France’s Grand Palais Discloses That It Pas Pwned During The Olympics

Posted in Commentary with tags on August 6, 2024 by itnerd

The Grand Palais Réunion des musées nationaux in France has disclosed it suffered a cyberattack on Saturday night.

French cyber crime police are investigating a ransomware attack against the Grand Palais exhibition hall in Paris where Olympic events including fencing and Taekwondo are being held, Paris prosecutors said on Tuesday.

They said cyber criminals had targeted the institution’s central computer system, but the incident had not caused any disruption to Olympic events taking place in the iconic glass-roofed exhibition hall in the centre of the French capital.

The computer system at the venue also handles data for 40 mainly small museums with which it is affiliated, the prosecutors said in an email.

Franceinfo radio said the attackers had demanded payment of a ransom within 48 hours, threatening to post online the financial data they had obtained if they did not receive the unspecified sum of money.

The attack may not have disrupted anything, but it’s not a good look. Rogier Fischer, CEO, Hadrian

It is highly likely that the cyberattack on Grand Palais Rmn was initiated through stolen credentials,. Incidents like these show time and again that preventive measures are essential but not foolproof, as sophisticated cyberattacks continually evolve, exploiting new vulnerabilities and human error. While prevention is a critical component of cybersecurity, it must be complemented by robust detection and response capabilities. This involves implementing advanced threat detection systems that can identify and respond to suspicious activities in real time.

This incident puts cybersecurity in front of the world because of the fact that this happened during the Olympics. Which in turn illustrates that if you don’t want your bad news to be on CNN, you need to ensure that your defences against this sort of thing need to be on point.

Leave a comment »

AppSOC Unveils AI Security Platform 

Posted in Commentary with tags on August 6, 2024 by itnerd

AppSOC, an innovation leader in security and risk management, today announced the launch of pioneering capabilities for safeguarding artificial intelligence (AI) applications and agents while providing the visibility and governance that enterprises need to leverage AI with confidence.

Businesses across sectors are recognizing the immense potential of AI, but the rush to deploy new AI solutions has outpaced security, introducing substantial new risks. As the first application security vendor to address the unique challenges of AI security, AppSOC is setting a new industry standard by integrating these capabilities directly into their robust platform. This powerful combination of AI and application security enables customers to detect, prioritize, and remediate issues across AI and connected applications, without creating new security silos. 

The AppSOC solution leverages new industry frameworks for categorizing AI risk including the OWASP Top 10 LLM Risks. AI security issues detected are mapped to these frameworks providing customers with confidence that they are aligned with industry best practices.

AppSOC’s new AI security and governance capabilities include:

  • Shadow AI Discovery: providing visibility into unsanctioned AI models and agents to ensure security best practices and compliance
  • AI Governance: proactively creating resource inventories, use-case repositories, and approval workflows for AI projects to ensure trust, safety and accountability
  • AI Posture Management & Data Protection: detecting security misconfigurations, applying guardrailsand protecting against data leaks
  • Content Anomaly Detection and Data Compliance: runtime analysis of prompts and responses to address application abuse and attacks such as prompt injection
  • AI Supply Chain Security: ensuring the integrity of AI applications and agents to mitigate security, reliability, and licensing risks associated with open-source models and datasets
  • Protection for Connected Applications: safeguarding critical enterprise applications connected to AI systems against security breaches

To learn more about AppSOC AI security and see a live demonstration, please register for an upcoming webinar on August 13, at 10:00 am PDT.

Leave a comment »

Tech Mahindra and Horizon3.ai Partner On AI Security

Posted in Commentary with tags on August 6, 2024 by itnerd

Tech Mahindra announced a strategic partnership with Horizon3.ai, a leader in autonomous security to elevate the cybersecurity landscape. The partnership will integrate Horizon3.ai’s cutting-edge NodeZero™ platform, delivering integrated threat detection, AI-powered pentesting, and Governance, Risk, and Compliance (GRC) insights, with Tech Mahindra’s comprehensive suite of cybersecurity services.

Tech Mahindra will leverage Horizon3.ai’s NodeZero™ autonomous penetration testing platform to empower its customers to uncover exploitable vulnerabilities and validate security measures across on-premises, cloud, and hybrid network infrastructures. The partnership will combine Tech Mahindra and Horizon3.ai’s cybersecurity domain expertise and global reach to drive innovation, excellence, and proactive defense. It will provide customers with the tools and expertise needed to safeguard their digital assets.

