Cigent Protects Sensitive Data at the Edge with New Secure Storage

Posted in Commentary with tags on June 25, 2024 by itnerd

Cigent Technology have announced new secure storage drives to ensure data security for the broadest array of devices of any secure storage provider. 

Cigent’s family of solutions, originally developed for and with U.S. federal agencies, protect against evolving threats that risk data integrity, including both physical attacks, such as cloning and wiping, and remote attacks.  The solutions that Cigent brings to market today address the rampant proliferation of devices at the edge, with insufficient protections to ensure that data is protected.

Today, Cigent expands their portfolio with additional secure storage form factors providing critical data protection for systems operating at the edge, including emerging technologies such as unmanned vehicles. They offer powerful and federally certified protections with full-drive hardware encryption, wiping and cloning prevention, and remote data erasure. New solutions include:

  • Secure Storage SSD BGA provides new hardware encryption protection that can be embedded in devices. Meeting automotive, and Air Force temperature requirements of -40° to 105°C for operation in extreme conditions, it offers effective protection for data for unmanned vehicles, IoT, OT, and other edge devices.
  • Secure Storage 2230 – provides protection of PCs and tablets. The 2230 drive supports new preferred drive configuration from leading PC manufacturers including  Microsoft Surface, Dell Latitude, and HP EliteBooks. Cigent is the only solution in the market providing NSA CSfC-certified pre-boot authentication (PBA) and full drive hardware encryption for modern PCs. Like the Secure Storage SSD BGA, Secure Storage 2230 meets automotive and Air Force temperature requirements, ensuring the drive can operate in extreme environments.
  • Secure Storage SD and MicroSD cards provide hardware-encrypted data protection with small form factors. Supporting Linux and Windows OS and meeting industrial temperature requirements, they provide flexible, robust protection for a variety of systems including PCs, tablets, OT, and unmanned vehicles, ensuring data security mission requirements.  

All solutions can be managed from an enterprise management console streamline administration.  In addition to the full drive encryption, all Cigent Secure Storage solutions have the ability to create hidden partitions to store the most sensitive data and allow remote erasure of data using a combination of crypto and full block wiping.  

Emerging technologies and evolving mission requirements are driving significant expansion of sensitive data at the edge. A growing portfolio of systems are collecting, processing, and storing sensitive data. Cigent provides unparalleled breadth of hardware-encrypted secure storage devices that allow program managers to meet compliance mandates and ensure data remains protected. Protections have been verified by experts including NSA, NIAP, and MITRE, and are in use by many U.S. government organizations requiring the highest level of protection.  

Cigent storage can be configured and administered at scale through a management console and an efficient Command Line Interface (CLI) tool. Cigent and its ecosystem of device, vehicle, and system integrator partners are ready to support procurement, delivery and deployment requirements.  

Leave a comment »

UserTesting’s Global Survey Shows 68% of American Adults Who Use Social Media Report Having Positive Shopping Experiences 

Posted in Commentary with tags on June 25, 2024 by itnerd

UserTesting, a SaaS leader in experience research and insights, today announced the findings from its global social commerce survey conducted by Talker Research. The study focused on adults who use social media for shopping, and interestingly, found very similar experiences among American, Australian, and British consumers. This alignment underscores social media’s influence on shopping behaviors and satisfaction levels across these regions.

Key insights from the survey include:

  • Shopping Habits: Findings in the report suggest a consistent trend amongst adults that use social media across the United States, the United Kingdom, and Australia, and the natural adoption of social media platforms as a vehicle for shopping. 68% of American and Australian adults shop using social media, similar to 65% of adults in the United Kingdom. Americans spend an average of $262.20 per purchase, slightly more than Australians ($211.42 USD) and Brits ($192.40 USD).
  • Shopping Experiences: 68% of adults from both the United States and the United Kingdom reported positive social commerce experiences, just slightly more than 61% of Australian adults. This aligns with the UserTesting Retail Benchmark Report, highlighting that top retailers excel in digital experiences. Positive experiences drive stronger sales. 
  • Spontaneous Purchases: 72% of Americans and Australians reported spontaneous purchases on social media, essentially the same as 70% of Brits. Happiness was the strongest emotion driving these purchases for 53% of Americans, 49% of Brits, and 45% of Australians.
  • Common Issues: 46% of Americans, 48% of Australians, and 44% of Brits have purchased items on social media that were not as advertised. Despite this, 73% of Americans and 72% of Brits would continue using the same platforms, just a little more than 66% of Australians.
  • Popular Purchases: Clothing is the top item purchased for consumers via social media across the three regions, with 52% of Americans, 53% of Australians, and 53% of Brits buying clothing. Gifts and shoes/accessories are also popular in the US, while Brits and Australians prefer gifts and beauty/skincare products.
  • Shopping Frequency: 23% of Americans shop via social media at least once a week, only slightly more than 20% of Brits and 18% of Australianss. Monthly shopping rates are close as well with 49% for Americans, 47% for Brits, and 45% for Australians.
  • Trust in Recommendations: Family, friends, and significant others are the most trusted sources for social media shopping recommendations, averaging a total of 75% across all regions. Content creators and influencers are trusted by a smaller percentage at an average of 9% across the three regions, and celebrities trail even further behind at an average of 3%.

The survey also highlighted the growing use of live shopping events on social media. Americans have adopted this trend more readily than their counterparts in Australia and the United Kingdom:

  • Live Shopping Participation: 21% of Americans have shopped via live social media events, 19% have watched without purchasing, and 40% have not tried it but do not believe it is a fad.
  • UK Participation: 17% have participated, 17% have watched without purchasing, and 38% have not tried it but do not believe it is a fad.
  • Australian Participation: 10% have shopped via live events, 15% have watched without purchasing, and 42% have not tried it but do not believe it is a fad.

Survey methodology: 

This random double-opt-in survey of 2,000 general population of Americans, 1,000 general population from the United Kingdom, and 1,000 general population of Australians, who use social media platforms, was commissioned by UserTesting between May 3 and May 10, 2024. All respondents were adults. It was conducted by market research company Talker Research, whose team members are members of the Market Research Society (MRS) and the European Society for Opinion and Marketing Research (ESOMAR).

Click the link to access the UserTesting Social Commerce Report.

Leave a comment »

Pinterest Introduces Board Sharing

Posted in Commentary with tags on June 25, 2024 by itnerd

Pinterest is launching an exciting new feature – Board Sharing,  making it easier than ever for users to share their favourite Pinterest boards in a video format across social platforms, including Instagram and TikTok. 

Board Sharing allows users to compile their favourite boards into a unique video that they can seamlessly post across their key social channels. The new feature also allows users to add a link back to their boards, inviting others to further explore and engage with their curated content. 

With personal curation at the heart of Pinterest, more than 10 billion boards have been created on the platform. Furthermore, Gen Z is leading the growth in the number of boards created since last year. Board Sharing will allow users to share their unique style and vision with the world and inspire others to do the same.

Pinterest pro tip: You can easily embed Pins into stories for great visuals. Simply tap on the ••• on any Pin on the Web and select “Get Pin embed code” to see the embed code.

Leave a comment »

P2Pinfect Evolves to Deploy Ransomware

Posted in Commentary with tags on June 25, 2024 by itnerd

Upon initial discovery, a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism, P2Pinfect, a rust-based malware covered extensively by Cado Security in the past, mainly appeared dormant. 

It would spread primarily via Redis and a limited SSH spreader, but ultimately did not have an objective other than to spread. Recently, Cado Security has observed a new update to P2Pinfect that introduces a ransomware and crypto miner payload.

P2Pinfect is still a highly ubiquitous malware that has spread to many servers. Its latest updates to the crypto miner, ransomware payload, and rootkit elements demonstrate the malware author’s continued efforts to profit off their illicit access and spread the network further as it continues to worm across the internet.

