VPN Mentor’s research team has conducted an analysis of user demand data in Texas after the well known adult site Pornhub blocked access to its users in Texas following a new age verification law that came into force on March 14th. In just one day, VPN Mentor witnessed a surge of 234.8% in VPN demand in Texas.
You will find all the details to their findings here: https://www.vpnmentor.com/news/vpn-demand-surge-texas/
ServiceNow today announced it has signed an agreement to acquire 4Industry, a Netherlands‑based partner whose manufacturing technology application is built on the Now Platform, and has completed the acquisition of Smart Daily Management, a connected digital worker application from EY. Together, the deals augment ServiceNow’s existing operational technology (OT) management capabilities, adding Connected Worker solutions and enhancing expertise across key industrial markets such as manufacturing, energy and transport & logistics.
4Industry, founded in 2018, brings a mobile‑enabled application to make shop floor work more intuitive, efficient, and enjoyable through a suite of digital tools and Smart Daily Management from EY, which creates more efficiency around time‑consuming tasks, will enable ServiceNow’s industrial customers to drive operational excellence. The technology and industry expertise from 4Industry and the Smart Daily Management application will be utilized to build a new Connected Worker solution on the ServiceNow platform, expected in 2025.
This example of continued investment in European tech and talent will significantly enhance ServiceNow’s long‑term roadmap for its global customers, delivering continuity across IT, OT, and factory floor workers. ServiceNow will continue to maintain a strong alliance with EY and partnership with Plat4mation, an affiliated services company of 4Industry. It will work jointly with these companies, as innovation and implementation alliance partners for both existing OT solutions as well as future Connected Worker solutions.
4Industry and Smart Daily Management from EY follow acquisitions of UltimateSuite, G2K, Atrinet’s NetACE technology and Element AI as part of ServiceNow’s ongoing commitment to bringing impactful automation to customers. ServiceNow closed the acquisition of Smart Daily Management in early March and expects to close the acquisition of 4Industry in the coming weeks. Financial terms of the deals will not be disclosed.
If you use a Mac, chances are that you have a copy of GarageBand on it. Whether you use it or not isn’t the point. But if you have it, and you’re running macOS Ventura or Sonoma, you should make sure that you it is updated to 10.4.11 ASAP. Why? It fixes a security issue according to this:
The quickest way to confirm that you have 10.4.11 is to go to the App Store and click on Update to see if it’s been updated. If not, search for GarageBand, and click on Update.
Wednesday, France Travail disclosed (Translation here) that hackers stole personal data belonging to 43 million job seekers who had registered with the French governmental unemployment agency. France Travail is the government agency in France tasked with registering unemployed citizens, offering financial assistance, and aiding them in securing employment opportunities.
The cyberattack occurred between February 6th and March 5th and includes data spanning 20 years.
The data that has been exposed from this attack includes:
This is the second data breach France Travail has suffered. Last August approximately 10 million individuals (Translation here) were impacted by an attack indirectly attributed to the Clop ransomware group who exploited a zero-day vulnerability in the MOVEit Transfer software tool.
The cyberattack on the agency sets a new record for France impacting the largest number of individuals, surpassing the more than the 33 million people (Translation here) impacted by the Viamedis and Almerys breach in February.
Ted Miracco, CEO, Approov Mobile Security:
“The good news here is that while the disclosed information includes sensitive personal identifiers, it does not extend to passwords or banking information, limiting the scope of immediate financial fraud, however the potential for identity theft or other forms of cybercrime remains. Also, the response from France Travail aligns with best practices in handling data breaches, in compliance with the General Data Protection Regulation (GDPR).
“This incident underscores the critical need for organizations to implement robust cybersecurity measures at the edge, especially when it comes to mobile devices, which are increasingly used in attacks. Comprehensive security audits, regular vulnerability assessments, and real-time analytics are critical for security awareness. Lastly, it highlights the importance of having an incident response plan that can be quickly activated to mitigate the impact of data breaches.”
The fact that this organization has been pwned twice isn’t good. They really have some work to do to make sure that they don’t get pwned a third time.
