Truth Social To Merge With Digital World Acquisition Company

Posted in Commentary with tags on March 22, 2024 by itnerd

The Truth Social circus has taken another twist with news that the merger with Digital World Acquisition Company was approved:

Trump Media, which runs the social media platform Truth Social, is poised to become a publicly listed company, after a majority of shareholders of Digital World Acquisition Corp voted on Friday to acquire it.

Mr Trump is due to have a stake of at least 58% in the merged company, worth roughly $3bn at Digital World’s current share prices.

It’s an astonishing potential windfall for Mr Trump in exchange for a business whose own auditor warned last year it was at risk of failure.

Never mind the many red flags associated with the deal, including unresolved lawsuits from former business partners. There’s also an $18m settlement that Digital World agreed to pay last year to resolve fraud charges over how the merger plan came together.

Shares in Digital World rose on Friday ahead of the approval, to more than $45 apiece, before later sliding to below $40.

Now because of the red flags that were mentioned above, this could still become a dumpster fire. But this is a significant hurdle that has been passed for this troubled social media platform. Oh, and in case you were wondering, Donald Trump stands to eventually make billions from this. Though he needs cash right now and this might not help.

1 Comment »

I Questioned Freedom Mobile’s Security When It Comes To Preventing A SIM Swap #Scam… Now There’s A Case Of SIM Swapping That Cost A Couple $140K

Posted in Commentary with tags , on March 22, 2024 by itnerd

When my wife and I switched to Freedom Mobile, I’ve wondered about the security to stop things like SIM swap scams. I say that because the way that Freedom Mobile has set up their “My Freedom” customer portal doesn’t seem all that secure to me. Which is why a story from Global News caught my attention as it details the story of a couple who are Freedom Mobile customers that lost $140K in a SIM swap scam:

Wayne Stork and his wife Diana had not heard of the SIM swap scam until they became victims.

The GTA couple did nothing wrong but they lost about $140,000 anyway.

“It’s a nightmare,” Wayne told Global News in a television interview, his wife Diana at his side.

“We’re doing this, in part, to get the word out,” Diana said.

The Storks are longtime customers of Freedom Mobile. Last September, when the couple were at home, Wayne’s phone suddenly stopped working.

“My phone went into SOS mode, it was deactivated,” he said.

From that point, Wayne had no use of the phone, but someone else had access to the personal information attached to it.

“He (Wayne) was watching his accounts drain of money, that’s when the panic set in,” Diana said.

Over the next 24 hours, scammers had gained access to Wayne’s stock trading account and other accounts, including a cryptocurrency one that contained the proceeds from an inheritance.

“The Bitcoin was worth $140,000, and we lost that,” Diana said.

When the couple called Freedom Mobile’s customer service line, they say a representative said records showed someone had obtained a new SIM card in a retail location in Toronto, apparently claiming to be Stork.

Stork says the phone representative asked “weren’t you in the store yesterday to get a new SIM card?” to which Stork said no, it wasn’t him.

So you’re likely wondering how a SIM swap scam ends up in someone losing a lot of cash. Well, people often use their cell phones, specifically text messaging, to receive multi factor authentication codes for the financial institutions or online services that they use. So if a threat actor can get their hands on your cell phone number and some other information like passwords and the like, they can drain you of all your cash.

Now while this incident didn’t involve the “My Freedom” customer portal, it does suggest that Freedom Mobile does have weaknesses in terms of preventing this sort of scam from happening. After all, it should not be possible, or at least very difficult to walk into a retail location and execute this scam in 2024. In fact, I pinged my “off the record” contacts at Rogers, TELUS, and Bell. While they don’t rule out the possibility of this happening with them, and they don’t know the specifics of how this incident was executed, all of them say that this would be far more difficult to execute with them because of the security measures that they have in place. Or put another way, they’re throwing shade on whatever security measures that Freedom Mobile does or more importantly doesn’t have because they assume that they can do better. I’m not sure that I would make that assumption. But that’s just me. And what makes this worse is that now that this story is out there, other threat actors will specifically target Freedom Mobile because the perception will be that they are an easier target in terms of executing this scam. That’s bad for Freedom Mobile, and its customers.