The choice of a ransomware payload for malware primarily targeting a server that stores ephemeral in-memory data is an odd one, and P2Pinfect will likely see far more profit from their miner than their ransomware due to the limited amount of low-value files it can access due to its permission level.

Cado Security can determine the command to start the ransomware was issued on May 16, 2024, and will continue to be active until December 17, 2024.

You can read the details here.

Leave a comment »

Federal Reserve Gets Pwned By LockBit 3.0

Posted in Commentary with tags on June 25, 2024 by itnerd

LockBit 3.0 claims to have pwned another victim. This time they claimed to have pwned the Federal Reserve:

That’s not good if this is true.

Steve Hahn, Executive VP, BullWall had this to say:

   “Unless and until the data is released, this remains unconfirmed, but if true it’s certainly a grave situation. In having claimed that LockBit was taken down, the global agencies appear to have further accelerated LockBit’s activities and motivation. One of the leaders behind LockBit – Dmitry Khoroshev – operates a hydra-like organization with multiple heads, with new leaders emerging whenever one is taken down.

   “If confirmed, this attack would rachet up the already fraught geopolitical situation by calling into question whether foundational economic and supply chain elements in the US and Western Allies under direct attack, albeit by proxy via LockBit. The Federal Reserve, already under massive scrutiny for soaring inflation, high interest rates, and perceived pandemic-era missteps, could suffer substantial reputational damage. Erosion of trust in this foundational institution would have rippling effects across the US and global economy, and impact policies far beyond those directed by the Fed itself. Stability and trust are at the core of the Fed’s charter. Erosion of that trust could weaken confidence in the dollar.

   “The US can do little to prevent these Ransomware attacks, but it can buttress its defenses against them and implement failsafe kill switches that block access to data and critical resources. That requires a fundamental shift in mindset from prevention to containment, which starts with acceptance that threat actors will continuously work to bypass security defenses, and in fact may have already penetrated our most strategic organizations.

   “Russian threat actors have taken down hospitals, healthcare systems like United Healthcare, city governments and even cities like the City of Oakland who had to declare a state of emergency after a successful ransomware attack that even disabled 911 services. Prevention alone isn’t working, because it can’t. Stability depends on adopting strategies that immediately contain events, segment the data, limit the attack’s impacts, and enable quick recovery. Prevention alone won’t work.”


Evan Dornbush, former NSA cybersecurity expert follows up with this:

   “Responding to an attack like this after the fact is extremely delicate.

   “Policy makers need to give serious thought into new strategies to deter this kind of activity from happening in the first place. Clearly sitting and waiting is not effective, and for those waiting for law enforcement or the military to take action on the victims’ behalf’s — be they private, government, or quasi-government like the Fed — all signs point to continued patience.”

Let’s see if this is confirmed in the coming days. If it is confirmed, this will be a significant score for LockBit 3.0.

1 Comment »

CISA warns chemical facilities of data exfiltration after CISA tool breach 

Posted in Commentary with tags on June 25, 2024 by itnerd

In notification letters dated June 20, 2024, CISA warned participants in the Chemical Facility Anti-Terrorism Standards (CFATS) program that sensitive data may have been exfiltrated after its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor.

CFATS is a program that regulates high-risk chemical facilities to ensure security measures are in place to reduce the risk of certain hazardous chemicals being weaponized. Any facility that manufactures, uses, stores, or distributes certain levels of chemicals of interest is required to report to CISA via the CSAT.

CISA said on January 26th it identified potentially malicious activity within the CSAT Ivanti Connect Secure appliance and immediately took the system offline. The investigation revealed that a bad actor installed an advanced webshell on the Ivanti device capable of executing malicious commands or writing files to the underlying system.

Information accessed includes:

  • Top-Screen Surveys: facility topography, types of chemicals of interest at the facility, and characteristics of chemicals and storage
  • Security Vulnerability Assessments: the facility’s use of chemicals of interest and measures related to the facility’s policies, procedures, and resources
  • Site Security Plans and Alternative Security Programs
  • Personnel Surety Program: Name/aliases, place of birth, citizenship, redress and Global Entry number
  • CSAT User Accounts:  name, title, business address, and business phone number


No exfiltration of data from CSAT beyond the Ivanti device was identified. CISA added that all data held in CSAT was encrypted and information from each application had additional security controls limiting the likelihood of lateral access.

