U.S. Secretary of State Anthony Blinken Comments On The Strategy For Cyberspace And Digital Policy  

Posted in Commentary with tags on May 9, 2024 by itnerd

On the same day the Department of State published a strategy for cyberspace and digital policy, U.S. Secretary of State Anthony Blinken said during an appearance at RSAC that The White House has plans to spend $3.5 trillion working with partners to set global standards and create resilient supply chains for critical technologies with the aim to enhance America’s competitiveness and drive international collaborations for standards to ensure safe and ethical use of new technologies.

The strategy laid out by the Department of State focuses on building digital solidarity, “recognizes that all who use digital technologies in a rights-respecting manner are more secure, resilient, self-determining, and prosperous when we work together to shape the international environment and innovate at the technological edge.”

The strategy has three guiding principles:

  • An affirmative vision for a secure and inclusive cyberspace grounded in international law and human rights
  • Integration of cybersecurity, sustainable development, and technological innovation
  • A comprehensive policy approach that utilizes the appropriate tools of diplomacy and international statecraft

And four areas of action:

  • Promote, build, and maintain an open, inclusive, secure, and resilient digital ecosystem
  • Align rights-respecting approaches to digital and data governance with international partners
  • Build coalitions and engage partners to advance responsible state behavior in cyberspace, and counter cyber threats
  • Strengthen and build international partner digital and cyber capacity

In regard to emerging technologies, Blinken said he wants to see the formation of global frameworks that balance innovation with security and ethical considerations ensuring that technologies such as AI aren’t used for actions that violate privacy rights or lead to societal harm.

   “Working together, we can seize this extraordinary moment to shape a future that makes life a little bit safer, a little bit more secure and a little bit more prosperous,” Blinken said.

Emily Phelps, Director, Cyware had this comment:

   “The U.S. Department of State’s new strategy for cyberspace underscores the critical importance of collective defense and collaboration in ensuring a secure, resilient digital future. By focusing on building partnerships to set global standards and enhance supply chain resiliencies, this initiative not only advances America’s competitiveness but also fosters a unified approach to safeguarding and advancing technological innovations. This collective strategy represents a significant step in strengthening global digital security, making a safer, more inclusive digital ecosystem achievable.”

I’ll echo what I said when this was first announced. This should be interesting to watch and see how effective it is. Which is something that will take years to measure.

Leave a comment »

Cisco Unlocks AI-Powered Intelligence for Self-Hosted Observability

Posted in Commentary with tags on May 8, 2024 by itnerd

Cisco today announced a new virtual appliance for its AppDynamics On-Premises application observability offering, enabling customers to use a self-hosted observability solution built on AI-powered intelligence for anomaly detection and root cause analysis, application security, and SAP monitoring. The latest innovations allow IT operations teams to detect application performance anomalies faster and with greater accuracy, protect against security vulnerabilities and attacks, and maintain the performance of SAP applications and business processes, all while retaining full control of their observability deployment. Cisco also announced AppDynamics Flex, a new licensing model that provides optionality for customers to choose between self-hosted and Software-as-a-Service (SaaS) observability offerings and support them through the transition from self-hosted to SaaS when the time is right for their business.

While there has been a significant increase in demand for SaaS observability solutions in recent years, for many organizations, self-hosted observability solutions remain in high demand. Self-hosted observability – also referred to as customer-managed observability – includes on-premises deployments or cloud-based deployments where the customer retains control of all the data and associated operations. These needs are typically driven by regulations for data residency and sensitive data protection, and in geographies without a local SaaS point-of-presence. For companies in industries including the public sector, finance, manufacturing, healthcare and retail, the option to have cutting-edge, self-hosted application observability solutions ensures that they can continue to provide end-to-end monitoring of their most critical business systems, in turn, enabling them to deliver market-differentiating digital experiences to their customers and users.

