HYAS Partner Program Addition Gives MSPs and MSSPs True Cybersecurity Service Differentiation Without Risk

Posted in Commentary with tags on March 12, 2024 by itnerd

HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, today announced the latest benefit of the HYAS ONPOINT Program, which lets MSPs, MSSPs and other channel partners offer HYAS Protect, cybersecurity sector’s top protective DNS solution, to their clients and leverage HYAS Insight proactive threat intelligence platform – all with unprecedented discounts and without financial risks.

HYAS is dedicated to its partners and the latest program benefit eliminates the fees, barriers, and ongoing commitments that other cybersecurity vendors often demand from their channel partners. Partners joining the HYAS ONPOINT Partner Program and offering HYAS Protect protective DNS as part of their managed service will receive a complimentary 12-month minimum subscription to the HYAS Insight threat intelligence and investigation platform to use in their security stack.

This offer brings immediate value to the internal SOC, incident response and threat analysis teams, and gives sales teams a highly differentiated solution to offer to clients and prospects. Partners will be able to protect clients more effectively and bring complex threat analysis to a close faster and more efficiently. The HYAS ONPOINT Partner Program provides an important new cybersecurity service entry point and revenue expansion opportunity that lets MSSPs and MSPs:

  • Provide exceptional proactive threat and adversary intelligence to identify and stop advanced cyberthreats, across services including managed security, DFIR, MDR, MSOC & others
  • Elevate service offerings, free from financial constraints
  • Add a sticky new revenue stream to service offerings
  • Increase client retention
  • Expand service differentiation without fees, catches, or up-front minimum revenue commitments of any kind.

The HYAS Solution

HYAS is the cybersecurity vendor that offers the unique combination of cybersecurity products that are a benefit to both managed services teams and threat intel teams:

HYAS Insight: This advanced threat intelligence and investigation platform gives organizations the ability to identify, track, and attribute fraud and attacks faster and more efficiently. HYAS Insight provides threat and fraud response teams with unprecedented visibility into everything a defender needs to know about an attack: the origin, current infrastructure being used, alerts when new relevant infrastructure is created, and any infrastructure likely to be used by an adversary in the future.

By analyzing data aggregated from leading private and commercial sources around the world, HYAS identifies suspicious infrastructure likely to be used in attacks — sometimes months before it is even activated. Top Fortune 500 companies rely on HYAS’ exclusive data sources and nontraditional collection mechanism to power their security and fraud investigations.

HYAS Protect: Built on the underpinning technology of HYAS Insight threat intelligence, HYAS Protect is a protective DNS solution that combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber-attacks.

Even if an attack has bypassed a network’s perimeter defenses – regardless of how the breach occurred – it still must “beacon out” for instructions, including lateral motion, privilege escalation, data exfiltration, and even encryption. And the need to beacon out to malicious infrastructure, commonly called command-and-control (C2), must be established prior to launching the attack.

HYAS detects and blocks these beaconing requests of nefarious C2 communication, letting users cut off these attacks before they cause harm, whether in an IT or OT environment. If an organization can be alerted to this adversary infrastructure, they can stop an attack before damage can be done and ensure true business resiliency.

Leave a comment »

Uber Launches New Rider Emissions Tracker

Posted in Commentary with tags on March 11, 2024 by itnerd

Starting today, Uber is introducing the Emission Savings feature in the Uber app, so riders around the world can track and learn more about their carbon emissions impact. 

Uber believes that knowledge is power. Just like they popularized rider ratings in an effort to promote respectful behaviour during Uber rides, Uber is excited to launch this new feature to both celebrate your impact and encourage greener choices when using Uber.

