LockBit Pwns Evolve Bank & Trust And NOT The Federal Reserve

Posted in Commentary with tags on June 27, 2024 by itnerd

Remember when I told you that the infamous ransomware group LockBit claimed to have pwned The Federal Reserve? Well that turns out to be incorrect because yesterday, Evolve Bank & Trust confirmed in an online statement that hackers stole retail bank and financial technology partners’ customers’ information and posted it on the dark web. Here’s the connection to the Federal Reserve. The documents that were posted in relation to the alleged Federal Reserve hack actually belonged to Evolve.

“33 terabytes of juicy banking information containing Americans’ banking secrets,” claimed LockBit on its leak site.

The bank said it is investigating the incident and it appears the hackers have released data including Personal Identification Information that varies by individual but may include:

  • Name
  • Social Security Number
  • Date of birth
  • Account information
  • Other personal information

Earlier this month, Evolve was subject to a Federal Reserve enforcement action and Tuesday LockBit’s dark web post linked a press release about the enforcement action alongside a collection of information apparently taken from the institution’s systems. 

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “Once an organization experiences a breach, and the smoke begins to clear after a deep investigation into what happened, the biggest question they need to ask is, “What do we do next?” Everything in the networking environment is now suspect, possibly riddled with other exploitable vulnerabilities and weaknesses that likely remain hidden. Teams must find the attack path that allowed the breach to happen, and they must uncover other attack paths that could enable it to happen again.

   “Now is the time to thoroughly assess the entire networking environment, both on-premises and cloud, but that could take months if not longer. And as one area gets assessed, and human assessors move on to the next, changes have already taken place in areas that were previously marked as secure. This is the time when autonomous assessment solutions meet a critical need.

   “These technologies are designed to find the original attack path (if it still remains a mystery) and other attack paths that remain unknown. Acting as force multipliers for human assessors, autonomous assessment solutions never tire as they scan the entire environment looking for other weaknesses such as easily compromised credentials, additional exposed data, unidentified software misconfigurations, inadequately implemented security controls, and unenforced security policies.

   “Some of these issues were probably uncovered by attackers when defenses were breached the first time. If they are not resolved now, the inescapable will likely happen again.”

At this point, Evolve has some explaining to do given the fact that it was subject to an enforcement action from the Federal Reserve. And Evolve’s customers will be waiting to hear those answers.

Leave a comment »

Action1 Achieves CSA STAR Level 1 Certification and Signs CISA’s Secure by Design Pledge

Posted in Commentary with tags on June 27, 2024 by itnerd

Action1 announced today it has secured Security, Trust & Assurance Registry (STAR) Level 1 Certification from the Cloud Security Alliance (CSA), the world’s leading organization promoting the use of security best practices within cloud computing and helping foster secure cloud environments through education. Additionally, Action1 has signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. These initiatives underscore Action1’s commitment to internal security and solidify its position as a trusted vendor in the cloud-based patch management space.

As Action1 has achieved CSA STAR Level 1 successfully, it is now listed in CSA’s publicly accessible registry. The STAR registry lists cloud solutions from vendors that follow the strictest security and privacy controls, facilitating users in identifying vendors dedicated to maintaining data confidentiality, integrity, and availability. The CSA STAR program is recognized as the industry’s most powerful program for security assurance in the cloud.

Action1 is a cloud-native patch management platform enabling enterprises to rapidly discover and remediate vulnerabilities with a 99% patch success rate. It helps understaffed IT teams save time and reduce costs by streamlining third-party patching, including custom software, and OS updates, all fully integrated with full feature-parity and uniformity.

By signing CISA’s Secure by Design Pledge, Action1 has joined cybersecurity industry leaders in a unified commitment to enhancing software security standards. This pledge represents a significant step in ensuring that security is a foundational element in software development and is part of CISA’s global Secure by Design initiative, launched last year, which implements the White House’s National Cybersecurity Strategy.

These initiatives exemplify the high security standards of the Action1 cloud-native platform, which is also certified for ISO/IEC 27001:2022 and SOC 2 Type II by independent auditors. Visit action1.com/security to learn more about these certifications.

Leave a comment »

Sage study reveals IT channel partners embrace advisory roles to boost SMB digital agility

Posted in Commentary with tags on June 27, 2024 by itnerd

A new study from Sage reveals the evolving role of technology channel and reseller partners in the U.S. and Canada. The study indicates a shift from point solutions providers and integrators to strategic advisors for SMBs, unlocking significant growth opportunities and paving the way for greater digital agility.