The new innovations include:

  • AI-Powered Detection and Remediation with Cognition Engine: Improve the accuracy of anomaly detection by leveraging dynamic baseline performance to understand what normal looks like against historical trend data, in turn reducing the mean time to identify (MTTI) for application performance issues. Performance issues can then be resolved faster with root cause analysis and automated transaction diagnostics – analyzing a continuous stream of transaction snapshots that capture events used in proactive performance troubleshooting. This enables IT operations to home in on the problem area and make use of intelligent suggestive issue identification.
  • Application Security: Cisco Secure Application allows customers to locate and highlight application security vulnerabilities with application context, and then leverage an automated business risk score that combines application intelligence and security intelligence, allowing them to prioritize their response by business impact. The addition of Runtime Application Self-Protection (RASP) enables organizations to defend the business from exploits that target application vulnerabilities.
  • A Resilient SAP Landscape: Customers can ensure service availability and performance with full-stack observability for on-premises SAP and non-SAP environments, surfacing insights to address performance issues before they impact the business. Cisco brings resiliency into the SAP landscape with application performance, augmented by AI-powered intelligence for the Java stack, enabling SAP developers and BASIS admins to ensure service availability, align performance with SAP business outcomes, and discover SAP related security vulnerabilities to mitigate risk.
  • Self-Hosted Offerings in Amazon Web Services (AWS) and Microsoft Azure: In addition to on-premises deployments, customers can manage their own observability deployments in AWS or Microsoft Azure by using the Amazon Machine Instance (AMI) or Virtual Hard Disk (VHD) images of the virtual appliance. This is valuable when a SaaS instance is not available in the country where a sensitive workload needs to be monitored, or when a customer wants to retain full control of the observability solution.

The Transition to SaaS
As digital transformation strategies mature and the nature of observable workloads change, some IT teams will find themselves looking to garner operational efficiency by moving some or all of their observed workloads from the purview of a self-hosted observability solution to a SaaS solution. To help customers on this journey, Cisco is introducing AppDynamics Flex Licensing, designed to simplify the transition to AppDynamics SaaS. Cisco AppDynamics Flex Licensing allows organizations to value-shift their chosen on-premises observability investments to the corresponding SaaS offer as their requirements evolve, while reusing the same agent fleet.

Availability:

  • The virtual appliance for Cisco AppDynamics On-Premises will be generally available in May 2024.
  • The Automated Transaction Diagnostics feature will be available in Q3 CY2024.
  • The AMI and VHD packages for self-hosted cloud-based deployments will be available in Q3 CY2024.
  • Please refer to the pricing guidelines or contact them for more information.

Additional Resources:

Leave a comment »

Sage launches two new integrated suites in Canada and the UK  

Posted in Commentary with tags on May 8, 2024 by itnerd

Sage, the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs), has launched two new suites in Canada and the UK, to transform how SMBs and accounting practices operate and grow their business.  

Bringing together Sage’s award-winning accounting, HR, and business management tools into two scalable solutions, Sage for Accountants and Sage for Small Business, marks a significant step forward in Sage’s commitment to championing SMBs, accountants and bookkeepers. 

The new suites are purpose-built to meet the changing needs of accountants, bookkeepers and SMBs, helping them to get more done by freeing up time, whilst boosting efficiency and productivity. With Sage for Accountants and Sage for Small Business, users can focus on what matters most, from growing their business and providing great service to pursuing their passions outside of work. 

Three customizable membership plans — Essentials, Standard, and Premium — will scale to match the unique needs of businesses and accounting practices. Small businesses, accountants and bookkeepers are now able to self-manage users and subscriptions, all in one integrated solution that is paid for on a single monthly invoice. 

Introducing Sage for Accountants  

Designed to enhance the functionality and productivity of accounting practices, Sage for Accountants streamlines client management, simplifies operations, boosts efficiency and enhances client collaboration. Even for those not using Sage ledger tools, it enables continuous accounting with seamless integration between tools, so they can harness the value of every tool across all their clients, freeing up more time for client relations.  

With evolving market demands, Sage for Accountants is an integrated experience that will help practices to:  

  • Win and onboard more profitable clients: Attract high-value clients efficiently by leveraging access to one of the largest accountants’ communities worldwide and a comprehensive accounting directory. 
  • Boost productivity with efficient compliance services: Ensure regulatory compliance with ease and confidence using Sage for Accountants, saving valuable time and resources. 
  • Deliver a trusted advisory service: Provide clients with expert insights and guidance for business growth, enhancing their trust and fostering long-term relationships. 

