Today Is World Backup Day

Posted in Commentary with tags , , , on March 31, 2024 by itnerd

 World Backup Day 2024 is today. 

Founded in 2011 by Ismail Jadun, a digital strategy and research consultant, World Backup Day is an annual event aimed at raising awareness about the importance of regularly backing up personal and professional data to prevent data loss. The day encourages individuals and businesses to take the pledge to secure their data by creating copies in different locations, ensuring that important information is protected against unforeseen events.

Carl D’Halluin, CTO of Datadobi, and Oleksandr Maidaniuk, VP of Technology at Intellias, and Bin Fan, Chief Architect and VP of Open Source at Alluxio, had this to say about this important day: 

Carl D’Halluin, CTO, Datadobi

“This World Backup Day, I want to remind everyone that protecting your data with backups isn’t just a technical formality. Given the virtually unavoidable risks of ransomware, malicious or accidental deletions, and countless other threats – it’s absolutely crucial for the health of your business.

The first step? Get your arms around your data. You cannot protect it, if you do not know what you have. Then…

A well-thought-out and tested data backup strategy, together with a combination of robust data security and management solutions, can significantly enhance operations resilience. Add to that the crucial but sometimes missed step of a “golden copy” (i.e., an immutable copy of your business-critical data in a secure and remote site) and your business will be protected today, as well as ideally positioned to support business continuity well into the future.”

Oleksandr Maidaniuk, VP of Technology, Intellias

“Data is the virtual lifeblood of today’s organizations, so as World Backup Day 2024 rolls around, we need to appreciate how crucial regular data backups are for keeping our businesses running without interruption, even in the face of a simple outage or a manmade or natural disaster.

Of course, implementing a seamless backup and disaster recovery (DR) strategy is easier said than done, due to the complicated interplay of technological, regulatory, and operational factors. The heterogeneous nature of data and technology platforms and the increasingly complicated and stringent compliance mandates combined with the need to minimize – if not eliminate – downtime requires a nuanced approach.

At the end of the day, it all boils down to knowing how to strike the perfect balance between protecting all our data thoroughly and using our resources wisely. This way, we can get back on our feet fast after any setback without disturbing our daily work. Savvy folks in data management understand that if we don’t have this kind of know-how already in our team, we might need to team up with a reliable partner. This partner should be all about giving businesses the latest, customized backup solutions that do more than just keep data safe; they should fit exactly with what we need and want to achieve. The ideal partner will be just that – a partner that acts as an extension of your internal capabilities – enabling you to leverage advanced technologies like cloud storage, automation, and AI and in doing so, enhance the resilience of your businesses, making data protection seamless and reliable. On World Backup Day and every day, let’s pledge to prioritize backup, DR, and business continuity to ensure our data remains safe, our operations resilient, and our future secure.”

Bin Fan, Chief Architect and VP of Open Source, Alluxio

“Every year, the amount of data we produce increases significantly. World Backup Day is a call to action, urging us to reconsider our strategies for simplifying backup and recovery to keep pace with the significant increase in data production each year.

As we scale the data storage, timely data movement is a necessity, whether for archiving data in more economical storage or for duplicating data to another center as part of a disaster recovery plan. However, this process can be complex and operational-heavy. We should keep optimizing and streamlining data movement across multiple storage systems.

On this World Backup Day, let’s commit to exploring more efficient and effective ways to protect and manage our growing data, ensuring we’re prepared for any unforeseen circumstances that may arise.”

Molly Presley, SVP of Global Marketing, Hammerspace:

“On this World Backup Day, it’s important to remember the increasing role of automation in accurately identifying, protecting, and utilizing an organization’s data assets. In our current data-focused society, detailed, actionable metadata is crucial for utilizing data fully. However, managing vast amounts of unstructured data across various storage systems, locations, and multiple cloud platforms can be difficult and require significant time and effort. Furthermore, as the number of devices that generate data increases, relying solely on manual processes is time-consuming and risky.