Now if you’re worried about being a victim of a SIM swapping, the Global News article as well as the link to what a SIM swap is has some actionable information. But the one thing that you could really do to protect yourself is use app based multi factor authentication rather than text message based multi factor authentication wherever possible. Because the second that you do that, the safer you become as that’s not tied to the SIM card in your phone. That does require financial institutions and online services to move in that direction. So you may be stuck with text message based multi factor for a while. Which means it’s up to carriers like Freedom Mobile to up their game to protect their customers. Let’s see if Freedom Mobile does that now that this incident is out in the public domain.

Leave a comment »

HYAS Publishes New Data On Malware Communications And The Top Malware Families

Posted in Commentary with tags on March 21, 2024 by itnerd

HYAS has published new data on malware communications and the top malware families currently in use. 

The Top Five Malware Destinations (i.e. geographic locations and destinations for malware communication from their detonations) during the week of March 10-16, 2024. The data is derived from the HYAS Insight platform which identifies, tracks, and attributes fraud and attacks rapidly and accurately, pinpointing the origin and current infrastructure employed. A South Korean service provider’s infrastructure was the top destination point of the week.

Of the Top Five Malware Families for the week of March 10-16, 2024, the top was Urelas, a trojan malware that allows hackers to remotely control an infected system. This family of malware often propagates through malicious email attachments and drive-by downloads. It is known to avoid detection by disguising its malicious activities as legitimate system processes. This data is derived from HYAS Protect, a protective DNS solution that combines authoritative knowledge of attacker infrastructure and domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber-attacks.

Leave a comment »

Panther Labs Analyzes North Korea’s Cyber Aid to Russia

Posted in Commentary with tags on March 21, 2024 by itnerd

I’d like to introduce a comprehensive analysis by Ken Westin, Field CISO at Panther Labs in the blog post titled, “How North Korean Cybercrime Aids the Russian Military and Circumvents Sanctions.” It delves into an issue that simmers at the intersection of global geopolitics and cybersecurity. Through meticulous research, Panther Labs unveils a narrative that explores the intricate ways North Korean cybercrime supports the Russian military and skirts international sanctions.

In the shadows of international politics, a complex web of cybercrime, military aid, and sanctions evasion has emerged, with North Korea playing a pivotal role. Our investigation delves into how the DPRK’s elite hacking group, The Lazarus Group, has pilfered billions in cryptocurrencies to fund military operations and aid allies, notably Russia, in their geopolitical endeavors.

Key highlights include:

  • An analysis of North Korea’s latest $23 million laundering operation through Tornado Cash, as part of a broader $3 billion crypto theft spree.
  • Insights into the DPRK’s munitions shipments to Russia, bolstering the latter’s military capabilities against Ukraine, in exchange for vital resources.
  • A deep dive into the sophisticated techniques employed by The Lazarus Group to execute their heists and evade international sanctions.

This story is more than a cybersecurity issue; it’s a glimpse into the future of warfare, international relations, and the global economy, shaped by the invisible hands of cybercriminals. 

Leave a comment »

Introducing Samsung’s Latest 2024 TV And Soundbar Lineup

Posted in Commentary with tags on March 21, 2024 by itnerd

Samsung Electronics today provided a closer look at its 2024 TV and soundbar lineup at the Unbox & Discover event by showcasing the latest Neo QLED 8K and 4K, OLED TVs and soundbars. As a leading TV manufacturer, Samsung’s offerings at this year’s event elevate the home entertainment experience with a range of powerful, AI-driven solutions.

Elevating Senses With Neo QLED 8K: Clarity, Sound and Smart Experiences

Neo QLED 8K stands as the flagship of Samsung’s latest TV lineup, equipped with the advanced NQ8 AI Gen3 processor and marking a significant leap in SamsungTV technology. This processor features a Neural Processing Unit (NPU) that delivers twice the speed of its predecessor, along with an eightfold increase in neural networks from 64 to 512 — providing an exceptional viewing experience with crisp details.

Every scene on the Neo QLED 8K is a feast for the eyes, thanks to its AI-driven picture technology. It brings out fine details with outstanding clarity and naturalness, from facial expressions to subtle nuances. With 8K AI Upscaling Pro, users’ favorite shows and movies are transformed, allowing them to enjoy stunning details and picture clarity. Additionally, AI Motion Enhancer Pro makes fast action smooth and clear — a dream for sports fans — while Real Depth Enhancer Pro adds a lifelike depth to the picture and pulls viewers into the scene. All these features come together to redefine the Samsung big screen experience.

