Santander Suffers Third-Party Breach Impacting Customers And Employees 

Posted in Commentary on May 16, 2024 by itnerd

On Tuesday, Santander bank confirmed in an online statement that customer and employee data was breached following “unauthorized access to a Santander database hosted by a third-party provider.”
 
Santander, the euro zone’s second-biggest bank by market value, said that “certain information” relating to customers in Chile, Spain and Uruguay, and 200,000 current and former employees had been accessed.
 
The bank said it immediately took measures to mitigate the incident, including blocking access to the database and reinforcing fraud prevention to protect customers.
 
Santander hasn’t disclosed how many customers have been affected or the nature of the stolen data.
 
“In the database there is no transactional information or access credentials or internet banking passwords that would allow transactions with the bank,” Santander said.
 
Santander added that its operations and systems have not been affected and customers can continue transactions securely.

Dave Ratner, CEO, HYAS had this to say:

“Yet another report of an unfortunate third-party breach.  While it’s a good thing that no transaction details, credentials, or passwords were exposed, other third-party breach victims may not be so lucky, and these events will unfortunately continue across the industry until organizations adopt appropriate cyber resiliency approaches.”

Third party breaches are a thing. Companies need to take that into account when choosing their partners and ensure that their partners are as secure as they are at the very least. Otherwise, you will get pwned through no fault of your own.

Leave a comment »

Mississippi Health System Updates Number Of Victims Affected By A Cyberattack To 895k

Posted in Commentary with tags on May 16, 2024 by itnerd

Earlier this week, the Singing River Health System issued a data breach notification stating that it is now estimating that 895,204 people were impacted by an August 2023 ransomware attack.

Singing River Health System is located in Mississippi and operates the 3 hospitals in the state totaling over 700 beds, as well as 2 hospices, 4 pharmacies, 6 imaging centers, 10 specialty centers, and 12 medical clinics all employing over 3,500 people.

The August 2023 ransomware attack resulted in operational disruptions at its hospitals and it was estimated that 501 individuals had personal data stolen. On September 13, the organization confirmed that data had been exfiltrated, and on December 18, it announced that the incident impacted 252,890 people.

According to the latest information in the notification and on the organization’s site, the exposed data includes:

  • Full name
  • DOBs
  • Physical address
  • SSNs
  • Medical information
  • Health information

The attack was claimed by the Rhysida ransomware gang which so far has leaked roughly 80% of the data they claim to hold, allegedly including 420,766 files totaling 754 GB.

BullWall Executive, Carol Volk had this comment:

   “The Singing River Health System’s ransomware attack is a stark reminder of the cybersecurity siege that healthcare organizations are under. This breach is not just a statistic but a severe blow to the trust and safety of nearly a million people. These victims had their most sensitive information—names, dates of birth, addresses, Social Security numbers, and medical records—exposed, placing them at significant risk of identity theft and fraud.
 
   “Hospitals and healthcare systems are prime targets for cybercriminals. The Rhysida ransomware gang’s claim to have leaked 80% of the data they stole highlights the immense challenges in protecting health information. Singing River Health System, with its extensive network of hospitals, clinics, and specialty centers, illustrates the vast attack surface and the inherent vulnerabilities within such a complex IT infrastructure.
 
   “The operational disruptions, coupled with the personal data theft of a staggering 252,890, reveal the deep and lasting scars these attacks inflict on healthcare services. The fallout from such breaches is catastrophic, not only in terms of financial loss but also in the erosion of patient trust and the potential delay or cancellation of critical medical treatments.
 
   “Healthcare organizations can assume they will be breached and must go beyond traditional defensive cybersecurity measures. It is imperative to implement robust ransomware containment defenses and maintain off-site backups to ensure continuity of care without succumbing to the demands of cyber extortionists. The Singing River Health System’s ordeal is a call to action for the entire healthcare sector to fortify its defenses and protect the sanctity of patient data and healthcare delivery.”