Implementing global-level data protection services with automated policies allows organizations to identify newly created data across the entire data environment, automate data copy creation controls and data services, and ensure global data protection on any infrastructure as well as compliance with corporate governance requirements. Automated, global-level data protection empowers organizations to simplify their data management and unlock the full potential of their data. It will become the new norm for data protection.”

Leave a comment »

An Email #Scam Using CIBC’s Name Is Making The Rounds

Posted in Commentary with tags , on March 30, 2024 by itnerd

There’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.

Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:

This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:

At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:

Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:

Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:

They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.

Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.

Leave a comment »

Panther Labs Advisory: CVE-2024-3094 – Linux Supply Chain Compromise Affecting XZ Utils Data Compression Library

Posted in Commentary with tags on March 30, 2024 by itnerd

Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.

Background

The XZ Utils library is used for data compression on Unix/Linux operating systems. It is a command-line tool used to compress and decompress XY files. On March 29, 2024, a supply-chain compromise was discovered in the XZ package as malicious code that could provide a backdoor into systems through this utility. At this time, it is believed that only XZ Utils versions 5.6.0 and 5.6.1 are impacted. 

It is too early to tell if the malicious code has been exploited, as the issue was just discovered, research is still ongoing, and more information will be made available by the security community in the coming days, we will update this page with more information as it is available. It is uncertain if the individual who made the code commits containing the malicious code is directly responsible or if their system or accounts have been compromised. 

Is Panther Affected?

Panther’s security team has assessed the vulnerability, and at this time it does not impact the Panther platform. We will continue to evaluate the risk as more information is made available. It is also important to note that Amazon Web Services (AWS) states that its infrastructure is not impacted, as it does not utilize the XZ Utils library at all.

How to Identify if a System Is Affected

Most systems using the XS Utils library are running version 5.2 / 5.4, which are not affected, 5.6 is the compromised version. To identify if your system is impacted you can run “xz -V” on the command line to see what version you are running.

What if My System Has the Affected Version?

It is recommended that users downgrade their XZ Utils to the prior uncompromised version, such as XZ Utils 5.4.6 Stable. As the issue is still being investigated, there are currently no IoCs or specific guidance on what to look for to identify if a system has been exploited. If you identify a system with the affected version, extra vigilance should be applied to monitor those systems and hunt for signs of malicious activity.  Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.

Leave a comment »

The White House Announces New Rules For The Use Of AI In Federal Agencies

Posted in Commentary with tags on March 29, 2024 by itnerd

The White House has announced new AI rules, stating U.S. federal agencies must show that their AI tools aren’t harming the public, or stop using them:

By December 1, 2024, Federal agencies will be required to implement concrete safeguards when using AI in a way that could impact Americans’ rights or safety. These safeguards include a range of mandatory actions to reliably assess, test, and monitor AI’s impacts on the public, mitigate the risks of algorithmic discrimination, and provide the public with transparency into how the government uses AI. These safeguards apply to a wide range of AI applications from health and education to employment and housing.

For example, by adopting these safeguards, agencies can ensure that:

  • When at the airport, travelers will continue to have the ability to opt out from the use of TSA facial recognition without any delay or losing their place in line.
  • When AI is used in the Federal healthcare system to support critical diagnostics decisions, a human being is overseeing the process to verify the tools’ results and avoids disparities in healthcare access.
  • When AI is used to detect fraud in government services there is human oversight of impactful decisions and affected individuals have the opportunity to seek remedy for AI harms.

If an agency cannot apply these safeguards, the agency must cease using the AI system, unless agency leadership justifies why doing so would increase risks to safety or rights overall or would create an unacceptable impediment to critical agency operations.   

To protect the federal workforce as the government adopts AI, OMB’s policy encourages agencies to consult federal employee unions and adopt the Department of Labor’s forthcoming principles on mitigating AI’s potential harms to employees. The Department is also leading by example, consulting with federal employees and labor unions both in the development of those principles and its own governance and use of AI.