The Neo QLED 8K also delivers precise audio powered by AI sound technology. This year’s Active Voice Amplifier Pro now excels at extracting dialogue from background noise. Object Tracking Sound Pro also enriches the audio experience by syncing the sound with on-screen action, creating a more dynamic and engaging viewing experience. Adaptive Sound Pro further refines the audio experience by intelligently adjusting the audio to the content and room acoustics, for a genuinely rich and lifelike sound.

The Neo QLED 8K also boasts AI features that understand and adapt to user needs. The AI Auto Game Mode kicks in during gaming, optimizing the visuals and audio for an immersive and engaging gaming experience. The AI Customization Mode adjusts the picture for each scene based on user preference, while AI Energy Mode allows users to save energy without compromising picture quality.

Smart Features With Samsung Tizen OS for Enhanced Integration and Personalization

In 2024, Samsung’s AI screens are set to redefine the Samsung user experience with advanced connectivity and a suite of smart features, apps and platforms. Leveraging the powerful Tizen OS, these innovations have created an ecosystem that is connected andpersonalized. This allows devices to integrate effortlessly into users’ digital worlds, transforming screens into a central hub for all their needs.

Samsung’s latest TVs are designed to connect with a smart ecosystem immediately upon setup. The moment users turn on their new Samsung TV, the TV recognizes and connects to existing networks and devices, all orchestrated through a simple notification on users’ smartphones. This effortless setup extends to all Samsung devices at home as well as compatible third-party appliances and IoT devices, thanks to its compatibility with HCA and Matter. This eliminates the need for extra hubs, so everything from lighting to security sensors can be managed directly from the screen.

Samsung’s 2024 screen lineup also brings integration with users’ smartphones. Users can simply bring their smartphone near the TV to activate Smart Mobile Connect, which turns the device into a universal remote for the TV and connected home appliances. Additionally, in 2024, users can use their smartphones as game controllers with a customizable user interface (UI) and haptic feedback, offering convenient and enhanced gameplay at their fingertips.

Beyond connectivity, Samsung’s 2024 Smart TVs also provide highly personalized experience with its apps and platforms. With the latest addition of widgets, TV screens are now personalized dashboards that allow users to easily monitor home status, camera feeds, energy usage, weather updates and more. Samsung is also introducing Samsung Daily+, a unified smart home platform that brings together a diverse range of apps, categorizing them into SmartThings, Health, Communication and Workspace, each aimed at elevating different facets of user lifestyles and home environments.

Security is paramount, and with Samsung Knox, features, apps, and platforms benefit from robust protection, allowing connected experiences to remain secure.

Expansive Lineup for All Entertainment Needs: Neo QLED 4K, OLED and Sound Devices

Arange of TVs and sound devices designed to offer consumers a wider array of choices to suit diverse lifestyles and preferences is being introduced by Samsung this year. This comprehensive lineup underscores Samsung’s commitment to innovation and a customer-centric approach.

The 2024 Neo QLED 4K lineup brings innovative technology from the latest Neo QLED 8K flagship TVs, elevating the viewing experience with new features powered by the NQ4 AI Gen2 Processor. This advanced chip breathes life into content, rendering it in stunning 4K resolution. Enhanced by Real Depth Enhancer Pro and Quantum Matrix Technology, the screen provides amazing contrast even in complex scenes. With a Pantone Validated display for colour accuracy and Dolby Atmos for an immersive audio experience, Neo QLED 4K sets the bar for the ultimate Samsung 4K UHD experience. Neo QLED 4K will be available in sizes ranging from 55 to 98 inches, catering to diverse viewing environments.

Samsung is also introducing its first Glare-Free OLED, reducing unnecessary reflection while preserving deep blacks and clear images under any lighting condition. Powered by the same formidable NQ4 AI Gen2 Processor as the Neo QLED 4K lineup, Samsung’s OLED TVs boast features like the Real Depth Enhancer and OLED HDR Pro.

Additionally, with features such as Motion Xcelerator 144Hz provides smooth motion and quick response rates, Samsung OLED is a great choice for gaming. Complemented by sleek designs, these OLED TVs elevate the viewing space. Available in three models — S95D, S90D, and S85D — ranging from 42 to 83 inches, there’s a perfect fit for every home.

The 2024 lineup also includes the latest Q-Series Soundbar, Q990D, which boasts an 11.1.4-channel setup with Wireless Dolby Atmos. This model comes with a host of features that stand as a testament to Samsung’s continued leadership in the soundbar industry,  featuring innovations such as Sound Grouping for pulsating, room-filling sound and an option for personal listening that allows users to enjoy their content through rear speakers without disturbing others.

