Even Well-Run Networks Can Be Malware Vectors Says HYAS

Posted in Commentary with tags on April 2, 2024 by itnerd

The Weekly Threat Intelligence Report from David Brunsdon, Threat Intelligence Security Engineer with HYAS, is a (curated) analysis of what the threat intel team has seen within the HYAS Insight threat intelligence and investigation platform this past week and deemed the most significant to report externally. It names the most prominent malware families active over the last week, as well as the top C2-generating locations worldwide for the week. 

Analysis by Adam Lopez, Director of Solutions Engineering at HYAS:

   “Reviewing the top ASNs and malware origins generating C2 communications reveals involvement of ISPs from South Korea (AS9318), Italy (AS8968), the UK (AS216309 and AS216319), and Japan (AS7684), which underscores the global nature of cybersecurity threats. Malware does not discriminate by geography, affecting ISPs worldwide, indicating the pervasive risk across different network infrastructures. A recurring theme is the presence of malware activity despite the ISPs’ reputations for quality service. 

   “This suggests that even well-managed networks can become vectors for malware dissemination, highlighting the importance of constant vigilance, sophisticated monitoring, and robust security protocols to detect and mitigate threats. 

   “The identification of specific malware families (Amadey, Redline, Urelas, Sality, Stealc) indicates a range of cyber threats, from information stealers to polymorphic viruses, showcasing the complexity and adaptability of cyber adversaries. The diversity of these threats necessitates a multifaceted security approach, combining technical, procedural, and educational strategies to counteract them effectively.”

The full HYAS Threat Intel Report April 1, 2024, is linked above and is very much worth reading.

Leave a comment »

Trump Media Stock Nosedives After The Company Posts A Massive Loss

Posted in Commentary with tags on April 1, 2024 by itnerd

So when we last looked at the other train wreck next to the dumpster fire in social media that is known as Truth Social, the company merged with Digital World Acquisition Company which as part of the deal took Truth Social public. That looked good at the start, but now this is what their stock looks like:

So as you can see, there was a spike when the merger happened. But it’s fallen off a cliff since. Why you ask? Yahoo has the answer:

The stock drop comes on the heels of an updated regulatory filing early Monday that showed the company taking on heavy losses and facing “greater risks” associated with the former president’s ties to the platform.

According to the filing, Trump Media reported sales of just over $4 million as net losses reached nearly $60 million for the full-year ending Dec. 31. The company warned it expects losses to continue amid greater profitability challenges.

“TMTG has historically incurred operating losses and negative cash flows from operating activities,” the filing read.

“TMTG expects to continue to incur operating losses and negative cash flows from operating activities for the foreseeable future, as it works to expand its user base, attracting more platform partners and advertisers.”

Truth Social has lured about 9 million users since its inception. But its success largely depends on the “reputation and popularity” of former President Donald Trump.

“TMTG may be subject to greater risks than typical social media platforms because of the focus of its offerings and the involvement of President Trump,” the company said, citing risks that include the harassment of advertisers and criticism of Truth Social’s moderation practices.

“The value of TMTG’s brand may diminish if the popularity of President Trump were to suffer.”

Notably, Trump Media revealed it heavily relies on advertising with ad sales contributing to a “substantial majority of our revenue.”

“If we experience a decline in the number of users or a decline in user engagement, including as a result of the loss of high-profile individuals and entities who generate content on Truth Social, advertisers may not view Truth Social as attractive for their marketing expenditures, and may reduce their spending with us, which would harm our business and operating results,” the company warned.

Investors in this company have been introduced to reality. Which is business fundamentals trumps blind and illogical devotion to an individual. My question is how long will the investors in this stock wait until they pull the plug and sell which will make life very different for a certain Donald J. Trump who I am sure was hoping to seriously cash in on this.

Leave a comment »

I’m Actually Bullish On EV’s…. Let Me Share With You Why

Posted in Commentary with tags on April 1, 2024 by itnerd

Last week I put out an article about why Canada is not ready for a transition to electric vehicles. Some people after that article came out emailed me to ask why I was anti-electric vehicle. To be clear, I am not anti-EV. I just believe that a lot has to happen before Canada can transition to them. To illustrate that I would like to give you the reasons why I am bullish on EV’s:

  1. EV’s can help to (mostly) solve our problem with greenhouse gases. The reason why I say “mostly” assumes that the source of electricity is clean as well. But assuming that this is the case, EV’s can help to reduce greenhouse gases. The knock on effect on that is that greenhouse gases have effects on human health. So reducing greenhouse gases can only help humans and other species live longer.
  2. EV’s can reduce our reliance on fossil fuels. That’s a good thing as fossil fuels often come from places that may not be the best places to deal with. On top of that, extracting fossil fuels is a dirty business. None of that is cool. Thus any reduction in use of fossil fuels is a good thing.
  3. Jobs. Frankly a transition to a green economy can only be a boost to the economy. And people need to wrap their heads around that and do things to foster that. After all, we need charging infrastructure, people to build EV’s, etc. And these will be high skill, high wage jobs. That’s going to be good for the economy as a whole. That’s a win for all of us.