Tech Mahindra will offer customers real-time vulnerability assessments, enabling prompt identification and remediation of vulnerabilities. The real-world attack testing capability will simulate cyber attackers’ tactics to assess security resilience. Additionally, customers will benefit from comprehensive reporting that prioritizes risks and provides actionable remediation recommendations. The enhanced compliance and cost-effective capabilities will ensure organizations meet regulatory standards and access scalable, advanced penetration testing.

The partnership with Horizon3.ai aligns with Tech Mahindra’s mission to enhance its offerings and provide customers with an unprecedented level of security assurance. Tech Mahindra has earned a reputation as a leading cybersecurity partner by delivering technology implementations, managed security and risk services, and compliance solutions to organizations worldwide. Their comprehensive approach ensures overall cyber resilience and provides cutting-edge proactive protection, detection, and remediation across diverse security domains. 

Leave a comment »

Fortinet Acquires Next DLP

Posted in Commentary with tags on August 6, 2024 by itnerd

Fortinet today announced that it has acquired Next DLP, a leader in insider risk and data protection. With this acquisition, Fortinet will improve its position in the standalone enterprise data loss prevention (DLP) market and strengthen its leadership in integrated DLP markets within endpoint and SASE in alignment with Fortinet’s business strategy.

Next DLP has been recognized by industry analysts for its technology innovation and was recently named a Representative Vendor in the 2023 Gartner Market Guide for Data Loss Prevention1 and the 2023 Gartner Market Guide for Insider Risk Management Solutions.2 The company delivers a leading next-generation, cloud-native SaaS data protection platform that extends from endpoint to cloud.

As part of its commitment to offering enterprises a top-tier Unified SASE solution, Fortinet plans to integrate Next DLP’s technology to add advanced data loss prevention capabilities to Fortinet’s security service edge (SSE) offering, as well as integrate additional insider risk and data protection capabilities across the Fortinet Security Fabric.

Transaction Details
The deal has been signed and closed as of August 5, 2024.

Leave a comment »

Foxit Releases Research On How Can AI Enhance Traditional Document Workflows

Posted in Commentary with tags on August 6, 2024 by itnerd

Foxit has announced the release of Forrester research examining how organizations are currently handling their document workflows and the potential for AI to revolutionize these processes.

This news has implications across virtually every industry vertical such as healthcare, finance, manufacturing, education, media and entertainment, insurance, legal, and others. Certainly, it applies to human resources (HR) and hybrid work environments. And of course, it is important to those that think about their organization’s business acumen and agility, data protection, and data security. 

DeeDee Kato, Vice President of Corporate Marketing at Foxit, has written a blog detailing the research conducted and highlighting the key findings. You can read it here.

Leave a comment »

Guest Post: How To Stand Out in the Biodegradable Packaging Market

Posted in Commentary with tags on August 6, 2024 by itnerd

By Travis Johnston, Co-Founder and COO of Aropha

Sustainability is becoming a growing concern for consumers of all age demographics. In fact, 82% of consumers across age demographics are willing to pay more for sustainable packaging, and when looking at Gen-Z consumers that number jumps to 90%. Additionally, 71% of consumers have chosen a product in the last six months based on its sustainability credentials. 

With so much interest in sustainability, the biodegradable packaging market is expected to grow at a CAGR of 6.8% from 2022 to 2032. Currently, packaging made 100% from synthetic plastics, most commonly derived from nonrenewable feedstocks, is still extremely popular even amidst mounting environmental concerns. This is largely due to the low production cost associated with these materials. However, with increasing focus being placed on eco-friendly practices and products, more biodegradable packaging options will be placed on the market. This should bring up one critical question inside every packaging company thinking about creating, distributing, or selling a biodegradable packaging product: What can you do to stand out in the growing biodegradable packaging market?  

Set Your Biodegradable Packaging Apart

Functional Design

The functionality of your packaging is crucial to ensuring your products stand out in the biodegradable packaging market and is enabled by the design. Functional designs include packaging that is strong enough to protect the contents during handling and shipping, can provide adequate barriers against moisture and oxygen, and still meets the market needs of the consumer. Functional packaging designs can either drive material selection or be driven by the initial material selection in some cases. It is important to understand the materials being used and ensure they can meet the end product requirements.

Aesthetic Appeal

Not only does the functionality of the packaging matter immensely, but the aesthetic appeal must also attract customers. Many times the sensory properties of the packaging (e.g. how the packaging looks and feels) can draw end consumers in and push them toward a purchase. With so many products on the market, it is important to detail your packaging with eye-catching branding to grab the attention of your customers and nudge them towards purchasing your product over another. 

