Texas Retina Associates Gets Pwned…. Lots Of Personally Identifiable Information Has Been Leaked

Posted in Commentary with tags on June 28, 2024 by itnerd

Ophthalmology practice Texas Retina Associates yesterday notified nearly 300,000 customers about a data breach earlier in the year that compromised names, Social Security numbers, medical info, health insurance info, addresses, and dates of birth:

On June 26, 2024, Texas Retina Associates (“Texas Retina”) filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, Texas Retina explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, medical information, health insurance information and dates of birth. Upon completing its investigation, Texas Retina began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

Rogier Fischer, CEO and Co-Founder, Hadrian had this to say:

“We don’t have the specific details on the cause of breach or the impact of it, but based on the cases that we handled in the US, we see several issues firms in the US, particularly Texas, could face in such a situation. If a data breach occurs at a Texas-based firm, the Texas Business and Commerce Code mandates that the firm must notify affected individuals immediately. If over 250 residents are affected, the Texas Attorney General must also be informed. HIPAA rules come into play if any medical information was compromised, as in this case. The HIPPA provisions demand specific notifications and call for potential penalties on non-compliance.

The business or organization in question may face scrutiny from the FTC if their data security measures are deemed inadequate. Possible penalties in that case include fines, civil damages, and orders to improve our security protocols. Apart from the regulatory compliance issues, the organization could face potential class action lawsuits from affected individuals, citing negligence or breach of privacy. In this particular case, the Texas Attorney General could also pursue legal action, leading to civil penalties and mandated corrective actions.There are several steps to mitigate the damage in these situations, but adopting an offensive cybersecurity strategy is the best defense of all. Automated penetration testing keeps the organization a step ahead of their peers, while automated compliance and reporting ensures that the systems they have in place are up and updated all the time.”

I think it’s a pretty safe bet that Texas Retina Associates are about to come under a lot of scrutiny over this….. Whatever this is as details are pretty scarce. I hope they have answers for all the questions that they’ve about to be asked.

1 Comment »

Dynatrace Named a Winner in the 2024 Microsoft Americas Partner of the Year Awards

Posted in Commentary with tags on June 28, 2024 by itnerd

Dynatrace today announced it has been recognized as the winner of the 2024 Microsoft Americas Partner of the Year Award in the Commercial Marketplace, Canada category. The company received recognition among a group of top Microsoft partners for demonstrating innovation and successfully delivering customer solutions using Microsoft technologies.

The Microsoft Americas Partner of the Year Awards acknowledge Microsoft partners who have created and delivered exceptional Microsoft-based solutions, services, and devices in the past year. The award selections are categorized, with honorees selected from a pool of over 2,000 submitted nominations, and Dynatrace was recognized for providing outstanding solutions and services in the Commercial Marketplace category for Canada. Dynatrace was also named a winner of the Commercial Marketplace category for LATAM in addition to being acknowledged as a finalist for the ISV Innovator Award – Canada.

The Microsoft Partner of the Year Awards will be announced at the Americas Start for Partners, a digital event, which will take place on July 12 this year. Additional details on the 2024 awards are available on the Microsoft Americas Partner Blog.

To learn more about Dynatrace’s recognition in this year’s Microsoft Partner of the Year Awards, see the Dynatrace blog, Dynatrace recognized in the 2024 Microsoft Partner of the Year Awards.

Leave a comment »

LockBit Pwns Evolve Bank & Trust And NOT The Federal Reserve

Posted in Commentary with tags on June 27, 2024 by itnerd

Remember when I told you that the infamous ransomware group LockBit claimed to have pwned The Federal Reserve? Well that turns out to be incorrect because yesterday, Evolve Bank & Trust confirmed in an online statement that hackers stole retail bank and financial technology partners’ customers’ information and posted it on the dark web. Here’s the connection to the Federal Reserve. The documents that were posted in relation to the alleged Federal Reserve hack actually belonged to Evolve.

“33 terabytes of juicy banking information containing Americans’ banking secrets,” claimed LockBit on its leak site.

