CrowdStrike To Delta: It’s Not Our Fault

Posted in Commentary with tags on August 5, 2024 by itnerd

It’s taken far longer than I anticipated, but CrowdStrike has finally responded to news that Delta Airlines has retained legal counsel to get compensation from them when it comes to their faulty software patch taking down Delta and a whole lot of other people:

CrowdStrike reiterated its apology to Delta in a letter responding to public comments about the airline pursuing legal claims, but said it “strongly rejects any allegation that it was grossly negligent or committed willful misconduct.” CrowdStrike says the litigation threat “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” noting that competing airlines restored their operations much more swiftly.

“CrowdStrike’s CEO personally reached out to Delta’s CEO to offer onsite assistance, but received no response,” CrowdStrike lawyer Michael Carlinsky said in the letter. Carlinsky said CrowdStrike had made several other attempts to provide assistance, including an offer for onsite support, but was told that resources for the latter were not required.

I’m going to go out on a limb and say that CrowdStrike didn’t get a response because Delta was too busy trying to get their systems back online because of CrowdStrike’s screw up. And by the time they did respond, Delta was so mad at CrowdStrike that Delta flipped them off. If there’s an alternate view to this that I should be aware of, leave that view in the comments below.

Anyway…..

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions — swiftly, transparently, and constructively — while Delta did not,” said Carlinsky. The letter also notes that CrowdStrike’s contractual liability is capped “in the single-digit millions,” and that the company will “respond aggressively” to litigation “if forced to do so.” We have reached out to Delta for comment and will update this story if we hear back.

This sounds like a threat to me. And I can see why CrowdStrike would fire threats in Delta’s direction. CrowdStrike doesn’t want a mountain of lawsuits filed against it because it’s pretty safe to say that any one of these lawsuits would “end” CrowdStrike, never mind a whole bunch of them. Thus they’re trying to use Delta to deter others from doing what Delta has done. The thing is that I am not sure that this is a viable strategy. On top of that, it doesn’t paint CrowdStrike in the best light. Not that CrowdStrike is going to listen to me, but maybe they should rethink how they respond to this before their problems multiply. Just a thought.

Leave a comment »

Ransomware Attack Trends and the True Costs to Victims

Posted in Commentary with tags on August 5, 2024 by itnerd

The Safety Detectives has conducted some research with the aim of understanding the latest trends in ransomware attacks and uncover the true costs incurred by victims, shedding light on the financial, operational, and reputational implications of falling prey to such schemes.

According to their research:

  • Phishing is the most common entry point for ransomware and accounts for up to 90% of all cyber attacks in general.
  • The United States was the country most impacted by ransomware attacks in 2023, accounting for 2,175 or 48.8% of all reported cases, followed by the UK, Canada, Germany, and France.
  • Government agencies, healthcare organizations, and companies in the energy and utility industry were the most targeted, with 67%- 68% of organizations in each sector experiencing a ransomware attack.

Why it matters:It has become evident that the costs of ransomware attacks continue to pose significant risks to businesses worldwide. It’s crucial that organizations recognize the importance of implementing robust cybersecurity measures, incident response protocols, employee training programs, and regular security assessments to mitigate these risks effectively.

You can access their detailed report here: 

https://www.safetydetectives.com/blog/ransomware-attack-trends-research

Leave a comment »

US Department Of Justice Sues TikTok

Posted in Commentary with tags on August 4, 2024 by itnerd

TikTok has a lot of problems at the moment. But you can add one more problem to the list. On Friday the US Department Of Justice sued TikTok. Here’s the details from The Verge:

The DOJ claims that TikTok knowingly let kids onto its platform through its “Kids Mode,” collected their information, and failed to delete their accounts at their parents’ requests, in violation of the Children’s Online Privacy Protection Act (COPPA). When a kid under 13 entered their age on the app, they’d be prompted to enter a username, which doesn’t contain personal information, and it would create a Kids Mode account for the user. But the app wouldn’t notify parents or get their consent. Kids can’t upload videos in that mode, but they can view videos; the DOJ alleges that TikTok collected some personal information on them as part of this process, like unique device identifiers and IP addresses.

The lawsuit alleges that TikTok’s age-gating techniques “are deficient in multiple ways.” Under an earlier practice, TikTok would let users restart the account creation process even if they’d originally entered a birthday showing they’re under 13, according to the complaint. TikTok also used to let users log in through Instagram or Google, which would categorize the accounts as “age unknown,” the DOJ alleges.

