New Research Links Threat Groups to Phishing Campaigns Targeting US Public School Districts

Posted in Commentary with tags on March 6, 2024 by itnerd

PIXM, pioneers of the first real-time AI computer vision solution, has published its latest blog focusing on ongoing phishing activity beginning in November 2023 that is linked to two prominent threat groups: Tycoon and Storm-1575. 

These MFA spear phishing attacks used common attack Phishing-as-a-Service (PhaaS) platforms and stealthy attack patterns – including Adversary-in-the-Middle (AiTM), social engineering, customized logins and robust and large-scale infrastructure – to target officials at large US school districts with the purpose of compromising key administrator email accounts and ultimately delivering ransomware.

In this attack, the school’s Chief of Human Capital and multiple finance and payroll administrators received targeted phishing emails providing them with a link to update their passwords to secure their account. Ultimately, victims were directed to pages requesting two-factor authentication codes, thus completely bypassing MFA protections. 

You can read this blog here: https://pixmsecurity.com/blog/uncategorized/us-public-school-districts-targeted-mfa-spear-phishing-campaigns-on-the-rise

Leave a comment »

US Airman Pleads Guilty To Leaking Classified Documents As History Repeats Itself

Posted in Commentary with tags on March 5, 2024 by itnerd

There has been a guilty plea by Airman Jack Teixeira, a 22-year-old Massachusetts Air National Guardsman, for leaking intelligence information on Discord:

Teixeira has agreed to sit for a debrief with members of the intelligence community and the Department of Defense, court documents say, as well as turn over all relevant documents he has or knows the location of.

In exchange, prosecutors have said that they will ask a judge to impose a sentence of 200 months in prison, or over 16 years. The hefty sentence recommendation is far less time than the potential decades-long prison sentence he could have faced had he not struck a deal. Prosecutors have also promised not to charge Teixeira with additional counts under the Espionage Act, according to court documents.

“Jack Teixeira will never get a sniff of a classified piece of information for the rest of his life,” the US Attorney for the District of Massachusetts Josh Levy said at a news conference following Teixeira’s guilty plea.

“This guilty plea brings accountability, and it brings a measure of closure to a chapter that created profound harms for our nation’s security,” said Matt Olsen, the assistant attorney general for national security at the Department of Justice.

Troy Batterberry, CEO, EchoMark

    “Airman Teixeira sadly destroyed his life through his dishonorable acts that directly harmed our national security. The 102nd Intelligence Wing had their mission paused as a result of Teixeira’s actions… further spreading the pain by those who serve.

    “The situation highlights that airman Teixeira had access to far too much diverse confidential information. Airman Teixeira was only caught because he was sloppy. With just a bit more care, he would never have been caught. Other leakers, who simply exercised a bit more caution, such as the person who leaked the Dobbs Supreme Court ruling to Politico, have never been caught. It highlights a BIG gap in how information is currently protected, and every major organization should be asking what harms an insider could potentially do, and how to prevent insider leaks.. The use of stenography is an exciting new way to prevent leaks from ever happening, and if they still do happen, quickly find the source.

    “Every company and BoD should be asking: Do we have a Jack Teixeira in the organization? What is going to stop that person from leaking or stealing our intellectual property? Stenography can help prevent these highly damaging and sad situations from happening.”

Sadly, just as this was happening, another US airman was indicted for leaking classified docs to a woman he met on a dating app. Clearly the threat of an insider is a real problem.

Leave a comment »

The Various Outages Reported Today Appear To Be In The Process Of Being Resolved

Posted in Commentary on March 5, 2024 by itnerd

Today has been busy. I’ve reported on this outage and this outage, this outage, and this outage today. The good news is that all the services that I have reported on today seem to be coming back online or are already online based on Down Detector:

That will calm the nerves of many who were likely stressed that common social media sites and commutation apps were down in whole or in part today. Feel free to go about your day as normal.

Leave a comment »

BREAKING: The Outages Get Worse As Kijiji, TikTok, And Discord Are Apparently Down

Posted in Commentary with tags , , on March 5, 2024 by itnerd

Boy this is a bad day for online services.  On top of this outage and this outage, and this outage, Down Detector is now reporting that Kijiji, TikTok and Discord are now down:

I have to wonder is some of this is due to “Login With Facebook” being down? Regardless, this is not a good day for many.

2 Comments »

Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout

Posted in Commentary with tags on March 5, 2024 by itnerd

Horizon3.ai today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high, and organizations may be struggling to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to fulfill the internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.

The demand for manual penetration testing ranges from the Payment Card Industry Data Security Standard (PCI DSS) v4.0 and the updated Self-Assessment Questionnaires (SAQs) to System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and many organizations’ internal requirements.