The bank said it is investigating the incident and it appears the hackers have released data including Personal Identification Information that varies by individual but may include:

  • Name
  • Social Security Number
  • Date of birth
  • Account information
  • Other personal information

Earlier this month, Evolve was subject to a Federal Reserve enforcement action and Tuesday LockBit’s dark web post linked a press release about the enforcement action alongside a collection of information apparently taken from the institution’s systems. 

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “Once an organization experiences a breach, and the smoke begins to clear after a deep investigation into what happened, the biggest question they need to ask is, “What do we do next?” Everything in the networking environment is now suspect, possibly riddled with other exploitable vulnerabilities and weaknesses that likely remain hidden. Teams must find the attack path that allowed the breach to happen, and they must uncover other attack paths that could enable it to happen again.

   “Now is the time to thoroughly assess the entire networking environment, both on-premises and cloud, but that could take months if not longer. And as one area gets assessed, and human assessors move on to the next, changes have already taken place in areas that were previously marked as secure. This is the time when autonomous assessment solutions meet a critical need.

   “These technologies are designed to find the original attack path (if it still remains a mystery) and other attack paths that remain unknown. Acting as force multipliers for human assessors, autonomous assessment solutions never tire as they scan the entire environment looking for other weaknesses such as easily compromised credentials, additional exposed data, unidentified software misconfigurations, inadequately implemented security controls, and unenforced security policies.

   “Some of these issues were probably uncovered by attackers when defenses were breached the first time. If they are not resolved now, the inescapable will likely happen again.”

At this point, Evolve has some explaining to do given the fact that it was subject to an enforcement action from the Federal Reserve. And Evolve’s customers will be waiting to hear those answers.

Leave a comment »

Action1 Achieves CSA STAR Level 1 Certification and Signs CISA’s Secure by Design Pledge

Posted in Commentary with tags on June 27, 2024 by itnerd

Action1 announced today it has secured Security, Trust & Assurance Registry (STAR) Level 1 Certification from the Cloud Security Alliance (CSA), the world’s leading organization promoting the use of security best practices within cloud computing and helping foster secure cloud environments through education. Additionally, Action1 has signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. These initiatives underscore Action1’s commitment to internal security and solidify its position as a trusted vendor in the cloud-based patch management space.

As Action1 has achieved CSA STAR Level 1 successfully, it is now listed in CSA’s publicly accessible registry. The STAR registry lists cloud solutions from vendors that follow the strictest security and privacy controls, facilitating users in identifying vendors dedicated to maintaining data confidentiality, integrity, and availability. The CSA STAR program is recognized as the industry’s most powerful program for security assurance in the cloud.

Action1 is a cloud-native patch management platform enabling enterprises to rapidly discover and remediate vulnerabilities with a 99% patch success rate. It helps understaffed IT teams save time and reduce costs by streamlining third-party patching, including custom software, and OS updates, all fully integrated with full feature-parity and uniformity.

By signing CISA’s Secure by Design Pledge, Action1 has joined cybersecurity industry leaders in a unified commitment to enhancing software security standards. This pledge represents a significant step in ensuring that security is a foundational element in software development and is part of CISA’s global Secure by Design initiative, launched last year, which implements the White House’s National Cybersecurity Strategy.

These initiatives exemplify the high security standards of the Action1 cloud-native platform, which is also certified for ISO/IEC 27001:2022 and SOC 2 Type II by independent auditors. Visit action1.com/security to learn more about these certifications.

Leave a comment »

Sage study reveals IT channel partners embrace advisory roles to boost SMB digital agility

Posted in Commentary with tags on June 27, 2024 by itnerd

A new study from Sage reveals the evolving role of technology channel and reseller partners in the U.S. and Canada. The study indicates a shift from point solutions providers and integrators to strategic advisors for SMBs, unlocking significant growth opportunities and paving the way for greater digital agility.

The report, Small and medium-sized business demand for digital advisory services fuels IT channel growth’, surveyed 2,800 technology channel decision-makers globally, including in the U.S. and Canada, to better understand the key drivers impacting the IT channel and reseller market today. 

