NSA Issues Guidance On Adopting A Zero Trust Stance

Posted in Commentary with tags on March 7, 2024 by itnerd

The National Security Agency has issued new guidance for adopting zero-trust network principles: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar. 

The NSA first issued guidance for a zero-trust (ZT) framework in February 2021, inspired by the 2020 Verizon breach and then again in April 2023 with – Advancing Zero Trust Maturity Throughout the User Pillar

This week’s release focusses on the third pillar of the seven ZT pillars, the network and environment component of Zero Trust, comprised of hardware and software assets, non-person entities, and protocols for inter-communication.

The Zero Trust maturity model network is secured in-depth through key functions of the four networking and environment pillar capabilities:

  • Data flow mapping
  • Macro segmentation
  • Micro segmentation
  • Software Defined Networking

The NSA CSI, Embracing a Zero Trust Security Model, defines the concept of ZT as a security strategy with core principles: acknowledgement of the ubiquity of cyber threats, and elimination of implicit trust favoring instead continuous verification of all aspects of the operational environment.

A zero-trust security model requires stringent access controls for accessing network resources, whether inside or outside the physical perimeter, to limit the breach consequences.

In contrast to the conventional IT security model, where all network entities are presumed trustworthy, zero-trust architecture assumes the presence of existing threats and restricts network access accordingly.

Mark Cooper, President & Founder, PKI Solutions had this comment:

   “Public Key Infrastructure (PKI) supports the zero-trust model by managing and securing digital certificates and keys. PKI is core to critical infrastructure protection environments. It ensures authenticated and encrypted communication within a network, aligning with zero-trust principles by verifying every user and device before granting access. PKI is core to critical infrastructure protection environments. What is often missing and overlooked is the required level of posture management that focuses on proactive monitoring for misconfigurations and remediating them before they become vulnerabilities that get exposed. “

   “This approach highlighting the required level of security posture management complements the NSA’s guidance by enhancing trust verification and limiting adversaries’ network access.”

I’m a big fan of zero trust as it reduces the chance that you could get pwned by a threat actor. Which is why I am glad that the NSA is offering guidance that organizations of all sizes should be following.

Leave a comment »

LinkedIn Takes A Dirt Nap [UPDATE: Fixed]

Posted in Commentary with tags on March 6, 2024 by itnerd

For the second straight day, we have an online service that has fallen and can’t get up. This time it’s LinkedIn. This is what my LinkedIn app looks like at the moment:

And Down Detector confirms that they have issues:

You will also note that Twitter and Facebook apparently have issues. I can’t find any evidence that Twitter has issues. Though given Twitter’s track record under Elon Musk, it would not be a shock if they did. I also don’t see evidence that Facebook is currently down. But they were down 24 hours ago so who knows. In any case, I’ll be watching this and providing updates when there are any.

UPDATE: This is now fixed.

Leave a comment »

PoC & IoCs for Progress Sw. OpenEdge Authentication Bypass Vulnerability

Posted in Commentary with tags on March 6, 2024 by itnerd

Zach Hanley, Horizon3ai Chief Attack Engineer, has just published CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive, a deep dive with a proof of concept link and indicators of compromise on the vuln in Progress Software’s OpenEdge application development suite.

The post follows the February 27, 2024, security advisory Progress issued for OpenEdge, their application development and deployment platform suite, warning of an auth bypass vuln impacting some platform components, stemming from a failure to properly handle username and password. Certain unexpected content passed into the credentials enables unauthorized access without authentication.  

The Progress advisory linked below notes: “When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins. Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM), it also utilizes the OS local authentication provider on supported platforms to grant user-id and password logins that may also lead to unauthorized login access.”

Links:

Leave a comment »

Mission Cloud Achieves the AWS Generative AI Competency

Posted in Commentary with tags on March 6, 2024 by itnerd

Mission Cloud, a US-based Amazon Web Services (AWS) Premier Tier Services Partner, announced today that it has achieved the AWS Generative AI Competency in the category of Consulting Services. This specialization recognizes Mission Cloud as an AWS Partner that helps customers and the AWS Partner Network (APN) drive the advancement of services, tools, and infrastructure pivotal for implementing generative AI technologies.