So to conclude, I am not anti-EV. I am pro EV as there are benefits to being pro EV that benefit us in one or more ways. My argument in my original article was that we need to be prepared to make that change. And at the moment, we’re simply not ready.

1 Comment »

Bell Execs Get Big Bonuses Despite Missing Their Own Targets

Posted in Commentary with tags on April 1, 2024 by itnerd

Now I’m a bit late to this party. But I wanted some time to think about this topic before posting something.

This must make you angry if you’ve recently been fired by Bell via video call. A whole bunch of execs at Bell got serious bonus money. This despite the fact that they missed their own targets. Here’s what The Globe And Mail is reporting:

The company paid chief executive officer Mirko Bibic an annual bonus of $2.96-million as part of a $13.43-million compensation package last year, the company disclosed in its proxy circular to shareholders. His bonus was down slightly from $3.09-million in 2022.

Wade Oosterman, president of Bell Media until his retirement in January, received a bonus of $1.08-million as part of $4.87-million in total compensation. Three other executives in their roles for all of 2023 received bonuses of between $853,470 and $923,400 as part of pay packages between $4.5-million and $6-million.

Here’s the problem with this:

In its compensation disclosure, BCE said it fell short of all three financial targets in its annual bonus plan – revenue, free cash flow and adjusted earnings before interest, taxes, depreciation and amortization (EBITDA). The misses were tiny: For example, BCE had a target of $10.454-billion for revenue, but posted $10.417-billion – a $37-million miss.

So let’s think about this. Bell is basically a regulated monopoly. But Bell missed the above KPI’s. On top of that, if you look at their stock value, it’s down over the last year:

Thus I am trying to figure out why any of these execs deserve bonuses based on all of this. Bell claims that they do this to retain talent. But it really gives the appearance that Bell execs are trying to line their own pockets at the expense of their workers who lost their jobs and Canadians who won’t be getting Bell’s top end services such as Fibe Internet because Bell is mad at the CRTC and the Canadian government. Honestly, if any exec in any other company missed ALL their key performance indicators, they at the very least would not get their bonus money. At most they’d be gone.

Sometimes you just have to shake your head. In disgust.

Leave a comment »

HYAS Launches Free Intelligence Feed

Posted in Commentary with tags on April 1, 2024 by itnerd

HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, today announced the launch of its free HYAS Insight Intel Feed.

HYAS leverages data from diverse authoritative sources, including exclusive, private, and commercial datasets, to provide organizations with unparalleled insights into emerging threats. By offering this invaluable resource at no cost, HYAS aims to empower security teams to detect, mitigate, and better defend against cyber threats and safeguard organizational assets.

Bridging the Threat Intel Gap

Unlike conventional intelligence feeds, which often lack context and actionable insights, the intelligence generated by the HYAS Adversary Infrastructure Platform delivers concentrated and actionable intelligence on specific malware families and associated infrastructure. This unique approach enables security operations centers (SOCs), cyber threat intelligence (CTI) teams, and fraud investigation units to readily identify and respond to emerging threats effectively.

The HYAS Insight Intel Feed incorporates information on IP addresses, domains, and other forms of infrastructure leveraged by threat actors to orchestrate malicious activities. By providing timely and relevant insights into exploited infrastructure, HYAS enables organizations to enhance their security posture and proactively mitigate risks. HYAS ensures the continual validation, prioritization, and enrichment of its free intelligence feed providing users timely and proactive insights to bolster organizational security effectively.

Driving Operational Excellence

The free HYAS Insight Intel Feed caters to a wide range of use cases, including:

  • Intelligence enrichment and improved context for SOAR, TIP, and threat intel management programs
  • Real-time IOC/observables for detection and blocklisting
  • SIEM event correlation and analysis
  • Improves SOC teams’ triage process, incident response, and threat hunting
  • Provides cyber threat intelligence (CTI) teams previously unavailable insight and analysis
  • Gives fraud teams meaningful, powerful new investigative abilities 

Register for the Feed

Access the free HYAS Insight Intel Feed
 

Leave a comment »

Current And Former AT&T Customers Have Had Their Data Leaked To Unknown Parties

Posted in Commentary with tags , on April 1, 2024 by itnerd

Well, this isn’t good.