The ultra-slim S800D and S700D soundbars continue to deliver exceptional audio quality in an unbelievably sleek and space-saving design. Plus, all Samsung soundbars come with advanced audio technologies like Q-Symphony, which seamlessly integrates Samsung TVs and soundbars for a masterfully orchestrated sound experience.

Lastly, Samsung has unveiled the all-new Music Frame, marrying premium audio with artistic design inspired by The Frame. This versatile device allows users to display personal pictures or artwork while enjoying wireless audio with smart features. Whether used as a standalone device or paired with a TV and Soundbar, the Music Frame provides an auditory experience that complements your space.

Availability

Available for pre-order at samsung.com/ca, Samsung Experience Stores, and participating authorized Canadian retailers and carriers in Canada starting March 12.

Trade-in offer

From March 21 – April 11, Canadians can save up to $2,700 when they upsize an eligible Samsung TV. Plus, get an additional $1,260 when you add a soundbar with eligible TV trade-in.

Leave a comment »

Fortinet FortiClientEMS SQL Injection Deep Dive & Proof Of Concept

Posted in Commentary with tags on March 21, 2024 by itnerd

In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 – a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering enrolled endpoints. 

Today, Horizon3.ai Exploit Developer James Horseman published “CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive” detailing the vulnerability and indicators of compromise, and linking to the proof of concept.

“This SQL injection vulnerability is caused by user controlled strings that are passed directly into database queries. In this post we will examine the internal workings of the exploit,” Horseman said. 

Stephen Gates, Principal SME at Horizon3.ai, added: “NodeZero has incorporated protections for CVE-2023-48788. It can discover where organizations are exploitable, enabling them to mitigate and protect against the issues, and confirm with 1-click verify that they are no longer exploitable.”

The Horizon3.ai POC can be found here.

Leave a comment »

US Justice Department Sues Apple Accusing It Of Having A Monopoly

Posted in Commentary with tags on March 21, 2024 by itnerd

This has been coming for a while, and I am sure that Apple has been preparing for this day. Which is the day that Apple gets sued by the US Justice Department. Here’s what they’re being sued for:

  • Blocking Innovative Super Apps. Apple has disrupted the growth of apps with broad functionality that would make it easier for consumers to switch between competing smartphone platforms.
  • Suppressing Mobile Cloud Streaming Services. Apple has blocked the development of cloud-streaming apps and services that would allow consumers to enjoy high-quality video games and other cloud-based applications without having to pay for expensive smartphone hardware.
  • Excluding Cross-Platform Messaging Apps. Apple has made the quality of cross-platform messaging worse, less innovative, and less secure for users so that its customers have to keep buying iPhones.
  • Diminishing the Functionality of Non-Apple Smartwatches. Apple has limited the functionality of third-party smartwatches so that users who purchase the Apple Watch face substantial out-of-pocket costs if they do not keep buying iPhones.
  • Limiting Third Party Digital Wallets. Apple has prevented third-party apps from offering tap-to-pay functionality, inhibiting the creation of cross-platform third-party digital wallets.

The thing is that while I am not a lawyer, some of this stuff seems suspect to me. While other stuff on this list is typical Apple. The actual lawsuit that you can read here is 88 pages long. So this will take a while to unpack. In the meantime, I have a comment from Ted Miracco, CEO, Approov:

 “The new DOJ Antitrust lawsuit against Apple alleges that Apple has crossed the line to anti-competitive behavior, locking customers and developers into the iPhone and locking competitors out. The DOJ  states that as a result Apple is now stalling the advancement of the smartphone marketplace – “smothering innovation” according to Lisa Monaco – Dep. Attorney General.

    “Specifically, Apple’s efforts to bundle security with the AppStore marketplace has stifled competition in cybersecurity for mobile apps. This practice reinforces their claims that only Apple can provide security and perpetuates and reinforces the monopoly.

    “Further, this DOJ action is part of a global effort to roll back anti-competitive monopolies on  a global basis. 

    “The Department of Justice, EU and UK are all pursuing antitrust actions against Apple and are all also highlighting that for Apple to think that they alone can provide security for the mobile ecosystem is unrealistic.