Evan Dornbush, former NSA cybersecurity expert, said:  

   “Intrusions like these remind us that turning on logging is often not enough, that robust measures including analysis of network traffic and other forms of defense in depth continue to be the best practices for a strong defensive posture against the adversary”

While the CISA’s investigation did not result in any evidence of exfiltration of data or
lateral movement, this is still bad. Hopefully the CISA gets an handle on this as this isn’t a good look.

Leave a comment »

Mujjo Announces Amazon Prime Day Discounts

Posted in Commentary with tags on June 25, 2024 by itnerd

Mujjo has announced that they have a number of discounts on their products during this year’s Prime Day. Their discounts include 30-40% off on products such as:

  • iPhone 14 & 15 Cases
  • AirTag Keychains
  • AirPods Cases
  • Screen Protectors

 Check out Mujjo’s Amazon Page for other Prime Day discounts.

Leave a comment »

Clicks Keyboard for iPhone now available at Best Buy In Canada

Posted in Commentary with tags on June 25, 2024 by itnerd

 Clicks Technology announced today its teaming up with Best Buy Canada to bring the popular Clicks Keyboard for iPhone to Canadians at BestBuy.ca. Starting today, Best Buy customers can pre-order Clicks for iPhone 15 series models.

The Clicks Global Roll-out Continues

Expanding availability to Best Buy marks the beginning of the second phase of the Clicks global roll-out. Following a viral launch at CES in January 2024, Clicks quickly sold out the limited Founders Edition on its website, with strong demand from customers in over 85 countries around the world. Clicks early customers range from CEOs and students to award-winning artists and best-selling authors, demonstrating the preference for buttons spans across professions and ages. The expanded portfolio and colours being announced today reflect this overwhelming demand for a first-of-its-kind accessory that enhances the capabilities of iPhone.

Beyond the benefits of tactile typing, Clicks frees up screen real estate previously consumed by a virtual keyboard, giving iPhone users up to 50% more space for apps and content. Featuring a full keyboard with real buttons, Clicks offers users a typing experience that enables new possibilities for creating on the go with speed and precision. Clicks also gives iPhone users more control of their phone with support for keyboard shortcuts across many apps and dedicated keys that unlock the full power of iOS.

Over the last six months, new capabilities have been added to Clicks through the Clicks Keyboard app, now available in Apple App Store. The free app gives customers more control over their keyboard experience, including backlight settings and the ability to tailor the functionality of certain keys to their typing preferences. Plus, the recently announced ‘Clicks Mode’ turns the keyboard into a remote control for launching apps and invoking workflows by mapping those actions to physical keys as customizable action buttons.

Pricing and Availability

Customers can pre-order Clicks at bestbuy.ca starting today, for the following models:

  • Clicks for iPhone 15 Pro Max – $199.99
  • Clicks for iPhone 15 Pro – $179.99
  • Clicks for iPhone 15 Plus – $199.99
  • Clicks for iPhone 15 – $179.99

Leave a comment »

HYAS Insight – New Threat Intel Visualization, Intuitive UX, Support for RiskIQ EOL

Posted in Commentary with tags on June 24, 2024 by itnerd

HYAS Infosec today announced a new edition of HYAS Insight. The award-winning threat intelligence solution is used worldwide by law enforcement and Fortune 500 enterprise clients alike who benefit from the solution’s unprecedented visibility into the origins of attacks, the campaign infrastructure being used, and the resources likely to be used against them in the future.

As the industry expert in infrastructure intelligence, HYAS leverages a proprietary “VRA” analytics capability to provide organizations with superior real-time intelligence on Verdicts, Related Infrastructure, and Actors. HYAS Insight clients leverage VRA to better answer the critical cybersecurity questions about “what happened” and proactively mitigate the threat of future attacks with unmatched speed and effectiveness.  