The report, Small and medium-sized business demand for digital advisory services fuels IT channel growth’, surveyed 2,800 technology channel decision-makers globally, including in the U.S. and Canada, to better understand the key drivers impacting the IT channel and reseller market today. 

The research highlights that the majority of technology resellers in the U.S. (59%) and Canada (52%) have shifted their focus toward providing strategic advice and services, aiming to improve SMBs’ ability to swiftly adapt to market shifts, new technological breakthroughs and evolving customer demands.

The report found that almost three-quarters of SMBs in the U.S. (73%) and Canada (74%) see investing in digital agility as a high priority, believing it will drive business growth (30%), followed by enhance competitiveness in the U.S. (25%), and increase efficiency in Canada (26%). 

Key findings include:

  • Shift to Advisory Roles: U.S. and Canadian channel leaders are split on what is driving the shift to advisory roles with U.S. leaders citing the use of technology and data analytics for personalized solutions (59%), increased competition in the market requiring differentiation and value-added services (57%) and desire to build stronger customer relationships (55%). In Canada, leaders attribute the shift to the need to keep up with shifting customer demands (56%) and building stronger customer relationships (53%).
  • Digital Agility of SMBs: Almost two-thirds of Canadian SMBs (64%) and half of SMBs (51%) in the U.S. are recognized as ‘fairly digitally agile’ by channel leaders, highlighting their quick adoption of technologies that enhance efficiency and customer experience. However, only 39% of U.S. and 28% of Canadian partners feel SMBs are adequately prepared for future disruptions. Continuous investment in digital tools and training, supported by channel partners, is essential for maximizing the benefits of a digital-first approach. 
  • Challenges in Driving Digital Agility: The report identifies the main obstacle preventing channel partners from effectively supporting SMBs as the complexity of technology and integration processes. In the U.S., channel partners face significant challenges in providing advisory services, primarily due to keeping up with evolving technology and balancing priorities (both at 48%), along with SMB resistance to advisory services (45%). Similarly, in Canada, nearly half of the channel partners (47%) cite the complexity of technology and integration processes as the top hindrance to supporting SMBs’ digital agility journey.
  • Adoption of Innovative Technologies:  The majority of U.S. channel partners are focused on driving the adoption of innovative technologies (59%), while 52% of Canadian resellers are prioritizing offering strategic advice and solutions. This is to ensure that SMBs not only access but effectively utilize technology to enhance responsiveness and competitive edge in a rapidly changing market.
  • Critical Technologies: Channel leaders in both Canada (62%) and the U.S. (56%) believe cybersecurity solutions are the most instrumental in fostering digital agility. AI and automation followed closely, with 58% in Canada and 56% in the U.S. finding these as the second most critical technologies. Focusing on these areas can enhance SMB efficiency, and security.

Sage’s research underscores the importance of deepening collaboration between IT resellers and SMBs to fully harness new technologies and enhance resilience against market changes. By focusing on areas like cybersecurity, digital transformation, and operational efficiency, IT resellers can boost their growth while helping SMBs successfully navigate these challenges.

Summary of methodology 

The research questioned 2,800 decision makers in the tech industry whose company resells tech and IT supplies/services for various businesses in Canada, France, Germany, Portugal, South Africa, Spain, the United Kingdom and United States. The interviews were conducted in April and May 2024. 

This online survey was conducted by market research company OnePoll, in accordance with the Market Research Society’s code of conduct.  

Leave a comment »

Review: Western Digital My Passport SSD 1TB

Posted in Commentary with tags on June 27, 2024 by itnerd

This review started off in a weird way. A client of mine bought this at Best Buy because he saw some of the marketing claims on the box and figured that the Western Digital My Passport SSD in the 1TB size must be fast. But when it didn’t “feel” fast to him, he asked me to look at it because he figured that it was him and not the drive. Well, the short answer is that it’s the drive. But before I get to what I mean by that, let me give you a look at the drive in question:

In the box you get the drive (you do get to choose between 5 colours), a USB-C cable, and a USB-C to USB-A adapter. This is a good start as USB-C is used on the drive which means that getting replacement cables will be easy. On the drive itself is backup software which is likely more useful for PC users than Mac users who should use Time Machine instead. Though they will have to format the drive before that as the drive comes out of the box formatted for ExFAT. The drive itself is light despite being made of metal and feels solid enough. It claims to be shock resistant up to a 6.5 foot drop. Though I did not test that. And when I tried transferring files to it, it got warm to the touch. Which is fine as I have seen SSD drives get hot to the touch. This drives also supports 256-bit AES hardware encryption for those who are paranoid about keeping their data safe.

