for our air, space and cyberspace force. With a workforce of more than 12,500 across nine technology areas and 40 other operations across the globe, AFRL provides a diverse portfolio of science and technology ranging from fundamental to advanced research and technology development. For more information, visit www.afresearchlab.com.  

About AFWERX

As the innovation arm of the DAF and a directorate within the Air Force Research Laboratory, AFWERX brings cutting-edge American ingenuity from small businesses and start-ups to address the most pressing challenges of the DAF. AFWERX employs approximately 370 military, civilian and contractor personnel at five hubs and sites executing an annual $1.4 billion budget. Since 2019, AFWERX has executed over 6,100 new contracts worth more than $4 billion to strengthen the U.S. defense industrial base and drive faster technology transition to operational capability. For more information, visit: www.afwerx.com.  

Leave a comment »

Starlink Will Now Block Twitter In Brazil…. Or So They Say

Posted in Commentary with tags on September 4, 2024 by itnerd

Well this didn’t take long.

After I posted a story that detailed the fact that Elon Musk owned Starlink wasn’t blocking Twitter which is also owned by Elon Musk in Brazil as per the Brazilian courts, they have flipped flopped and are now blocking Twitter in Brazil:

“Regardless of the illegal treatment of Starlink in freezing of our assets, we are complying with the order to block access to X in Brazil,” Starlink, which has more than 200,000 customers in the Latin American nation, said in a post on X.

This is one of these times where I will default to being skeptical. Starlink is blocking Twitter for now, but at some point Elon’s going to get ticked off and demand that they undo that because of his rather perverse version of free speech that he is a fanboy of. Then it’s all going to kick off with the Brazilians. And I strongly suspect that Elon will come out on the losing end when that happens.

I’ll go get the popcorn ready.

Leave a comment »

CBIZ Pwned…. And It’s Really Bad

Posted in Commentary with tags on September 4, 2024 by itnerd

Professional services giant CBIZ Benefits & Insurance Services (CBIZ), a management consulting company specializing in tax, financial, benefits, HR services and insurance services, has confirmed a data breach in which a threat actor accessed client information in certain data bases by exploiting a vulnerability in a CBIZ web page. CBIZ has 120 U.S. offices employing 6,700 people, with $1.59 billion in revenue in 2023:

On June 24, 2024, CBIZ learned that an unauthorized party may have acquired information from certain databases. CBIZ promptly launched an investigation with the assistance of cybersecurity professionals. CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages, and acquired information from certain databases between June 2, 2024 and June 21, 2024. 

CBIZ conducted a review of the data acquired and determined that individuals associated with multiple CBIZ clients were impacted by the incident. Beginning on July 24, 2024, CBIZ began notifying its clients of the incident and the data involved for each client. The information varied by CBIZ client and included information related to retiree health and welfare plans which, depending on the individual, may have included their name, contact information, Social Security number, date of birth, and/or date of death. 

On August 28, 2024, CBIZ began mailing letters with information about the incident to individuals on behalf of CBIZ’s clients. CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security number was involved.

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

    A seemingly harmless vulnerability in a public-facing website – that has access to downstream databases – can be the enabler of data breaches. Critical vulnerabilities like remote code execution and/or arbitrary code execution in web applications can enable these sorts of outcomes. Improper input sanitization would also be high on the list of being a likely culprit. 

Evan Dornbush, former NSA cybersecurity expert follows with this:

   The lack of transparency surrounding the CBIZ data breach is alarming.

Despite the mandatory SEC 8-K filing for material events, it appears that CBIZ has yet to disclose this significant incident. The company’s silence on the technical details of the vulnerability not only fails to help the community understand and take action but also undermines trust at a time when cybersecurity initiatives like CISA KEV are gaining prominence. As concerns grow, there are already law firms soliciting potential plaintiffs for a suit against CBIZ.

This is all sorts of problematic, which honestly requires the relevant authorities to investigate further as the lack of transparency along with the sorts of data that were swiped make me wonder if there’s more to this than we know.

Leave a comment »

CISA Issues Warning About Iranian Sponsored Threat Actor “Fox Kitten”

Posted in Commentary with tags on September 3, 2024 by itnerd

The CISA have put out an advisory on Iran-linked threat actors known as Fox Kitten who are using their exploits for both government espionage and commercial ransomware operations:

This advisory outlines activity by a specific group of Iranian cyber actors that has conducted a high volume of computer network intrusion attempts against U.S. organizations since 2017 and as recently as August Compromised organizations include U.S.-based schools, municipal governments, financial institutions, and healthcare facilities. This group is known in the private sector by the names Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm. The actors also refer to themselves by the moniker Br0k3r, and as of 2024, they have been operating under the moniker “xplfinder” in their channels. FBI analysis and investigation indicate the group’s activity is consistent with a cyber actor with Iranian state-sponsorship.

The FBI previously observed these actors attempt to monetize their access to victim organizations on cyber marketplaces. A significant percentage of the group’s US-focused cyber activity is in furtherance of obtaining and maintaining technical access to victim networks to enable future ransomware attacks. The actors offer full domain control privileges, as well as domain admin credentials, to numerous networks worldwide. More recently, the FBI identified these actors collaborating directly with ransomware affiliates to enable encryption operations in exchange for a percentage of the ransom payments.

Adam Maruyama, Field CTO of Garrison Technology had this to say:

“CISA’s recent advisory regarding the joint governmental espionage and commercial ransomware activities of Iran-linked cyber group Fox Kitten shows how groups with the capabilities to attack some of the world’s most hardened networks are turning those capabilities to the broader commercial space. Increasing pressure from Fox Kitten and similarly equipped actors against commercial companies, particularly in non-regulated sectors, raises the stakes significantly in their fight against ransomware and other network intrusions. 

“To put it simply, the architecture and technologies commercial companies use to detect and respond to low-to-moderate sophistication cyber attacks lacks the ability to effectively prevent and deter highly sophisticated cyber criminals and nation-state actors.

“If the trend of blurred lines between nation-state and criminal actors continues, commercial entities will need to augment their defenses by using defense-grade, high-assurance technology that aims to prevent, rather than detect, malicious activity using techniques like hardware-enforced isolation/access and content disarm and reconstruction (CDR). Unlike most commercial cybersecurity solutions, which analyze content and determines whether it’s malicious or not, these technologies treat all content as potentially malicious and use innovative methods to recreate safe, inert versions before content enters an organization’s systems.”

This is a great example of “good enough” security not being nearly “good enough” and nation-state exploits being used against a broader target set. Thus organizations need to shift their thinking and defence strategies to not be the next victim of these groups.

Leave a comment »

« Older Entries
Newer Entries »