The DOJ says TikTok has let millions of kids use its platform but said it’s hard to pin down the exact scale of its violations because it didn’t comply with a requirement from a 2019 injunction to keep records on its COPPA compliance. The DOJ is asking the court to prevent TikTok from violating COPPA in the future and pay civil penalties for each violation. Under the FTC Act, civil penalties can go up to $51,744 per violation, per day.

TikTok for its part tried to deflect this:

TikTok spokesperson Alex Haurek said in a statement that the company disagrees with the DOJ’s claims, “many of which relate to past events and practices that are factually inaccurate or have been addressed. We are proud of our efforts to protect children, and we will continue to update and improve the platform. To that end, we offer age-appropriate experiences with stringent safeguards, proactively remove suspected underage users, and have voluntarily launched features such as default screentime limits, Family Pairing, and additional privacy protections for minors.”

Seeing as they could be banned in the US soon, TikTok doesn’t need this. It underlines the fact that TikTok is considered by many to be suspect as best. And there’s no way for them to back away from that. I can’t see how TikTok can continue to be a going concern as I am sure that this is a moment that may spell the end of TikTok.

Leave a comment »

Delta Airlines CEO Thrashes Microsoft In Relation To The CrowdStrike Fiasco While Praising Apple

Posted in Commentary with tags , on August 3, 2024 by itnerd

As the kids would say… Shots fired.

Hot off the heels of this report, Delta CEO Ed Bastia in an interview on CNBC basically called out Microsoft in relation to the CrowdStike fiasco, while at the same time he praises Apple’s stability. See for yourself:

What I find interesting is that when asked if the reason Apple didn’t have a CrowdStrike moment was due to the fact that so few companies use Apple products (something that I do not believe is true by the way), Bastia punted the question. But even considering that, it’s interesting that he decided to be so public in terms of this whole situation rather than let the lawyers handle it. Maybe he’s so ticked off that he doesn’t care. Or perhaps he’s negotiating in public. Either way, this made an interesting situation a lot more interesting.

Leave a comment »

4.6 Million Voter and Election Documents Exposed Online 

Posted in Commentary on August 3, 2024 by itnerd

According to cybersecurity researcher Jeremiah Fowler, a recent data breach exposed 13 non-password protected databases containing over 4.6 million belonging to Platinum Technology Resource a long time election technology and services provider in the state of Illinois, USA.

Key elements: 

  • In the databases were encountered documents exposing voter records, ballots, multiple lists, and election-related records that contain PII, SSN, Driver’s License and voter ID numbers
  • The potential repercussions of this data being discovered by malicious individuals encompass, but are not limited to, identity theft, data theft, voter fraud and intimidation, election disruption, and the exposure of confidential information

You can find the full report here: https://www.vpnmentor.com/news/report-election-records-breach/

Leave a comment »

Apple Account Cards In The Wallet App Appears To Be Live In Canada

Posted in Commentary with tags on August 2, 2024 by itnerd

A quick primer before I get into the weeds. An Apple Account allows you to put money into it so that you can buy things like apps, music, etc. without having to use your credit card or PayPal to do it. You can even use it to buy stuff at the Apple Store either in store or online. And if you receive an App Store or Apple Store gift card, the amount of that gift card is added to that Apple Account.

Up until iOS 17.6 coming out, there was no separate card in the Wallet app that showed your balance. At least not in Canada as this was a US only thing as far as I know. But since iOS 17.6 came out, this has appeared for myself and for my wife, and for other Canadian iOS users I’ve spoken to. Here’s how you add an Apple Account Card if you wish to do so:

Go to the Wallet app and click on “Add Apple Account”.

You will then get this screen. Click Continue.

You will see this screen, and it should show your Apple ID as well as your Apple Account balance. I’ve redacted both in this screenshot. Click Next.

This screen indicates that the card is being added. It took me less than a minute for it to be added. When successful, you should see this:

If you get this screen, you’re good to go.

Is this something that you are going to do? If so, I’d love to know why in the comments below.

Leave a comment »

Abstract Security Announces Launch of Abstract Intelligence Gallery

Posted in Commentary with tags on August 1, 2024 by itnerd

Abstract Security today announced the launch of Abstract Intelligence Gallery (AIG) which puts threat intelligence to work for enterprise security teams bolstering their detection & analytics workflows without needing specialized platforms or complex management of intel data.

