INKY analysts have identified a new phishing scheme utilizing weaponized RTF attachments.
Attack Flow Overview:
You can read the details here.
Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced extended software compliance, audit, and attestation support with the release of the industry’s first software compliance and attestation trust center.
Legit enables customers to build a repeatable and scalable software security compliance program by automating manual processes and producing the required evidence to prove compliance. By leveraging multiple frameworks, including SLSA, PCI DSS, SOC2, and ISO 27001, Legit quickly assesses the state of a software security program to identify gaps that create risk.
In addition, Legit now supports new requirements for the CISA Secure Software Development Attestation Form. CISA offers an essential set of guidelines to ensure software is secure; attestation provides a means for vendors to confirm that software was developed with these standards in mind.
Legit’s compliance and attestation trust center features include:
Legit’s software compliance and attestation capabilities are available now to new and existing customers. For more information, visit www.legitsecurity.com.
According to a recent blog post by Akamai Technologies, security researchers analyzing phishing campaigns targeting the United States Postal Service saw traffic to the fake domains similar to that of the legitimate site and during the holidays it “greatly exceeded legitimate traffic”.
Akamai started observing USPS-themed phishing last October after an employee received a suspicious text that redirected to a site containing malicious JavaScript code. During the 2023 holiday season, researchers observed a significant volume of DNS queries going to “combosquatting” domains that impersonated the USPS service.
The design of the fake pages appears as exact replicas of the actual USPS site even with realistic tracking pages with status updates. The total queries generated by these malicious websites between October 2023 and February 2024 is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site. Meanwhile, the traffic to malicious domains from November to December was higher compared to the legitimate one.
Akamai only focused this research on USPS, so the scale of these combosquatting campaigns could encompass other postal brands and likely be larger.
Dave Ratner, CEO, HYAS had this to say:
“Attacks involving typosquatting, combosquatting, or look-alike domains are increasing in nature and can be highly effective as individuals often don’t inspect the domain name itself closely enough. This can be made more complicated and difficult to detect with the use of different character sets like punycode which can make the difference between the legitimate and fake domain very hard, if at all possible, to detect by visual inspection. This is one of the reasons that Protective DNS solutions are so vital today, because they know the legitimate domains from the fake ones and can be the critical difference between a successful attack and a failed attempt.”
This is pretty insane. The fact that the real USPS site gets less traffic than fake ones shows that this is a huge problem that really needs to be addressed. I am not sure how one would address this, but it’s high time to figure it out.
Today SAP Concur announced the results of its review into the costs of business expenses for the 23/24 financial year, which showed a 34 per cent increase in the cost of the average expense transaction compared to pre-pandemic levels in 2019, likely driven by rising inflation.
This is more than four times the 8.1 per cent inflationary rate at the peak of Canadian inflation in June 2022. This demonstrates that Canada, in particular, has been hit harder than average by inflationary increases compared to the rest of the world. Using SAP Concur data from thousands of businesses across Canada, the company has been able to pinpoint some of the main areas where businesses face rising costs and paint a clearer picture on where inflation is damaging profits.
The biggest culprits for rising costs came from gas, car hire and ground transportation which rose 40 percent, 36 per cent and 35 per cent respectively. Similarly, the cost of entertainment also saw a large inflationary rise, coming in at a 35 per cent increase. But the cost of train transportation took the top spot as the biggest expense for businesses, amassing 85 per cent of the total expense amount.
Through SAP Concur’s analysis, it’s clear that businesses across the board are facing real increments in their additional costs. Most of which are often unseen or unaccounted for early on in the financial planning process. Chris Juneau, head of market strategy at SAP Concur said “For all businesses, the costs of operating in the current global market has become trickier with time and the 23/24 financial year was no exception. As the end of the year approaches, now is the time that finance managers and business leaders need to be analysing their outgoings, forecasting for the next financial year and re-evaluating policies to deliver a more robust year ahead.”
To ensure the smooth management of finances in 24/25, finance leaders need to take advantage of every spending moment to navigate times of change. Through the implementation of expense management systems, businesses need to look at ways in which they can better control expenditure. Whether that’s through greater monitoring of expense compliance, improving visibility or improving data driven decision making, finance leaders can take active steps to gain better control for the new financial year.