With the Emission Savings feature, you can: 

  • Tap a button, see your impact: In the Account section of the Uber app, tap “Estimated CO2saved” to see all of the emissions you’ve saved by taking Uber Green and Uber Comfort Electric.
  • Make sense of your savings: Riders tell Uber it would be helpful to see examples of how their emission savings add up. So, they’ve included a graphic that shows what your CO2 emission savings are comparable to. 
  • See how your emissions are calculated: The emission savings for an Uber Green or Uber Comfort Electric trip represents the estimated amount of CO2 emissions avoided, on average, when a rider takes Uber Green instead of an UberX or when a rider takes Uber Comfort Electric instead of an Uber Comfort trip of the same distance. See here to read more on the methodology. 
  • Get teens going green: Among Gen Alpha and Gen Z, Uber knows that the environment is their top cause. That’s why they’re also making the Emission Savings feature available for Uber teen account holders. And starting today in select cities throughout the US & Canada, they’re launching Uber Green and Uber Comfort Electric for teen riders, providing them with a way to be part of the climate solution when they ride. 
  • See a greener future: In the future, Uber plans to include even more products in your emission savings calculation including all-electric autonomous rides, trips with UberX Share, and rides on e-bikes and e-scooters booked in the Uber app.

Uber is committed to become a zero-emissions mobility platform and today is an important step in their journey to help inform riders about the estimated emissions they’ve saved and the positive impact they’re making in their communities.

Leave a comment »

Customers’ Data Exposed in Children Recreational Center Operator’s Data Breach

Posted in Commentary with tags on March 11, 2024 by itnerd

Over 2.3 million records belonging to Kids Empire, a US based operator of indoor recreational centers for kids, were exposed according to cybersecurity researcher Jeremiah Fowler, putting their customers at risk of many online threats. 

The key findings are the following: 

  • 2,363,222 documents with a total size of 92.3 GB. 
  • Records included reservations, injury waivers, and receipts with partial credit card numbers. 
  • Many documents revealing personally identifiable information (PII) such as names, physical and email addresses, phone numbers and more. 

If you want to know more about Jeremiah’s findings, you will find all the details here: https://www.vpnmentor.com/news/report-kidsempire-breach/

Leave a comment »

The CISA Was Pwned By Hackers… That’s Not A Good Look

Posted in Commentary with tags , on March 11, 2024 by itnerd

The CISA or The Cybersecurity and Infrastructure Security Agency is a government agency responsible for making sure that the US is prepared to defend itself against cyber threats. And I’ve posted lots of stuff about the actions that they’ve take to protect the US over the years. So when a story from The Record crossed my desk, I said to myself “that’s not a good look for them”:

Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.

A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said.

“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline. Ivanti makes software that organizations use to manage IT, including security and system access.

In short, the CISA got pwned using exploits related to Ivanti products. Now it’s not know if it was the same Ivanti products that the CISA told government agencies to disconnect back in February. But this is absolutely not a good look because when the guys who are supposed to issue guidance and direction about not getting pwned by hackers are actually pwned by hackers, we’re all in deep trouble. And the fact that the hack was limited to a couple of systems doesn’t really matter. What matters is that it happened, and questions need to be asked as to how to ensure that it doesn’t happen again.

Leave a comment »

Novel PowerShell Backdoor Discovered By GuidePoint Security

Posted in Commentary with tags on March 10, 2024 by itnerd

GuidePoint Security has revealed its first encounter with BianLian’s PowerShell backdoor – the first encounter in 2024 to be reported publicly thus far.

GuidePoint Security’s Research and Intelligence Team (GRIT) discovered malicious activity while responding to an incident that began with the exploitation of TeamCity vulnerabilities for initial access, resulting in deploying a novel implementation of a PowerShell backdoor.

Through their analysis, GuidePoint Security ultimately identified the threat actor group behind the attack and provided highly confident attribution to the BianLian ransomware group.

In this technical blog, Drew Schmitt, Practice Lead, GRIT, breaks down BianLian’s use of a novel PowerShell backdoor following the exploitation of TeamCity vulnerabilities.

The research deep dives into BianLian’s exploitation of TeamCity vulnerabilities and post-exploitation behaviors, BianLian’s PowerShell implementation of their GO backdoor, and attribution of the PowerShell backdoor to BianLian.

You can read the details in their new blog, now live at https://www.guidepointsecurity.com/blog/bianlian-gos-for-powershell-after-teamcity-exploitation/.

Leave a comment »

A Disney+ Email #Scam Is Making The Rounds

Posted in Commentary with tags on March 9, 2024 by itnerd

I’ve come across a Disney+ Email scam that you should be aware of that is pretty interesting as this is the first Disney+ scam email that I have come across.