Ecolabels

Ecolabels have become a critical part of product marketing in nearly every industry. Trusted labels provide a shorthand way to deliver information about the environmental characteristics and impact of a particular product. Examples of different properties that have ecolabels available include the percentage of recycled materials, the carbon footprint, biodegradability, and many more. Conveying the environmental friendliness of a product effectively to consumers is critical to drive purchases and trigger the “greenconsumption effect”. 

Turn to Aropha to Help You Succeed in the Biodegradable Packaging Market 

At Aropha, we are dedicated to making biodegradability testing affordable for, and available to, all companies. We combine AI biodegradable prediction software with lab testing to provide you with the information you need to make sure your products conform to industry standards while standing out in the biodegradable packaging market. 

When you work with Aropha, you will be able to start with our AI-drive biodegradability prediction software, ArophaAI. This software takes the known chemical structure of your products and accurately predicts their biodegradability instantly. By using ArophaAI, you will be able to determine which materials are the best candidates for lab testing, saving you substantial research time and budget. 

Then, when you move to validate promising samples through lab testing, we will get started on the process right away to make sure your products get the appropriate results for claims substantiation. Our lab offers a wide range of biodegradation tests, including various OECD, ISO, and ASTM tests for freshwater, marine, soil, industrial compost, home compost, and anaerobic environments. We are also experienced working with a wide range of products, from raw materials to finished articles.

We can also help you early on in your journey to obtain an ecolabel. With our high-throughput biodegradability screening, we will take pilot samples in research and development, testing them for biodegradability in compliance with ISO/IEC 17025:2017, ensuring high-quality data.  

Our team is here to help you gain insights into and validate the biodegradability and ecotoxicity of your packaging throughout development. Contact our team today to get started.

Leave a comment »

BREAKING: Google Ruled To Be An Illegal Monopoly

Posted in Commentary with tags on August 5, 2024 by itnerd

Well, this is groundbreaking. A judge has ruled that Goole is an illegal monopoly:

“After having carefully considered and weighed the witness testimony and evidence, the court reaches the following conclusion: Google is a monopolist, and it has acted as one to maintain its monopoly,” US District Judge Amit Mehta Mehta wrote in Monday’s opinion. “It has violated Section 2 of the Sherman Act.”

The decision by the US District Court for the District of Columbia is a stunning rebuke of Google’s oldest and most important business. The company has spent tens of billions of dollars on exclusive contracts to secure a dominant position as the world’s default search provider on smartphones and web browsers.

Those contracts have given it the scale to block out would-be rivals such as Microsoft’s Bing and DuckDuckGo, the US government alleged in a historic antitrust lawsuit filed during the Trump administration.

Now, said Mehta, that powerful position has led to anticompetitive behavior that must be stopped.

Specifically, Google’s exclusive deals with Apple and other key players in the mobile ecosystem were anticompetitive, Mehta said. Google has also charged high prices in search advertising that reflect its monopoly power in search, he added.

Those contracts have long meant that when users want to find information, Google is generally the easiest and quickest platform to go to, which in turn has fueled Google’s massive online advertising business.

While the court did not find that Google has a monopoly in search ads, the broader strokes of the opinion represent the first major decision in a string of US-government led competition lawsuits targeting Big Tech. This case in particular has been described as the biggest tech antitrust case since the US government’s antitrust showdown with Microsoft at the turn of the millennium.

Now you should keep in mind that the judge hasn’t determined what the penalties for this behaviour are going to be. And you can bet that Google will fight this as hard as they can. But I can say one thing, which is that others in the tech space are likely watching this very closely because they could be next.

Leave a comment »

HP Wolf Security study finds growing concern about attacks on hardware supply chains as one in five businesses impacted

Posted in Commentary with tags on August 5, 2024 by itnerd

HP today released the findings of a global survey highlighting the growing concern over nation-state threat actors targeting physical supply chains and tampering with device hardware and firmware integrity. The study of 800 IT and security decision-makers (ITSDMs) responsible for device security highlights the need for businesses to focus on device hardware and firmware integrity, with attacks on hardware supply chains and device tampering expected to increase.

Key findings include:

  • Almost one-in-five (19%) organizations surveyed say they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. In the US, this figure rises to 29%. 
  • Over a third (35%) of organizations surveyed believe that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices. 
  • Overall, 91% believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.
  • Almost two-thirds (63%) believe the next major nation-state attack will involve poisoning hardware supply chains to sneak in malware.

