Mission Cloud and CrowdStrike Announce Strategic Partnership

Posted in Commentary with tags , on April 19, 2024 by itnerd

Mission Cloud, a US-based Amazon Web Services (AWS) Premier Tier Services Partner with a focus on cloud and AI, today announced a strategic partnership with CrowdStrike (Nasdaq: CRWD) to stop cloud breaches and secure global customers building their businesses on AWS.

Cloud intrusions have grown 75% in the past year, with adversaries breaking into customer environments in as little as two minutes. The lack of cloud-native security solutions and skilled personnel to operate them puts organizations at risk. Mission Cloud One is enhancing its comprehensive managed service for AWS optimization, operations and security by standardizing on the CrowdStrike Falcon® platform for CrowdStrike Falcon® Cloud Security, the industry’s only unified agent and agentless platform for code to cloud protection. The partnership also provides customers with access to CrowdStrike Falcon Complete Cloud Detection and Response (CDR) services, delivering 24/7 protection against cloud attacks.

Learn more about Mission Cloud and CrowdStrike’s partnership here.

Leave a comment »

Fortra’s 2024 State of IBM i Security Study Is Out

Posted in Commentary with tags on April 19, 2024 by itnerd

Organizations around the world are waking up to the business impact of lax cybersecurity: unexpected downtime, lost productivity, resources tied up in lawsuits and data breach notifications. That was evident this year, when a record-setting 79% of IBM i pros surveyed ranked cybersecurity as a top concern in this year’s IBM i Marketplace Survey.

Now in its 21st year, the newly released 2024 State of IBM i Security Study, by global cybersecurity software and service provider Fortra, reveals concrete, impartial data about how IBM i systems are protected and where the gaps remain, andprovides compelling insight into the security posture of 148 IBM i server partitions – systems that are used to host business-critical applications, and that often house electronic personal health information (ePHI), financial data, and personally identifiable information (PII).

My advice would be to set aside some time to read the State of IBM i Security Study as it’s pretty eye opening. And it may give you some ideas as to where to look for gaps and fill them before threat actors look for said gaps and exploit them.

Leave a comment »

Cisco Announces Cisco Hypershield 

Posted in Commentary with tags on April 19, 2024 by itnerd

Yesterday, Cisco announced its new security architecture, Cisco Hypershield, designed to address the increasing demands of AI-scale data centers and cloud environments, ensuring that security measures can be implemented flexibly across various locations and platforms, such as data centers, factory floors, or hospital imaging rooms, whether on premises or in the cloud.

Steven Aiello, field chief information security officer at enterprise IT solutions provider AHEAD had this comment:

“We believe cybersecurity should be integrated into everything we do. Bolted-on security is more expensive and less effective. Cisco Hypershield ensures that cyber protections are included into the fabric of the enterprise. Distributed Exploit Protection will be a massive win for blue teams – legacy synthetic patching was primarily limited to edge devices, allowing lateral movement once an attacker breached the perimeter. It’s a great day for cyber-defenders!”

Cisco’s move to make cybersecurity more agile and more integrated into everything an enterprise does is brilliant. I will be watching closely to see what positive effects come from this move over the long term.

Leave a comment »

TELUS launches Android Mobility Offer, Buy One, Plant One In Support Of Earth Month

Posted in Commentary with tags on April 18, 2024 by itnerd

TELUS has announced their Buy One, Plant One,  in support of Earth Month. 

From April 18 to May 16, for every new, or certified pre-owned, Android device purchased by a new or returning customer, including business customers, TELUS will plant a tree, up to 50,000 trees. Additionally, when trading in any preloved device, TELUS will plant a bonus tree. This promotion is eligible in TELUS and Koodo stores, online or via customer service representatives. 