Empowering SMBs with Sage for Small Business 

Making it even easier for entrepreneurs and small businesses to run and grow their business, Sage for Small Business simplifies the long list of jobs to be done from managing cashflow to engaging and managing a team of people. By bringing together critical business tools and expert advice designed for small businesses into a single suite, business owners can free up their time to focus on growing their business and what truly matters to them.  


The suite enables small businesses to start with what they need and will grow with them, helping them to: 

  • Streamline repetitive tasks: Enabling real-time data flow across accounting, payroll and HR from a single user interface, simplifying operations and saving small business owners’ valuable time.  
  • Gain enhanced business insights: With instant access to critical business and financial information, business owners can make smarter decisions, and collaborate closer with accountants on the same digital data. 
  • Remain confident with compliance: With over 40 years of experience building small business technology, offering a wealth of advice and award-winning support and services, Sage helps ensure small business owners have access to simplified tax, VAT and payroll compliance through the latest technology. 


Sage Copilot to be integrated into suites 

As part of the launch of the new suites, UK customers will be the first to get access Sage Copilot, a new generative AI powered productivity assistant.  

Integrated within Sage for Accountants and Sage for Small Business, Sage Copilot is designed to transform operations by automating routine administrative tasks and offering real-time business insights. This allows small businesses to operate more efficiently, and accountants and bookkeepers to make smarter, faster decisions, and focus more on strategic client management rather than administrative tasks.  

Sage Copilot will initially be launched in the UK in 2024. Canada is the next region Sage Copilot will be rolled out to and will be available at a later date. 

For more information, please visit Sage for Accountants and Sage for Small Business
 

Leave a comment »

Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure

Posted in Commentary with tags on May 8, 2024 by itnerd

Netcraft announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client brands and customers.

The FBI reports that US losses to investment and “pig-butchering” scams were $4.6 Billion in 2023, a 38% increase over 2022. Through carefully constructed generative AI, the Conversational Scam Intelligence platform enables Netcraft and its customers to disrupt these nefarious scam attempts at scale, uncovering the underlying financial account networks and deploying countermeasures against criminal infrastructure.

By engaging criminals identified through its proprietary threat intelligence in private message threads, Netcraft’s AI exposes the scam in its entirety, extracting critical insight that can be used to disrupt and prevent future attacks. This innovative approach helps protect against tactics like pig-butchering, where scammers leverage direct messages, a previously undetectable threat source, to lure victims into sending money to fraudulent schemes.

Early results show a significant impact, accurately identifying the hidden financial infrastructure used in pig-butchering scam attempts, including thousands of criminal-controlled bank accounts, mule accounts, crypto wallet addresses, etc. Leveraging this evidence, Netcraft’s customers can flag or block payments to and from compromised accounts before any transaction has occurred, mitigating risk exposure for banking providers around the globe.

The regulatory landscape is shifting: US senators are pushing for greater accountability for financial institutions, and the UK now requires institutions to bear a 50:50 financial risk for fraudulent push payments. In response, banking leaders must deploy new strategies to react to current threats and intercept criminal behavior. Critical interventions like the use of AI to increase visibility and deploy proactive countermeasures provide a valuable new tool for anti-fraud, payment risk, and security teams worldwide.

AI, machine learning, and 70,000+ human-written rules are at the core of Netcraft’s detection, disruption, and takedown services. Leveraging advances in generative AI to anticipate – and prevent – criminal behavior was a natural next step.

Resources

Leave a comment »

Cado Security Introduces First-Ever Support to Perform Investigations in Distroless Container Environments

Posted in Commentary with tags on May 8, 2024 by itnerd

Cado Security, provider of the first investigation and response automation platform, today announced the world’s first solution to perform forensic investigations in distroless container environments. With Cado Security’s new offering, security teams can investigate the root cause, scope, and impact of malicious activity detected within distroless container environments to gain greater visibility into cloud risk.

