Apple’s Plan To Deal With Massimo Is To Win On Appeal Or Let The Clock Run Out

Posted in Commentary with tags on March 13, 2024 by itnerd

I have to admit that when I heard about this, my first thought that Apple was being super crafty here. What I mean by “this” is this report is this one by MacRumors where they talk about how Apple got around the pulse oximetry ban that came about via the patent lawsuit that Masimo brought against Apple:

The original January 12 order from CBP that allowed Apple to bring Apple Watch models with a disabled sensor in the United States was published recently (via ip fray), and it gives some insight into how Apple disabled pulse oximetry. While some of the order is redacted, Apple implemented a fix that turns off pulse oximetry when an Apple Watch is paired to an iPhone. Blood oxygen sensing becomes inaccessible to the user, and opening the blood oxygen app gives a warning that the feature is not available. Apple said that it hardcoded each Apple Watch at the factory with new software.

As part of the process to get approval to sell ‌Apple Watch Series 9‌ and Ultra 2 models without pulse oximetry enabled, Apple had to provide the code disabling the feature and test devices to Masimo. Masimo didn’t want Apple to have such an easy fix, so it paired the “redesigned” Apple Watches with a jailbroken ‌iPhone‌ running an older version of iOS, and was able to get pulse oximetry working.

Masimo tried to argue that activating pulse oximetry through a jailbroken phone meant Apple had not effectively removed the feature and the devices should not be allowed to be imported in to the U.S. Masimo also tried to say that jailbreaking is “permissible, common, and readily known,” but Masimo’s arguments were unsuccessful. The Exclusion Order Enforcement Branch of the U.S. Customs and Border Patrol ultimately decided that disabling pulse oximetry in the ‌Apple Watch Series 9‌ and Ultra 2 was enough to avoid infringing on Masimo patents, allowing those models to be offered for sale at Apple retail stores in the U.S.

Because Masimo was able to get blood oxygen sensing working using software on a jailbroken ‌iPhone‌, Apple too would be able to reactivate the blood oxygen sensor in the models where it has been disabled through a software update. When no longer subject to an import ban, Apple will be able to reintroduce blood oxygen sensing for ‌Apple Watch Series 9‌ and ‌Apple Watch Ultra 2‌ users who are not able to access the feature.

As noted by ip fray, the patents that Apple was found to have infringed on expire in August of 2028, which means that Apple will be able to re-enable pulse oximetry in affected models at that time. Apple filed an appeal with the United States International Trade Commission to attempt to get the ruling overturned, so if the appeal is successful, Apple could be able to re-add blood oxygen sensing sooner.

That’s pretty crafty by Apple seeing as they have no interest in coming to a settlement with Masimo. Likely because everyone and every company that Apple has “Sherlocked” over the years would come out of the woodwork to get paid as well. So that makes letting the clock run out or winning on appeal the best options for the folks at Apple Park. Let’s see how well that works out for them.

Leave a comment »

WH Proposes Budget Seeking To Boost Cybersecurity

Posted in Commentary with tags on March 13, 2024 by itnerd

On Monday, the White House’s proposed a budget for fiscal year 2025 calling for $13 billion of the $1.67 trillion discretionary spending to go to cybersecurity funding for civilian agencies, including additional investments to the DOJ, Homeland Security and Health and Human Services to bolster digital defenses.

The White House’s proposal seeks $3 billion for CISA, which is a $103 million increase from the 2023 enacted budget. The funding would include:

  • $470 million to deploy network tools like endpoint detection and response capabilities for federal assets
  • $394 million for its internal cybersecurity and analytical efforts
  • $116 million to oversee the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022
  • $41 million for “critical infrastructure security coordination”  

Also notable is the proposed funding for healthcare cybersecurity efforts:

  • $800 million to help “high need, low-resourced hospitals” cover the initial costs of implementing basic cybersecurity practices 
  • $500 million incentive program for more robust digital defenses
  • $141 million for HHS’s own security, including $11 million to better protect health information

The budget also includes a handful of other proposals aimed at improving cybersecurity including:

  • The National Highway Traffic Safety Administration’s Office of Automation Safety to “address vehicle cyber security risks,” as well as AI risks
  • The Department of Energy would receive $455 million “to extend the frontiers of AI”, in addition to its cybersecurity efforts
  • Military cybersecurity spending would be $7.4 billion, with another $6.4 billion for activities such as cyberspace operations and $630 million for R&D
  • The Department of Defense total would be $14.5 billion which is an increase from $13.5 billion since last year

The budget would also add additional funding to address workforce challenges via minority-serving institutions.