Now over to the testing part. Here’s a picture of the box that it came in so that I can show you the speed claim that Western digital makes:

Note the part that it says “Up to 1050 MB/s”. Flipping the box over and reading the fine print, they’re referring to read speed. And looking at the Western Digital website the company also says that it has up to 1000 MB/s write speeds. Those are very bold claims. But here’s what I got when I plugged the drive into my M1 Pro MacBook Pro which has Thunderbolt 4 via the included USB-C cable:

So I was able to confirm that Western Digital was correct on the write speeds as it hit 967.38. But the read speeds was significantly slower than what Western Digital claims. As in around 25% slower. I repeated this test on a PC with Thunderbolt 3 via the included USB-C cable and got similar results. So that suggests that it’s not the computer or the cable that’s responsible for those read speeds. Or lack thereof. It’s the drive that’s responsible. But to be fair to Western Digital. They did say “up to” so just like ISP’s who use that term to cover themselves when the Internet connections aren’t up to the speeds that they advertise, Western Digital has covered themselves. But this explains why the client felt the drive was “slow.” A 5% or even a 10% difference in read speed would likely not have been noticed by most people. But 25% will be noticed by most people. Also to be fair to Western Digital, this speed doesn’t suck. But it doesn’t measure up to the claims on the box.

Now does that mean that you should not buy this drive? As long as you’re not expecting the drive’s read speed to match what’s on the box, go ahead. It’s MSRP is $100 CDN so it’s not a lot of cash to spend. Just make sure you buy it direct from Western Digital or shop around as buying it from Best Buy will cost you $30 more for no good reason.

Leave a comment »

White House Serves Up An Executive Order To Protect Private Data

Posted in Commentary on June 27, 2024 by itnerd

The White House has served up an executive order on protecting private data:

The President’s Executive Order focuses on Americans’ most personal and sensitive information, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information. Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.

Companies are collecting more of Americans’ data than ever before, and it is often legally sold and resold through data brokers. Commercial data brokers and other companies can sell this data to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.

The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks and other national security risks—especially for those in the military or national security community.  Countries of concern can also access Americans’ sensitive personal data to collect information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate opponents of countries of concern, curb dissent, and limit Americans’ freedom of expression and other civil liberties. 

 Madison Horn, Congressional Candidate (OK-5) had this comment:

This executive order is a critical response to the escalating risks posed by our current geopolitical climate and the surge in ransomware attacks. Enterprise CISOs and CIOs will need to reassess their data management strategies to align with stringent new regulations aimed at preventing the large-scale transfer of Americans’ personal data to countries of concern and providing essential safeguards. The focus on protecting Americans’ most personal and sensitive information, including genomic, biometric, health, geolocation, and financial data, will necessitate significant enhancements in security measures. This order is particularly vital for safeguarding the military and national security community from foreign exploitation, emphasizing the need for increased collaboration with legal and compliance teams to navigate these regulatory changes effectively.

In light of the executive order, CISOs and CIOs must take immediate and concrete actions to mitigate risks and protect national security. Initially, conducting comprehensive audits of current data-sharing practices is essential to identify potential vulnerability and ways to reduce the attack surface. Evaluating current data protection protocols, such as access management, especially for sensitive data categories such as genomic, biometric, personal health, and geolocation information, will be critical to prevent potential exploitation by foreign entities. Establishing clear lines of communication with federal agencies and maintaining vigilance on evolving regulations are crucial. By leveraging the directives of this order, organizations can work in collaboration to significantly reduce risks, safeguard individuals’ personal information, and bolster national security against foreign exploitation and cyber threats, ensuring the protection of both civilians and the military or national security community.

This executive order is a win for Americans because this sort of data needs to be protected. And if companies won’t do the right thing on their own. I am all for forcing them to do the right thing.