Distroless containers are designed for efficiency and security, stripped of standard OS components like shell utilities and package managers. While these containers offer some security benefits by minimizing the attack surface, they actually leave a huge security blindspot when something malicious does indeed occur. Until today, it was impossible to perform an investigation in these environments, resulting in a significant visibility gap.

Cado Security delivers a first-of-its-kind solution that addresses the unique challenges distroless containers introduce for security teams. Cado’s unique patent-pending approach collects data from distroless and private clusters without impacting the target container to enable immediate investigation. The collected data includes running processes, crucial log files, and forensic artifacts. Cado also uses its previously open-sourced “varc” toolset to collect memory from individual processes for forensic analysis. This evidence is then seamlessly presented in the Cado platform for unprecedented visibility into cloud risk.

Join Cado Security at RSA 2024: Visit the team at Booth #4316 or schedule an on-site meeting during the RSA Conference in San Francisco from May 6-9. For more information about Cado Security’s Distroless Container Support, please visit https://www.cadosecurity.com/blog/cado-introduces-first-ever-support-to-perform-investigations-in-distroless-containers.

Leave a comment »

UK Military Payroll Provider Pwned… Military Members Data Accessed

Posted in Commentary with tags on May 8, 2024 by itnerd

Yesterday the BBC reported that a hack targeting a third-party payroll system used by the Ministry of Defence resulted in the unauthorized access of the personal information of an unknown number of UK military personnel.

In what is being considered a “significant data breach”, compromised data described as “personal HMRC-style information” includes names, bank details, and, in a very small number of cases, the personal addresses of both current and former members of the Royal Navy, Army and Air Force from over a period of several years.

The MoD is in the process of notifying those affected, including making veterans’ organizations aware of what has happened. 

Tomorrow, Defense Secretary Grant Shapps is due to update MPs about the hack in the Commons where he is expected to set out a “multi-point plan”, including actions to protect affected service men and women.

While it has not been disclosed who is behind this hack, it comes shortly after the government publicly accused China of the 2021 hack targeting millions Electoral Commission voters and the NCSC said Russian intelligence was behind a “malicious cyber activity attempting to interfere in UK politics and democratic processes”.

Dave Ratner, CEO, HYAS had this to say:

   “Third-party breaches like this one and others will unfortunately continue and likely increase in volume; our increasing reliance on Cloud services and various third-party relationships dramatically increases the attack surface and creates a venerable panacea of entry points that can be exploited.  Only with the rapid implementation of cyber resiliency solutions, capable of seeing the telltale signs of a breach early and shutting it down before data is stolen, will we actually be able to stem the tide.”

Third party data breaches are getting just as bad as ransomware attacks. It’s time for it to stop as this is a situation that has become insanely bad. Which is not good for any of us.

Leave a comment »

Wichita Kansas Has Been Pwned In A Ransomware Attack

Posted in Commentary with tags on May 8, 2024 by itnerd

On Monday, the City of Wichita, Kansas disclosed it was forced take portions of its network offline after suffering a ransomware attack on Sunday when IT systems were encrypted with ransomware.

At this time, it is not known whether data has been stolen. Currently, the online payment systems for the City are down, such as those used for paying water bills, court citations and tickets. The City says that emergency services are still available, with the police and fire departments switching to “business continuity measures as necessary”.

   “We are completing a thorough review and assessment of this matter, including the potential impact on data. Detailed assessments of these types of incidents take time,” government officials shared on the City of Wichita’s website. 

The city is not sharing what ransomware gang is behind the attack. But we’ll likely know soon enough.

Emily Phelps, Director, Cyware had this comment:

   “This ransomware attack reinforces the critical need to protect our urban centers and infrastructure. Threat intelligence sharing organizations and the adoption of a collective defense mindset can help public entities outpace adversaries by proactively safeguarding against known threats. By actively participating in these collaborative networks, municipalities can access shared insights and strategies, enabling them to respond more effectively and proactively to cyber threats. Implementing advanced cybersecurity measures and fostering a culture of collective defense are vital steps in ensuring that our cities remain resilient against persistent cyber attacks. This proactive approach not only helps in quicker recovery post-incident but also strengthens the overall security posture to prevent future attacks.”