The research highlights that the majority of technology resellers in the U.S. (59%) and Canada (52%) have shifted their focus toward providing strategic advice and services, aiming to improve SMBs’ ability to swiftly adapt to market shifts, new technological breakthroughs and evolving customer demands.

The report found that almost three-quarters of SMBs in the U.S. (73%) and Canada (74%) see investing in digital agility as a high priority, believing it will drive business growth (30%), followed by enhance competitiveness in the U.S. (25%), and increase efficiency in Canada (26%). 

Key findings include:

  • Shift to Advisory Roles: U.S. and Canadian channel leaders are split on what is driving the shift to advisory roles with U.S. leaders citing the use of technology and data analytics for personalized solutions (59%), increased competition in the market requiring differentiation and value-added services (57%) and desire to build stronger customer relationships (55%). In Canada, leaders attribute the shift to the need to keep up with shifting customer demands (56%) and building stronger customer relationships (53%).
  • Digital Agility of SMBs: Almost two-thirds of Canadian SMBs (64%) and half of SMBs (51%) in the U.S. are recognized as ‘fairly digitally agile’ by channel leaders, highlighting their quick adoption of technologies that enhance efficiency and customer experience. However, only 39% of U.S. and 28% of Canadian partners feel SMBs are adequately prepared for future disruptions. Continuous investment in digital tools and training, supported by channel partners, is essential for maximizing the benefits of a digital-first approach. 
  • Challenges in Driving Digital Agility: The report identifies the main obstacle preventing channel partners from effectively supporting SMBs as the complexity of technology and integration processes. In the U.S., channel partners face significant challenges in providing advisory services, primarily due to keeping up with evolving technology and balancing priorities (both at 48%), along with SMB resistance to advisory services (45%). Similarly, in Canada, nearly half of the channel partners (47%) cite the complexity of technology and integration processes as the top hindrance to supporting SMBs’ digital agility journey.
  • Adoption of Innovative Technologies:  The majority of U.S. channel partners are focused on driving the adoption of innovative technologies (59%), while 52% of Canadian resellers are prioritizing offering strategic advice and solutions. This is to ensure that SMBs not only access but effectively utilize technology to enhance responsiveness and competitive edge in a rapidly changing market.
  • Critical Technologies: Channel leaders in both Canada (62%) and the U.S. (56%) believe cybersecurity solutions are the most instrumental in fostering digital agility. AI and automation followed closely, with 58% in Canada and 56% in the U.S. finding these as the second most critical technologies. Focusing on these areas can enhance SMB efficiency, and security.

Sage’s research underscores the importance of deepening collaboration between IT resellers and SMBs to fully harness new technologies and enhance resilience against market changes. By focusing on areas like cybersecurity, digital transformation, and operational efficiency, IT resellers can boost their growth while helping SMBs successfully navigate these challenges.

Summary of methodology 

The research questioned 2,800 decision makers in the tech industry whose company resells tech and IT supplies/services for various businesses in Canada, France, Germany, Portugal, South Africa, Spain, the United Kingdom and United States. The interviews were conducted in April and May 2024. 

This online survey was conducted by market research company OnePoll, in accordance with the Market Research Society’s code of conduct.  

Leave a comment »

Review: Western Digital My Passport SSD 1TB

Posted in Commentary with tags on June 27, 2024 by itnerd

This review started off in a weird way. A client of mine bought this at Best Buy because he saw some of the marketing claims on the box and figured that the Western Digital My Passport SSD in the 1TB size must be fast. But when it didn’t “feel” fast to him, he asked me to look at it because he figured that it was him and not the drive. Well, the short answer is that it’s the drive. But before I get to what I mean by that, let me give you a look at the drive in question:

In the box you get the drive (you do get to choose between 5 colours), a USB-C cable, and a USB-C to USB-A adapter. This is a good start as USB-C is used on the drive which means that getting replacement cables will be easy. On the drive itself is backup software which is likely more useful for PC users than Mac users who should use Time Machine instead. Though they will have to format the drive before that as the drive comes out of the box formatted for ExFAT. The drive itself is light despite being made of metal and feels solid enough. It claims to be shock resistant up to a 6.5 foot drop. Though I did not test that. And when I tried transferring files to it, it got warm to the touch. Which is fine as I have seen SSD drives get hot to the touch. This drives also supports 256-bit AES hardware encryption for those who are paranoid about keeping their data safe.

