Other World Computing (OWC) Announces Labor Day Sales Event

Posted in Commentary with tags on August 24, 2024 by itnerd

 Other World Computing (OWC), a trusted leader in delivering high-performance, secure, and sustainable technology solutions that enhance and extend the life of Macs and PCs, today announced its much-anticipated Labor Day Sale. This year, customers can take advantage of incredible savings on a wide range of OWC products, designed to power their creativity, productivity, and digital workflows.

Exclusive Labor Day Deals Include:

  • OWC Travel Dock E – $10 off, only $49.99 – The best mini-sized dock to connect, charge, display, and import on-the-go via one integrated cable
  • OWC Thunderbolt Go Dock – $30 off, only $269.99 – The first full-featured Thunderbolt dock without a bulky, heavy power adapter, so you can go anywhere easily and connect it all with Thunderbolt and USB-C Macs, PCs, iPads, Chromebooks, and Android devices.
  • OWC Envoy Pro mini – Up to $50 off – Full-sized SSD performance that fits in your pocket.
  • OWC Envoy Pro FX – Up to $100 off – The Fastest Most Compatible Drive Ever Made with Speeds up to 2800MB/s.
  • OWC Gemini – Up to $200 off – Thunderbolt Dock and Dual-Bay RAID external storage enclosure for 2.5-inch and 3.5-inch SATA drives.

In addition, OWC is also offering deep discounts on used Macs and iPads, with some deals reaching up to 72% off. Such as:

  • 69% off the Travel-Friendly 13-inch MacBook Pro – Retina / Touch Bar / Mid 2020-Late 2021 – Combines impressive performance in a sleek design, featuring a powerful processor, an enhanced keyboard for an exceptional user experience, and all day battery life.
  • Perfect-Sized iMac Perfection – from $239.00 – Retina 4K / 21-inch – This iMac is a hit with its compact size, powerful performance, and stunning Retina display.

And, so much more!

This is the perfect opportunity for customers to upgrade their tech at unbeatable prices!

These deals are available now through macsales.com through September 4th, while supplies last.

Leave a comment »

Traccar 5 Remote Code Execution Vulnerabilities Found By Horizon3.ai

Posted in Commentary with tags on August 24, 2024 by itnerd

Naveen Sunkavally, chief architect at Horizon3.ai, has just published “Traccar 5 Remote Code Execution Vulnerabilities” detailing two related path traversal vulns affecting the popular open source GPS tracking system that could lead to remote code execution: CVE-2024-31214, reported by Horizon3.ai, and CVE-2024-24809, reported by @yiliufeng168. 

The post includes four methods and three proof-of-concept (POC) ways by which these vulnerabilities can be exploited by unauthenticated attackers through RCEs if guest registration is enabled, which is the default configuration for Traccar 5. 

Horizon3.ai reported the vulnerabilities in early April 2024. After the disclosure, the maintainer fixed the path traversal in the Content-Type header and locked down the file extensions to a known set. The maintainer also changed the guest registration setting to be off by default in Traccar 6, per Horizon3.ai’s recommendation, which significantly reduces the attack surface available to unauthenticated attackers and will have a lasting impact on improving the security posture of Traccar for years to come.

Naveen urges that both CVE-2024-31214 and CVE-2024-2809 be treated as critical issues because guest registration is on by default in Traccar 5, effectively allowing unauthenticated access.

Traccar 5 Remote Code Execution Vulnerabilities: https://www.horizon3.ai/attack-research/disclosures/traccar-5-remote-code-execution-vulnerabilities/

Leave a comment »

Horizon3.ai Publishes New Findings Related To NTLM Credential Theft in Python Windows Apps

Posted in Commentary with tags on August 23, 2024 by itnerd

Naveen Sunkavally, chief architect at Horizon3.ai, has just published new research called: “NTLM Credential Theft in Python Windows Applications.” 

“NTLMv2 hash theft is a well-known credential harvesting technique made possible by the insistence of Windows to automatically authenticate to anything it possibly can. It’s a staple technique used in internal pentests with tools such as responder or ntlmrelayx, exploiting issues such as legacy LLMNR/NBT-NS protocols being enabled or forced authentication vulnerabilities like PetitPotam. It has also been exploited over the Internet, typically by abusing Microsoft Outlook, as described in recent cases by Proofpoint and Microsoft,” Naveen said.

When auditing web applications, NTLMv2 hash theft is possible on Windows hosts through the exploitation of Server-Side Request Forgery (SSRF) or XML External Entities (XXE) vulnerabilities. Much has been written on the topic, and new vulnerabilities continue to be found. 

Naveen details new SSRF vulnerabilities leading to NTLMv2 hash disclosure in three of the most popular Python frameworks: 

  • Gradio by Hugging Face, which powers several popular AI tools; 
  • Jupyter Server, which underpins Jupyter Notebook and JupyterLab; and 
  • Streamlit from Snowflake

The vulnerabilities Naveen exposes relate to how these Python frameworks retrieve files. Specifically, in Python, any file system operation performed on insufficiently validated input can lead to the leakage of NTLMv2 hashes. The vulnerabilities disclosed in the post can be exploited by unauthenticated attackers, and they have come up in real-world pentests conducted by NodeZero. He also covers an interesting Python bug affecting older versions of Python on Windows that could assist in NTLMv2 hash theft.