Another day, another ransomware attack. It’s almost become background noise because it is so common. But it shouldn’t because the second that it does, it will take a situation that is already pretty bad and make it far worse because nobody is paying attention.

1 Comment »

Fubo Canada Serves Up A Limited Time Promo Offer

Posted in Commentary with tags on May 7, 2024 by itnerd

Fubo is offering Canadians another exciting, limited time offer for subscribers on its Sports Quarterly or Annual plan, starting as low as $9.99 a month!

Until July 19, 2024, new subscribers can save 54 per cent for three months (savings of $35.00) on the Quarterly plan, or 32 per cent off for twelve months (savings of $70.00) on the Annual Sports plan, bringing Canadians more of the content they love, for less. 

Canadians can learn more and take advantage of this limited time offer at this link: Watch the Premier League all season | Fubo

Leave a comment »

ESET Opens First Local Data Center In Canada

Posted in Commentary with tags on May 7, 2024 by itnerd

ESET has announced the establishment of its first local data centre in Canada, marking a significant milestone in its commitment to delivering unparalleled service and security to its customers across the country. 

The local data centre plays a crucial role in accelerating the delivery of ESET’s innovative cybersecurity solutions to Canadian businesses and individuals. By leveraging state-of-the-art technology and robust infrastructure, ESET will be able to deploy updates and patches more efficiently, ensuring that customers are always protected against the latest threats.

The launch of the new data centre represents a strategic investment in Canada’s cybersecurity infrastructure, enabling ESET to better serve its growing customer base with faster response times, enhanced data protection and improved overall performance.

The importance of a local data centre is critical with cybersecurity threats evolving rapidly. By housing critical data and infrastructure within Canada’s borders, ESET ensures compliance with local regulations and provides customers with peace of mind knowing that their sensitive information remains secure and protected.

ESET Canada remains dedicated to empowering Canadians to enjoy the full potential of the digital world without compromise. With the establishment of its local data centre, ESET reaffirms its position as a trusted partner in cybersecurity, committed to safeguarding the digital lives of individuals and businesses across the country.

Current ESET customers can rest assured that a local representative will reach out to discuss options available for transferring data.

Leave a comment »

North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

Posted in Commentary with tags on May 7, 2024 by itnerd

So let’s do a bit of quick education before we get to the story.

DMARC: Domain-based Message Authentication, Reporting and Conformance is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. 

With that out of the way, this story will now make a bit more sense. The NSA has put out a statement about North Koreans who are using weak security policies related to DMARC to facilitate their efforts to spearfish targets in the US and beyond:

The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications.

“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said NSA Cybersecurity Director Dave Luber. 

The report contains background on the DPRK’s cyber program and past information-gathering examples, an explanation of how a strong Domain-based Message Authentication Reporting and Conformance (DMARC) policy can help block DPRK actors, red flag indicators of malicious activity, two sample emails used by DPRK cyber actors, and mitigation measures.

Al Iverson, Industry Research and Community Engagement Lead for Valimail had this comment: 

“North Korea found a way to exploit something that security and deliverability experts have been worried about over these past few months; there’s a whole bunch of domain owners out there who are not necessarily security savvy, and perhaps focused more on email marketing efforts. Those domain owners (and there are more than a million of them out there) were quick to implement a bare minimum DMARC policy to comply with new mailbox provider sender requirements. What they didn’t realize, is that this can leave the domain unprotected against phishing and spoofing. 

People must protect their domain by fully implementing DMARC properly to ensure that bad guys find no phishing or spoofing success when they work their way down the list of domains… to yours.

The NSA, the FBI and the U.S. Department of State have identified this as an issue already and Valimail is fully aligned with the advisory they issued at the end of the week.”

If I were the person in charge of email in an organization, I’d be reading this report, and then get about figuring out how to not be the North Korean’s next victim. Because clearly this is a today problem and not something that you can get to whenever.

2 Comments »

« Older Entries
Newer Entries »