The next immediate deadline for government spending is March 22, when the continuing resolution funding DHS, DOD and other agencies expire. 

Emily Phelps, VP, Cyware had this to say:

   “The White House’s emphasis on cybersecurity in the 2025 budget reflects a strong commitment to national and economic security. This significant investment reinforces the importance of collaborative efforts between public and private sectors to combat sophisticated and persistent cyber threats. By focusing on key areas such as healthcare cybersecurity and leveraging advancements in AI and military defenses, the budget aims to fortify the resilience of our critical infrastructure, economy, and the protection of citizens and industries against the concerted efforts of threat actors.”

This is a good move by The White House to keep cyber assets safe. Hopefully this is a budget that can get through The House and Senate as this is something that the nation needs.

Leave a comment »

Town Of Huntsville Pwned In Cyberattack

Posted in Commentary with tags on March 12, 2024 by itnerd

Joining the City of Hamilton who is recovering from being pwned in a cyberattack is the City of Huntsville which is north of Toronto Canada. I know this because of this notice posted on their website:

The Town of Huntsville continues to work with experts to investigate the cybersecurity incident that occurred over the weekend. Upon discovering this incident, we initiated our incident response protocol and we took immediate steps to secure our network against further unauthorized activity.


The investigation, led by the cybersecurity specialists the Town has engaged, is currently ongoing. At this time, we have no evidence any sensitive data, including personal information, has been compromised; however, if this is discovered the appropriate steps will be taken.


March 11, 2024 – Updates:

  • Town Hall will remain closed to the public on Tuesday, March 12, 2024. The Canada Summit Centre is open; camp and town programming is operating at that facility. The Algonquin Theatre day camp will also operate. The Library will reopen on March 12 to the public and programs will be available.
  • The Municipality has taken precautionary measures, which has impacted some of our systems and online services, including some municipal and Council email addresses. Customer service representatives are available by phone at 705-789-1751.
  • The Regular Planning Committee Meeting on March 13 and the Special Council Meeting on March 13, have been cancelled and will be rescheduled. The Library Board Meeting Scheduled on March 12 has been cancelled and rescheduled for March 26, 2024.

The Town is committed to being as transparent as possible regarding this incident and its implications for our community. This type of incident takes time to investigate, and we would like to thank the community for their patience.

I love the words “At this time, we have no evidence any sensitive data, including personal information, has been compromised; however, if this is discovered the appropriate steps will be taken” because it is highly likely that they have no clue if anything has been taken. And given what’s written above, this is clearly crippling. I hope they live up to their pledge to being “as transparent as possible regarding this incident and its implications for our community” because everyone needs to know how this happened, and what they are going to do to ensure that it doesn’t happen again.

Leave a comment »

Fubo Canada Serves Up A Limited Time Promo Offer

Posted in Commentary with tags on March 12, 2024 by itnerd

Fubo, the leading sports-first live TV streaming platform, is offering Canadians an exciting, limited time offer for subscribers on its Sports Quarterly or Annual plan, starting as low as $12.50 a month.  

Until May 3, 2024, new subscribers can save 38 per cent off for six months (savings of $25.00) on the Quarterly plan, or 32 per cent off for twelve months (savings of $70.00) on the Annual Sports plan, bringing Canadians more of the content they love, for less. With this plan, subscribers can watch Premier League, Serie A, Coppa Italia, Global news, HGTV, Disney Channel and more. 

Canadians can learn more and take advantage of this limited time offer at this link: Watch the Premier League all season | Fubo 

Leave a comment »

Stanford University Pwned…. 27,000 People Affected

Posted in Commentary with tags on March 12, 2024 by itnerd

Stanford University has notified victims of a data breach in which the personal info of more than 27,000 people was accessed. The ransomware gang known as Akira was able to gain access to the schools Department of Public Safety’s network from May 12th until September 27th, 2023. The data collected includes DOBs, SSNs, Gov ID #’s, passport #’s, driver’s license #’s and, for some victims, biometric data, health/medical info, email addresses and passwords, and more. 