Craig Burland, CISO, Inversion6 had this comment:

The administration continues to demonstrate vigilant leadership in cybersecurity domains, modeling what they want (and maybe expect) to see from the private sector. It’s clear that AI poses both a compelling opportunity and significant threat to how people use and interact with technology. The government’s commitment to human oversight of AI for highly personal and highly impactful decisions is both sensible and prudent given the immaturity of AI. ChatGPT burst into the public consciousness just over a year ago. AIs and LLMs are not ready to make decisions about healthcare or government services. In human terms, these tools are barely toddlers! At the same time, the administration adds friction to AI advancement with requirements about oversight and transparency, and it is lowering barriers for agencies where that friction is no longer warranted like FEMA, the CDC, and the FAA. This demonstration of balance speaks highly of their approach to harness the disrupting of AI without unleashing it on an unsuspecting public. 

A cautious approach to AI is warranted seeing as AI has had a few “misfires” over the years. And the worst thing that can possibly happen is that one of those “misfires” turns into a catastrophic event.

Leave a comment »

NHS Trust Confirms That Clinical Data Related To Patients Leaked As Part Of Getting Pwned

Posted in Commentary with tags on March 28, 2024 by itnerd

Yesterday, following the attack on its systems earlier this month, the Scottish NHS confirmed in an online statement that clinical data relating to a small number of patients has been published by a “recognized ransomware group.”

On March 14th, the original statement by the NHS confirmed that hackers had accessed “a significant amount of data including patient and staff-identifiable information.”

The ransomware group then followed with a threat on its leak site that it will soon publish 3TB of data relating to NHS Scotland patients and staff unless its demands are met. The threat actor posted a ‘proof pack’ which shows sensitive clinical documents, including genetics reports and letters between doctors discussing patient treatments.

NHS Dumfries and Galloway Chief Executive Jeff Ace acknowledged that the information has been released by the attackers to prove it is in their possession. He made no reference to any ransom demand made by the group.

Morten Gammelgard, EMEA, co-founder, BullWall had this to say:

   “Although the NHS is unlikely give into any ransom demands, the recent warning from Ransomware groups towards the healthcare industry should be taken very seriously as recent US events in healthcare in US and UK shows.

   “Private patient data is incredibly valuable to attackers. Hospitals store large amounts of patient data, often in an unencrypted format. This sensitive and confidential data can be sold on, or used for extortion as is the case with NHS Dumfries and Galloway.

   “Systems can always be breached and often you are fighting an invisible enemy unless you have the server intrusion tools to pick up the breach in the first place.

   “The Critical IT infrastructure is becoming the most desired target for the Ransomware gangs and hospitals are under immense pressure to pay the ransom to get the confidential personal records back and avoid the embarrassment and reputational damage following a breach like this.”

Healthcare continues to be a prime target for threat actors. This case should serve as another warning that those in this sector need to beef up detection and prevention so that they avoid being my next headline.

Leave a comment »

Elon Musk Appears To Get More Desperate As It Appears That Twitter Continues To Bleed Users

Posted in Commentary with tags on March 28, 2024 by itnerd

I haven’t written about the train wreck next to a dumpster fire that Twitter is in a while. But this Sky News article caught my interest. Let’s start with the desperation that is strong with Elon by him making this move:

Elon Musk has announced further changes to social media platform X that will see certain accounts get premium features for free.

The tech billionaire, writing on the platform formerly known as Twitter, said all accounts with more than 2,500 verified subscriber followers would be able to access features that usually cost $8 (£6.30) a month.

Premium features include the ability to edit and write longer posts, as well as reducing the number of adverts seen by the user. It also gives the account holder a blue tick next to their display name.

So this is interesting. I seem to recall that Elon argued that he had to charge $8 a month for certain features to allow Twitter to make money. But now he’s making said features free to a subset of users. Which means he’s not making as much money. I wonder why he’s doing that? Perhaps this is the reason:

It comes after the company denied reports that the number of people logging in to X has plummeted since Musk took over.

Worldwide daily users of X’s mobile app fell to 174 million in February, down 15% from a year earlier, according to research by data firm Sensor Tower.

X’s own figures also suggest a decline since November 2022, Sky’s US partner NBC News reported.

The company said earlier this month it had 250 million active daily users – which is down from the 258 million claimed by Musk at around the time when he took over the firm.