Achieving the AWS Generative AI Competency in the category of Consulting Services differentiates Mission Cloud as an AWS Partner that has demonstrated technical proficiency and proven customer success empowering businesses to build a successful future in the cloud with AI technologies and by delivering a full suite of solutions that leverage AWS. Mission Cloud possesses the experience and expertise demonstrated through successful projects addressing customer challenges using generative AI solutions. These solutions enable digital transformation strategies for augmenting customer experience, delivering hyper-personalized and engaging content, streamlining workflows, and delivering actionable results powered by generative AI technology from AWS.

The AWS Competency Program aims to assist customers in connecting with AWS Partners who possess extensive knowledge and technical expertise in using AWS technologies and best practices to adopt generative AI. These AWS Partners facilitate the seamless integration and deployment of AWS-based solutions to meet the unique needs of all customers, from startups to global enterprises.

Mission Cloud provides AI services and software for businesses on AWS by using generative AI to scale existing models and build new, secure applications. Mission Cloud’s team of experts considers the unique needs of companies, offering customized solutions and strategic guidance for professional services projects.

Mission Cloud is a leading born-in-the-cloud managed services, consulting provider, and Amazon Web Services (AWS) Premier Tier Services Partner at the forefront of generative AI technology. We help innovative companies use gen AI to scale existing models or build new, groundbreaking applications. Mission Cloud empowers businesses to build a successful future in the cloud with the broadest capabilities, software, and services. Our team of AWS experts empowers businesses to migrate, manage, modernize, and optimize their cloud environments, ensuring a successful future in the cloud. 

Leave a comment »

Metomic For Slack Up-Levels Data Security and Compliance 

Posted in Commentary with tags on March 6, 2024 by itnerd

 Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, GenAI and cloud applications, today announced Metomic for Slack Enterprise. By partnering with Slack, Metomic gives security teams full visibility and control of sensitive data sent across an organization’s entire Slack workspace. Metomic for Slack enables heightened levels of security within public, private and Slack Connect channels by identifying vulnerable information that has been shared on the app and pinpointing critical security and compliance risks, such as PCI DSS, HIPAA, GDPR, and more.

As a verified Slack DLP Partner, Metomic for Slack Enterprise enables compliance and security teams to automate data security tasks on Slack, such as data redaction, data retention, data quarantining, and employee notifications. Metomic’s workflow-based setup makes it easy to begin monitoring Slack conversations in real-time, significantly minimizing the risk of data leaks and compliance breaches on the platform. Using pre-built classifiers and policies, companies can implement Metomic for Slack to identify common data security risks.

Slack is one of the world’s most popular collaborative work apps, with industry reports claiming the platform has as many as 35 million daily active users. According to Slack’s own data, more than 80% of Fortune 100 companies rely on the app to drive productivity across their organizations. Its ease of use and wide adoption rates—along with its distinct ability to integrate with thousands of other work apps—make Slack everyone’s favorite collaborative app, but its lack of end-to-end encryption opens the platform up to serious data security risks. 

Metomic for Slack gives companies of all sizes using Slack Enterprise the full benefits of Slack without the data security risks that come with it—it’s the essential data security tool for organizations that rely on Slack to drive productivity across the organization. To learn more or request a personalized demo, visit the Metomic for Slack integration page. 

Leave a comment »

SAP Unveils Data Innovations for AI-Driven Business Transformation

Posted in Commentary with tags on March 6, 2024 by itnerd

SAP today announced transformative data innovations that will help customers harness the full power of their data to drive deeper insights, faster growth and more efficiency in the era of AI. New capabilities in the SAP Datasphere solution, including new generative-AI features, transform enterprise planning through simplified data landscapes and more-intuitive data interaction.

At the heart of these announcements is the business data fabric, an architecture that helps ensure data is not just an asset but also the core underpinning of strategic initiatives. The innovations and partnership announced today equip organizations to deliver meaningful data to data consumers – with business context and logic intact.

Today’s SAP Datasphere innovations help customers achieve a unified data view that simplifies their data landscapes while retaining context and logic – enabling them to adapt faster to market changes and make more-efficient decisions. From new copilot and vector database capabilities that help ensure business context remains constant in generative AI outputs to a new knowledge graph that helps uncover insights and patterns in complex data, SAP’s data innovations help ensure customers have the full power of their data at their fingertips.