Abstract Security manages high quality threat intelligence through partnerships & integration for key intelligence vendors, including Silent Push, Flashpoint, Google Mandiant, CrowdStrike, Cybersixgill, Cyware, & SecLytics, enabled by the engine that drives Abstract’s streaming security fabric. In addition, customers can operationalize in-house intelligence by uploading it directly to their private Abstract Security deployment.

AIG is built on top of Abstract Security’s streaming analytics platform – enabling correlation of millions of indicators against billions of events in real time. This new capability unlocks several new use cases which will increase customers’ security posture, including: 

  • Streaming Event Correlation: Seamlessly correlates events to known adversary infrastructure, providing real time insights into security breaches.
  • Keyword Monitoring: Monitors threat intelligence feeds for patterns & keywords related to brand and executive monitoring, ensuring proactive threat awareness.
  • Unified Search and Reporting: Delivers a unified search and reporting capability across multiple intelligence providers, simplifying threat analysis and management.
  • Streaming Security Enrichment: Enriches events with real-time threat intelligence data, enhancing detection accuracy and reporting capabilities.

The Abstract Security team will be at Blackhat in Las Vegas next week to discuss this news. 

Abstract has seen growing demand since emerging from stealth and announcing its Seed funding in March 2024. In April, Abstract announced the opening of its first Middle East office. In May, the company announced the addition of Christopher Key to its Board of Directors and was selected as a “Pioneering Cybersecurity Startup” winner, as part of the 2024 Global Infosec Awards.

Leave a comment »

Panaseer Launches New Cybersecurity Controls Scorecard

Posted in Commentary with tags on August 1, 2024 by itnerd

Panaseer.  Continuous Controls Monitoring (CCM), today announced the launch of its new Cybersecurity Controls Scorecard. Available now for all existing and new customers, Panaseer’s Scorecard gives CISOs an ‘at-a-glance’ view of the coverage, effectiveness and performance of cybersecurity controls across business units, geographies and critical services – along with control failures that are contributing the most towards gaps in security. 

The Scorecard abstracts cybersecurity complexity by aggregating and distilling validated truth data into a single metric. Armed with a simple percentage score, CISOs can better communicate risk to both regulators and internal stakeholders – with the confidence that the data is complete and trusted. This enables business owners, security teams and senior management to better understand their level of compliance with security control policies, make informed choices, and track progress over time.  

Key features include: 

  • Layered business context: The Scorecard layers risk scores with critical business context, such as breakdowns by business function, geography, or compliance regime, providing a deeper understanding of risk and control coverage to support informed decisions.  
  • Accountability heatmap: The Scorecard’s company-wide heatmap enables CISOs to drive accountability throughout their organization, showing which teams, business units or functions present the most risk. Leaderboards can be created to incentivize employees.  
  • Highly configurable: Self-serve capabilities enable customers to tailor the Scorecard metric to their individual business needs based on customer specific codified policies and data drive KPIs or drawing from existing best practice dashboards developed by Panaseer. 
  • Actionable recommendations: Rather than simply showing where risk exists, the Scorecard gives details, such as accounts that need to be disabled or systems that urgently need patching, and remediation actions to enable organizations to actively reduce risk. 
  • Ability to track progress over time: To track controls performance for compliance, customers can take a snapshot-in-time view, allowing them to compare historical trends as far back as they’ve had the Panaseer platform deployed. 

Panaseer’s Cybersecurity Controls Scorecard is integrated into the Panaseer CCM platform, which collates and validates data from multiple sources – including systems with data about assets, people, accounts and applications – to gain a single source of truth on which the scores are calculated. This strong foundation of data science sets it apart from other solutions that rely on external data or incomplete surveys, sampling and attestation.  

This approach enables greater levels of transparency and tailoring; the methodology behind the scores is fully accessible and configurable. Users can take a deeper dive into the Scorecard data if required, breaking the score down by specific controls – such as the percentage of assets patched – to gain a granular view of control performance across the organization. 

For more information about the Cybersecurity Controls scorecard visit https://panaseer.com/platform/cybersecurity-controls-scorecard/.  

