Apple Posts A Document On Apple Threat Notifications…. Why You Should Read It And Why You LIKELY Shouldn’t Worry

Posted in Commentary with tags on April 11, 2024 by itnerd

From the “this doesn’t happen every day” department comes this document that Apple posted yesterday. In short, this covers what Apple threat notifications are and why you’d get one:

Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

So let me point out a couple of things. For the overwhelming majority of people who are reading this post, you will likely never get a threat notification because you’re likely not the target of a “mercenary spyware attack”. The targets for these sorts of attacks are typically politicians, journalists, and human rights activists for example. And the threat actors are typically governments who want to gather intelligence to ultimately silence those in the target group that I just named. But even given that fact, this article also goes into detail about what you need to do if you actually get a threat notification. And how to reduce the chance that you could be pwned by “mercenary spyware attacks” from people like the infamous NSO Group. Thus this is worth your time to at least read once or twice for reasons that I will get to in a moment.

Now if you’re still paranoid about this after everything that you’ve read so far, let me see if I can reassure you. Ted Miracco, CEO, Approov has some additional advice:

   “While Apple devices are believed to feature strong security measures and privacy features, there are certainly gaps.

   “Apple users can often develop a false sense of security, because the default settings on iOS are seemingly designed for user experience and convenience, and are not sufficient to guard against the most sophisticated attacks, such as mercenary spyware or state-sponsored cyber espionage. This reality is parallel to that of Android devices, where default settings also aim to balance security with user convenience, and so fall far short against highly targeted and well-funded attacks. Attackers have moved on from broad, clumsy attacks to highly targeted and sophisticated ones, and they’re deeply skilled, highly organized and well funded.

   “The key point here is not to single out one platform over another but to highlight the broader industry challenge. The existence of features like Lockdown Mode and Advanced Data Protection for iCloud on Apple devices underscores the company’s awareness of these sophisticated threats, and a commitment to offering tools that users can employ to enhance their security. However, these tools often require manual activation and a deeper understanding of the potential threats, leading to a gap in security for users who do not adjust beyond the default settings.

   “For Apple users, one of the most significant steps you can take to protect your data is enabling Advanced Data Protection for iCloud. This feature significantly enhances the security by using end-to-end encryption for a broader range of data types. We strongly urge users who might be at higher risk due to their profession or visibility, to also enable Lockdown Mode on their Apple devices. Lockdown Mode is a comprehensive shield designed to prevent the most advanced digital threats by limiting the attack surface that spyware exploits. 

   “Mobile users aren’t alone in this exposure.  App developers are similarly at risk from Apple and Android mobile devices, where sideloading allows their apps to be subject to cloning and other IP theft – security and fiscal issues that current app store structures perpetuate.”

Again, I want to stress that for the overwhelming majority of people who are reading this post, you will likely never get a threat notification. Largely because you will never be targeted by threat actors in this way. But the advice that is given in this post is a great way to reduce your attack surface so that you are safe from this or any sort of threat.

Leave a comment »

Majority of Canadian Businesses’ Network Connectivity is Good, but Downtime Continues to Impact Operations: Cradlepoint

Posted in Commentary with tags on April 11, 2024 by itnerd

Cradlepoint, part of Ericsson, the global leader in cloud-delivered LTE and 5G wireless network and security solutions, today announced findings from its 2024 State of Connectivity report which found 92 per cent of Canadians rate the overall reliability of their organization’s network connectivity as good or very good. However, downtime continues to be a concern for Canadian businesses, with 53 per cent of respondents saying they experienced one to two hours of connectivity downtime per week on average in the last 12 months, due to fixed line/fibre network failure. Twenty-eight per cent indicated they experienced three to four hours of downtime per week.

The survey, which was conducted by Censuswide, indicates these outages have affected productivity and the ability for organizations to be competitive. Specific impacts cited by business leaders include higher operational costs (45 per cent), operational inefficiencies (41 per cent), and loss of talent (36 per cent). Looking ahead, respondents indicated key investment areas that should be made for private and public Canadian organizations to address the advancement of connectivity include stronger security (43 per cent), improved reliability of communication networks (40 per cent) and faster roll-out of 5G/advanced wireless networks to rural areas (38 per cent). 