    “An important element of the DOJ action is the balance between Apple’s role in setting security standards and the rights of developers to choose independent, potentially more flexible and cost-effective security and payments solutions. 

    “Apple’s stance has drawn scrutiny because developers need more freedom in selecting security and payment solutions that adhere to reputable security standards such as those set by the OWASP Foundation, without being subject to Apple’s “heavy taxes.” Independent security and payments vendors can offer robust protection against a range of threats, aligning with external standards and allowing developers to bypass platform-imposed fees, like Apple’s controversial core technology fee (CTF). The European Commission’s fine and the broader implications of the Digital Markets Act underscore the importance of allowing developers the freedom to implement independent security that can meet or exceed recognized standards.

    “Impacts on Consumers: Apple users may have a false sense of security when it comes to malware and other cyberattacks. The high number of zero-days patched by Apple over the last year is substantial, and indicates that Apple users are attractive targets for advanced threat actors. Because Apple devices are often used by high-profile business users, government officials, and celebrities, the Apple ecosystem is an especially tempting target for attackers interested in stealing sensitive data or disrupting the operations or specific organizations.  It is important for all mobile users to recognize that Apple devices have been targeted by malware and other cyberattacks in the past, and they will continue to be targeted and exploited in the future, as none of these devices or applications is truly hack proof today.”

It will be interesting to see how this plays out as I easily see this fight going on for years and ending up at the Supreme Court. I don’t know who is going to win this fight, but it will be one hell of a fight that you should get your popcorn ready for.

2 Comments »

Union Claims That Bell Fired 400 People Via A Virtual Meeting…. WTF?

Posted in Commentary with tags on March 21, 2024 by itnerd

Bell really does a lot of things that make them look really bad in the public eye. For example they have a tendency to fire people out of the blue which seems inconsistent with their Bell Let’s Talk mental health campaign. Today’s latest example of this is this Toronto Star story where it is claimed that Bell fired 400 people via a virtual meeting:

The union representing employees of Bell claimed the telecommunications giant laid off hundreds of its members Wednesday via virtual group meetings, a move which it described as “beyond shameful.”

In a press release, Unifor said more than 400 workers were informed Wednesday that they were being declared “surplus” by the company. Its members were informed of their termination via a 10-minute virtual meeting, the union claimed, adding that a manager read the layoff notice, “without allowing members or the union the opportunity to unmute to ask questions.”

“Our members, who have devoted years of service to this telecoms and media giant, are being repaid with pink slips,” said Daniel Cloutier, Unifor’s Quebec director, in a statement. “If that’s not beyond shameful, I don’t know what is.”

Bell did not immediately respond to the Star’s request for comment, including questions about whether this termination process is standard practice for the organization. 

Let’s talk Bell.

You couldn’t find a better way of letting go of people that is way more humane than this? You keep going to this well as this isn’t the first time that you’ve done something like this and I bet you’re surprised that every time that you do this there’s epic blowback. Maybe it just highlights the fact that you don’t see your employees as people with families. But instead you see them as just numbers on a spreadsheet. Maybe I’m being harsh. But when you terminate people in this manner, you’re just asking to get criticized because you’re doing it wrong.

UPDATE: Bell sent me a statement that I will reprint below in full:

Bell announced a restructuring on February 8 at all levels of the company, and since that time, Bell has been working with Unifor and other unions on the impacts to our unionized workforce. Bell has been very transparent with Unifor leadership about the process in which these discussions would take place, having started discussions over five weeks ago, and has met all of our obligations under the respective collective bargaining agreements.

As planned with Unifor, on March 20, Bell initiated calls with groups of our unionized team members to give notice of upcoming actions taking place, which include both a voluntary separation program and surplus reductions. Employees who were informed that they were being let go additionally had individual meetings with an HR representative to discuss their individual packages and to ask questions. They also have the option to invite a union representative to the meeting. Bell is offering departing surplus employees fair and competitive severance packages, including providing non-working notice and salary continuance as negotiated with the union. Most of the employees are remote workers as enshrined in their collective bargaining agreement, and therefore all of these discussions are being handled remotely so that they are not called into an office.

2 Comments »

Ukrainian Hackers Busted For Stealing & Selling Access To 100 Million Instagram Accounts 

Posted in Commentary with tags on March 21, 2024 by itnerd

In a police announcement (translation here), the Ukrainian cyber police, working with state police investigators, say they have arrested three members of a “criminal group” accused of stealing & attempting to sell over 100 million emails and Instagram accounts. The database of stolen accounts contained data on more than 100 million Internet users from all over the world.