Once again I find myself in the position of having to say that healthcare needs more funding to protect themselves from attacks like these. The fact that I am constantly talking about this means that there’s a serious problem, which requires a real solution immediately.

Leave a comment »

Mission Cloud Accelerates Generative AI Solution Adoption By Signing Multi-Year Strategic Collaboration Agreement Expansion with AWS

Posted in Commentary with tags on May 15, 2024 by itnerd

Mission Cloud Services, Inc., a US-based Amazon Web Services (AWS) Premier Tier Services Partner, today announced a generative artificial intelligence (AI) expansion to its Strategic Collaboration Agreement (SCA) with AWS. The new strategic initiative strengthens Mission Cloud’s commitment to AWS, providing further support to businesses exploring and implementing generative AI solutions.

According to PwC, 73% of U.S. companies use AI in some aspect of their business today. With the AI market growing by almost [30% year-over-year, businesses are looking to adopt AI to drive productivity and efficiency, realize ROI, and gain a competitive edge. With 50+ proof of concepts (POCs) moving into production, Mission Cloud enables customers to explore and validate AI-driven initiatives with their AWS expertise. The SCA expansion enables Mission Cloud to accelerate delivery of its generative AI solutions and services to US companies through joint go-to-market activities and POC funding.

Mission Cloud has a proven track record in generative AI, with numerous solutions already in production, serving customers across major industry segments including financial services, healthcare, life sciences, media and entertainment. Earlier this year, Mission Cloud achieved the AWS Generative AI Competency, which recognizes Mission Cloud as an AWS Partner that helps customers and the AWS Partner Network (APN) drive the advancement of services, tools, and infrastructure pivotal for implementing generative AI technologies.

As one of the first managed Amazon Q providers, Mission Cloud continues to collaborate with AWS to deliver secure and innovative AI solutions to customers worldwide. Companies need to experiment with and adopt these new capabilities and applications at the speed of AI to drive operating efficiencies and transform user experiences for their customers.

By working with AWS, Mission Cloud ensures PoCs move to production and make long-term business impact through continuous engagement, proven solutions, reference architectures, and purpose-built services spanning the develop, deploy, measure, and optimize lifecycle. Mission Cloud provides customers with a vast array of generative AI solutions, such as Intelligent Document Processing (IDP), including summarization, fraud detection, and data augmentation; virtual assistants and chatbots powered by Amazon Bedrock or Amazon Q; call center analytics; audio and video dubbing and captioning; content generation, including text and images; and day two operations supporting continuous improvement, including training infrastructure, integration, machine learning operations (MLOps), and large language model operations (LLMOps).

This generative AI expansion builds on Mission Cloud’s existing initiatives and strengthens its strategic partnerships with leading independent software vendors (ISVs) like CrowdStrike, ensuring secure, scalable AI solutions powered by AWS.

For further information about Mission Cloud and its generative AI capabilities, visit https://www.missioncloud.com/solutions/data-analytics-machine-learning/generative-ai.

Leave a comment »

Palo Alto Networks Cloud Security Report Is Out

Posted in Commentary with tags on May 15, 2024 by itnerd

Today, Palo Alto Networks released its global 2024 State of Cloud Native Security Report. Some highlights:

Impact of AI on the Application Lifecycle: 100% of survey respondents—a first-ever unanimous response —are embracing AI-assisted application development. However, the #1 concern in cloud security right now is the unforeseen vulnerabilities and exploits introduced by AI-generated code. More than 2 in 5 security professionals (43%) predict AI-powered threats will evade traditional detection techniques to become a more common threat vector.

Security is a Roadblock: 84% of respondents say that security processes cause delays to their project timelines. In fact, security is a gating factor hindering software releases, according to 86% of respondents. 

Security/Developer Relationship: 92% of respondents agree that conflicting priorities for DevOps and cloud SecOps hinders efficient development and deployment. More alarmingly, 71% say that rushed deployments have introduced security vulnerabilities. 52% of respondents cited conflict between DevOps and SecOps as a significant source of stress. 