Improving connectivity is on the minds of many business leaders. Looking ahead over the course of 12 months, 25 per cent of respondents expect their business revenue to grow by 10 to 14 per cent as a direct result of improved connectivity.

5G: A priority for government and businesses
Respondents see the value 5G will bring to their organization, especially as it advances the competitiveness of Canadian businesses. Thirty-nine per cent of respondents indicated 5G will improve security; 38 per cent said it will offer expansion opportunities for business; and 37 per cent said it will improve bandwidth. Another 37 per cent said it will play a major role in infrastructure and transport. 

While many organizations are already taking advantage of the benefits of 5G networks, it continues to be a focus for the government and service providers. With the Federal government’s plan to offer local licensing, there will be easier access to 5G spectrum for small internet service providers and innovative industries as well as rural, remote and Indigenous communities – specifically, 80 MHz of mid-band spectrum at 3900-3980 MHz for local shared and private 5G networks, and portions of the mmWave bands for local use. Three quarters of Canadian organizations (73 per cent) indicated they are planning for this. 

However for some businesses, hurdles related to investing in 5G connectivity solutions remain. The top barriers reported by business leaders include complexity of change (30 per cent); perception of costs (27 per cent); concerns over the ability to secure connectivity across the enterprise (27 per cent); and 5G not being offered by a mobile carrier (27 per cent).

Securing connections
While security is always top of mind, as Canadian organizations leverage 5G and invest in new technologies such as IoT, it’s becoming even more important to combat bad actors who are developing new tactics and ways to compromise businesses. Over the last 12 months, 27 per cent of respondents said their business had been subject to a network security attack. Of those, 28 per cent indicated it was a major security breach that resulted in the loss of data.

Of those respondents who indicated their organization suffered an attack:

  • 40 per cent indicated their network security had been compromised by a data breach
  • 33 per cent indicated it was compromised by a denial-of-service attack
  • 33 per cent indicated it was compromised by phishing
  • 31 per cent indicated it was compromised by ransomware

Business leaders also indicated there is a gap in knowledge of some areas of their network. Seventeen (17) per cent of respondents said their network security had been breached as the result of a hacked IoT device, however almost nine out of 10 (89 per cent) were unsure of the number of IoT devices that were already deployed or are planned to be deployed in their organization in the next 12 months and beyond. 

Additional findings:

Improving security awareness and education will be key for organizations moving forward. Less than half of organizations are using or are familiar with crucial endpoint and network security solutions including the following:

  • Multi-factor authentication (45 per cent)
  • Secure Access Service Edge/SASE (39 per cent)
  • Web browser isolation (38 per cent)
  • Mobile device management (37 per cent)
  • Zero trust network access (36 per cent)
  • Edge security (36 per cent) 

Three-quarters (75 per cent) of Canadians believe the Canadian government is doing its part to ensure there is reliable connectivity across the country since the national outage in 2022. This number has increased from 72 per cent in 2023.

Sustainability is an important issue for organizations in Canada, with 76 per cent of respondents strongly agreeing or agreeing that it plays a key role in their organization’s short- and long-term goals and another 78 per cent noting that by increasing their sustainability efforts, they could help improve revenue.

  • In order to operate more efficiently and sustainably, however, 78 per cent of respondents agree that smarter facilities are required – for example, by incorporating IoT and connected devices.
  • Canadian businesses are making headway in this area, with many already using or planning to invest in technologies to reduce waste and make their facilities more efficient. In particular, 56 per cent of business leaders said they are already using cellular networks across the business to achieve this, with 41 per cent planning to invest within the next 36 months. 
  • Additionally, 76 per cent of businesses have IoT devices in place, and 42 per cent are already using AI and Machine Learning, with another 53 per cent planning to invest in these over the next three years.

The full 2024 State of Connectivity Report for Canada can be found here: https://cradlepoint.com/state-of-connectivity-2024-ca

Leave a comment »

Nuspire Enhances Managed Security Offerings with Dark Web Monitoring Integration

Posted in Commentary with tags on April 11, 2024 by itnerd

 Nuspire, a leading managed security services provider (MSSP), today announced that it has added Dark Web Monitoring to its portfolio of services and solutions. By integrating Dark Web Monitoring with Nuspire’s detection and response services, the new offering fortifies the existing managed security suite with a dual-layered defense strategy, effectively safeguarding client environments against both external intrusions and internal vulnerabilities.