Certero, a leader in IT asset management, software asset management, SaaS optimization, and cloud FinOps solutions, announced a new Partner Program to support channel partners. This initiative is designed to help partners and their customers manage technology costs effectively, especially in a changing market and economic climate. The program aims to transform technology asset management and reduce overspending.
The program offers a straightforward structure with incentives, intending to generate new revenue opportunities for channel partners. Josh Shields, with nearly 20 years of experience in channel operations, has been appointed as the new Director of Strategic & Channel Partnerships to oversee this initiative.
Recent Certero Highlights:
The Partner Program includes three levels of partnership: Connect, for transactional relationships; Advance, for strategic collaborations without a services capability; and Elite, for partners with their service delivery capabilities. This structure offers flexibility and support for partners at different engagement levels.
Certero is committed to a collaborative, customer-led, and partner-focused approach, promising a supportive onboarding process, expert-led training, and a partnership aimed at long-term success. The program is open to new partners looking to deliver value to customers through Certero’s advanced technology solutions.
Today is not a good day for McDonald’s as there is news that they have some sort of IT issue is crippling the fast food chain worldwide:
System failures at McDonald’s were reported worldwide Friday, shuttering some restaurants for hours and leading to social media complaints from customers, in what the fast food chain called a “technology outage” that was being fixed.
Chicago-based McDonald’s Corp. said the problems were not related to a cybersecurity attack, without giving more details on what caused them.
“We are aware of a technology outage, which impacted our restaurants; the issue is now being resolved,” the burger giant said in a statement. “We thank customers for their patience and apologize for any inconvenience this may have caused.”
That’s not a very reassuring statement and it’s kind of vague. It makes me wonder what the issue is. And for the record, the fact that they say it’s not a cybersecurity incident doesn’t mean that it isn’t one and they either don’t know or don’t want to admit to it. Hopefully whatever the cause of this, the fast food chain is transparent about what actually is the cause.
Meanwhile on Twitter:
The repetitional damage to McDonald’s because people can’t get their Big Macs is going to be huge.
Hot off the heels of the US House Of Representatives passing a bill to potentially ban TikTok, come the news that the Canadian Government has been doing a national security review of TikTok:
The federal Liberals ordered a national security review of popular video app TikTok in September 2023 but did not disclose it publicly.
“This is still an ongoing case. We can’t comment further because of the confidentiality provisions of the Investment Canada Act,” a spokesperson for Industry Minister Francois-Philippe Champagne said.
“Our government has never hesitated to (take) action, when necessary, if a case under review is found to be injurious to Canada’s national security.”
The revelation comes after the U.S. House of Representatives passed a bill Wednesday to ban TikTok unless its China-based owner sells its stake in the business.
That’s interesting. I have a comment from Ken Westin, Field CISO, Panther Labs relative to what the US has done. But is likely applicable to Canada as well:
I fear the bill to ban TikTok is mostly political grandstanding close to an election year feeding off of xenophobic rhetoric against China. That’s not to say the fear of the Chinese government accessing TikTok data isn’t real, but one has to wonder what value this data has, as the platform isn’t a place where documents or sensitive PII is stored. If the real intent is on protecting the data of US citizens, then it seems there should be a more robust set of legislation around the collection, sharing and selling of personal data in general. China can and probably has purchased data on US citizens from the same data brokers US companies buy it from. There is also a wealth of data often from data breaches available in underground forums that is free or cheap to access. It seems it would be better for us to focus on the real source of the problem, regarding private data access as well as bolstering cybersecurity to protect intellectual property from foreign powers which is what we’ve seen China and the nation state actors target in the past.
I’ve gone on record multiple times as saying that TikTok needs to be banned because if we’re having this much discussion about it, it’s likely not a good thing. Or put another way, if there’s smoke there’s fire. Hopefully this whole episode leads to consumers on both sides of the border being better protected from adversaries like China.
The thing with cyberattacks is that they come in two parts. The first is that you get pwned. The second is that authorities often want to investigate you to see if you did or didn’t do something that led to the attack. Change Healthcare is into the second part after being pwned a few weeks ago. Here’s what HHS had to say:
Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident. OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules.