Let’s start the email that you get:

This email by scam standards is pretty good. But I will note the following. For starters, it never mentions you by name. That’s because this email is emailed out to thousands of people hoping that someone will take the bait. Then there’s where this email is sent from:

That’s not a Disney+ email. And as far as I know, they have chat and phone resources for account and billing issues. So that’s a #Fail. Next is this:

That link clearly doesn’t go to a website that is controlled by Disney+. Thus this is clearly a scam and you should delete this email immediately if you get it. But since I work to expose these scams, I’m not going to do that. But to be clear, don’t be me as I am a trained professional.

Clicking that link takes you here:

First you go to a CAPTCHA. But it’s a demo likely “borrowed” from the company. It even says so in the top left. And that’s where you’ll also notice that these losers are using a WordPress site to pull this off. The “W” next to the words “Captcha Demo” are the big giveaway. Once you get past that, you go here:

This is a fake Disney+ login page. I typed a fake email address and password in and I got past this. That could mean that they are trying to capture credentials, or this is just a gateway to their ultimate goal. Either is possible. Next up is this:

They’re clearly trying to steal your credit card details. And they have logic built into this website to make sure that the card number is valid. Thus at the very least, these threat actors are trying to steal your credit card info. At worst, they’re also trying to snatch your login details to Disney+. It would be a shame for these threat actors if I sent this information to Disney+.

Oh wait. I did before posting this.

In any case, this email illustrates why you need to be careful and closely look at anything that hits your inbox as anything could be a scam email that could catch you out.

Leave a comment »

Guest Post: Election Officials, Poll Workers and Other Public Servants Face A Threatening Weapon: Their Own Private Info

Posted in Commentary with tags on March 9, 2024 by itnerd

Here’s what election staffers can do right now to block potential attackers from uncovering who they are

Byline: Dimitri Shelest, CEO and founder, Onerep

Jan. 6, 2021 is a day mother-and-daughter Georgia poll workers Ruby Freeman and Wandrea Moss will never live down. 

As a mob was attempting to disrupt Congress’s official declaration of Joe Biden as the winner of the 2020 presidential election, about 640 miles away, Freeman and Moss’s home was being stormed by an equally-incensed, if somewhat smaller, crowd. 

Freeman and Moss had already been through a month of harassment and menacing calls after a video falsely claiming the poll workers purposely mishandled ballots on Election Day began to be heavily circulated across the web.

The Capitol’s location is public and well known. But the Freemans’ Atlanta-area home should have been comparatively anonymous. Of course, finding even the most private, least-known individual’s’ personally identifiable information — their home and work addresses, their cell phone number, their family members, their social security information — is barely a Google search away these days.

“I’ve lost my name and I’ve lost my reputation,” said Freeman in her blistering testimony in June 2022 before a House of Representatives committee investigating the Jan. 6 unrest at the Capitol. 

While the Freemans have won their days in court — and settled with some of their other tormentors — their experience and other similar forms of harassment have raised fear among the people charged with upholding election integrity.

Thousands of election officials and staffers have endured similar hostility in the last four years. Arizona Republican State House Speaker Rusty Bowers was met with relentless protests at his home, some of whom arrived armed. Georgia’s Republican Chief of State Gabriel Sterling, who oversaw the state’s election integrity, received images of a noose and accusations of treason. His colleague, Secretary of State Brad Raffensperger, reported that protesters invaded his daughter-in-law’s home and threatened his wife.

About 11% of current election officials said they are “very or somewhat likely to leave” their posts before the 2024 general election, according to a survey from the Brennan Center, which noted that 1-in-5 poll workers know someone who left their election job due to threats against their safety. Meanwhile, women, who comprise about 80% of election administrators, are at a greater risk of attacks and harassment, according to a study by the Voting Rights Lab.

These incidents against unsung public servants show how many innocent civilians could be at risk of having their personal information weaponized by political partisans. But there are clear steps that all of us can take to diminish the threats.

How did we get here? Even the most experienced internet users are often in the dark about how seemingly “private” information can be gleaned by those with malicious intent to pressure them over otherwise innocuous, politically impartial activity. 

Specialty websites like VoterRecords.com and various data brokers expose personal and political information, allowing for easy access to comprehensive individual profiles (for a relatively nominal fee, of course). That access has simplified targeted attacks and undermined the common belief in the confidentiality of voter registration and preferences.