Consolidation Continues: According to respondents, they use an average of 16 cloud security tools from an average of 14 different vendors. 91% of respondents say the number of point tools used creates blind spots that affect their abilities to prioritize risk and prevent threats. To this point, 98% of respondents want to reduce the number of cloud security tools in use.

You can view the full report HERE.

Leave a comment »

BreachForums Has Been Pwned By The FBI

Posted in Commentary with tags on May 15, 2024 by itnerd

Cybercriminals will have to find a new place to brag about who they’ve pwned and facilitate the sale of data that they’ve swiped. Because BreachForums which is a well known site for doing both has itself been pwned by the FBI:

The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal.

The website is now displaying a message stating that the FBI has taken control over it and the backend data, indicating that law enforcement seized both the site’s servers and domains.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the seizure message.

“We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us,” continues the seizure banner.

The seizure message also shows the two forum profile pictures of the site’s administrators, Baphomet and ShinyHunters, overlaid with prison bars.

If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations.

But it doesn’t end there. The FBI also pwned the following:

The FBI has also seized the site’s Telegram channel, with law enforcement sending messages stating it is under their control.

It also appears that Baphomet who is one of the people who ran the site might have been arrested. I can’t confirm that at present. But I am sure further details will come out about this. But this is as I like to say, a non trivial event. While I am sure that something like BreachForums will pop up to fill this void, the fact that this site was taken down by the FBI is sure to send shockwaves through the hacking community.

Watch this space as I expect more details to appear shortly.

UPDATE: Tom Marsland, VP of Technology, Cloud Range, and Board Chairman of VetSec had this comment:

“For the second time, US and international law enforcement groups worked together to seize BreachForums, a popular data leak site. Just like with the collaboration between Microsoft, CISA, the FBI, and the NSA, this joint effort shows the importance of public and private sectors working together to secure the cyber domain.  While the information surrounding this seizure is new at this point, it is exciting to see continued efforts to thwart this activity. Inevitably, these actors will show up again in another place, as they did when RaidForums was seized in 2022, but cyber defenders seem ready and poised to seize assets again if they do.”

Leave a comment »

OVHcloud unveils new dedicated high-grade Bare Metal Servers with Intel Xeon Gold Processors for the most intensive workloads

Posted in Commentary with tags on May 15, 2024 by itnerd

 OVHcloud, the European Cloud leader, today announces new dedicated High Grade Bare Metal servers featuring top-of-the-line Intel Xeon Gold 5th Generation processors. Further democratizing innovation, new Bare Metal servers are aimed at demanding, mission critical and sensitive workloads, such as confidential computing, HPC and virtualization. The new OVHcloud High Grade Bare Metal line benefits from Intel TDX technology as well as new built-in accelerators for added performance, all the while answering the many challenges of hyperconverged and storage infrastructures.

At the heart of the new OVHcloud HCI, SDS and STOR lines lies Intel Emerald Rapids microarchitecture. It provides more compute and faster memory while improving security. Technologies like Intel TDX stand for strengthened VM isolation offering the most straightforward path to a greater security, compliance and control for legacy apps.

New Intel Xeon Gold 5th Generation powered HGR-HCI and HGR-SDS lineup

The HGR-HCI lineup is aimed at hyperconverged infrastructures. It features Intel’s fifth generation of Xeon Gold processors in a dual-processor configuration. Starting with Intel Xeon Gold 5515+ in a 2×8 cores (2×16 threads) configuration (HGR-HCI-i1) it goes up to Intel Xeon Gold 6554S in 2×36 cores (2×72 threads) configurations (HGR-HCI-i4). Equipped with 256 GB of base DDR5 memory, all HGR-HCI-i flavors come with 2×960 GB SSD storage option that can be further customized when ordering with additional SSD capacity up to 3.84 TB.