Dark web intelligence is crucial for organizations aiming to detect and anticipate cybersecurity threats at their inception. This early detection is vital, as it occurs when threat actors are in the planning stages of their attacks. However, translating this raw intelligence into actionable strategies can be challenging because security teams often face hurdles such as a lack of context, time constraints and limited resources.

Nuspire’s Dark Web Monitoring service addresses these challenges by providing cybersecurity teams with actionable intelligence, enhancing both internal and external threat detection capabilities. This service not only identifies potential cyberattacks originating from the dark web, but also offers contextual analysis and recommended mitigation strategies.

The service works by scouring dark web marketplaces, forums, select threat actor communication channels, ransomware blackmail sites, credential exposure points and pastebins to locate compromised data from your organization. Dark Web Monitoring can integrate with any of Nuspire’s managed security services or can be used as a stand-alone service, and provides:

  • Continuous Dark Web Monitoring: Includes constant surveillance of the dark web to identify emerging threats.
  • Brand and Typo Squatting Monitoring: Continuously scans the internet for instances of brand impersonation and fraud intended to exploit customers, steal sensitive information or distribute malware. Includes option to add takedown services.
  • Data Breach Alert System: Promptly notifies organizations when their data is discovered on the dark web, enabling them to respond rapidly to potential security breaches.
  • Threat Analysis Reporting: Detailed reports offer insights into the nature and potential impact of threats detected on the dark web.
  • Customized Threat Intelligence: Provides threat intelligence specifically tailored to each organization’s unique needs.
  • Expert Alert Review: Cybersecurity experts analyze alerts to ensure they are accurate and relevant, helping to filter out false positives so organizations can focus on genuine threats.
  • Combine with Detection & Response Services: Nuspire experts handle the investigation and remediation directly in a client’s environment.

Learn more about Nuspire’s new Dark Web Monitoring service.

Leave a comment »

Review: EnGenius EXT1105P Switch Extender

Posted in Products with tags on April 11, 2024 by itnerd

The EnGenius EXT1105P Switch Extender is an interesting piece of kit with a very specific use case. And to understand that use case, let’s look at the the EnGenius EXT1105P Switch Extender:

This is the business end of the EnGenius EXT1105P Switch Extender. The gigabit input port is compatible with PoE++, which gives an input power of 51W to the switch, and the additional gigabit ports can all provide PoE+. With 802.3at PoE+, this can provide up to 25.50W to a device. And that’s all there is to this switch extender. There’s no power adapter on it because all the power comes in via the input port. Thus the use case for the switch extender goes something like this:

  • You need to power a bunch of devices in some corner of an office or warehouse that doesn’t have easy access to mains power. To get around that, you run a PoE cable to the location and plug it into this switch extender’s input port.
  • You then plug in your devices into any of the 4 ports. Given the level of power that it supports, I am guessing that this is intended for cameras or lower powered devices.

Setting this up was what I expect from any EnGenius product. Which is that it was laughably easy. All I had to do was the following:

  1. Power on the switch
  2. Use the QR code on the base of the switch to add it to the EnGenius app
  3. Done. Declare victory and have a beer.

After that I pugged in some PoE cameras that I borrowed from a client of mine and everything was working perfectly. There’s honestly not much more to say here as it does exactly what it says it is supposed to do with ease. I could complain that it doesn’t do 2.5 Gbps Ethernet if I wanted to nitpick something. But that would likely require more power and make this solution border on unworkable. The EnGenius EXT1105P Switch Extender goes for $119 USD and if you have a use case involving PoE that fits this switch extender, consider this a must buy.

Leave a comment »

Increased Risk Among Immature Threat Actors, Ransomware Operators: Research From GuidePoint Security

Posted in Commentary with tags on April 11, 2024 by itnerd

GuidePoint Security has released new research intelligence that explores the differences between the ransomware groups we “see on TV” – the large, established, and well-resourced RaaS operations – and the smaller, ad hoc, opportunistic, or “immature” ransomware groups that operate more quietly, generally impacting less well-defended victims. 

GuidePoint Security’s researchers highlight the increased risks and behaviors associated with such groups and provide two case studies of immature, high-risk groups – Phobos and DATAF LOCKER – that they observed during recent incident response efforts.