Ken Westin, Field CISO, Panther Labs had this to say:
I hope the investigation focuses on lessons learned and what both healthcare and government can do in partnership to both reduce the threat, as well as increase resilience to these types of attacks. If the goal of the investigation is to be punitive and seek fault to levy fines, I fear it would send the wrong message to the healthcare industry and will result in less collaboration and openness about these high impact security incidents. In my experience, healthcare IT and security departments are often underfunded and under resourced compared to other industries while at the same time dealing with unique challenges while having to navigate strict regulatory compliance frameworks. The best way to better secure the healthcare industry is through open dialogue and collaboration across the industry and with government resources.
I for one will be interested to see what comes of this investigation given how much disruption that it has caused. I am sure that there will be other interested parties interested in the outcome as well. Having said that, I am sure that Change Healthcare and its parent UHG will find this investigation a couple steps below a proctology exam. Which is good because all the facts of this attack need to come out.
Horizon3.ai this morning published “Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” disclosing several vulnerabilities effecting the #Fortinet #FortiWLM (Wireless LAN Manager). The vulnerabilities span from command injection, SQL injection, to file reads. While most were patched late last year, 2 remained unpatched as of March 13, 2024, after 307 days from Horizon3.ai’s initial report.
This blog details several of the issues discovered in the FortiWLM that have since been patched:
Additionally two vulnerabilities that have not received patches leading to appliance compromise:
This morning’s blog post includes paths to remote code execution and indicators of compromise.
Tornado Cash used in Lazarus Group’s latest money laundering
Posted in Commentary with tags North Korea on March 19, 2024 by itnerdThe thing about cyberattacks is that if the threat actors get paid via say ransomware or outright theft, they need to launder the money somehow so that they can spend it. Otherwise it would have been pointless to “acquire” the cash. Well a new report from The Record shows what the Lazarus Group based out of North Korea will do to launder money:
North Korea’s Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.
Investigators at blockchain research company Elliptic said on Friday that in the last day they had seen the funds — part of the $112.5 million stolen from the HTX cryptocurrency exchange in November — laundered through the Tornado Cash mixing service.
The use of Tornado Cash stood out to Elliptic because the service was sanctioned by U.S. authorities in August 2022, prompting Lazarus actors to turn to another mixing service called Sinbad.io. The U.S. Treasury Department sanctioned Sinbad.io in November.
“Lazarus Group now appear to have returned to using Tornado Cash as a way to launder funds at scale and obfuscate their transaction trail,” Elliptic said, noting that the hackers sent the more than $23 million in about 60 transactions.
“This change in behavior and return to the use of Tornado Cash likely reflects the limited number of large-scale mixers now operating, thanks to law enforcement takedowns of services such as Sinbad.io and Blender.io,” the company said.
The researchers noted that Tornado Cash has been able to continue operating despite the sanctions because it runs on decentralized blockchains, meaning it “cannot be seized and shut down in the same way that centralized mixers such as Sinbad.io have been.”
Ken Westin, Field CISO, Panther Labs had this comment:
The Lazarus threat group from North Korea have been primarily targeting the crypto currency, financial services and cybersecurity industries. Their techniques focus primarily on developers through social engineering attacks to gain access to code repositories, devops and cloud infrastructure with the goal of gaining access to crypto wallets and accounts, as well as access to code and secrets. These attacks have proven to be quite lucrative, and by stealing cryptocurrency, has provided the North Korean regime a method to evade financial sanctions and further fund their military endeavors. This should be a bigger cause for concern for the the US government and its allies given the collaboration North Korea has with helping the Russian military, where it recently shipped 7K containers of munitions and other military supplies. Although the US has been cracking down on crypto currency mixing services, which are commonly used to launder money through crypto exchanges, North Korea has still been able to take advantage of the rising value of crypto currencies and continue to use these services to convert stolen crypto currency to fund their military operations.
This illustrates how hard it is so shut down avenues for groups like this one to launder money. That means that nations really have to redouble their efforts to make harder and harder for groups to launder money. That way it makes it less profitable for these groups.
Leave a comment »