Today’s key innovations include:

Generative-AI Copilot and AI Governance

SAP’s generative-AI assistant, the Joule copilot, is now coming to the SAP Analytics Cloud solution to automate the creation and development of reports, dashboards, plans and more. This automation is enabled by the SAP HANA Cloud vector engine capabilities, which combine the power of large language models with the relevant data of your organization – helping ensure business context is a constant for generative-AI outputs. 

Incorporating generative AI across the business isn’t possible without trusted and governed data. To provide organizations with a solution to govern the policies, processes and practices of AI, SAP is announcing an expansion of our partnership with Collibra to integrate Collibra’s AI Governance with SAP data assets. This can help provide transparency and accountability for organizations and help ensure regulatory, compliance and privacy policies are met.

Discover Hidden Insights and Patterns with Knowledge Graph

With the new SAP Datasphere knowledge graph, organizations can discover hidden insights and patterns across their applications and systems. This enables both technical and business users to deeply understand the relationships between data, metadata and business processes, as well as boost the effectiveness of machine learning and large language models.

Unified and Advanced Planning and Analytics

The new SAP Datasphere integration with SAP Analytics Cloud offers a single data management system and advanced analytics to power cross-organizational planning. Planners can leverage a single flexible model to break down silos between planning using one tool for data preparation, modeling and planning.

Additionally, business users can use the new compass capability in SAP Analytics Cloud to realize better outcomes in planning and analytics through data-driven simulation. It enables organizations to run complex simulations using a chat interface to evaluate predictive outcomes and continually adjust controllable variables to find the optimal plan.

This supports customers to transform their planning by unifying financial, operational, supply chain and workforce planning with native connection to SAP applications and third-party data.

To learn more, please read: Unleashing the Latest SAP Data and Analytics Innovations.

Leave a comment »

The Uber driver app is now available on the big screen with Android Auto

Posted in Commentary with tags on March 6, 2024 by itnerd

Uber is announcing that drivers on Uber in Canada with an Android device will now have the ability to use the Uber app directly from their dashboard while using Android Auto. It’s currently being rolled out across the country and all Android drivers will have access by the end of April. 

This means drivers will be able to see demand heatmaps, accept trips, and view navigation right from the dashboard screen in their car.

Uber’s goal is to be the best platform for flexible work in the world, and they’re excited to add support for Android Auto to make using the Uber app on Android even more comfortable, convenient for drivers, and a hassle-free experience. 

This follows the successful rollout of CarPlay integration for the Uber driver app on iPhone last summer. 

Leave a comment »

Salesforce Launches Einstein 1 Studio

Posted in Commentary with tags on March 6, 2024 by itnerd

Today at TrailblazerDX, Salesforce’s developer conference, Salesforce (NYSE: CRM) announced the availability of Einstein 1 Studio, a set of low-code tools that enables Salesforce admins and developers to customize Einstein Copilot — the conversational AI assistant for CRM — and seamlessly embed AI across any app for every customer and employee experience.   

Einstein 1 Studio includes Copilot Builder for creating custom AI actions to accomplish specific business tasks, Prompt Builder for building and activating custom prompts in the flow of work, and Model Builder, where users can build or import a variety of AI models. This enables businesses to deliver trusted AI experiences across Salesforce’s Einstein 1 Platform that are tailored to their customers’ needs.

Why it matters: Enterprises face critical challenges in unlocking the power of AI across their business, with 9 in 10 IT professionals saying generative AI has forced them to change the way new technology is implemented and used. They need intuitive user interfaces that make it easy to interact with AI in the flow of work; AI models to fit their use cases; and access to trusted customer and business data to ground the AI models and ensure accurate, relevant outputs.

Salesforce’s Einstein 1 Platform integrates the user interface, a variety of AI models, and data in a single metadata-driven platform. This is what powers Einstein 1 Studio’s tools, facilitating low-code and no-code customization of Einstein Copilot, as well as building and modifying embedded prompts and actions that seamlessly connect to AI models in the flow of work across every Salesforce app. Einstein 1 Studio is deeply integrated with Data Cloud, which safely unlocks and unifies trapped data and grounds AI models with a comprehensive understanding of customers’ data and metadata. 

every Salesforce app and workflow. This will help companies boost productivity, improve customer experiences, and increase margins. The tools include:

  • Copilot Builder: Create AI actions to accomplish business tasks (beta) — Copilot Builder helps every company configure and customize Einstein Copilot for their business. Salesforce admins and developers can use tools they already have, like Apex, Flow, and MuleSoft APIs, and new generative AI components like prompts, to enable Einstein Copilot to complete tasks in the flow of work. Einstein Copilot can leverage these custom actions to complete tasks across any Salesforce application or external system.
  • Prompt Builder: Craft custom and trusted AI prompts with ease (GA) — ‌Prompt Builder empowers admins and developers to create custom, reusable AI prompts without coding, simplifying complex processes and driving business innovation. This not only broadens the use of generative AI beyond conversational interfaces, but also allows customers to design and repurpose prompts for use across other experiences. For example, a custom prompt can be seamlessly embedded in a contact record as a button, enabling an agent in the contact center to get a snapshot of all escalated cases for a customer in one click.
  • Model Builder: Choose an LLM or build an AI model based on the job to be done (GA) Unlike other solutions that limit businesses to a single Large Language Model (LLM), Einstein 1 Studio provides the flexibility to connect to a variety of AI models. Additionally, Model Builder is a no-code, low-code, and pro-code way for companies to build their own predictive AI models, trained on their Data Cloud data. For generative AI, Model Builder allows customers to select from LLMs managed by Salesforce, or bring their own models. Businesses can use predictive and generative AI models and services from Salesforce partners, including Amazon Web Services (AWS) via Amazon Bedrock and Amazon SageMaker, Anthropic, Azure OpenAI, Cohere, Databricks, Google Cloud’s Vertex AI, and OpenAI, and train or fine-tune select models on Data Cloud data without moving or copying data.

Einstein Trust Layer: Deploy AI you can trust, on your terms: Designed for enterprise AI, the Einstein Trust Layer is a collection of features that help companies benefit from generative AI without compromising security or safety standards. New to the Einstein Trust Layer is customer-configured data masking, enabling admins to select the fields they want to mask, providing greater control. Additionally, the audit trail and feedback data collected from AI prompts and responses is now stored in Data Cloud, where it can be easily reported on or used for automated alerts through Flow and other Einstein 1 Platform tools.

Pricing:

  • Customers can access Einstein 1 Studio by purchasing Einstein 1 Editions or by adding it on to Enterprise or Unlimited Editions. Detailed pricing information is available here.

Global availability:

  • Prompt Builder and Model Builder are now generally available globally. Copilot Builder is available in beta globally. 
  • Einstein 1 Studio currently supports data residency in the United States and the English language.
  • Model Builder support for fine-tuning LLMs on Data Cloud data will be available later this year, starting with Amazon Bedrock, Google Vertex AI, and OpenAI LLMs.

Leave a comment »

The Change Healthcare Hack Has Taken A Weird Turn

Posted in Commentary with tags on March 6, 2024 by itnerd

I’ve been covering the Change Healthcare hack, and you could read my coverage here, here, and here. Brian Krebs has surfaced some information that shows that this story has taken a weird turn. Let’s start with the fact that the ransom has been paid:

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.

Now I am not going to go down the rabbit hole of whether they should have paid the ransom or not. At least not today. But the rabbit hole that I will go down is what happened next:

The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid.

“But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.”

So the affiliate got stiffed for their share of the cash. I believe there is an idiom that goes something like this: No honour among thieves. In any case this has caused BlackCat to shut down:

However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code.

That means that BlackCat will morph and reform into some other entity and keep attacking organizations. Lovely. And there’s still a question as to if the data that was stolen is still out there. The affiliate says that it is, which means that Change Healthcare still has a serious problem. Mark my words, this story is far from over. And it will likely get even more “weird.”

Leave a comment »

New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis, & Confluence 

Posted in Commentary with tags on March 6, 2024 by itnerd

Cado Security has revealed a newly encountered emerging malware campaign targeting misconfigured servers running the following web-facing services: Apache Hadoop YARN, Docker, Confluence, and Redis.

Notably, the new research depicts the exploitation of not just one but multiple services typically deployed in the cloud, deployment of Confluence, demonstrating a willingness to weaponize security research for nefarious purposes, and use of the Platypus reverse shell to maintain access to the host.

You can read the research here.

Leave a comment »

« Older Entries
Newer Entries »