Additionally, HYAS Insight’s Malware Infrastructure dashboard now delivers timely, graphically presented insights into the hundreds of thousands of individual malware samples that HYAS detonates daily. This capability offers unparalleled visibility into the current state of malware globally, enabling organizations to identify and track trends, gather more information, and gain better visibility into the threat landscape.

HYAS’s Malware Infrastructure intelligence also includes a newly expanded set of domains and IPs representing malware command and control (C2), and new visualization that shows distribution of top C2 intelligence by country. Threat hunters and fraud investigators now get one-click visibility into the regions and resources through which threat actors actively push exploits. These new capabilities make it easy for security and fraud teams to see the most pertinent information and immediately drill down. And HYAS Insight’s free Intel Feed makes consuming the latest malware infrastructure intelligence a snap, without worrying about budget, the procurement process, or red tape.

A Preferred Alternative for RiskIQ Users

With RiskIQ’s partial integration into Microsoft Defender and impending end-of-life for its standalone features, organizations searching for a suitable alternative to a comprehensive infrastructure intelligence platform find HYAS Insight an exceptional replacement solution. New users will immediately benefit from comprehensive threat intelligence, real-time analytics, seamless integration, and an intuitive user interface. 

HYAS Insight upgrades deliver:

  • Broader Data Coverage: HYAS Insight’s diverse data sources provide a more detailed and accurate view of potential threats.
  • Independent Operation: Unlike RiskIQ, HYAS Insight doesn’t require integration with Microsoft Defender TI Premium, and integrates out of the box with various leading visualization, TIP, SIEM, and SOAR solutions, offering greater flexibility.
  • Future-Proof Investment: HYAS Insight is dedicated to continuous improvement, ensuring it keeps up with emerging cybersecurity challenges.

Leave a comment »

EU Targets Apple In Digital Markets Act Investigation

Posted in Commentary with tags on June 24, 2024 by itnerd

The AP is reporting that Apple is the first target of EU’s new digital competition rules aimed at big tech called the Digital Markets Act:

European Union regulators on Monday leveled their first charges under the bloc’s new digital competition rulebook, accusing Apple of preventing app makers from pointing users to cheaper options outside its App Store.

The European Commission said that according to the preliminary findings of its investigation, the restrictions that the iPhone maker imposes on developers using its mobile App Store had breached the 27-nation bloc’s Digital Markets Act.

The rulebook, also known as the DMA, is a sweeping set of regulations aimed at preventing tech “gatekeepers” from cornering digital markets under threat of heavy financial penalties. The commission opened an initial round of investigations after it took effect in March, including a separate ongoing probe into whether Apple is doing enough to allow iPhone users to easily change web browsers, and other cases involving Google and Meta.

Ted Miracco, CEO, Approov had this to say:

    “Apple is likely to continue its public relations efforts to highlight the changes it has made and to argue that its practices are in line with the DMA. This includes claims that over 99% of developers would pay the same or less in fees under the new business terms. However on MacBooks, developers can distribute software directly to users without going through Apple, avoiding any fees. The 30% fee on iPhone apps is Apple’s commission for distribution through their App Store platform. This allegedly covers costs like payment processing, hosting, and review processes, yet all of these functions are safely completed by alternative solutions on the MacBook. In the end, while regulations like the DMA and DMCC aim to foster competition and fairness, the intrinsic culture of Apple and its pursuit of market dominance will ensure that the primary efforts will be at circumventing regulatory frameworks in their quest for growth.”

No wonder Apple isn’t bringing Apple Intelligence to the EU when it starts rolling out. They can’t afford to get into fights with the EU that will likely be never ending. Though the cynic in me says that’s retaliation for stuff like this. It will be interesting to see how this fight plays out because Google and Microsoft have gone up against the EU and lost. thus you have to wonder if Apple will be next.

Leave a comment »

« Older Entries
Newer Entries »