Considering the scale of the challenge, it’s unsurprising that 78% of ITSDMs say their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.

Organizations are concerned that they are blind and unequipped to mitigate device supply chain threats like tampering. Over half (51%) of ITSDMs are concerned that they cannot verify if PC, laptop or printer hardware and firmware have been tampered with during transit. A further 77% say they need a way to verify hardware integrity to mitigate the risk of device tampering. 

In recognition of these risks, HP Wolf Security is advising customers to take the following steps to help proactively manage device hardware and firmware security, right from the factory:

  • Adopt Platform Certificate technology, designed to enable verification of hardware and firmware integrity upon device delivery.
  • Securely manage firmware configuration of your devices, using technology like HP Sure Admin (for PCs) or HP Security Manager (Support). These enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods.
  • Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory, such as HP Tamper LockSure Admin, or Sure Recover technologies.
  • Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices.

Watch this space: Further findings from the study will be shared later this year.

About the data

The survey was conducted by Censuswide on behalf of HP Inc. from the 22nd February – 5th March 2024. It is based on a survey of 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany, and France. The survey was carried out online.

Leave a comment »

CrowdStrike To Delta: It’s Not Our Fault

Posted in Commentary with tags on August 5, 2024 by itnerd

It’s taken far longer than I anticipated, but CrowdStrike has finally responded to news that Delta Airlines has retained legal counsel to get compensation from them when it comes to their faulty software patch taking down Delta and a whole lot of other people:

CrowdStrike reiterated its apology to Delta in a letter responding to public comments about the airline pursuing legal claims, but said it “strongly rejects any allegation that it was grossly negligent or committed willful misconduct.” CrowdStrike says the litigation threat “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” noting that competing airlines restored their operations much more swiftly.

“CrowdStrike’s CEO personally reached out to Delta’s CEO to offer onsite assistance, but received no response,” CrowdStrike lawyer Michael Carlinsky said in the letter. Carlinsky said CrowdStrike had made several other attempts to provide assistance, including an offer for onsite support, but was told that resources for the latter were not required.

I’m going to go out on a limb and say that CrowdStrike didn’t get a response because Delta was too busy trying to get their systems back online because of CrowdStrike’s screw up. And by the time they did respond, Delta was so mad at CrowdStrike that Delta flipped them off. If there’s an alternate view to this that I should be aware of, leave that view in the comments below.

Anyway…..

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions — swiftly, transparently, and constructively — while Delta did not,” said Carlinsky. The letter also notes that CrowdStrike’s contractual liability is capped “in the single-digit millions,” and that the company will “respond aggressively” to litigation “if forced to do so.” We have reached out to Delta for comment and will update this story if we hear back.

This sounds like a threat to me. And I can see why CrowdStrike would fire threats in Delta’s direction. CrowdStrike doesn’t want a mountain of lawsuits filed against it because it’s pretty safe to say that any one of these lawsuits would “end” CrowdStrike, never mind a whole bunch of them. Thus they’re trying to use Delta to deter others from doing what Delta has done. The thing is that I am not sure that this is a viable strategy. On top of that, it doesn’t paint CrowdStrike in the best light. Not that CrowdStrike is going to listen to me, but maybe they should rethink how they respond to this before their problems multiply. Just a thought.

Leave a comment »

Ransomware Attack Trends and the True Costs to Victims

Posted in Commentary with tags on August 5, 2024 by itnerd

The Safety Detectives has conducted some research with the aim of understanding the latest trends in ransomware attacks and uncover the true costs incurred by victims, shedding light on the financial, operational, and reputational implications of falling prey to such schemes.

According to their research:

  • Phishing is the most common entry point for ransomware and accounts for up to 90% of all cyber attacks in general.
  • The United States was the country most impacted by ransomware attacks in 2023, accounting for 2,175 or 48.8% of all reported cases, followed by the UK, Canada, Germany, and France.
  • Government agencies, healthcare organizations, and companies in the energy and utility industry were the most targeted, with 67%- 68% of organizations in each sector experiencing a ransomware attack.

Why it matters:It has become evident that the costs of ransomware attacks continue to pose significant risks to businesses worldwide. It’s crucial that organizations recognize the importance of implementing robust cybersecurity measures, incident response protocols, employee training programs, and regular security assessments to mitigate these risks effectively.

You can access their detailed report here: 

https://www.safetydetectives.com/blog/ransomware-attack-trends-research

Leave a comment »

« Older Entries
Newer Entries »