You can have a look at their write up on this topic here.
Open Systems, the leading provider of native, managed SASE solutions with a superior user experience, today announced it has been named a Leader in The Forrester Wave™: Zero Trust Edge Service Providers, Q2 2024. In the report, Forrester evaluated nine vendors in the ZTE services providers market based on 34 criteria. Open Systems received the highest possible scores in 16 criteria including service delivery platform, networking and security services, last-mile underlay, service delivery capability, vision, innovation, roadmap, partner ecosystem, and adoption.
The Forrester report said: “It sustains its momentum through an excellent vision of target customer profiles, strong commitment to R&D, and deep engineering expertise. Open Systems delivers an impressive NPS above 60, a highly adaptable set of white-labeled targeted partners, and flexible services pricing. Its capability to integrate partners or develop features in 10 weeks or less is unmatched.”
The Forrester Wave™ for ZTE service providers notes, “[Open Systems’] impressive capabilities leverage AI and automation to autoresolve incidents later reported as KPIs. The vendor provides best-in-class service delivery agility that integrates DevOps and CloudOps. Its innovative engineering-to-operations rotation and direct level 3 support are unique among its competition…” The report also noted, “reference customers reported high satisfaction with its technical expertise, engineering support and application understanding.”
Open Systems SASE Experience eliminates the complexity of secure global access and network management, while providing easy and comprehensive global support. It delivers all the benefits of SASE with an exceptional delivery experience – ideal for enterprises who don’t have the resources to do it all. SASE Experience frees customers from the operational overhead of appliance purchases, installation, and maintenance, to minimize staffing costs and provide a fast ROI.
Visit Open Systems at the RSA Conference on May 6-9 in San Francisco at booth 6567 in Moscone North Hall to learn more about Open Systems SASE Experience.
Today, CDW Canada launched its annual Canadian Cybersecurity Study, Cybersecurity in Focus 2024: Trends, Threats and Strategies, which revealed that declining IT budgets coupled with a rise in cyberattackers leveraging AI increasing successful cyberattacks, putting Canadian organizations at increased risk. This year’s findings show a sharp 50 percent reduction in IT budgets since 2023, yet successful cyber incidents have surged by 26 per cent, highlighting a critical vulnerability gap.
The report delves into how these budget cuts are leading to “breach fatigue” among IT security teams. With fewer resources, teams are overextended, which not only reduces their effectiveness in managing threats but also impacts their ability to respond to incidents promptly and effectively. This scenario is creating an environment where organizations are more susceptible to cyberattacks.
To learn more about the state of cybersecurity for Canadian organizations, download the study here.
The reports of pwnage on this Monday morning continues.
Kaiser Permanente, a major U.S. nonprofit health plan operator, has announced a data breach potentially affecting 13.4 million patients across multiple states. This incident involves unauthorized sharing of personal information through third-party trackers on Kaiser’s websites and mobile apps.
The healthcare giant, which operates 40 hospitals and 618 medical offices in regions including California, Colorado, and Washington, D.C., identified the breach through an internal investigation. The trackers in question, associated with entities such as Google, Microsoft Bing, and Twitter, were transmitting personal data when patients accessed Kaiser’s digital platforms. This data included IP addresses, names, and details indicating whether a user was logged into Kaiser services, as well as their navigation and interaction behaviors on the site.
Though Kaiser reported the unauthorized access to its networks in an April 12 filing with the Dept. of Health and Human Services, the notice was reportedly made public on Thursday.
Importantly, the exposed data did not include usernames, passwords, Social Security Numbers, financial data, or credit card numbers. However, the breach did lead to the exposure of sensitive information such as full names, medical records, dates of service, and lab results.
In response to the breach, Kaiser Permanente has removed the implicated trackers and enhanced their data security measures to prevent similar incidents in the future. Kaiser told Reuters it has not identified any misuse of the data. The breach is part of a broader issue highlighted by the FTC regarding the use of third-party trackers in healthcare and other sensitive areas.