This latest offer further highlights TELUS as a leader in sustainability and another step towards becoming carbon neutral in our operations across the organization by 2030. To date, TELUS has planted over 11 million trees and more than 500k kelp plants, which is the the size of 7,200 hectares of land in total, and equivalent to 18 Stanley Parks or 60% of the City of Vancouver. 

With the support of customers, partners and sustainability initiatives like these, TELUS has also diverted 15 million devices from landfills and upcycled and recycled 4 million mobile devices since 2010.

For more information, visit the TELUS website

My only question is, why Android only and not iPhone users? Seems a odd to me.

Leave a comment »

Bell Makes Two Announcements Today… And One Of Them Makes Me Say Hmmmm… [UPDATED]

Posted in Commentary with tags on April 18, 2024 by itnerd

Bell has announced a pair of news items today.

The first is that they’ve come out with a new MyBell app which offers a range of new features and improvements designed to make it easier for customers to manage their services, shop for great products and services, and get the support they need.

Key highlights of the refreshed MyBell app include:

  • Improved navigation system: Simplified and intuitive pathways to common actions, such as managing services, shopping for services and products, and accessing support.
  • Reimagined home screen: Provides a summary view of accounts and services, with contextualized alerts and personalized reminders to guide customers.
  • New dedicated area to manage subscribed services: Customers can easily view, manage, and add new services.
  • Modern visual design: Updated across main landing pages, with more improvements coming throughout the app.

The refreshed MyBell app is a direct result of extensive research and collaboration with their customers. New customers or customers that don’t already have the app, can download it in the App Store or Google Play. For existing customers already using the app, check your phone settings to make sure that automatic app updates are enabled so that they are always running on the latest version of the MyBell app. 

UPDATE: Bell has asked me to pull the second half of this story as it has elements that are being worked on.

Leave a comment »

Freedom Mobile Expands Apple Watch Support To Their Nationwide Network… And Gives You More Data As Well

Posted in Commentary with tags on April 18, 2024 by itnerd

About an hour ago, I got this text from Freedom Mobile about their Apple Watch support. Something that my wife and I use:

So there’s some explanation that’s required to allow you to understand why this is a big deal. Let’s start with the fact that Apple Watch support is now available on their Nationwide network. Freedom Mobile’s Apple Watch support only worked on their own network. If you were outside of their network, as in you connected to a Rogers or Bell cell tower for example, your Apple Watch won’t get data. This is something that I admit that I never tested as that wasn’t top of mind for me when I did my testing of Freedom Mobile’s network a few months ago. That changes today as clearly Freedom Mobile have worked out some sort of an agreement with presumably Rogers and/or Bell and/or TELUS to allow Apple Watches belonging to Freedom Mobile customers to work on their networks.

That brings me to the second piece of news. Freedom Mobile has jacked Apple Watch users data buckets to 5GB up from 1GB at no extra charge. Now my wife and I are paying $10 a month each so that is a win for us. And to give you some points of comparison:

  • Bell wants $15 a month for 1GB of data
  • Rogers wants $15 a month for 1GB of data
  • I wasn’t able to find what TELUS charges. But they’re likely $15 a month for 1GB of data as well as all of the “big 3” tend to copy each other. Any who can point me towards a definitive price on their website can leave a link in the comments below.

Now to be clear, the most that I have ever used with my Apple Watch during one billing cycle is about 500 MB. So 5 GB is overkill. But it’s still welcome as it is not costing my wife and I anything. I’ll be interested to see how it performs and once the weather warms up a bit more, I’ll be sure to do some testing and report back to you.

In the meantime, you have to wonder what if anything the “big 3” will do to respond to Freedom Mobile and how they have priced their Apple Watch support. This is a pretty big gauntlet that they’ve thrown down, and you have to think that they will respond to it at some point.

1 Comment »

Trash Panda Partners With Goodfood To Give Real Life Rewards To Mark Zero Food Waste Day

Posted in Commentary with tags on April 18, 2024 by itnerd

 Trash Panda – the popular simulator where players act as scrap-scouring raccoons on garbage night in Toronto –  has partnered with Goodfood to give players real-life rewards to mark Zero Food Waste Day on April 24.