Leave a comment »

Report Shows That SaaS Apps Are Biggest Targets Of Cyber Attacks

Posted in Commentary with tags on June 27, 2024 by itnerd

According to a recent report, the growing cloud usage across enterprises is driving an accompanying growth in the potential attack surface for threat actors, with cloud delivered SaaS apps cited as the top target for cyber attacks (31%) followed by cloud storage and cloud management. Further, with over half of organizations using more than 25 SaaS applications-—some of the most popular examples including Microsoft 365, Snowflake, Databricks, Salesforce and Google Workspace— and 47% of corporate data in the cloud being sensitive, securing the cloud is increasingly complex and a significant challenge for security teams.

 Glenn Chisolm, Co-Founder, Obsidian had this to say:

“That SaaS is one of the top targets for cyber attacks is unsurprising. Having handled hundreds of SaaS incidents with our incident response partners, we see SaaS threats become a rising concern for organizations. SaaS breaches have grown 4x in the last year. And while configuration issues may lead to IaaS breaches, identity forms the fulcrum of SaaS breaches—leading to over 80% of the breaches. These include attacks like help desk social engineering, self-service password resets (SSPR), or attacker-in-the-middle (AiTM). SaaS posture issues as well as data security and governance gaps form the other two key drivers of SaaS breaches.”

Concerns over SaaS security have a few of my clients rethinking their SasS strategies and some have even moved back to on premise if possible. Because they believe that they can trust themselves more than a SaaS provider. They may not be wrong on that front.

Leave a comment »

South Africa’s health lab down after ransomware attack 

Posted in Commentary with tags on June 26, 2024 by itnerd

Yesterday, South Africa’s National Health Laboratory Service (NHLS) confirmed it is experiencing a ransomware attack that is affecting the dissemination of lab results amidst a monkeypox outbreak.

Saturday morning, hackers deleted sections of NHLS’s systems and backup servers, “rendering them inaccessible and blocking communication” from databases to and from users. 

All the 265 laboratories the NHLS runs are still functional and continue to receive and process clinical samples, but lab reports are not automatically generated and sent to clinicians forcing more urgent test results to be communicated to doctors over the phone or printed and mailed. 

The ransomware attack has caused concern in South Africa given the outbreak of monkeypox. As of Tuesday, three deaths and 16 laboratory-confirmed cases have been found. 

Officials do not know when the systems will be restored. 

Cigent CGO Brett Hansen had this to say:

   “No one is immune from attack. The days of healthcare and children being off limits to attacks are over. Organizations need to be proactively protecting their data vs detect and respond. This requires embracing zero-trust access controls that assume device or credential compromise. Utilizing step-up authentication, a low-friction requirement that controls endpoint data access can prevent ransomware or other malware from accessing files even when the device has been compromised. Protected endpoint data can still be accessed during an attack, allowing continued operation through the crisis.”

This is yet another example of heathcare being a target of threat actors. While I never try to blame the victim so to speak, healthcare needs to do a better job of protecting themselves from threat actors. Some of that comes from better funding, and some of that comes from just putting in the work. Otherwise this will keep repeating itself.

Leave a comment »

Bell Opens First Best Buy Express Store

Posted in Commentary with tags on June 26, 2024 by itnerd

In January Bell announced a strategic partnership with Best Buy to introduce small-format consumer technology retail stores across Canada branded Best Buy Express. Fast forward to today, and Bell announced the grand opening of their first Best Buy Express store in Surrey, British Columbia.

The partnership with Best Buy brings together the best of both worlds, offering Canadians a one-stop shop for all their tech and connectivity needs. In total, Bell will open 167 Best Buy Express stores across Canada, offering a curated selection of consumer technology from Best Buy with over 100,000 products available through its world class fulfillment network, and exclusive telecommunications services from Bell, Virgin Plus and Lucky Mobile.

Today’s grand opening marks the beginning of a phased rollout over the next six months, with all stores expected to open by the end of 2024, following completion of renovations.

Leave a comment »

Global Consumer Security Survey Reveals Highest Demand for Mobile App Security in 4 Years

Posted in Commentary with tags on June 26, 2024 by itnerd

Appdome today announced the results of its 4th Annual Global Consumer Survey of Mobile App Security here at the OWASP Global AppSec conference. The survey reveals that mobile end users are keenly aware of the growing security, fraud, and privacy threats when they use mobile apps and demand that mobile brands and enterprises step forward to provide real defenses to these threats.