Ted Miracco, CEO, Approov Mobile Security had this to say:
“Healthcare apps often process and store highly sensitive data, including personal health information (PHI), which requires protection beyond the standard security measures provided by mobile operating systems. The incident with Kaiser Permanente illustrates the vulnerabilities that can arise from mobile applications with inadequate security and improper API usage.
“Healthcare apps frequently use APIs to interact with other apps and services, including cloud-based storage and third-party analytics. Securing these APIs is crucial as they can be exploited to access sensitive data. Solutions that manage API keys and monitor API gateways can provide an added layer of security by ensuring that only authorized users and systems can access the APIs. This data is a prime target for cybercriminals due to its value on the black market.”
The fact that the healthcare sector continues to be such a “soft target” for threat actors should concern everyone. Action needs to be taken to change that ASAP. Because as it stands right now, threat actors are having a field day at our expense.
I got a tip from a few people who read this blog that something was up at Canadian pharmacy and electronics chain London Drugs yesterday as I started to hear rumours that they had been pwned by hackers in such a catastrophic way, that it took down all their stores. The most that the company said at the time was this:
This morning, I can confirm that they have been pwned by hackers.
There’s currently no word on how they got pwned or what the exact situation is. Nor is there any ETA in terms of when this could be resolved. But this has taken down all 80 of their stores which means that the pwnage is catastrophic. This isn’t good for their customers who rely on them to prescriptions for starters and could have very long lasting effects for all involved.
I’ll be updating this story as I get more information.
UPDATE: London Drugs is now saying this on Twitter:
Something that I hear a lot about in terms of complaints is the fact that Apple solders both RAM and storage to the motherboards of the computers that they sell. And the people who complain about this cite greed as the reason for this. As in Apple wants to force you to spend money either up front, or via replacing the computer if you needs go beyond the configuration that you get. Now to be clear, it’s not that simple as I will show you shortly. And Apple isn’t the only company that does this. But it is an irritant that I think that computer manufacturers could address easily. So, with that out of the way, let me explain why companies do this:
So after reading this, you might be thinking that Apple and everyone else who does this such as Dell, ASUS, and HP are pond scum. Well you can’t blame computer companies for wanting to find any way to increase performance and make products that consumers want while increasing their profit margins. Which means that you as a consumer have to make sure that you do your homework before whipping out your credit card so that you get the computer that not only fits your needs, but lasts for four or five years.
Manufacturers can help to reduce or make this noise about soldered RAM go away by better educating consumers about the benefits of different configurations for different workflows. That way consumers get the computer that they need without an issue. Apple specifically could really do itself a favour in terms of this by also not selling the fantasy that 8GB of RAM is enough RAM for most people. This is something that has been disproven time and time again, and it isn’t a good look for Apple as consumers will view them as acting like a car dealer who has a “starting price” for a car knowing full well that you’re going to spend way more than that “starting price”.
What do you think? Is soldered RAM and storage bad or it’s a non-issue? Leave a comment and share your thoughts.
EU President Doesn’t Rule Out Banning TikTok In The EU
Posted in Commentary with tags TikTok on April 30, 2024 by itnerdThings seem to be going from bad to worse for TikTok. Fresh off of effectively being banned in the US, EU President Ursula von der Leyen has made it clear that a TikTok ban in the EU is on the table. Here’s what she said via Politico:
Commission President Ursula von der Leyen hinted that banning TikTok in the European Union is an option, during a debate this evening in Maastricht, featuring parties’ lead candidates for the bloc’s 2024 election.
“It is not excluded,” von der Leyen said, after the moderator referred to the United States, where TikTok faces a national ban unless it is sold by its owner, ByteDance.
She immediately added that the Commission was “the very first institution worldwide to ban TikTok on our corporate phones. “
“We know exactly the danger of TikTok.”
One thing to keep in mind is that TikTok is already in the EU doghouse as it was caught trying to bribe users into watching more videos on the platform. And seeing as the EU are the type of people to find the biggest hammer available to swing at most problems that it has to deal with, it would not at all surprise me if sometime in the next year, TikTok is banned there too. TikTok can act like none of this matters, as they tried to do right after the US ban. But at some point they will have to reconsider their life choices if they want to still be relevant. Though I have to wonder when that will happen.
Leave a comment »