To generate attention around the need to fight food waste, the video game will give players bonus points and even real meal-kits (up to $250 OFF) when they find and unlock scrapless meal-kit boxes, as a reward for reducing food waste online – and hopefully offline!

The unexpected  partnership aims to shed light on Goodood’s commitment to reduce leftover scraps by offering meal-kits with zero  food waste – despite the disappointment of a few hungry trash pandas!

The LTO will be available to Canadians on Steam from April 24 (Zero Food Waste Day) until late May.

Leave a comment »

GuidePoint Security Finds Increased Ransomware Activity, New Group Behavior Patterns in Q1 2024 Ransomware Report

Posted in Commentary on April 18, 2024 by itnerd

 GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report.

In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. 

The GRIT Q1 2024 Ransomware Report takes an in-depth look at the shifting RaaS ecosystem, including the residual impact on LockBit from the Operation Cronos Task Force, an international law enforcement effort helmed by the UK National Crime Agency (NCA). Other notable Q1 ransomware events include an apparent exit scam from Alphv following its highly-publicized Change Healthcare ransomware attack, re-extortion attempts from Phobos affiliates and self-proclaimed renewed collaboration from members of the “Five Families” cybercrime collective.

Key Highlights of the Report: 

  • Q1 2024 resulted in a nearly 20% increase in reported victims over Q1 2023, despite the disruption of LockBit and the disbandment of Alphv, two of the largest and most prolific ransomware groups. 
  • The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024. 
  • The top three most active ransomware groups were LockBit, Blackbasta and Play. Even with significant law enforcement disruption in February 2024, LockBit maintained the top spot among RaaS service operations at 219 victims, albeit with a lower operational tempo compared to previous quarters. LockBit claimed an average of almost 3 victims per day before the disruption occurred on February 20th, and had an average of about 2 victims per day from February 24th through the end of March.
  • The industries most impacted by ransomware in Q1 2024 were manufacturing, retail & wholesale and healthcare, respectively. The retail & wholesale industry experienced a surge in observed activity during the quarter, accounting for 7% of all observed posts and overtaking healthcare to become the second-most impacted industry.
  • For the first time since Q2 2023, over half of all observed ransomware victims were based in the United States, making it the most targeted country with a total of 537 victims. Though the United Kingdom saw the largest decrease in observed victims by country (-26%), it still held the second highest number of observed ransomware attacks (60). 

The GRIT Q1 2024 Ransomware Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.

For more information:

Leave a comment »

Several Senators Release A Framework to Mitigate Extreme AI Risks

Posted in Commentary with tags on April 18, 2024 by itnerd

Yesterday, U.S. Senators Mitt Romney (R-UT), Jack Reed (D-RI), Jerry Moran (R-KS), and Angus King (I-ME) released a letter to the Senate artificial intelligence (AI) working group leaders outlining a framework to mitigate extreme AI risks. I encourage you to read the letter, but here’s the TL:DR:

Congress should consider a permanent framework to mitigate extreme risks. This framework should also serve as the basis for international coordination to mitigate extreme risks posed by AI. This letter is an attempt to start a dialogue about the need for such a framework, which would be in addition to, not at the exclusion of, proposals focused on other risks presented by developments in AI.

Under this potential framework, the most advanced model developers in the future would be required to safeguard against four extreme risks – the development of biological, chemical, cyber, or nuclear weapons. An agency or federal coordinating body would be tasked to oversee the implementation of these proposed requirements, which would apply to only the very largest and most advanced models. Such requirements would be reevaluated on a recurring basis as we gain a better understanding of the threat landscape and the technology.