Other social media platforms, including InstagramFacebook and TikTok, have in contrast experienced “modest” increases in users over the past year, researchers said.

“This decline in X mobile app active users may have been driven by user frustration over flagrant content, general platform technical issues, and the growing threat of short-form video platforms,” Sensor Tower senior analyst Abe Yousef said.

A spokesperson for X described the research figures as “inaccurate” and added: “Both our own data and self-reported data from other platforms tells a different story.”

In short, my thinking is that Elon is making this move to try and stop users from leaving. And then if he can stop the bleeding, he’s going to go back to figuring out how to make a buck off of those users. It’s a strategy I suppose. But it highlights the fact that Twitter is a mess since Elon took over and Elon doesn’t know how to fix the damage that he has caused. Thus highlighting the fact that he’s not as smart as everyone thinks he is.

I’ve said it before and I will say it again. Sucks to be you Elon.

Leave a comment »

Approov & PreEmptive Partner For Comprehensive, Effective Mobile Security Regardless of App Store

Posted in Commentary with tags on March 28, 2024 by itnerd

Approov, a leader in mobile application and API security, and PreEmptive, a pioneering force in application security, today joined forces to provide comprehensive mobile application protection as the EU Digital Markets Act takes effect. The joint solution addresses the main challenges for mobile app security: protecting intellectual property and app shielding, as well as runtime threats to apps and the need for app attestation.

The EU DMA forces Google and Apple to allow side-loaded apps via alternative app stores which reduces the effectiveness of the security mechanisms provided by these vendors. For example, the theft of app intellectual property, creation of illegal copies of apps, and manipulation of apps at runtime are all harder for Google and Apple to prevent.

PreEmptive and Approov have partnered to effectively protect app intellectual property and prevent runtime tampering through a straightforward, cross-platform solution to these challenges that are compatible with both iOS and Android. This effective and easy-to-deploy security solution for mobile apps seamlessly integrates with the CI/CD pipeline and SAST/DAST solutions, and is not dependent on Apple or Google. It includes:

  • Comprehensive shielding of Android and iOS mobile app code from reverse engineering and intellectual property theft.
  • Runtime app attestation to prevent cloned and copied apps.
  • Anti-tampering checks to detect client OS manipulation and the presence of emulators and hostile frameworks at runtime.
  • API and communications channel protection by using dynamic certificate pinning.
  • Dynamic API Key and certificate management to prevent API abuse.

There are fundamental security challenges with mobile apps: they can be reverse engineered, analyzed, cloned, modified, or copied, and the environments they run in can be hacked, rooted, instrumented, and manipulated to interfere with the operation of an app. Apple and Google provide only basic app protection and attestation, but these are limited and are dependent on features of the Apple App Store and on Google Play. Stronger security measures are needed.

Approov and PreEmptive address these challenges with a joint solution that works across all platforms and application types — independent of the app store employed to distribute apps. This means users can future-proof your application security while continuously monitoring for and preventing app and API abuse.

Under terms of the partnership:

  • Approov can resell Dotfuscator and JSDefender, and the PreEmptive mobile shielding products: PreEmptive DashO for Android, and Defender for iOS.
  • Approov provides an extended 90-day trial period of Approov RASP and runtime analytics to PreEmptive customers.

April 24 Joint Web Seminar Explains It All

Approov will host a joint web seminar on the impact of the EU Digital Markets Act with PreEmptive on April 24, 2024, at 11am US Eastern Time (ET). The one-hour session will delve into mobile app vulnerabilities and demonstrate how PreEmptive and Approov effectively protect app intellectual property and prevent runtime tampering, with a straightforward approach compatible with both iOS and Android. Attendees will learn:

  • How the EU Digital Markets Act exposes the limitations of Google and Apple mobile security.
  • Why the two main challenges for mobile app security are: (1) The protection of intellectual property and the need for app shielding; and (2) Runtime threats to apps and the need for app attestation.
  • How to easily and effectively defend against these threats as the EU DMA takes effect
  • How PreEmptive and Approov together provide an effective and easy-to-deploy security solution for mobile apps that is not dependent on Apple or Google.

