HYAS Insight – New Threat Intel Visualization, Intuitive UX, Support for RiskIQ EOL

Posted in Commentary with tags on June 24, 2024 by itnerd

HYAS Infosec today announced a new edition of HYAS Insight. The award-winning threat intelligence solution is used worldwide by law enforcement and Fortune 500 enterprise clients alike who benefit from the solution’s unprecedented visibility into the origins of attacks, the campaign infrastructure being used, and the resources likely to be used against them in the future.

As the industry expert in infrastructure intelligence, HYAS leverages a proprietary “VRA” analytics capability to provide organizations with superior real-time intelligence on Verdicts, Related Infrastructure, and Actors. HYAS Insight clients leverage VRA to better answer the critical cybersecurity questions about “what happened” and proactively mitigate the threat of future attacks with unmatched speed and effectiveness.  

Additionally, HYAS Insight’s Malware Infrastructure dashboard now delivers timely, graphically presented insights into the hundreds of thousands of individual malware samples that HYAS detonates daily. This capability offers unparalleled visibility into the current state of malware globally, enabling organizations to identify and track trends, gather more information, and gain better visibility into the threat landscape.

HYAS’s Malware Infrastructure intelligence also includes a newly expanded set of domains and IPs representing malware command and control (C2), and new visualization that shows distribution of top C2 intelligence by country. Threat hunters and fraud investigators now get one-click visibility into the regions and resources through which threat actors actively push exploits. These new capabilities make it easy for security and fraud teams to see the most pertinent information and immediately drill down. And HYAS Insight’s free Intel Feed makes consuming the latest malware infrastructure intelligence a snap, without worrying about budget, the procurement process, or red tape.

A Preferred Alternative for RiskIQ Users

With RiskIQ’s partial integration into Microsoft Defender and impending end-of-life for its standalone features, organizations searching for a suitable alternative to a comprehensive infrastructure intelligence platform find HYAS Insight an exceptional replacement solution. New users will immediately benefit from comprehensive threat intelligence, real-time analytics, seamless integration, and an intuitive user interface. 

HYAS Insight upgrades deliver:

  • Broader Data Coverage: HYAS Insight’s diverse data sources provide a more detailed and accurate view of potential threats.
  • Independent Operation: Unlike RiskIQ, HYAS Insight doesn’t require integration with Microsoft Defender TI Premium, and integrates out of the box with various leading visualization, TIP, SIEM, and SOAR solutions, offering greater flexibility.
  • Future-Proof Investment: HYAS Insight is dedicated to continuous improvement, ensuring it keeps up with emerging cybersecurity challenges.

Leave a comment »

EU Targets Apple In Digital Markets Act Investigation

Posted in Commentary with tags on June 24, 2024 by itnerd

The AP is reporting that Apple is the first target of EU’s new digital competition rules aimed at big tech called the Digital Markets Act:

European Union regulators on Monday leveled their first charges under the bloc’s new digital competition rulebook, accusing Apple of preventing app makers from pointing users to cheaper options outside its App Store.

The European Commission said that according to the preliminary findings of its investigation, the restrictions that the iPhone maker imposes on developers using its mobile App Store had breached the 27-nation bloc’s Digital Markets Act.

The rulebook, also known as the DMA, is a sweeping set of regulations aimed at preventing tech “gatekeepers” from cornering digital markets under threat of heavy financial penalties. The commission opened an initial round of investigations after it took effect in March, including a separate ongoing probe into whether Apple is doing enough to allow iPhone users to easily change web browsers, and other cases involving Google and Meta.

Ted Miracco, CEO, Approov had this to say:

    “Apple is likely to continue its public relations efforts to highlight the changes it has made and to argue that its practices are in line with the DMA. This includes claims that over 99% of developers would pay the same or less in fees under the new business terms. However on MacBooks, developers can distribute software directly to users without going through Apple, avoiding any fees. The 30% fee on iPhone apps is Apple’s commission for distribution through their App Store platform. This allegedly covers costs like payment processing, hosting, and review processes, yet all of these functions are safely completed by alternative solutions on the MacBook. In the end, while regulations like the DMA and DMCC aim to foster competition and fairness, the intrinsic culture of Apple and its pursuit of market dominance will ensure that the primary efforts will be at circumventing regulatory frameworks in their quest for growth.”

No wonder Apple isn’t bringing Apple Intelligence to the EU when it starts rolling out. They can’t afford to get into fights with the EU that will likely be never ending. Though the cynic in me says that’s retaliation for stuff like this. It will be interesting to see how this fight plays out because Google and Microsoft have gone up against the EU and lost. thus you have to wonder if Apple will be next.