The post also recommends fix actions. Naveen concludes: “Windows is the predominant operating system in enterprises, and Python is the language of choice for AI. With AI making a big splash into the mainstream over the last few years, we’re seeing increased usage of Python applications on Windows. This comes with new risk because traditionally Python apps have been developed and run on Linux-based systems, where the security risks are different than on Windows. We believe the specific issue of NTLMv2 hash theft in Python apps is likely heavily under-reported, and something that all parties –defenders, developers, appsec practitioners, bug bounty hunters, etc. — should be on the lookout for.”

NTLM Credential Theft in Python Windows Applications: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/

Leave a comment »

ServiceNow Research Shows That The Key to AI Adoption is Humans

Posted in Commentary with tags on August 23, 2024 by itnerd

New research is out from ServiceNow measuring AI maturity of organizations across industries shows that 56% of Canadian AI pacesetters—those who are seeing success (and ROI) deploying GenAI—are using AI in collaboration with human workers to boost efficiency.  

Prioritizing human needs in AI development is crucial to ensuring deployment is trusted and useful. AI needs to become a collaborative partner rather than just a transactional tool—a necessary step to drive the transformational change the technology promises.   

But the new research has also found that less than half of Canadian respondents (46%) say that their organization has the right mix of talent/skills to execute their AI strategy, and only 39% feel that they have good visibility into the deployment and use of AI in their organization – pointing to a need for reskilling / upskilling and AI education and governance initiatives for the organizations falling behind pacesetters.  

You can read the research here.

Leave a comment »

Samsung’s Galaxy Watch Ultra Apparently Isn’t All That Rugged…. And Samsung Apparently Won’t Have Your Back If You Run Into Issues With Your Galaxy Watch Ultra

Posted in Commentary with tags on August 23, 2024 by itnerd

Well, this has to be embarrassing for Samsung. A Reddit post has an unlucky owner of a Samsung Galaxy Watch Ultra who had the action button fall off on him about a month into owning it. Bad as that is, the fact that Samsung isn’t willing to help by replacing a watch that is only a month old is worse:

I received my brand new Galaxy Watch Ultra on July 20th and I posted on here a few days back about how the action button fell off. I went back and forth with Samsung trying to get them to replace it, but they refused and told me to send it in for repair because it was under warranty. I sent it in and now they are telling me that it is out of warranty and I have to pay to get it fixed. I am still going back and forth with Samsung repair and customer service, and I’m getting nowhere.

This is really bad. The watch is supposed to be designed to be rugged. So the fact that this not only happened to this Reddit user, but Samsung won’t honour the warranty really makes Samsung look shady. And it reminds me of the behaviour of ASUS when it came to warranty claims which is a story that surfaced earlier this year. The bad press forced the company to say that they would do better. But I didn’t buy that at the time and and I still don’t. How does the warranty issues of ASUS relate to Samsung? Companies aren’t bad because their products fall apart. They are bad if they don’t stand behind their product. Samsung in this case isn’t standing behind a product that was designed to be rugged, but clearly isn’t. That reflects poorly on Samsung and should make anyone who is considering buying a Samsung product think twice as clearly Samsung doesn’t have your back.

1 Comment »

Open Systems SD-WAN Backbone improves global connectivity

Posted in Commentary with tags on August 22, 2024 by itnerd

Open Systems, a leading provider of native, managed SASE solutions, today announced the general availability of its new SD-WAN Backbone service. The private global network backbone addresses the growing connectivity challenges faced by international organizations in the digital age.

Open Systems’ SD-WAN backbone has more than 500 Points of Presence (PoPs) in 121 locations across 32 countries. This makes the company the only managed SASE provider with such comprehensive global coverage. As a complement to the SASE Experience platform, the backbone service offers better WAN performance and reliable connections to cloud applications worldwide.

Key benefits of the SD-WAN backbone:

  • Excellent traffic quality: Comprehensive network SLAs ensure minimal packet loss, latency and jitter – even in remote locations.
  • High reliability: Automatic healing and intelligent routing ensure consistent performance.
  • Versatile configuration: Flexible bandwidth settings and application-specific controls allow individual configurations.
  • Regulatory compliance: Deployment in 32 countries, including China, helps ensure high-speed connectivity even in heavily-regulated states.
  • Guaranteed site-to-site connectivity: In conjunction with Open Systems Connectivity Service, the SD-WAN backbone also offers end-to-end SLAs, even for hard-to-reach locations.

The SD-WAN backbone supports secure connectivity across cloud and hybrid environments and locations. It is part of Open Systems’ comprehensive SASE Experience, which combines SD-WAN, Firewall, SWG, CASB and ZTNA in one framework. The solution is provided as a managed service with 24/7 support.

Further information on the SD-WAN backbone from Open Systems can be found at www.open-systems.com/sase/sd-wan-backbone.