Register for the webinar here: https://approov.io/info/joint-webinar-comprehensive-and-effective-mobile-security

Leave a comment »

Quarter Of Industrial Enterprises Have Temporarily Shut Down Operations Due To A Cyber Attack: Palo Alto

Posted in Commentary with tags on March 28, 2024 by itnerd

Palo Alto Networks’ recently released The State of OT Security 2024 report. The report revealed the reality, extent, and changing nature of security threats to operational technology (OT) in industrial environments.

Spotlighting the frequency of cyberattacks and examining the struggles and implications organizations’ face when navigating these threats, the report found that within Canada:

  • Almost two-thirds industrial organizations have experienced cyberattacks in the past year.
  • 1 in 4 Canadian and global organizations had to shut down operations due to an attack.
  • IT is the main attack vector, with 71% of attacks originating there.
  • Nearly 75% reported that AI-enabled attacks on OT-infrastructure is currently a critical issue; 81% agreed that AI-enabled security solutions are critical in detecting and stopping OT-infrastructure attacks.
  • 82% of respondents believe Zero Trust is the right approach to OT security.

The full global report can be viewed here or downloaded here.

Leave a comment »

Ontario School Boards Suing TikTok, Meta, And Snapchat For $4.5 Billion

Posted in Commentary on March 28, 2024 by itnerd

Well, I must admit that I did not see this coming. CP24 and The Toronto Star are both reporting that Meta, Snapchat and TikTok are being sued by for Ontario school boards. This is what the Toronto Star had to say:

In four separate but similar cases filed Wednesday in Ontario’s Superior Court of Justice, the public boards in Toronto, Peel and Ottawa and the Toronto Catholic board allege the popular social media platforms were “designed for compulsive use (and) have rewired the way children think, behave, and learn” and are calling on the companies to make improvements, say their statements of claim. 

School boards have had to bring in staff, resources and programming to mitigate the “significant impacts that these addictive platforms are having on our students,” said Colleen Russell-Rawlins, director of education at the Toronto District School Board, the country’s largest. 

“We’re managing mental health challenges, loneliness and … discrimination — the slurs that we’re seeing students use, some of that emanates from what’s on social media,” she added.

“We really want to raise awareness and ultimately get these companies to acknowledge and to make these things safer,” added Brendan Browne, director of education for the Toronto Catholic District School Board.

The social media companies in question haven’t said anything to either The Toronto Star and CP24, but I can’t imagine that they aren’t going to be happy. If this succeeds, it’s likely to be copied by other school boards in other places. Which means that this could become a huge problem for all of these companies. It’s also bad press for these companies that I am pretty sure that they don’t need right now.

What I am watching for in the coming days or weeks is to see how the social media companies respond to this. Specifically how they delay or stop this from moving forward as that likely is going to be how they respond to these lawsuits.

Get the popcorn ready.

Leave a comment »

New Attack Path Exploits Microsoft SCCM: Researchers Discover Undocumented Way to Compromise Account Privileges

Posted in Commentary with tags on March 28, 2024 by itnerd

GuidePoint Security has unveiled the discovery of an undocumented way to compromise an account and elevate privileges inside an SCCM (System Center Configuration Manager) – aka Microsoft Endpoint Configuration Manager (MECM) – network. 

GuidePoint Security’s Threat & Attack Simulation (TAS) team detected SCCM exploitation for account compromise, finding the conditions that can compromise SCCM client push and machine accounts through automatic site-wide client push installation and Active Directory system discovery. 

Due to the permissions these accounts hold, this can lead to an SCCM site takeover or, in the case of the SCCM push account, administrative privileges over numerous computer objects within the domain.

The TAS researchers are the first to find this novel attack path across the industry in SCCM, an endpoint management tool. 

With certain conditions explained, an attacker may be able to retrieve the hashed credentials for all configured SCCM push accounts, meaning they may be able to access admin privileges.

You can read about this here.

Leave a comment »

« Older Entries
Newer Entries »