Leave a comment »

Samsung’s Scorching Summer Essentials

Posted in Commentary on June 24, 2024 by itnerd

It’s officially summer and the warm weather is here to stay. According to The Weather Network’s summer forecast, most of Canada will see warmer-than-normal temperatures and fewer rainy days than the typical summer, and more sunshine than normal during the upcoming season.  

To kick off the start of summer, Samsung has come up with a list of tech essentials to make the most of your time outside. 

  • For the Canadians who want to watch their favourite content from the big screen in the outdoors: Whether you’re a Bravo fan anxiously awaiting the return of the Real Housewives of Orange County or you’re a huge UEFA European Championship fan hosting watch parties, the Freestyle 2nd Gen Smart FHD Portable LED Projector allows you to put your content wherever you want, even outside!
  • For the Canadians who want high quality sound: Whether the sound of national anthem blasting while you’re watching the Olympics gives you chills or you can’t wait for the sights and sounds of Shark Week, the Q-series Soundbar HW-Q800D 5.1.2 ch Sub Woofer is the ultimate sound immersion with side-firing speakers.
  • For the Canadians who are always entertaining: If you find yourselves the hub of all your family and friends’ gatherings, you know the kitchen is the area everyone gathers. Allow AI to take your dishes to the next level so you can spend more time with the ones you love. The Bespoke Counter Depth 4-Door Flex Refrigerator with Family Hub comes with AI Vision Inside™ so your fridge can keep track of what’s going in and out. The best part? With AI Vision your fridge can compile recipes for you using the ingredients inside your fried without you even opening the doors. 

You can check out some other tech that fits into your summer plans at Samsung.ca.

Leave a comment »

Kaspersky Says It’s Not A National Security Threat To The US

Posted in Commentary with tags on June 24, 2024 by itnerd

Last week the US banned Kaspersky saying that it’s a national security risk. At the time, I could not find a response from the Russian software company. But clearly I didn’t look hard enough because now I have. Here’s what they said in part:

Kaspersky is aware of the decision of the Department of the Treasury’s Office of Foreign Assets Control (OFAC) to place members of the company’s executive and senior leadership team on the sanctions list. The current step will not affect the company’s resilience as neither Kaspersky nor its subsidiary companies nor its CEO were designated by the OFAC. 

We regard the move as unjustified and baseless, being a continuation of recent U.S. government decisions based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of company’s products and operations. Neither Kaspersky nor its management team has any ties to any government, and we consider the allegations quoted by the OFAC as pure speculation, which lacks concrete evidence of a threat posed to U.S. national security. None of the listed members have any ties to the Russian military and intelligence authorities or have anything to do with the Russian government’s cyber intelligence objectives.

John Gunn, CEO, Token had this to say:

Banning the use of Kaspersky software is a prudent and informed action. Kaspersky’s majority owner and CEO is a Russian national who lives in Russia and is subject to the jurisdiction of the Russian government. People who don’t do what Putin wants have a bad habit of falling out of windows. The code for many mature security applications is so complex that finding a designed-in vulnerability would be very challenging, and a “clean” version today could be updated to a malicious version at any time. Operating on a promise of trust from a country that is attacking us constantly would be bad strategy.

Here’s the thing. If you can’t trust the tools that you use to defend yourself against attackers, you shouldn’t use them. Which is why this ban makes sense despite the fact that some will find this as an over reaction by the US government. Will this ban make you stop using Kaspersky products? Sound off in the comments with your thoughts.

Leave a comment »

CDK Global Was Pwned By BlackSuit Ransomware: Report

Posted in Commentary with tags on June 23, 2024 by itnerd

You might recall that thousands of car dealerships have been shut down by their SaaS provider CDK Global not being available to them. Now BleepingComputer is reporting that a ransomware group called BlackSuit is apparently responsible for all of this:

The BlackSuit ransomware gang is behind CDK Global’s massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter.

The same sources, who provided information on condition of anonymity, told BleepingComputer that CDK is currently negotiating with the ransomware gang to receive a decryptor and not leak stolen data.

While BleepingComputer is the first to report that BlackSuit is behind the attack, the news that CDK is negotiating with threat actors was revealed by Bloomberg yesterday.

If this is true and CDK Global is actually in negotiations with BlackSuit, then that’s bad. I’ve been consistent in saying that threat actors should never profit from their crimes. So by extension, negotiating with threat actors is bad. I guess we’ll find out if this is true or not if dealerships across the US are suddenly able to conduct business normally in the coming days.

Leave a comment »

Elon Musk Is Slowly Walking Away From Telling Advertisers To “Go F**k Yourselves”

Posted in Commentary with tags on June 22, 2024 by itnerd

Remember when Elon Musk told advertisers to “go f**k yourselves” when said advertisers decided to stop advertising on Twitter? If not, this will help. Well I am going to go out on a limb and suggest that this is making Elon hurt. Specifically in the bank account. Which is why Elon has been in Cannes this week to walk this back:

Elon Musk on Wednesday tried to walk back remarks lashing out at advertisers fleeing his X social media platform.