Now over to the testing part. Here’s a picture of the box that it came in so that I can show you the speed claim that Western digital makes:

Note the part that it says “Up to 1050 MB/s”. Flipping the box over and reading the fine print, they’re referring to read speed. And looking at the Western Digital website the company also says that it has up to 1000 MB/s write speeds. Those are very bold claims. But here’s what I got when I plugged the drive into my M1 Pro MacBook Pro which has Thunderbolt 4 via the included USB-C cable:

So I was able to confirm that Western Digital was correct on the write speeds as it hit 967.38. But the read speeds was significantly slower than what Western Digital claims. As in around 25% slower. I repeated this test on a PC with Thunderbolt 3 via the included USB-C cable and got similar results. So that suggests that it’s not the computer or the cable that’s responsible for those read speeds. Or lack thereof. It’s the drive that’s responsible. But to be fair to Western Digital. They did say “up to” so just like ISP’s who use that term to cover themselves when the Internet connections aren’t up to the speeds that they advertise, Western Digital has covered themselves. But this explains why the client felt the drive was “slow.” A 5% or even a 10% difference in read speed would likely not have been noticed by most people. But 25% will be noticed by most people. Also to be fair to Western Digital, this speed doesn’t suck. But it doesn’t measure up to the claims on the box.

Now does that mean that you should not buy this drive? As long as you’re not expecting the drive’s read speed to match what’s on the box, go ahead. It’s MSRP is $100 CDN so it’s not a lot of cash to spend. Just make sure you buy it direct from Western Digital or shop around as buying it from Best Buy will cost you $30 more for no good reason.

Leave a comment »

White House Serves Up An Executive Order To Protect Private Data

Posted in Commentary on June 27, 2024 by itnerd

The White House has served up an executive order on protecting private data:

The President’s Executive Order focuses on Americans’ most personal and sensitive information, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information. Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.

Companies are collecting more of Americans’ data than ever before, and it is often legally sold and resold through data brokers. Commercial data brokers and other companies can sell this data to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.

The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks and other national security risks—especially for those in the military or national security community.  Countries of concern can also access Americans’ sensitive personal data to collect information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate opponents of countries of concern, curb dissent, and limit Americans’ freedom of expression and other civil liberties. 

 Madison Horn, Congressional Candidate (OK-5) had this comment:

This executive order is a critical response to the escalating risks posed by our current geopolitical climate and the surge in ransomware attacks. Enterprise CISOs and CIOs will need to reassess their data management strategies to align with stringent new regulations aimed at preventing the large-scale transfer of Americans’ personal data to countries of concern and providing essential safeguards. The focus on protecting Americans’ most personal and sensitive information, including genomic, biometric, health, geolocation, and financial data, will necessitate significant enhancements in security measures. This order is particularly vital for safeguarding the military and national security community from foreign exploitation, emphasizing the need for increased collaboration with legal and compliance teams to navigate these regulatory changes effectively.

In light of the executive order, CISOs and CIOs must take immediate and concrete actions to mitigate risks and protect national security. Initially, conducting comprehensive audits of current data-sharing practices is essential to identify potential vulnerability and ways to reduce the attack surface. Evaluating current data protection protocols, such as access management, especially for sensitive data categories such as genomic, biometric, personal health, and geolocation information, will be critical to prevent potential exploitation by foreign entities. Establishing clear lines of communication with federal agencies and maintaining vigilance on evolving regulations are crucial. By leveraging the directives of this order, organizations can work in collaboration to significantly reduce risks, safeguard individuals’ personal information, and bolster national security against foreign exploitation and cyber threats, ensuring the protection of both civilians and the military or national security community.

This executive order is a win for Americans because this sort of data needs to be protected. And if companies won’t do the right thing on their own. I am all for forcing them to do the right thing.