The suspects used the brute-force method to break the passwords of the stolen accounts and would then sell them on the dark web. The group operated in different regions of Ukraine, coordinating their efforts, with each specializing in different aspect of the operation. 

During the law enforcement raid, police conducted seven searches across multiple cities, seizing more than 70 pieces of computer equipment, 14 mobile phones, bank cards, and cash.

Emily Phelps, Director, Cyware had this to say:

   “Cybercriminals are often opportunistic, seeking the path of least resistance. Strong passphrases and multifactor authentication cannot be considered optional extras but fundamental requirements to defend against cyberthreats. The coordination behind such illicit activities emphasizes the need for continuous vigilance, collaboration, and advanced cybersecurity solutions.”

This should serve as a warning to those of you who like to use an easy to remember, not very complex password for everything. There are groups like this one who are out to leverage the fact that you do that. Thus complex passwords, multi factor authentication, or every passwordless solutions should be the way to go to avoid being pwned by a group like this one.

Leave a comment »

White House And EPA Warn Governors Of Cyberattacks Hitting US Water Systems

Posted in Commentary with tags , on March 21, 2024 by itnerd

On Tuesday, the White House and Environmental Protection Agency warned US governors in a letter that cyberattacks are hitting water and wastewater systems “throughout the United States”, and state governments and water facilities must improve their defenses against the threat.

   “We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices,” said the letter to the governors from EPA Administrator Michael Regan and national security adviser Jake Sullivan.

The US water sector spans 150,000 public water systems and, in many cases, Regan and Sullivan said, “even basic cybersecurity precautions” are not in place at water facilities and “can mean the difference between business as usual and a disruptive cyberattack.”

The EPA also announced it will set up a “task force” to “identify the most significant vulnerabilities of water systems to cyberattacks,” among other pressing issues. White House officials invited state homeland security and environmental officials to a meeting to discuss cybersecurity improvements needed in the water sector.

Emily Phelps, Director, Cyware had this comment:

   “The recent warnings from the White House and the EPA highlight a critical and growing threat to our nation’s infrastructure: cyberattacks targeting water and wastewater systems. This underscores the urgent need for investment in modern security capabilities to safeguard these essential services. The lack of fundamental cybersecurity precautions in many facilities poses a significant risk, potentially turning a minor breach into a major disruption. Ensuring the resilience of our water infrastructure against cyber threats is not just a matter of national security, but also of public health and safety, requiring collaborative efforts at all levels of government and between the public and private sectors.”

Dave Ratner, CEO, HYAS follows with this comment:

   “The impact of a cyber attack on critical infrastructure, such as water systems, could be devastating and even life-impacting.  It’s critical that everyone who provides critical infrastructure and services, not just water and wastewater systems, augment their security stack with resiliency-based approaches, such as Protective DNS, so they can detect in real-time any and all anomalous activity, render it inert before it causes damage, and ensure the safety of their services and the people who rely on them.”

John Gunn, CEO, Token adds this comment:

The biggest risk is the successful attacks on critical infrastructure that we have not yet detected. These are ticking time bombs. Imagine China invades Taiwan and we support our ally, or another scenario that leads to a broader conflict, China could then activate their earlier compromises and potentially cut off water, power, and other critical services for tens of millions of American citizens. 

We’re all in this together. Thus we need to start acting like it or critical infrastructure will simply become the “go to” attack point for threat actors with citizens paying the price.

UPDATE: Mark B. Cooper, President & Founder, PKI Solutions supplied this comment:

 

“The recent communication from the White House and the EPA to US governors underscores the urgent need for cybersecurity in the water sector. With 150,000 public systems at risk and many lacking basic safeguards, the call for access to comprehensive security evaluations is critical. The formation of a task force to pinpoint vulnerabilities, along with planned strategic discussions and the appropriate funding it takes to implement the strategic plans, highlights the concerted effort needed to safeguard this critical infrastructure from cyber threats.

   “Digital Certificates and the Public Key Infrastructure (PKI) that manages the digital certificates play a crucial role in providing advanced encryption methods that secures access and secures data, yet they are frequently underestimated and not managed properly.  Posture Management for the Digital Certificates and the PKI needs to be a core requirement in the cybersecurity plans implemented to protect our water sector.”

Leave a comment »

« Older Entries
Newer Entries »