Darren Williams, CEO and Founder, BlackFog had this to say:

     “The attack on Stanford University highlights the need for consistent monitoring of data leaving the network. With hackers successfully exfiltrating sensitive data, the victims of this attack will no doubt be dealing with relentless extortion attempts going forward. As with many attacks, hackers were able to bypass perimeter defense tools and spend months lurking in the system undetected. To really mitigate the risk of data breaches organizations must look past perimeter defense and focus on protecting the back door with anti data exfiltration solutions.” 

I for one am a bit bothered by two things. One is that the event happened between May and September of last year. Second is that we’re only finding out about it now. That gives threat actors a whole lot of time to use that data for whatever evil purposes that they desire. Which isn’t a good thing for the victims involved.

Leave a comment »

French Government Agencies Hit By DDoS Attack

Posted in Commentary with tags on March 12, 2024 by itnerd

Since the weekend, numerous French government agency websites have been the targets of a DDoS or Distributed Denial of Service Attack. The Record has details:

A number of French government agencies have been hit by “intense” cyberattacks, the prime minister’s office announced on Monday.

The nature of the attacks, which began on Sunday night, has not been confirmed although the description is consistent with distributed-denial-of-service (DDoS) attacks.

The French government said the attack was “conducted using familiar technical means but of unprecedented intensity.”

DDoS attacks are not capable of stealing information, although they can prevent people from accessing a network resource because they flood the servers with junk requests.

Ken Westin, Field CISO, Panther Labs had this comment:

French companies and government agencies should be vigilant, although DDoS attacks themselves may pose limited risk, they’re also often a smokescreen for more sophisticated attacks where intrusion into networks occurs. The DDoS activities can reveal vulnerabilities, as well as an organization’s counter measures, and distract defenders from a more serious threat.

The Record story seems to imply that the French government has this under control. And hopefully I won’t be back in a few months saying that they’ve been pwned by hackers or something like that.

Leave a comment »

INKY Serves Up A New Fresh Phish Regarding Adobe And Constant Contact

Posted in Commentary with tags on March 12, 2024 by itnerd

INKY has published a new Fresh Phish talking about a complicated scheme leveraging legitimate Adobe and Constant Contact tools in a multi-layered attack.

Techniques include:

  • Personalized phish — algorithms that extract the recipient’s domain and impersonate that domain to create a unique phish for each recipient.
  • Image-based phish — textual phish message is embedded in an image.
  • Malicious QR code- conceals the malicious URL from recipients and security software.
  • Brand impersonation — uses company logos and trademarks to impersonate well-known brands in order to make an email or malicious site look more legitimate.
  • Advanced fees scam — occurs when a victim thinks they are logging in to one of their resource sites but are really entering payment information into a dialog box owned by the attackers.

You can read the report here.

Leave a comment »

BlackFog Strengthens Leadership Team with Two Key Appointments 

Posted in Commentary with tags on March 12, 2024 by itnerd

BlackFog, a leader in ransomware protection and anti data exfiltration technology, today announced two key appointments to its leadership team, welcoming Roger Cobb as Senior Vice President Sales and Jonathan Glass, as Vice President of Engineering.  

Cobb brings a wealth of industry experiences in consulting, sales, and security and will be leading the team in driving new business opportunities across North America. A graduate of Colorado State University, he joins BlackFog from HUMAN, where he was Senior Director, Anti Fraud. Prior to his time at HUMAN, he helped to build the channel processes at several IT and security startups including FishNet/Optive Security, Zscaler and Malwarebytes.  

A startup founder himself, Glass will be responsible for growing the engineering team and overseeing product development across different platforms including, desktop, mobile and cloud for BlackFog’s ADX (Anti Data Exfiltration) technology.  

Glass is an experienced developer and software architect and was most recently Senior Director of Engineering at ESO. He brings more than 15 years of experience in leading and growing large engineering teams with agile development processes and holds a Masters in Engineering from Cambridge University. 

Leave a comment »

Small Businesses Often Hit by Common Cloud Vulnerabilities and Threats

Posted in Commentary with tags on March 12, 2024 by itnerd

Small businesses are turning to the cloud in order to increase efficiency and operational capacity. Along with these benefits comes increased security risks, cloud vulnerabilities and threats to small businesses.