At the Cannes Lions advertising festival in Cannes, France, Musk was asked by WPP CEO Mark Read what he meant by telling advertisers threatening to pull ads from the platform late last year to “go f— yourself.”

Musk said it was meant as a general point on free speech rather than a comment to the wider advertising industry.

“It wasn’t to advertisers as a whole,” Musk said. “It was with respect to freedom of speech, I think it is important to have a global free speech platform, where people from a wider range of opinions can voice their views.”

“In some cases, there were advertisers who were insisting on censorship,” Musk said. “At the end of the day … if we have to make a choice between censorship and losing money, [or] censorship and money, or free speech and losing money, we’re going to choose the second.”

“We’re going to support free speech rather than agree to be censored for money which I think is the right moral decision,” he added.

The fact is that Elon is scrambling for cash because real advertisers have been replaced by porn and AliExpress ads. Clearly advertisers that pay Twitter’s bills are not coming back and he’s trying to thread the needle so to speak between getting those advertisers back while keeping his Nazi, racist, homophobic, and other scumbag friends happy. All to get money into his bank account. I am hoping that advertisers don’t fall for this and continue to avoid Twitter because Elon needs to pay for his behaviour. Literally.

Leave a comment »

Change Healthcare Admits That Hack Resulted In The Theft Of Medical Records

Posted in Commentary with tags on June 22, 2024 by itnerd

Remember the Change Healthcare hack? It’s now gotten worse. According to TechCrunch, American’s medical records have been leaked:

In a statement Thursday, Change Healthcare said it has begun the process of notifying affected individuals whose information was stolen during the cyberattack. 

The health tech giant, owned by U.S. insurance conglomerate UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector. As such, the company has access to massive amounts of health information on about a third of all Americans

The cyberattack prompted the company to shut down its systems, resulting in outages and delays to thousands of healthcare providers who rely on Change, and affecting countless patients who could not obtain prescriptions or had medical care or procedures delayed. 

Change said in its latest statement that it “cannot confirm exactly” what data was stolen about each individual, and that the information may vary from person to person. 

The affected information includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, as well as government identity documents, such as Social Security numbers, driver’s licenses and passport numbers.

The data also includes medical records and health information, such as diagnoses, medications, test results, medications, imaging, and care and treatment plans, said Change. The hackers stole health insurance information, including plan and policy details, as well as billing, claims and payment information, which Change said includes financial and banking information.

This is bad. This is really bad. This illustrates what can happen when an organization doesn’t properly secure their network. In short, people suffer. And in this case a whole lot of people are going to suffer because their personal information is out there. Change Healthcare really needs to be taken to the woodshed over this and be made an example of to show that this is unacceptable and companies need to do much better.

Leave a comment »

The US Bans Kaspersky

Posted in Commentary with tags on June 21, 2024 by itnerd

Now some of you reading this headline will be thinking “wait, didn’t the US already ban Kaspersky?” The answer is sort of. They were banned on federal government networks. But you and I could still get a copy of the anti-virus software for example. Well, that has changed as the Biden administration has banned them outright:

Yesterday, the Department of Commerce issued a final determination pursuant to Executive Order (E.O.) 13873 prohibiting Kaspersky Lab, Inc., its affiliates, subsidiaries and parent companies directly or indirectly from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. Commerce reached this determination after an investigation found transactions involving the products and services of Kaspersky Lab, Inc. and its corporate family pose unacceptable risk to U.S. national security or the safety and security of U.S. persons, as outlined in E.O. 13873. 

In addition, the Department of Commerce has designated AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) on the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives. These activities are contrary to U.S. national security and foreign policy interests.

Damir J. Brescic, CISO, Inversion6 had this comment:

The reason that the U.S. government took such a stance is due to the concerns that Kaspersky could/has complied with the Russian government in what could be seen as assisting in cyber espionage or other malicious activity. The concern is obviously heightened by some of the controversial laws Russia has in general regarding cybersecurity; where they require companies to assist the government in intelligence gathering activities. Similar to other nation-state threat actors, such as China, Iran and North Korea. 

There are a few key aspects that companies and even government agencies need to take into consideration when assessing the impact of a software tool, such as Kaspersky. The major concern is that the Kaspersky antivirus solution, when implemented in an organization, requires extensive system privileges to function correctly, as most solutions of its kind do. This type of technology can provide a threat actor the potential to exploit and gain access to a systems configuration, sensitive data, and network connections.