AT&T has admitted to a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. That’s bad. According to the statement put out by AT&T the following number of people have been affected:

  • 7.6 million current AT&T account holders
  • Approximately 65.4 million former account holders

The worst part is that the data is floating around a hacker forum on the dark web.

Lovely.

AT&T has set up a new webpage reporting the incident, with tips on how customers can keep their account secure. And on top of that, the page says that the passcodes for the 7.6 million AT&T customers have been reset because they were pwned.

It really seems to me that AT&T is really doing its best to try and minimize this whole incident. Which means that this could really be worse than we know.

Stay tuned for more on this story.

Leave a comment »

Today Is World Backup Day

Posted in Commentary with tags , , , on March 31, 2024 by itnerd

 World Backup Day 2024 is today. 

Founded in 2011 by Ismail Jadun, a digital strategy and research consultant, World Backup Day is an annual event aimed at raising awareness about the importance of regularly backing up personal and professional data to prevent data loss. The day encourages individuals and businesses to take the pledge to secure their data by creating copies in different locations, ensuring that important information is protected against unforeseen events.

Carl D’Halluin, CTO of Datadobi, and Oleksandr Maidaniuk, VP of Technology at Intellias, and Bin Fan, Chief Architect and VP of Open Source at Alluxio, had this to say about this important day: 

Carl D’Halluin, CTO, Datadobi

“This World Backup Day, I want to remind everyone that protecting your data with backups isn’t just a technical formality. Given the virtually unavoidable risks of ransomware, malicious or accidental deletions, and countless other threats – it’s absolutely crucial for the health of your business.

The first step? Get your arms around your data. You cannot protect it, if you do not know what you have. Then…

A well-thought-out and tested data backup strategy, together with a combination of robust data security and management solutions, can significantly enhance operations resilience. Add to that the crucial but sometimes missed step of a “golden copy” (i.e., an immutable copy of your business-critical data in a secure and remote site) and your business will be protected today, as well as ideally positioned to support business continuity well into the future.”

Oleksandr Maidaniuk, VP of Technology, Intellias

“Data is the virtual lifeblood of today’s organizations, so as World Backup Day 2024 rolls around, we need to appreciate how crucial regular data backups are for keeping our businesses running without interruption, even in the face of a simple outage or a manmade or natural disaster.

Of course, implementing a seamless backup and disaster recovery (DR) strategy is easier said than done, due to the complicated interplay of technological, regulatory, and operational factors. The heterogeneous nature of data and technology platforms and the increasingly complicated and stringent compliance mandates combined with the need to minimize – if not eliminate – downtime requires a nuanced approach.

At the end of the day, it all boils down to knowing how to strike the perfect balance between protecting all our data thoroughly and using our resources wisely. This way, we can get back on our feet fast after any setback without disturbing our daily work. Savvy folks in data management understand that if we don’t have this kind of know-how already in our team, we might need to team up with a reliable partner. This partner should be all about giving businesses the latest, customized backup solutions that do more than just keep data safe; they should fit exactly with what we need and want to achieve. The ideal partner will be just that – a partner that acts as an extension of your internal capabilities – enabling you to leverage advanced technologies like cloud storage, automation, and AI and in doing so, enhance the resilience of your businesses, making data protection seamless and reliable. On World Backup Day and every day, let’s pledge to prioritize backup, DR, and business continuity to ensure our data remains safe, our operations resilient, and our future secure.”

Bin Fan, Chief Architect and VP of Open Source, Alluxio

“Every year, the amount of data we produce increases significantly. World Backup Day is a call to action, urging us to reconsider our strategies for simplifying backup and recovery to keep pace with the significant increase in data production each year.

As we scale the data storage, timely data movement is a necessity, whether for archiving data in more economical storage or for duplicating data to another center as part of a disaster recovery plan. However, this process can be complex and operational-heavy. We should keep optimizing and streamlining data movement across multiple storage systems.

On this World Backup Day, let’s commit to exploring more efficient and effective ways to protect and manage our growing data, ensuring we’re prepared for any unforeseen circumstances that may arise.”

Molly Presley, SVP of Global Marketing, Hammerspace:

“On this World Backup Day, it’s important to remember the increasing role of automation in accurately identifying, protecting, and utilizing an organization’s data assets. In our current data-focused society, detailed, actionable metadata is crucial for utilizing data fully. However, managing vast amounts of unstructured data across various storage systems, locations, and multiple cloud platforms can be difficult and require significant time and effort. Furthermore, as the number of devices that generate data increases, relying solely on manual processes is time-consuming and risky.

Implementing global-level data protection services with automated policies allows organizations to identify newly created data across the entire data environment, automate data copy creation controls and data services, and ensure global data protection on any infrastructure as well as compliance with corporate governance requirements. Automated, global-level data protection empowers organizations to simplify their data management and unlock the full potential of their data. It will become the new norm for data protection.”