Here are some thoughts from Mike Walters, President and co-founder of Action1, who works directly with small businesses on vulnerabilities. Mike is the President and co-founder of Action1 Corporation, which provides risk-based patch management software. Mike has more than 20 years of experience in cybersecurity. Prior to Action1, Mike co-founded Netwrix, which was acquired by TA Associates.

  • What are common cloud vulnerabilities and threats for SMBs in 2024? In 2024, common cloud vulnerabilities and threats for small and medium-sized businesses (SMBs) are expected to include unauthorized access to sensitive data due to misconfigurations, weak passwords, exploitation of software vulnerabilities, or phishing attacks. Insecure APIs can also be a problem, exposing cloud services and data to unauthorized users or malicious actors. Malicious or negligent employees can cause data leaks of confidential information. And, of course, misconfigured cloud resources can lead to unintended access or data exposure. Supply chain attacks can also be very dangerous, as cloud infrastructure and MSP services can be an entry point to the SMB’s critical infrastructure and confidential information. Last but not least, non-compliance with data privacy and security regulations can result in fines and reputational damage, as SMBs are primarily focused on the bottom line and ignoring compliance can limit the pace of revenue generation.
  • What steps should SMBs take to safeguard their cloud operations? To secure their cloud operations, SMBs should implement strong access controls – use multi-factor authentication (MFA), least privilege access, and role-based access control (RBAC). Plus, they should review and update access privileges regularly. To secure APIs, SMBs need to implement API gateways, use encryption, and enforce authentication and authorization for API access. It includes regularly auditing API usage and monitoring for anomalies. SMBs need to regularly scan for misconfigured resources and automate remediation where possible. The same goes for vulnerabilities; patching must be automated. Regular security awareness training for employees focusing on cloud security best practices, phishing, and data protection is also very important. Finally, don’t forget about compliance: conducting regular audits and assessments to ensure compliance with relevant regulations such as GDPR, HIPAA, or PCI DSS, and so on, is essential to ensure cybersecurity.

Leave a comment »

Newly-Found Google Gemini Vulnerablities Give Attackers Control Over Users’ Queries & Content

Posted in Commentary with tags on March 12, 2024 by itnerd

Gemini is Google’s newest family of Large Language Models (LLMs). The Gemini suite currently houses 3 different model sizes: Nano, Pro, and Ultra.

Although Gemini has been removed from service due to politically biased content, new findings from HiddenLayer – unrelated to that issue – analyze how an attacker can directly manipulate another users’ queries and output, which represents an entirely new threat. These vulnerabilities were disclosed to DeepMind per responsible disclosure practices.

While testing the 3 LLMs in the Google Gemini family of models, HiddenLayer found multiple prompt hacking vulnerabilities, including the ability to output misinformation about elections, multiple avenues that enabled system prompt leakage, and the ability to inject a model indirectly with a delayed payload via Google Drive. These vulnerabilities enable attackers to conduct activities that allow for misuse and manipulation. In new research released from HiddenLayer today, “New Google Gemini Content Manipulation Vulns Found – Attackers Can Gain Control of Users’ Queries and LLM Data Output – Enabling Profound Misuse,” HiddenLayer deep dives into these vulnerabilities, including a proof-of-concept of an Indirect Injection.

Who should be aware of the Google Gemini vulnerabilities:

  • General Public: Misinformation generated by Gemini and other LLMs can be used to mislead people and governments.
  • Developers using the Gemini API: System prompts can be leaked, revealing the inner workings of a program using the LLM and potentially enabling more targeted attacks.
  • Users of Gemini Advanced: Indirect injections via the Google Workspace suite could potentially harm users. The attacks outlined in this research currently affect consumers using Gemini Advanced with the Google Workspace due to the risk of indirect injection, companies using the Gemini API due to data leakage attacks, allowing a user to access sensitive data/system prompts, and governments due to the risk of misinformation spreading about various geopolitical events.

Gemini Advanced currently has over 100M users, and so the ramifications of these vulnerabilities are widespread. With the accelerating adoption of LLM AI, companies must be aware of implementation risks and abuse methods that Gen AI and Large Language Models offer in order to strengthen their policies and defences.

Here is a link to the report :https://hiddenlayer.com/research/new-google-gemini-content-manipulation-vulns-found/

Leave a comment »

« Older Entries
Newer Entries »