Horizon3.ai Pentesting Services for Compliance embraces the concept of Human-Machine teaming, where a world-class team of Offensive Security Certified Professional (OSCP) pentesters conduct their pentests to the methodologies specified in each standard, e.g., authenticated and unauthenticated, internal and external perspectives, segmentation checks, and so on. They are equipped with the NodeZero™ autonomous pentesting platform, which leverages artificial intelligence to identify exploitable attack paths that go far beyond the capabilities of vulnerability scanners to add scale, speed, contextual relevance, and consistency to their penetration tests.

The combination of expert human analysis and NodeZero’s autonomous testing results in a comprehensive and actionable evaluation of the network infrastructure being examined. With the service, clients receive a meticulous Pentesting Report and a Fix Action Report with detailed and prioritized guidance. They also have access to their pentest results on the NodeZero platform for 12 months to help guide and streamline their remediation efforts. Clients can even confirm that their corrections are effective with NodeZero’s 1-click verify tool. 1-click verify is targeted retesting of identified weaknesses that the client can execute repeatedly after they remediate to check that an issue is in fact resolved. When the remediation is verified, clients can download an associated report to share with their auditors as essential evidence. That means clients no longer have to schedule additional consulting engagements to verify issues have been remediated. As an additional benefit, the service encompasses rapid response alerts from Horizon3.ai’s accomplished Attack Team about emerging zero-day and N-day vulnerabilities that could impact their environment.

Organizations can also opt to integrate their pentesting engagement with a bundled subscription to NodeZero for continuous security testing, both to move beyond mere “point-in-time” compliance and also to alleviate the remediation burdens of upcoming audit cycles. This allows organizations to assess and improve their security posture with a number of operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.

Horizon3.ai Pentesting Services for Compliance are tuned to meet the needs of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. As of 31 March 2024, PCI DSS v3.2.1 will be retired and v4.0, which introduces more rigorous, continuous security practices, will become the only active version of the standard.

Learn more about the Horizon3.ai Pentesting Services for Compliance.

For more information, send your inquiry to info@horizon3.ai

Leave a comment »

BREAKING: Google, WhatsApp And Twitter Are Down Too

Posted in Commentary with tags , , on March 5, 2024 by itnerd

Things seem to be getting worse. On top of this outage and this outage that I just reported on, it seems that Down Detector are now reporting that WhatsApp and Twitter are also down:

I just tested Twitter, Google and WhatsApp and found no issues. But others aren’t so lucky apparently. I’ll be keeping a close eye on Down Detector to see what else breaks today.

Leave a comment »

BREAKING: Google Play And YouTube Have Issues

Posted in Commentary with tags on March 5, 2024 by itnerd

It appears that Meta services are not the only services that have issues today. Joining Facebook, Instagram and Messenger on Down Detector’s list of services that are down are YouTube and Google Play:

Now I just tested YouTube and this is what I get:

I don’t have an Android phone on me as I am currently offsite. Like the Meta outages, there’s no ETA for resolution at this time.

Leave a comment »

BREAKING: Facebook, Instagram & Messenger Are All Down

Posted in Commentary with tags on March 5, 2024 by itnerd

If you’re trying to get access to Facebook, Instagram or Messenger, good luck with that as all three services appear to be down based on downdetector.ca:

As it stands, you might not be able to log into any of these services, or you might have been forcefully logged out of those platforms. At this time there’s no ETA as to when this will be resolved.

I am also tracking other outages that might be happening at the moment and I will post a separate story once I confirm or deny that those services are working or not.

4 Comments »

KAYAK Launches Suite of AI-Powered Tools

Posted in Commentary with tags on March 5, 2024 by itnerd

Today, KAYAK, the world’s leading travel search engine, is dropping a new suite of AI products to help make travel planning decisions faster, easier and more intuitive. These innovations are the result of extensive training of ChatGPT’s AI model on KAYAK’s proprietary database of billions of consumer travel queries. 

At the forefront of today’s release is KAYAK PriceCheck, a new patent-pending price comparison tool. Anyone with KAYAK’s app can upload a screenshot of a flight itinerary from any site, and KAYAK will quickly check hundreds of sites to verify they’re getting a great price.

Also launching today is Ask KAYAK – the company’s latest AI-driven innovation designed to improve and personalize the search experience.  Ask KAYAK lets travelers use simple text entries to search and refine their results. 

Wondering where to go with your family for spring break that’s less than 3 hours from NYC and will cost less than $300 per person? Just Ask KAYAK and you’ll get family-friendly destinations a short-distance away that fit your budget.