Leave a comment »

An Email #Scam Using CIBC’s Name Is Making The Rounds

Posted in Commentary with tags , on March 30, 2024 by itnerd

There’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.

Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:

This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:

At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:

Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:

Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:

They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.

Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.

Leave a comment »

Panther Labs Advisory: CVE-2024-3094 – Linux Supply Chain Compromise Affecting XZ Utils Data Compression Library

Posted in Commentary with tags on March 30, 2024 by itnerd

Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.

Background

The XZ Utils library is used for data compression on Unix/Linux operating systems. It is a command-line tool used to compress and decompress XY files. On March 29, 2024, a supply-chain compromise was discovered in the XZ package as malicious code that could provide a backdoor into systems through this utility. At this time, it is believed that only XZ Utils versions 5.6.0 and 5.6.1 are impacted. 

It is too early to tell if the malicious code has been exploited, as the issue was just discovered, research is still ongoing, and more information will be made available by the security community in the coming days, we will update this page with more information as it is available. It is uncertain if the individual who made the code commits containing the malicious code is directly responsible or if their system or accounts have been compromised. 

Is Panther Affected?

Panther’s security team has assessed the vulnerability, and at this time it does not impact the Panther platform. We will continue to evaluate the risk as more information is made available. It is also important to note that Amazon Web Services (AWS) states that its infrastructure is not impacted, as it does not utilize the XZ Utils library at all.

How to Identify if a System Is Affected

Most systems using the XS Utils library are running version 5.2 / 5.4, which are not affected, 5.6 is the compromised version. To identify if your system is impacted you can run “xz -V” on the command line to see what version you are running.

What if My System Has the Affected Version?

It is recommended that users downgrade their XZ Utils to the prior uncompromised version, such as XZ Utils 5.4.6 Stable. As the issue is still being investigated, there are currently no IoCs or specific guidance on what to look for to identify if a system has been exploited. If you identify a system with the affected version, extra vigilance should be applied to monitor those systems and hunt for signs of malicious activity.  Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.

Leave a comment »

The White House Announces New Rules For The Use Of AI In Federal Agencies

Posted in Commentary with tags on March 29, 2024 by itnerd

The White House has announced new AI rules, stating U.S. federal agencies must show that their AI tools aren’t harming the public, or stop using them:

By December 1, 2024, Federal agencies will be required to implement concrete safeguards when using AI in a way that could impact Americans’ rights or safety. These safeguards include a range of mandatory actions to reliably assess, test, and monitor AI’s impacts on the public, mitigate the risks of algorithmic discrimination, and provide the public with transparency into how the government uses AI. These safeguards apply to a wide range of AI applications from health and education to employment and housing.

For example, by adopting these safeguards, agencies can ensure that:

  • When at the airport, travelers will continue to have the ability to opt out from the use of TSA facial recognition without any delay or losing their place in line.
  • When AI is used in the Federal healthcare system to support critical diagnostics decisions, a human being is overseeing the process to verify the tools’ results and avoids disparities in healthcare access.
  • When AI is used to detect fraud in government services there is human oversight of impactful decisions and affected individuals have the opportunity to seek remedy for AI harms.

If an agency cannot apply these safeguards, the agency must cease using the AI system, unless agency leadership justifies why doing so would increase risks to safety or rights overall or would create an unacceptable impediment to critical agency operations.   

To protect the federal workforce as the government adopts AI, OMB’s policy encourages agencies to consult federal employee unions and adopt the Department of Labor’s forthcoming principles on mitigating AI’s potential harms to employees. The Department is also leading by example, consulting with federal employees and labor unions both in the development of those principles and its own governance and use of AI.

Craig Burland, CISO, Inversion6 had this comment:

The administration continues to demonstrate vigilant leadership in cybersecurity domains, modeling what they want (and maybe expect) to see from the private sector. It’s clear that AI poses both a compelling opportunity and significant threat to how people use and interact with technology. The government’s commitment to human oversight of AI for highly personal and highly impactful decisions is both sensible and prudent given the immaturity of AI. ChatGPT burst into the public consciousness just over a year ago. AIs and LLMs are not ready to make decisions about healthcare or government services. In human terms, these tools are barely toddlers! At the same time, the administration adds friction to AI advancement with requirements about oversight and transparency, and it is lowering barriers for agencies where that friction is no longer warranted like FEMA, the CDC, and the FAA. This demonstration of balance speaks highly of their approach to harness the disrupting of AI without unleashing it on an unsuspecting public. 

A cautious approach to AI is warranted seeing as AI has had a few “misfires” over the years. And the worst thing that can possibly happen is that one of those “misfires” turns into a catastrophic event.

Leave a comment »

« Older Entries
Newer Entries »