Popular images, depictions, and understanding of modern ransomware groups often focus on the largest and most established groups, maintaining media attention through high-profile attacks and sensationalist extortion tactics. 

While this segment of the ransomware ecosystem exists and remains, relevant, immature ransomware groups operating on the fringe continue to harm smaller and less well-defended organizations, often without a recognizable brand or name to aid in attributing and ascribing deceitful behavior. 

You can read the research here.

Leave a comment »

Cado Security Joins Wiz Integrations (WIN) Platform to Enable Cloud Forensics and Incident Response

Posted in Commentary on April 11, 2024 by itnerd

Cado Security today announced its partnership with cloud security provider Wiz and joins Wiz Integration (WIN) Platform. Cado Security enhances WIN by bringing the power of the Cado Security platform to the partner ecosystem so that Wiz customers can seamlessly integrate Cado into their existing cloud security workflows.

Mutual customers receive the following benefits:

Accelerate response time to cloud threats: Customers are enabled to rapidly kick off forensics investigations of AWS EC2 instances and automate forensics investigations of cloud resources using Wiz’s one-click forensics capabilities to accelerate the path to root cause and remediation.

Gain deep insights into the impact of threats: This integration empowers customers with deep forensics analysis capabilities, such as Cado’s AI Investigator, to better understand the root cause, scope, and implications of cloud-based threats, improving an analyst’s ability to respond appropriately.

Simplify incident response: Customers gain instant access to cloud resources and potentially compromised systems without configuring additional access requirements or having to work through other teams, saving analysts critical time during an investigation.

The combined value of these two offerings will streamline security for organizations on a cloud journey, regardless of where they may be on that journey.

WIN enables a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their cloud and software development lifecycle. Wiz integrates with a wide-range of technologies by partnering with companies like Cado Security to maximize the operational capabilities of organizations in WIN.

Leave a comment »

Telehouse launches new subsidiary to power Canadian digital innovation and growth

Posted in Commentary with tags on April 11, 2024 by itnerd

Telehouse, a leading global colocation data centre service provider, announced the launch of Telehouse Canada, bringing Canadian businesses the improved IT infrastructure and connectivity services needed to power Canadian growth and innovation. 

As Canadian organizations across all industries continue to invest in digital transformation and scale through advanced technologies like AI and Cloud Services, Telehouse Canada will meet the growing demand for highly resilient colocation services, digital connectivity and the enablement of High-Performance Computing.

Today’s announcement comes after Telehouse, together with parent company and Japanese telecommunications leader, KDDI, signed an agreement to acquire three Toronto data centres in June 2023. When fully operational, the new carrier-neutral data centres will provide more than 30MW of IT load.

KDDI has been steadily expanding Telehouse’s presence into new international markets since establishing the first Telehouse data centre in New York in 1989.  With the launch of Telehouse Canada, Telehouse now operates over 45 data centres across 10+ countries.

Leave a comment »

UK and Irish Taxi Passengers PII Exposed In Data Breach

Posted in Commentary with tags on April 11, 2024 by itnerd

Nearly 300,000 passengers using taxi apps that are powered by iCabbi, a Dublin-based cloud-based taxi dispatch system provider, had their personally identifiable information exposed according to cybersecurity researcher Jeremiah Fowler. 

The key findings are the following: 

  • Over 22,000 records; 
  • Several .csv documents revealing customers’ PII such as names, email addresses, phone numbers; 
  • Hundreds of thousands of email addresses including from renowned media outlets and government agencies. 

Should this data had been discovered by ill-intentioned hackers could have put their users across the UK and Ireland at risk to phishing attacks, identity or financial theft, and more.

You can find out more details here.

Leave a comment »

Epilepsy Foundation of Metropolitan New York Pwned In Ransomware Attack

Posted in Commentary with tags on April 11, 2024 by itnerd

After several days of reporting on supply chain attacks, it’s back to reporting on ransomware attacks on healthcare.

The Epilepsy Foundation of Metropolitan New York (EFMNY) was hit by a ransomware attack compromising confidential patient information. The foundation is dedicated to raising epilepsy awareness and assisting individuals in finding treatments, support, and resources. 