To create the 2024 survey, Appdome partnered with the Open Web Application Security Project (OWASP) and included survey questions that measures consumer alignment with the OWASP Mobile Application Security (MAS) standard, as well as anti-fraud and other cyber objectives. The voice of the global consumer was clear – not only do they demand the protections included in the OWASP MAS standard, but the survey data reveals a challenge to the entire mobile industry to improve the state of the art of mobile app protection, globally.

The 2024 survey data adds to the 120,000+ consumer voices gathered from 12 countries over the past four years, making the Appdome Global Consumer Survey the largest single collection of consumer data on mobile app security, privacy, anti-fraud, and other attack vectors. Mobile applications have taken center stage in consumers’ daily life. Mobile app protection – consisting of mobile app security, malware defense, fraud prevention, and privacy – is now critical to the way consumers choose and use mobile apps, and also critical in whether they choose to stay with and promote a brand.

Several upward trends are revealed in the 2024 data, including consumers’ use of mobile apps, their awareness of mobile attack vectors, the growing expectation of protection in apps and consumers’ willingness to be brand advocates if protected. Here are some of the cyber expectations in mobile apps that hit all-time highs in the 2024 Survey:

  • Mobile vs. Web: 55.3% — the highest level ever— of global consumers say they use mobile applications more than web, dwarfing preference for online/web at 22.5%. Furthermore, with 63.4% — the highest level ever— say that they use more than 6 mobile apps weekly.
  • Total Protection: 99.5% —the highest level ever— of global consumers demand total protection in mobile apps including mobile app data, account integrity, login, data storage, data in transit, and protection from malware and fraud.
  • Social Engineering: 70.6% —the highest level ever— of global consumers have themselves, or know someone who has, been a victim of social engineering or other fraud attacks.
  • Fraud Prevention: 83.5% —the highest level ever— of global consumers demand brands proactively prevent mobile fraud from happening rather than reimburse them post-fraud.
  • Features vs. Security: 87.4% —the highest level ever— of global consumers say that mobile app protection is equally or more important than mobile app features in their decision to use a mobile app, with 90.6% saying they evaluate the security claims of the brand before downloading a mobile app.
  • Fear Inaction: The number of global consumers who fear “developers don’t care” about protecting the mobile app has increased by 258%, topping the four-year survey at 1 in 4 of all respondents.

Consumers maintained strong perspectives on these top trends in the 2024 survey:

  • Rewarding Secure Brands: 94.6% —the highest level ever— of respondents state they will become brand advocates for mobile brands that protect their apps and use. More than half (53.6%) said they would use the highest forms of advocacy, such as app store reviews or social media endorsements.
  • Consequences for Insecure Apps: 96.7% —the highest level ever— of respondents state they would abandon a mobile brand for failing to protect their app and use, and 73.9% saying they would encourage others to abandon the mobile brand too.

To obtain Appdome’s 4th Annual “Global Consumer Expectations of Mobile App Security Survey,” please visit Appdome Survey.

To learn more about the OWASP Mobile App Security (MAS) standard and join the OWASP community, please visit OWASP MAS.

Leave a comment »

Apple Fixes An AirPods Security Issue

Posted in Commentary with tags on June 26, 2024 by itnerd

From the “I didn’t have this on my BINGO card” department comes this Apple note that details that there’s new firmware available for AirPods. And when I say AirPods, I mean the following AirPod models:

  • AirPods (2nd generation and later)
  • AirPods Pro (all models)
  • AirPods Max
  • Powerbeats Pro
  • Beats Fit Pro

This update fixes a security issue with your AirPods that seems to be pretty pervasive given that it covers most of the AirPods that Apple has made along with the Beats Fit Pro and Powerbeats Pro which clearly must have some AirPods tech in them. The issue is that there seems to have been a bug that allowed an attacker within Bluetooth range to spoof the details of a device you’ve previously connected your headphones to, allowing the attacker to gain access to your headphones. This new firmware fixes that bug.

In terms of updating your AirPods, Apple doesn’t provide a way to do that easily. Apple says that they will eventually update themselves when in range of your iPhone. But I have had success force updating using this method that YouTube creator Zollotech describes in this video:

My advice would be that you should update them as that now that this is out there, someone will try to replicate this.

Leave a comment »

« Older Entries
Newer Entries »