Leave a comment »

Report Shows That SaaS Apps Are Biggest Targets Of Cyber Attacks

Posted in Commentary with tags on June 27, 2024 by itnerd

According to a recent report, the growing cloud usage across enterprises is driving an accompanying growth in the potential attack surface for threat actors, with cloud delivered SaaS apps cited as the top target for cyber attacks (31%) followed by cloud storage and cloud management. Further, with over half of organizations using more than 25 SaaS applications-—some of the most popular examples including Microsoft 365, Snowflake, Databricks, Salesforce and Google Workspace— and 47% of corporate data in the cloud being sensitive, securing the cloud is increasingly complex and a significant challenge for security teams.

 Glenn Chisolm, Co-Founder, Obsidian had this to say:

“That SaaS is one of the top targets for cyber attacks is unsurprising. Having handled hundreds of SaaS incidents with our incident response partners, we see SaaS threats become a rising concern for organizations. SaaS breaches have grown 4x in the last year. And while configuration issues may lead to IaaS breaches, identity forms the fulcrum of SaaS breaches—leading to over 80% of the breaches. These include attacks like help desk social engineering, self-service password resets (SSPR), or attacker-in-the-middle (AiTM). SaaS posture issues as well as data security and governance gaps form the other two key drivers of SaaS breaches.”

Concerns over SaaS security have a few of my clients rethinking their SasS strategies and some have even moved back to on premise if possible. Because they believe that they can trust themselves more than a SaaS provider. They may not be wrong on that front.

Leave a comment »

South Africa’s health lab down after ransomware attack 

Posted in Commentary with tags on June 26, 2024 by itnerd

Yesterday, South Africa’s National Health Laboratory Service (NHLS) confirmed it is experiencing a ransomware attack that is affecting the dissemination of lab results amidst a monkeypox outbreak.

Saturday morning, hackers deleted sections of NHLS’s systems and backup servers, “rendering them inaccessible and blocking communication” from databases to and from users. 

All the 265 laboratories the NHLS runs are still functional and continue to receive and process clinical samples, but lab reports are not automatically generated and sent to clinicians forcing more urgent test results to be communicated to doctors over the phone or printed and mailed. 

The ransomware attack has caused concern in South Africa given the outbreak of monkeypox. As of Tuesday, three deaths and 16 laboratory-confirmed cases have been found. 

Officials do not know when the systems will be restored. 

Cigent CGO Brett Hansen had this to say:

   “No one is immune from attack. The days of healthcare and children being off limits to attacks are over. Organizations need to be proactively protecting their data vs detect and respond. This requires embracing zero-trust access controls that assume device or credential compromise. Utilizing step-up authentication, a low-friction requirement that controls endpoint data access can prevent ransomware or other malware from accessing files even when the device has been compromised. Protected endpoint data can still be accessed during an attack, allowing continued operation through the crisis.”

This is yet another example of heathcare being a target of threat actors. While I never try to blame the victim so to speak, healthcare needs to do a better job of protecting themselves from threat actors. Some of that comes from better funding, and some of that comes from just putting in the work. Otherwise this will keep repeating itself.

Leave a comment »

Bell Opens First Best Buy Express Store

Posted in Commentary with tags on June 26, 2024 by itnerd

In January Bell announced a strategic partnership with Best Buy to introduce small-format consumer technology retail stores across Canada branded Best Buy Express. Fast forward to today, and Bell announced the grand opening of their first Best Buy Express store in Surrey, British Columbia.

The partnership with Best Buy brings together the best of both worlds, offering Canadians a one-stop shop for all their tech and connectivity needs. In total, Bell will open 167 Best Buy Express stores across Canada, offering a curated selection of consumer technology from Best Buy with over 100,000 products available through its world class fulfillment network, and exclusive telecommunications services from Bell, Virgin Plus and Lucky Mobile.

Today’s grand opening marks the beginning of a phased rollout over the next six months, with all stores expected to open by the end of 2024, following completion of renovations.

Leave a comment »

« Older Entries
Newer Entries »