Attackers were able to encrypt some systems within the EFMNY’s network and according to the breach notification letter, the attack led to “the unauthorized access and/or acquisition of certain files from within the network.” This incident is characteristic of a double-extortion ransomware attack, where data is first stolen and then encrypted on the victim’s systems, with threats of data leakage unless a ransom is paid. 

Compromised data included:

  • Date of Birth
  • Social Security number
  • Account number
  • Medicare ID
  • Medicaid ID
  • Diagnosis code
  • Treatment location
  • Procedure type
  • Provider name
  • Treatment cost
  • Medical date of service
  • Billing/Claim information
  • Health insurance information

The organization’s subsequent investigation revealed that the electronic health record database remained unaffected. Nevertheless, unauthorized access to specific documents and folders within their systems was confirmed. Following “a comprehensive manual review,” we determined that “individual personal information may have been accessed and/or acquired by the unauthorized party.”

BullWall Executive, Carol Volk: (she/her)

   “Here we go again, another day, another ransomware attack. This time, the victim is the Epilepsy Foundation of Metropolitan New York (EFMNY), a critical organization providing support and resources for those affected by epilepsy. This incident underscores a disturbing cyberattack trend we see all too often, especially within the healthcare sector, where sensitive patient data becomes fodder for cybercriminals’ extortion schemes.

   “Historically, healthcare organizations have been prime targets for cyberattacks due to the valuable nature of the data they hold. Attacks on hospital & care facilities have been accelerating over the past 12 months, leading to the disruption of patient care and confidentiality. The impact of the EFMNY attack is profound, not just for the organization but for the individuals whose sensitive data was compromised. 

   “It brings to light the vulnerability of even specialized, non-profit healthcare entities and underscores the broader industry challenge of securing patient information against increasingly sophisticated cyber threats.

   “To mitigate such incidents, organizations must adopt a layered security strategy that includes regular cybersecurity awareness training for all employees, rigorous access controls, and the implementation of advanced threat detection tools, including ransomware containment. Equally important is the need for a robust incident response plan that can swiftly address data breaches, minimizing damage. As we’ve seen in the past, no entity is immune, and proactive measures are the best defense against relentless and evolving cyber threats.”

At this point I should start copying and pasting my thoughts on ransomware attacks on healthcare institutions because they honestly haven’t changed. Healthcare isn’t doing enough to protect themselves because they don’t have enough resources to protect themselves. That needs to change or I will continue to write stories like these day, after day, after day with no end in sight.

Leave a comment »

Appdome Partners With Atlassian To Automate Delivery Of Secure Mobile Apps

Posted in Commentary with tags on April 10, 2024 by itnerd

Appdome, the mobile app economy’s one-stop shop for mobile app defense, today announced it has released a new plug-in for the CI/CD cloud-based service from Atlassian Bamboo. The new pre-built plug-in connects the Appdome unified mobile app defense platform to Atlassian Bamboo CI/CD and enables teams to continuously code, build, validate, test and sign Appdome-secured mobile applications from the Bamboo CI/CD with ease. This new plug-in is part of the Appdome Dev2Cyber Agility Partner Initiative to advance the delivery of secure mobile apps globally.

Manual methods of coding or integrating point products for obfuscation, RASP, anti-tampering and other defenses in Android and iOS apps are complex, resource-intensive and brittle. The Appdome Unified Mobile App Defense platform leverages machine learning and automation to code, build, validate, test and release cybersecurity, anti-fraud and other defenses in iOS and Android apps. With the new Appdome for Atlassian CI/CD Plug-In, Atlassian Bamboo customers can fully automate the end-to-end lifecycle for any of Appdome’s 300+ mobile app defenses including runtime application self-protection (RASP), code obfuscation, mobile data encryption, man-in-the-middle attack prevention, anti-malware, anti-fraud, anti-cheat, anti-bot, geo compliance, social engineering and other protections and keep pace with modern DevOps pipelines.

Today, global consumers demand more protection than ever in their mobile app experiences. Appdome’s recent global consumer survey revealed that 94% of global consumers would promote a brand if the mobile apps protected them against security, fraud and malware risks. 68% also indicated they would abandon brands that offered no protection.

For more information on how to use the Appdome Build2Secure Task for Atlassian Bamboo, please see this knowledge base article.

Leave a comment »

« Older Entries
Newer Entries »