Leave a comment »

New Solar Winds Web Help Desk hardcoded credential vulnerability discovered by Horizon3.ai 

Posted in Commentary with tags on August 22, 2024 by itnerd

On August 16th, Horizon3.ai Chief Attack Engineer Zach Hanely informed Solar Winds of a significant vulnerability, the SolarWinds Web Help Desk (WHD) Hardcoded Credential Vulnerability. The vulnerability is CVE-2024-28987, and was ranked 9.1 in severity. 

Through the hardcoded credential vulnerability, unauthenticated users can remotely access SolarWinds WHD software to access internal functionality and modify data, the company said in an advisory attributing the discovery to Hanley.. 

At 8 pm last night, Solar Winds issued SolarWinds Web Help Desk 12.8.3 Hotfix 2.

Zach will publish details of the vulnerability in the near future, and today urges that the hotfix patch be applied as soon as possible. He notes that upon applying the hotfix patch, “requests to non-existent pages on patched instances will return no content / content-length 0.” as per his post on Twitter:

Leave a comment »

84% of sales reps are missing quotas: Salesforce

Posted in Commentary with tags on August 22, 2024 by itnerd

Nobody chooses a career in sales because they love paperwork, however, recent Salesforce research found that Canadian reps spend 70% of their time on administrative tasks vs. only 29% of their time actually selling. Even more discouraging is that  67% of Canadian reps don’t expect to meet their sales quota this year, and 84% missed it last year. 

In industries where the productivity imperative is high. Ensuring reps are freed up to secure leads, deepen customer relationships and help clients with their needs is critical to the individual rep and company success.

The good news is that autonomous AI agents are poised to help solve these issues – and according to Salesforce’s Sales Cloud EVP + GM, Ketan Karkhanis, even “unleash a productivity supercycle” when used to augment human thinking.

This week Salesforce launched two new fully autonomous AI Agents -to help sales teams accelerate growth:  

  • Einstein SDR Agent: autonomously engages with inbound prospects to nurture pipeline 24/7 and unlike regular chatbots that can only answer specific programmed questions, analyzes a prospect’s question to autonomously determine what to do next (i.e. handling objections). 
  • Einstein Coach Agent: coaches sellers by autonomously facilitating role-plays, tailored to each deal, providing personalized and objective feedback afterward.

More details can be found in the newsroom post here.

Leave a comment »

Microsoft Is Going To Try Rolling Out Recall Again

Posted in Commentary with tags on August 22, 2024 by itnerd

I guess Microsoft is hoping that everyone has short memories or something because Microsoft has amended their blog post on Recall to say this:

Update Aug. 21, 2024: With a commitment to delivering a trustworthy and secure Recall (preview) experience on Copilot+ PCs for customers, we’re sharing an update that Recall will be available to Windows Insiders starting in October. As previously shared on June 13, we have adjusted our release approach to leverage the valuable expertise of our Windows Insider community prior to making Recall available for all Copilot+ PCs. Security continues to be our top priority and when Recall is available for Windows Insiders in October we will publish a blog with more details. 

To remind you, Microsoft Recall is meant to continuously take screenshots of user activity. Then it scans those screenshots with optical character recognition and saving the text and the screenshots to a giant searchable database on your PC. The problem is that anyone with any sort of access can get access to that database as highlighted here. I am not sure what Microsoft might have done to address the issues that other people found, but you can bet that all sorts of people will be poking around the insider builds to see how insecure that Recall is or isn’t. Microsoft better pray that it’s a secure as possible or this will not end well for Microsoft.

Leave a comment »

New Malware Targets macOS, Increasing Apple Security Immunity Concerns Against Cyber Threats

Posted in Commentary with tags on August 22, 2024 by itnerd

Cado Security has revealed its researchers discovered malware-as-a-service (MaaS) targeting macOS that steal credentials and cryptocurrency wallets from various stores, including game accounts. 

The malware is an Apple disk image (dmg) impersonation bundled with GoLang binaries disguised as legitimate software, including CleanMyMac, Grand Theft Auto IV (there appears to be a typo for VI), and Adobe GenP.

The dmg and a command-line tool for running AppleScript and JavaScript prompts users to open the software and provide their passwords. The malware fingerprints the victim’s system to gather IP details, OS version, hardware, and software information. 

Cado discovered the malware sold on two well-known malware marketplaces, which are used for communication, arbitration, and advertising of the stealer. The developers and affiliates operate as a team using Telegram, rented to individuals for $500/month.

The leading developer pays affiliates a percentage of earnings based on what their deployment of the stealer has stolen. Each affiliate of the stealer is responsible for deploying the malware. 

While MacOS has long been considered a secure system, malware targeting Mac users remains an increasing security concern, underscoring the demand for how to protect Apple users against cyber threats. 

Tara Gould, Threat Researcher at Cado Security, explores how the MaaS operators carry out their activities, best practices for significantly reducing the risk of falling victim to Mac malware, and recommendations for ensuring systems remain secure.

You can read the research here.

Leave a comment »

« Older Entries
Newer Entries »