The HGR-SDS lineup targets software defined storage infrastructures for use cases such as Database, Platform Object Storage and Big Data. The range is now equipped with Intel Xeon Gold Fifth Generation chips in a dual-processor configuration. HGR-SDS-1 Bare Metal server is powered by an Intel Xeon Gold 5515+ CPU in a 2×8 cores (2×16 threads) configuration and HGR-SDS-2 features Intel Xeon Gold 6542Y in 2×24 cores (2×48 threads) configuration. Both HGR-SDS-1 and HGR-SDS-2 are loaded with 256 GB of DDR5 memory (can be configured to up to 1.5 TB) and feature a 2x960GB based system SSD with options for SSD based storage at 3.84 TB, 7.68 TB or 15.36 TB.

The heavy storage variant of Bare Metal servers, HGR-STOR, designed for use cases such as archiving, disaster recovery and databases has also been updated. OVHcloud HGR-STOR-1 is now powered by the Intel Xeon Gold 6554S in a single processor configuration. With 36 cores and 72 threads, it comes 128 GB of DDR5 (up to 768 GB). The HGR-STOR-1 is equipped with a 2x 960 GB SSD-based storage and boasts additional storage of up to 36×22 TB SAS HDD for a whopping 792 TB in total. Customers can opt for a cache option with capacity up to 2x 15 TB to further optimize their storage performance.

Unmetered Guaranteed Bandwidth with up to 25 Gbps Private Network

OVHcloud’s new HGR-HCI-i, HGR-SDS and HGR-STOR-1 benefit from all the advantages of dedicated servers when it comes to flexibility, control, performance, and availability as well as 1 Gbps to 10 Gbps guaranteed and unmetered public bandwidth and up to 25 Gbps of unmetered private bandwidth. Through this offering, OVHcloud also provides companies with the best possible support for their workloads, environments, and ad-hoc technologies, while guaranteeing predictable pricing.

To further streamline resiliency, OVHcloud’s new HGR-HCI-i, HGR-SDS and HGR-STOR-1 servers benefit from a private network built from the ground up for redundancy. With two 25 Gbps links, the private network of those servers ensures critical applications and their data remain accessible so business operations continue uninterrupted.

Data Protection and Sustainability

The new OVHcloud HGR-HCI-i, HGR-SDS and HGR-STOR-1 Bare Metal servers also benefit from OVHcloud’s well-known expertise in infrastructure, offering a trusted cloud in environmentally friendly data centers. With the highest security and data protection standards in the form of ISO 27001 certification and HDS, customers benefit from a trusted Cloud. OVHcloud data centers take advantage of the company’s unique industrial model with a water-cooling system that contributes in a sustainable cloud allowing to reach best-in-class PUE/WUE indexes (see more data here).

Availability

Bare Metal HGR-HCI-i1 (2x8c/16t), HGR-HCI-i2 (2x16c/32t), HGR-HCI-i3 (2x24c/48t), HGR-HCI-i4 (2x36c/72t) are available for order now. Bare Metal HGR-SDS-1 (2x8x/16t) and HGR-SDS-2 (2x24c/48t) are available now. Bare Metal HGR-STOR-1 is scheduled for availability later this month.

New HGR-HCI-I, HGR-SDS and HGR-STOR are available in our data centers located in Canada, France, Germany, Poland, UK, USA and APAC.

Leave a comment »

Open Systems Receives Industry Awards for SASE Experience Platform

Posted in Commentary with tags on May 15, 2024 by itnerd

Open Systems, the leading provider of native, managed SASE solutions with a superior user experience, today announced that Open Systems SASE Experience has been selected as a winner in the Secure Access Service Edge (SASE) category of the 2024 Cybersecurity Excellence Awards, and has been named Best Solution for Secure Access Service Edge (SASE) in Cyber Defense Magazine’s Global InfoSec Awards.

Open Systems recently received TMC’s Internet Telephony SD-WAN Product of the Year award and the Globee Business Awards’ Golden Globee Award for SASE. The honors closely follow Open Systems’ recent recognition as a Leader in The Forrester Wave™: Zero Trust Edge Service Providers, Q2 2024, based on an evaluation of nine vendors in the ZTE service providers market.