If an organization is currently utilizing the Kaspersky antivirus software, they should look to conduct the following steps:

  • Deactivate the Kaspersky software immediately on all their host systems
  • Conduct a thorough risk assessment of the organizational use of this Kaspersky software; this should include the potential impact of compromise, as well as the likelihood of such an event
  • Start evaluating alternative solutions from a trusted vendor 
  • Implement robust monitor detection
  • Review incident response capabilities and plans, and potentially run a tabletop exercise 
  • For advanced measures, look to implement network segmentation to limit the spread of any malware and reduce the overall impact from potential threat and compromise

All of this is good advice as unlike the when the US government network ban came into effect, Kaspersky sued the government, I can’t find any statements or any other reaction from the Russian software company. Their silence suggests a lot in my opinion.

1 Comment »

SolarWinds Vulnerability Being Actively Exploited By Threat Actors

Posted in Commentary with tags on June 21, 2024 by itnerd

SolarWinds reports that a high-severity flaw in SolarWinds Serv-U file transfer software exists and should be patched ASAP:

Summary

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Affected Products

SolarWinds Serv-U 15.4.2 HF 1 and previous versions 

Fixed Software Release

SolarWinds Serv-U 15.4.2 HF 2

Here’s why it should be patched ASAP. Threat actors are currently using it to launch attacks:

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.

Although the attacks do not appear particularly sophisticated, the observed activity underscores the risk posed by unpatched endpoints, emphasizing the urgent need for administrators to apply the security updates.

Rogier Fischer, CEO and Co-Founder, Hadrian had this comment:

“Exploiting this vulnerability can lead to significant issues such as unauthorized data access, resulting in potential data breaches and non-compliance with regulations, from GDPR to HIPAA. Financial implications are considerable, involving not only the costs of incident response and mitigation but also regulatory fines and legal actions from affected customers. In an idea world, organizations utilizing this software would have applied the patch already, considering how big the earlier SolarWinds fiasco was.”

This is another one of those times where you need to drop everything and patch away. Seeing as this exploit is out there and being used by threat actors, you really have no other choice.

Leave a comment »

New Targus hard cases carry, connect, and protect students’ devices in any learning environment

Posted in Commentary with tags on June 21, 2024 by itnerd

Targus today introduced its new lineup of commercial-grade form-fit Chromebook™ cases and protective iPad® cases for the education market at ISTELive 24, June 23rd-26th. These new additions further expand Targus’ extensive portfolio of innovative laptop bags, hard cases, and accessories designed to carry, connect, and protect students’ technology in the classroom and beyond.

 The new Commercial-Grade Form-Fit Clear Cases arriving in June/July are translucent cases made for the latest DellLenovo, and HP Chromebooks™.  These cases feature drop-rated protection up to the typical school desk height of three feet, enhanced corner and edge protection, a thin and lightweight molded design, and easy access to all ports. Plus, like all Targus laptop bags and cases, they’re backed by Targus’ limited lifetime warranty.

Available now, Targus has also added two new iPad cases to its portfolio delivering portable protection for the latest iPad® (10thgeneration), iPad Air® (M2), and iPad Pro® (M4) devices in the classroom and beyond: a SafePort® Clear Case and Kids Antimicrobial Case.

With military-grade drop protection up to six feet, Targus’ Kids Antimicrobial Case is the perfect solution for young learners to keep their iPad protected from inevitable drops and bumps, while enjoying more portable features and functionality. A convenient carry handle doubles as a stand, so young learners can grab and go or set it and stand it for their viewing preference. Precision cutouts give full access to controls, ports, and cameras, making it easy to enjoy favorite videos, movies, and music.

As a bonus, this case features Targus DefenseGuard™ Antimicrobial Protection, which helps to create a cleaner surface by preventing the growth of microorganisms and works continuously for the life of the product.

Targus’ SafePort® Clear Case for iPad® (10th gen.) 10.9-inch lets students show off their colorful new iPad while wrapping it in superior protection. This protective case passes military grade 6 ft./1.8m drop testing (MIL-STD 810G) with its clear, shock-absorbent back cover, protective snap-on front cover, reinforced corners, wrap-around bezel, and covered buttons. The kickstand of this case has been tested to withstand up to 44 lbs. of force making it durable enough to withstand kids’ everyday use.

Beyond protection, it offers a variety of integrated features to boost functionality and versatility on the go. A built-in extra durable kickstand flips out to offer hands-free portrait and landscape viewing from multiple angles. Precision cutouts allow complete access to ports and cameras, and it also has a built-in stylus holder making it easy to store an Apple Pencil® (Pencil sold separately by Apple®).

Targus will be showcasing its latest lineup of laptop and tablet cases and accessories for the education market during ISTELive 24 in booth #1882 at the Colorado Convention Center.

Watch Targus’ Commercial Grade Hard-Shell Cases for Chromebook in action and visit Targus.com for product details, pricing, and availability.

Leave a comment »

« Older Entries
Newer Entries »