Leave a comment »

Palo Alto Networks Rolls Out Secure AI by Design Portfolio

Posted in Commentary with tags on July 31, 2024 by itnerd

What: Palo Alto Networks is making available to customers its Secure AI by Design product portfolio, aiming to secure organizations’ GenAI usage and development of enterprise AI applications by providing visibility, control, and protection specific to AI, addressing new risks and threats. As businesses increasingly integrate AI, the portfolio enables them to confidently build and use AI-powered apps, while also prioritizing the integrity of AI security frameworks from development to deployment.

Why: The need for securing AI applications has become increasingly important as businesses continue to integrate AI and LLMs into their operations. With employees adopting AI applications at a rapid pace and organizations across various industries gaining a competitive edge through AI-powered applications, the Secure AI by Design portfolio aims to securely enable AI deployments.

While the promises of AI are significant, it’s essential to acknowledge the associated risks with equal emphasis in order to realize its full potential. Bad actors are using AI to ramp up the scale of attacks, so it is important that organizations are proactive in their defense.

How: Organizations will be equipped to create a secure AI ecosystem that prioritizes the integrity of AI security frameworks from development to deployment. Businesses can fully harness the potential of AI without compromising security through the following use cases:

  • Securely enable GenAI applications: With the growing trend of employees using GenAI apps for business purposes, AI Access Security enables organizations to use AI tools with confidence. It gives security teams full visibility, application and data access controls, and continuous data risk monitoring.
  • Fortify AI supply chain: Businesses must be aware and rectify against possible risks. With Prisma Cloud AI Security Posture Management (AI-SPM), organizations can secure their AI ecosystem by identifying vulnerabilities and misconfigurations in models, applications and resources. It improves compliance and minimizes data exposure, thus improving the integrity of your AI security framework.
  • Protect enterprise AI applications: It is critical for organizations to see every component of their AI app ecosystem— including AI applications, models, inference and training datasets. AI Runtime Security is designed to help solve this, and protect against evolving zero-day and AI-specific threats, such as data leakage from AI models and applications, and safeguard models from misuse and attacks.

When: To start the roll out, AI Runtime Security is now available on Google Cloud and will be available later in August on Amazon Web Services (AWS) and Microsoft Azure. To follow, AI-SPM will be available on August 6 and AI Access Security will be available on August 19.

Additional Information: Learn more about our Secure AI by Design portfolio, read our latest blogs on AI Runtime Security and AI-SPM. Explore Precision AI by Palo Alto Networks, which powers our cybersecurity platforms and solutions.

Leave a comment »

Introducing Mission AI Foundation

Posted in Commentary with tags on July 31, 2024 by itnerd

Mission Cloud today announced the launch of Mission AI Foundation, a comprehensive service designed to help businesses optimize their AI solutions on AWS while adhering to best practices and managing costs effectively.

83% of companies claim that AI is a top priority in their business plans. However, this widespread interest in AI adoption is often tempered by significant challenges. Concerns such as financial management, security, and knowledge gaps frequently stand in the way of companies eager to harness AI’s power to accelerate innovation and drive process efficiency.

To address these barriers, Mission AI Foundation combines support, engineering, strategy, and guidance to help organizations manage their cloud infrastructure and build for the future of AI.

The service is built on five pillars of continuous engagement:

  • AI solutions optimization, architecture guidance, and prompt engineering
  • Continuous cost optimization and ongoing financial management
  • Guidance on foundational best practices and cloud governance
  • Round-the-clock Enterprise support, led by Mission Cloud and backed by AWS
  • Cloud strategy for adopting technologies that transform your business

Key features of Mission AI Foundation include:

  • Access to a team of certified Cloud Analysts, Technical Account Managers, Solutions Architects, and AI Engineers
  • Improving token usage to ensure AI operations are economical and high-performing
  • Engineer Assist – AI, offering pay-as-you-go engineering support for AI solutions
  • Continuous guidance on prompting best practices to improve accuracy, optimize template, reduce hallucinations, and enhance overall model performance
  • 24/7 support with AWS Enterprise-level SLAs
  • Large Language Model Operations (LLMOps) to build and maintain your dedicated operations pipeline

Mission AI Foundation leverages Mission Control, the company’s cloud services platform, along with Amazon QuickSight and Amazon Q, to provide detailed cost visualization and management tools. The service also includes carbon footprint tracking, offering insights into the environmental impact of AI workloads.

Mission AI Foundation is now available. For more information or to schedule a demo, click here or contact sales@missioncloud.com.

Leave a comment »

« Older Entries
Newer Entries »