Partisans Are Sharpening The Weapons: Your Info

As Election Day on November 5 draws near, traditional forms of civic engagement like peaceful protests and writing to editors or legislators are considered outdated or ineffectual by a growing cohort of self-appointed “election defenders.” 

An increasing number of partisans believe that to ensure their vote counts, they must actively fight for their cause. Election workers, perceived as hostile, are targeted through the malicious use of their personal information.

Although these armchair info detectives tend to act alone, their methods can often miss the intended, if still undeserving, target and hit another. Anyone with a name and location close to matching an election staffer could find themselves in a partisan’s virtual crosshairs.

Practical Steps for Protection

It’s always possible to scrub personal information from the web, but there are several proactive steps individuals on the election frontlines can take to guard their privacy right away:

  • Opt-Out of People Search Sites: Regularly remove your data from websites like Whitepages, Spokeo, and BeenVerified to minimize your digital footprint.
  • Shine Light On The Dark Web: Use services like credit monitor Experian, which can provide a “scan” of  your information and alert you if private details about you are  being traded on the “dark web,” a common venue for doxxing and harassment.
  • Enhance Social Media Privacy Settings: Tightly control who has access to your personal information on social media platforms, sharing details sparingly.
  • Use a PO Box and Google Voice Number: Shield your real address and phone number from public records by using alternative services for mail and calls.
  • Secure Your Voter Registration Details: In some states, you can make your voter registration confidential, especially if your profession or situation demands higher privacy levels.
  • Regularly Monitor and Secure Your Online Presence: Employ tools like Google Alerts to keep tabs on mentions of your name and update your passwords and security settings frequently.

Since 2020, 14 states have introduced laws to safeguard election officials and poll workers, with measures varying across the board, a study by the National Conference of State Legislatures noted in Dec. 2023. Ten of those states now penalize intimidation and interference against these workers through potential jail time and fines. 

Maine mandates de-escalation training for election staff, while Arizona, California, Oregon, and Washington offer them inclusion in address confidentiality programs. Washington additionally takes a stand against cyber harassment, highlighting a growing recognition of the need to protect those at the forefront of upholding democratic processes.

These legal protections are encouraging. They add some sharp teeth to previously weak laws designed to curtail these kinds of cyber attacks against election administrators and staffers. But they won’t deter the most committed — and dangerous — partisans from hunting down vulnerable civil servants. When it comes to real prevention, the people who ensure  our voting rights must take on the job of protecting themselves before becoming a potential victim.

Leave a comment »

Microsoft Releases More Details On Being Pwned By Midnight Blizzard

Posted in Commentary with tags on March 8, 2024 by itnerd

Remember when Microsoft got pwned by Midnight Blizzard and Microsoft said this:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.  

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.  

Well, Microsoft has altered their tune. Now they’re saying this:

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. 

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024. 

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.  

 Shawn Loveland, COO, Resecurity had this to say:

It is well known that Microsoft expends significant resources to protect its assets. Their security posture is world-class. However, this example shows that even world-class security processes and technologies can be bypassed by threat actors ranging from opportunistic script kiddies to well-resourced state actors. Microsoft, as with most defenders, has become overly reliant on legacy technologies and processes, a digital version of the Maginot Line. Companies need to evolve to a defense in-depth strategy, which includes offensive defenses that incorporates what threat actors are doing and preparing for outside of their perimeter, which gives them visibility from the attacker’s perspective.

It will not surprise me if Microsoft changes its tune again when more information about what happened is discovered. While the ideal situation is not to get pwned in the first place, this incident illustrates why you need to really go deep into the weeds if you do get pwned.

Leave a comment »

CISA/NSA Releases Info Sheets To Help To Enhance Cloud Security

Posted in Commentary with tags , on March 8, 2024 by itnerd

The NSA and CISA released five Cybersecurity Information Sheets in an alert to enhance cloud security, providing crucial recommendations, best practices, and mitigations for securing cloud environments. 

 Matt Muir, Threat Research Lead at Cado Security had this comment:

“It’s reassuring to see these agencies highlight the differences between cloud and on-premise security practices, along with providing tailored advice for securing the cloud in particular. Hopefully, the advice will give organizations the nudge they need to recognise the wider threats and implications of cloud adoption. By taking heed of this advice and implementing appropriate controls, organizations can mitigate the pervasive threat of cloud attacks.”