Sounds interesting. But is it useful? Here’s what Kevin Surace, Chair, Token had to say:

This is great politics and important to state publicly, but it won’t protect anyone from these threats. The major model providers already have strong safeguards in place for these and similar threats (you cannot get an answer from ChatGPT on how to create a chemical weapon).

This changes nothing from all major US providers. They already strongly limit access to such content. However open source models being used by bad actors and rogue countries are not subject to these laws and will misuse the technology anyway.

Anyone can already Google how to create a biological weapon. Having the answers faster doesn’t really help someone with the chemistry, procurement, production and so on anymore than Google already did. But AI could create perhaps new compounds not well documented elsewhere. And the bad actors are already taking advantage of that with open source models.

This has zero impact on OpenAI, Microsoft, Google and so on. And it has zero impact on a rogue country using open source models.

I’m all for guardrails and safeguards. But they have to be useful. I am not yet convinced that this effort by these senators is useful. But I am free to be convinced otherwise. Let’s see if they can convince myself and others that this is a useful exercise.

UPDATE: I have additional commentary from Madison Horn, Congressional Candidate (OK-5) and cybersecurity leader:

The plan proposed by the Senators is crucial. We are in the midst of a new kind of Cold War with China, one that includes the race to harness AI. A comprehensive strategy to not only secure but also to fully harness the potential of AI is essential. The nation that leads in AI will not only dictate global markets but also define international norms for decades to come.

Executing a plan to mitigate AI risks is loaded with challenges. First, we need a solid strategy to retain top talent for any new agencies we might set up, and we must also forge strong partnerships with the private sector. Then there’s Congress—sometimes it seems like they’re in a tech time warp, which doesn’t help. Plus, we can’t let our drive for security strangle American innovation. We need to stay agile, adapting as new models and classifications emerge, and ensure we’re not shutting out new startups or inadvertently creating monopolies.

And let’s not overlook cybersecurity challenges. Ensuring these AI models aren’t leaked or stolen is crucial—our adversaries are definitely taking notes and will be trying to tap into this wealth of information that will be retained.

Artificial intelligence poses a significant threat, one that reshapes the global landscape in ways we haven’t witnessed since the post-WWII era. With new alliances forming, notably between Russia and China, the stakes in the AI war are extraordinarily high. The power of AI doesn’t just accelerate a country’s ability to dominate global markets; it also has the potential to shift global values depending on who emerges as the leader in this technology. In the most extreme scenarios, the misuse of AI could lead to catastrophic outcomes, potentially destroying the world in a matter of seconds. The race to harness AI, therefore, is not just about technological superiority but also about steering the future ethical and moral compass of our entire planet.

We need to keep the spark of American innovation alive—it’s also crucial for our national security. Collaboration with the private sector? Non-negotiable. With many of the few qualified individuals in Congress retiring or being pushed out of office by partisan politics, it’s up to the American people to step up. We must elect leaders who are not just filling a seat but who truly understand the complexities of today’s tech challenges. Leaders who have the understanding to craft and pass laws that safeguard our citizens without choking out our innovation and economic growth. This is about securing a future where America continues to lead, not follow.

1 Comment »

Australians Exposed In Smoke Alarm Service Provider Data Breach 

Posted in Commentary with tags on April 17, 2024 by itnerd

Over 700,000 documents belonging to Smoke Alarm Solutions, Australia’s largest smoke alarm installation and service provider, were exposed according to cybersecurity researcher Jeremiah Fowler. 

The key findings are as follows: 

  • 762,856 documents with a total size of 107 GB; 
  • 355,384 unique documents marked as invoices revealing Customers’ PII; 
  • Documents such as inspections, compliance reports and more. 

Should this data had been discovered by ill-intentioned hackers could have put their customers across Australia at risk to phishing attacks, financial fraud and even non-digital criminal activity, such as burglary or vandalism and more.

You can read all the details here:  https://www.vpnmentor.com/news/report-smokealarmsolutions-breach/

Leave a comment »

« Older Entries
Newer Entries »