Open Systems’ industry-leading SASE Experience has received numerous honors and has emerged as the solution of choice for midmarket organizations seeking secure connectivity across cloud and hybrid environments and locations, delivered as a service. It combines SD-WAN, firewall, SWG, CASB, and ZTNA into a comprehensive framework, supported through its user-intuitive customer portal, and delivered as a 24×7 managed service with unmatched customer service.

Open Systems SASE Experience revolutionizes secure access by prioritizing user experience and simplifying complex SASE solutions. It alleviates the burdens faced by CIOs managing remote and hybrid workforces, cyber threats, and digital transformation initiatives. Unlike traditional SASE solutions, Open Systems integrates seamlessly across IT and OT cloud, on-premise, and hybrid environments, ensuring easy, consistent, scalable, resilient, and agile secure access to users, applications, and data.

Open Systems prioritizes customer satisfaction, assured connectivity, business agility, and reputation through its Service Experience Promise. This commitment is upheld by the Open Systems Mission Control Operations Center, which provides proactive and preemptive support to minimize disruptions and enhance operational performance, ensuring customers receive unparalleled service and expertise.

Open Systems is a leading provider of native, managed SASE solutions that enable organizations to simply connect and secure hybrid environments to meet their business goals. Backed by our Service Experience Promise, Open Systems’ SASE Experience helps reduce risk, improve efficiency, and accelerate innovation with a comprehensive, easy-to-implement and use combination of SD-WAN and Security Service Edge delivered as a service with a superior user experience. SASE Experience combines SD-WAN, firewall, SWG, CASB, and ZTNA into a framework that supports secure connectivity across cloud and hybrid environments and locations. It provides a comprehensive SASE solution through an easy-to-use customer portal, underpinned with a unified data platform to drive future innovation, all delivered as a 24×7 managed service. To learn more about Open Systems, visit www.open-systems.com.

Leave a comment »

MediaSmarts partners with TikTok to Champion Online Safety: Launching a Safety Guide for Families

Posted in Commentary with tags on May 15, 2024 by itnerd

Amidst ongoing efforts to champion online safety, today MediaSmarts, the Canadian charitable organization for digital media literacy, has announced the launch of its online safety resource for parents, guardians and caregivers to navigate online spaces for their teens.

The resource was specifically designed by MediaSmarts in collaboration with TikTok to provide insights and practical advice to help foster a secure and positive online environment for teens on the app.

The guide, titled, Talking TikTok: A Family Guide is available as of May 15, 2024 on the MediaSmarts website, highlighting TikTok’s safety and privacy guidelines and features, while showcasing MediaSmarts’s best practices for digital citizenship. It equips parents and users with essential tools to make informed decisions about content sharing and prioritize the well-being of youth on the platform.

The guide can be found here: https://mediasmarts.ca/talking-tiktok-family-guide

Leave a comment »

Helsinki’s Education Division Gets Pwned Via Unpatched Remote Access Server… #Fail

Posted in Commentary with tags on May 15, 2024 by itnerd

On Monday via a press conference the City of Helsinki authorities shared details of their investigation of a data breach in its education division, which it discovered in late April of this year that is impacting 80,000 of students, guardians, and personnel.

According to the new details, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server, a vulnerability that a patch was available for at the time of the attack but had not been installed.

The accessed drive contained tens of millions of files, most devoid of personally identifiable information with an “opportunity for abuse of which is not considered to be significant,” but still included usernames, email addresses, personal IDs, and physical addresses.

More concerning is the exposed drive containing information from the Educational Division:  

   “[…] fees (and the grounds thereof) for customers of early childhood education and care, sensitive information about the status of children, such as information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, as well as the sick leave records of Education Division personnel.  We cannot rule out the possibility of the perpetrator gaining access to data of persons under a non-disclosure restriction,” read the City of Helsinki online update.