The only comment that I have is whether organizations will take heed of this advice. It’s good advice. But many organizations still have the view that the cloud is safer than on-premise. That needs to change.

UPDATE: Dave Ratner, CEO, HYAS adds this:

   “As an increasing number of organizations are utilizing MSSP and MSP providers for cyber security and related functions, it’s imperative to have guidance both for the organizations utilizing them as well as the MSSP and MSP providers themselves. Since criminals and bad actors will often go after the weakest link in the chain, everyone needs to consider cyber resiliency as paramount and understand both how the MSSP/MSP providers will enable it for each client organization, as well as how the MSSP/MSP’s will enable it for themselves. Anyone without a solid cyber resiliency strategy in 2024 is putting themselves at risk.”

Leave a comment »

Women-led tech startups LyfeMD, Roga and Granularity received $230,000 CAD at DMZ’s Women Innovation Summit

Posted in Commentary with tags on March 8, 2024 by itnerd

Toronto Metropolitan University’s DMZ held its second annual Women Innovation Summit, where 10 women-led tech startups had the opportunity to pitch their businesses to angel investors from The Firehood to secure cash investments.  

DMZ hosted the Summit at its Toronto headquarters in honour of International Women’s Day. The day-long event featured curated activities to empower and celebrate women in entrepreneurship and business. These included intimate roundtables that encouraged candid discussions around women’s empowerment, the unveiling of DMZ’s 2024 Women of the Year recipients, and a pitch competition in partnership with The Firehood, an angel group committed to fueling women-led tech innovations.

The pitch competition, which received over 160 applications to participate from coast to coast, heard from 10 women-led startups and awarded a total of $100,000 CAD to: 

  • LyfeMD, a Calgary-based startup that offers an evidence-based platform transforming the management of inflammatory diseases, received $60,000 CAD.  
  • Roga, a Toronto-based startup that provides a mental healthcare platform and wearable non-invasive brain stimulation device designed to reduce employee anxiety, received $40,000 CAD. 

Following the pitch results reveal, The Firehood also announced an additional $130,000 CAD investment in DMZ alum Granularity, an AI-powered platform empowering retailers and brands to stay ahead of viral social media and search trends.

The Summit also unveiled DMZ’s 2024 Women of the Year recipients. Created to honour women in Canada’s tech and business community, the annual award recognizes an esteemed list of individuals for their outstanding accomplishments and impact. 

DMZ’s 2024 Women of the Year award recipients include: 

  • Amber Mac, President of AmberMac Media Inc. 
  • Ashley Wright, Founder and CEO of The Wright Success 
  • Fatima Zaidi, Founder and CEO of Quill  
  • Helen Ahrens, Chair of OUT at Shopify and Senior Merchant Success Manager of Key Accounts  
  • Helen Huang, Co-Founder of Co.Lab 
  • Shriya Gupta, CEO and Co-Founder of Daily Blends 
  • Stephanie Curcio, CEO and Co-Founder of NLPatent  
  • Sylvia Ng, CEO of ReturnBear 
  • Rhiannon Davies, Co-Founder and Managing Partner of Sandpiper Ventures 

For more information on DMZ Women of the Year award recipients, head over to dmz.to/woty2024

Beyond the Women Innovation Summit, DMZ’s Women Innovation Programs provide women entrepreneurs with additional opportunities and specialized support to accelerate their growth, like exclusive community events, mentorship opportunities, a peer network and connections to investors – on top of DMZ’s standard programming all members receive.  

Formally announced at the Women Innovation Summit, DMZ will now provide a $5,000 grant for women founders accepted into their Pre-Incubator program and a $10,000 grant for women founders accepted into their Incubator program. Additionally, women founders in their Incubator program can tap into a pool of $5,000 each to cover approved business expenses.

Following the Summit, DMZ is gearing up to launch an impact report showcasing the breadth and significance of the Women Innovation Summit. Crafted to encapsulate and distribute valuable insights from the event, the report will be widely shared with the ecosystem and organizations committed to empowering women innovators.

To learn more about how DMZ supports women-identifying founders to build and grow their startups, head to dmz.to/WIP.

Leave a comment »

« Older Entries
Newer Entries »