Travelers will also see a chat box in the results page where they can input their specific hotel, car or flight requirements. For example, they can enter “United, nonstop, morning departure, <$500” and quickly see their results. Ask KAYAK starts rolling out today and will soon be available to all users in the US, UK and Canada with more markets to follow.

But wait, there’s more. KAYAK is also introducing the following new ways to make travel planning easier:

  • Check the scores. Our Provider Quality Scores gives travelers greater confidence when booking a flight by rating providers against a set of quality factors (like price accuracy, customer service, fee transparency and customer satisfaction). Scores are for Online Travel Agencies (OTAs) only.
  • Compare ticket options to get what you want. View all of your options even more easily, like what is and what is not included in your flight ticket, when deciding between a basic economy, economy, premium economy or business class ticket for your US domestic flight. 
  • KAYAK Trips – now with live updates. With a new simplified itinerary view, KAYAK Trips keeps all your travel plans in one place – no matter where you booked. Now, not only can you build your itinerary through automatic inbox syncing, but you can also get real-time travel updates on your home/lock screens (on iOS).
  • Passwords are so 2023. Passkeys are a more secure and user-friendly way to sign in to KAYAK. In fact, since implementing passkeys and ditching passwords, KAYAK reduced the average time it takes users to sign-up and sign-in by 50%. 

There’s a lot of great stuff happening at KAYAK. Learn more about the features announced today HERE

Leave a comment »

Red Canary Announces Full Coverage of All Major Cloud Providers

Posted in Commentary with tags on March 5, 2024 by itnerd

Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Red Canary can detect suspicious activity across all major cloud environments and seamlessly correlate that data with other leading cloud security products, enabling enterprises to find and stop threats before they can cause damage. Red Canary’s vendor-agnostic approach underpins these new capabilities, providing security teams with actionable threat intelligence and comprehensive visibility from the control plane to containers and workloads.

Security teams rely on various tools, but integrating them internally for threat detection and response can be challenging, especially in large organizations with multicloud environments. Recent research shows that many businesses are currently using or planning to use at least two cloud infrastructure providers and about 31 percent are using four or more. As a result, IT and security teams are facing an increasing number of new cloud threats. In fact, in 2023, Red Canary detected cloud account compromises 16 times more frequently than in 2022, ranking it among the top five MITRE ATT&CK techniques analyzed across 58,000 confirmed threats identified in 216 petabytes of telemetry. 

With Red Canary, organizations can protect their cloud environments, identities, and endpoints, all using a single, intelligence-led security operations platform. This industry-leading approach significantly improves the productivity of overwhelmed security analysts by eliminating the need to look across multiple tools, sift through raw alerts from various sources, and manually analyze data. By trusting Red Canary to detect and respond to prevalent threats, internal security teams can have more time to focus on their business’s specific security needs and requirements.

What’s new:

Defend complex environments and streamline workflows with comprehensive detection and response coverage across all major cloud providers

  • Amazon: Amazon Web Services (AWS), including AWS CloudTrail and Amazon GuardDuty
  • MicrosoftMicrosoft Azure, Microsoft 365, Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Cloud
  • Google: Google Cloud Platform (GCP) and Google Workspace

Get 24×7 access to cloud security expertise

  • Actionable threat intelligence: 400+ updated threat profiles provide deep insights into cloud threats and how adversaries operate in cloud environments
  • Run more effective tabletops: New scenarios allow customers to confidently understand, prepare for, and effectively respond to prevalent and emerging threats

Enhance threat protection across containers and production environments

  • Additional support for containers and Kubernetes: Improved metadata collection adds new insights for Linux-based environments empowering security analysts to quickly locate threat origins

Enrich threat data with identified risks and misconfigurations

  • Deeper integrations with cloud security posture management (CSPM) tools: Correlated alert data from vendors like Lacework and Wiz provides additional context that speeds up threat detection and response, and optimizes prevention efforts

Operationalize cloud-native SIEM investments 

  • Co-managed Microsoft Sentinel engagement: Expanded services to deploy and optimize SIEM technology include a security goals consultation along with analytics, threat hunting queries, automation playbooks, and dashboards to maximize SIEM value

MDR for Cloud availability:

  • Support for Microsoft Azure is generally available
  • Support for Amazon Web Services is generally available
  • Support for Google Cloud Platform is currently in early access and expected to be generally available in Q2 of this fiscal year
  • Wiz support is expected to be generally available in Q2 of this fiscal year

Additional resources:

  • Learn more by reading the announcement blog
  • Register now and join the upcoming webinar on how to identify and address security challenges in multicloud environments on March 19
  • Register now for the webinar unveiling the 2024 Threat Detection Report on March 13 

Leave a comment »

« Older Entries
Newer Entries »