Currently, no ransomware groups have assumed responsibility for the attack and the perpetrators remain unknown.

Emily Phelps, Director, Cyware had this comment:

   “Data breaches that impact the education sector reinforce the importance of a proactive security posture that goes beyond security hygiene and traditional controls. To effectively get ahead of attackers, comprehensive threat intelligence sharing and the operationalization of this intelligence is critical.

   “Incorporating real-time threat intelligence can help organizations anticipate potential threats and take preemptive actions. By fostering a collaborative environment where information on threats is actively shared among trusted partners, entities can enhance their defensive mechanisms against sophisticated attacks.”

Dave Ratner, CEO, HYAS follows with this:

   “While patching systems in a timely manner is clearly best practices for any organization that cares about security, the reality is that it’s next to impossible to ensure that each and every patch is applied before a bad actor can take advantage of the vulnerability.  This is just one of the reasons that governments around the world are recommending Protective DNS and cyber resiliency solutions as a way of ensuring that bad actors inside the environment are stopped and shut down before damage ensues.”

This is pretty bad as the threat actor appears to have walked in through a metaphorical unlocked door to pwn the City of Helsinki. Let this be an object lesson to all that you need to make sure that you don’t make it that easy for a threat actor to pwn you.

Leave a comment »

Token’s Next-Generation Smart Ring Wins Fast Company’s 2024 World Changing Ideas Award Honors by Stopping Ransomware

Posted in Commentary with tags on May 15, 2024 by itnerd

Token, a revolutionary provider of secure, wearable authentication, today announced that its innovative Token Ring with BioTouch Secure has been honored in the Science and Technology category of Fast Company‘s 2024 World Changing Ideas Awards. Selected from over 1,300 global entries across all categories, the Token Ring ushers in a new paradigm in multi-factor authentication (MFA) and stops the ransomware attacks that are devastating organizations around the globe.

Ransomware is every organization’s number one risk

Every day brings news of another major ransomware attack and the financial losses from a single attack can now exceed $1 billion. Protecting against ransomware attacks and data breaches has become the top priority of CISOs, CEOs, boards, regulators, and cyber risk insurance providers. Organizations have become easy targets for cybercriminals because most are using 20-year-old legacy MFA technology to stop cybercriminals who are using the power of generative AI and the most advanced attack methods. Next-generation MFA eliminates the risks of cybercriminals using stolen credentials, MFA prompt bombing, Sim Swapping, BYOD compromises, Adversary-in-the-Middle (AitM/MitM), and other common attack methods.

Token Ring Next-Generation MFA

Token Ring is a simple, fast, and user-friendly way to protect organizations against phishing and ransomware cyberattacks. BioTouch Secure integrates fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for the ultimate in user convenience and enterprise security. Token Ring features a capacitive fingerprint sensor for the highest level of biometric security, a large capacity secure element to safely store biometric information and user credentials, a capacitive-touch bezel for user friendly operation, and NFC and Bluetooth Low Energy communications for universal compatibility. Token Ring combines these capabilities into an appealing ring for convenience and to prevent the loss of authentication devices.

About The World Changing Ideas Awards

World Changing Ideas is one of Fast Company’s major annual awards programs and is focused on social good, seeking to elevate finished products and bold concepts that make the world better. Judges choose winners, finalists, and honorable mentions based on feasibility and the potential for impact. With the goals of awarding ingenuity and fostering innovation, Fast Company draws attention to ideas with great potential and helps them expand their reach to inspire more people to work on solving the problems that affect us all.

About Fast Company

Fast Company is the only media brand fully dedicated to the vital intersection of business, innovation, and design, engaging the most influential leaders, companies, and thinkers on the future of business. Headquartered in New York City, Fast Company is published by Mansueto Ventures LLC, along with our sister publication Inc., and can be found online at www.fastcompany.com.

Leave a comment »

« Older Entries
Newer Entries »