Today has been busy. I’ve reported on this outage and this outage, this outage, and this outage today. The good news is that all the services that I have reported on today seem to be coming back online or are already online based on Down Detector:
That will calm the nerves of many who were likely stressed that common social media sites and commutation apps were down in whole or in part today. Feel free to go about your day as normal.
Horizon3.ai today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high, and organizations may be struggling to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to fulfill the internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.
The demand for manual penetration testing ranges from the Payment Card Industry Data Security Standard (PCI DSS) v4.0 and the updated Self-Assessment Questionnaires (SAQs) to System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and many organizations’ internal requirements.
Horizon3.ai Pentesting Services for Compliance embraces the concept of Human-Machine teaming, where a world-class team of Offensive Security Certified Professional (OSCP) pentesters conduct their pentests to the methodologies specified in each standard, e.g., authenticated and unauthenticated, internal and external perspectives, segmentation checks, and so on. They are equipped with the NodeZero™ autonomous pentesting platform, which leverages artificial intelligence to identify exploitable attack paths that go far beyond the capabilities of vulnerability scanners to add scale, speed, contextual relevance, and consistency to their penetration tests.
The combination of expert human analysis and NodeZero’s autonomous testing results in a comprehensive and actionable evaluation of the network infrastructure being examined. With the service, clients receive a meticulous Pentesting Report and a Fix Action Report with detailed and prioritized guidance. They also have access to their pentest results on the NodeZero platform for 12 months to help guide and streamline their remediation efforts. Clients can even confirm that their corrections are effective with NodeZero’s 1-click verify tool. 1-click verify is targeted retesting of identified weaknesses that the client can execute repeatedly after they remediate to check that an issue is in fact resolved. When the remediation is verified, clients can download an associated report to share with their auditors as essential evidence. That means clients no longer have to schedule additional consulting engagements to verify issues have been remediated. As an additional benefit, the service encompasses rapid response alerts from Horizon3.ai’s accomplished Attack Team about emerging zero-day and N-day vulnerabilities that could impact their environment.
Organizations can also opt to integrate their pentesting engagement with a bundled subscription to NodeZero for continuous security testing, both to move beyond mere “point-in-time” compliance and also to alleviate the remediation burdens of upcoming audit cycles. This allows organizations to assess and improve their security posture with a number of operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.
Horizon3.ai Pentesting Services for Compliance are tuned to meet the needs of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. As of 31 March 2024, PCI DSS v3.2.1 will be retired and v4.0, which introduces more rigorous, continuous security practices, will become the only active version of the standard.
Learn more about the Horizon3.ai Pentesting Services for Compliance.
For more information, send your inquiry to info@horizon3.ai
Things seem to be getting worse. On top of this outage and this outage that I just reported on, it seems that Down Detector are now reporting that WhatsApp and Twitter are also down:
I just tested Twitter, Google and WhatsApp and found no issues. But others aren’t so lucky apparently. I’ll be keeping a close eye on Down Detector to see what else breaks today.
It appears that Meta services are not the only services that have issues today. Joining Facebook, Instagram and Messenger on Down Detector’s list of services that are down are YouTube and Google Play:
Now I just tested YouTube and this is what I get:
I don’t have an Android phone on me as I am currently offsite. Like the Meta outages, there’s no ETA for resolution at this time.
If you’re trying to get access to Facebook, Instagram or Messenger, good luck with that as all three services appear to be down based on downdetector.ca:
As it stands, you might not be able to log into any of these services, or you might have been forcefully logged out of those platforms. At this time there’s no ETA as to when this will be resolved.
I am also tracking other outages that might be happening at the moment and I will post a separate story once I confirm or deny that those services are working or not.
Today, KAYAK, the world’s leading travel search engine, is dropping a new suite of AI products to help make travel planning decisions faster, easier and more intuitive. These innovations are the result of extensive training of ChatGPT’s AI model on KAYAK’s proprietary database of billions of consumer travel queries.
At the forefront of today’s release is KAYAK PriceCheck, a new patent-pending price comparison tool. Anyone with KAYAK’s app can upload a screenshot of a flight itinerary from any site, and KAYAK will quickly check hundreds of sites to verify they’re getting a great price.
Also launching today is Ask KAYAK – the company’s latest AI-driven innovation designed to improve and personalize the search experience. Ask KAYAK lets travelers use simple text entries to search and refine their results.
Wondering where to go with your family for spring break that’s less than 3 hours from NYC and will cost less than $300 per person? Just Ask KAYAK and you’ll get family-friendly destinations a short-distance away that fit your budget.
Travelers will also see a chat box in the results page where they can input their specific hotel, car or flight requirements. For example, they can enter “United, nonstop, morning departure, <$500” and quickly see their results. Ask KAYAK starts rolling out today and will soon be available to all users in the US, UK and Canada with more markets to follow.
But wait, there’s more. KAYAK is also introducing the following new ways to make travel planning easier:
There’s a lot of great stuff happening at KAYAK. Learn more about the features announced today HERE.
Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Red Canary can detect suspicious activity across all major cloud environments and seamlessly correlate that data with other leading cloud security products, enabling enterprises to find and stop threats before they can cause damage. Red Canary’s vendor-agnostic approach underpins these new capabilities, providing security teams with actionable threat intelligence and comprehensive visibility from the control plane to containers and workloads.
Security teams rely on various tools, but integrating them internally for threat detection and response can be challenging, especially in large organizations with multicloud environments. Recent research shows that many businesses are currently using or planning to use at least two cloud infrastructure providers and about 31 percent are using four or more. As a result, IT and security teams are facing an increasing number of new cloud threats. In fact, in 2023, Red Canary detected cloud account compromises 16 times more frequently than in 2022, ranking it among the top five MITRE ATT&CK techniques analyzed across 58,000 confirmed threats identified in 216 petabytes of telemetry.
With Red Canary, organizations can protect their cloud environments, identities, and endpoints, all using a single, intelligence-led security operations platform. This industry-leading approach significantly improves the productivity of overwhelmed security analysts by eliminating the need to look across multiple tools, sift through raw alerts from various sources, and manually analyze data. By trusting Red Canary to detect and respond to prevalent threats, internal security teams can have more time to focus on their business’s specific security needs and requirements.
What’s new:
Defend complex environments and streamline workflows with comprehensive detection and response coverage across all major cloud providers
Get 24×7 access to cloud security expertise
Enhance threat protection across containers and production environments
Enrich threat data with identified risks and misconfigurations
Operationalize cloud-native SIEM investments
MDR for Cloud availability:
Additional resources:
Right now Elon Musk is fighting an insane number of lawsuits related to his purchase of Twitter. You can now add one more to that as a bunch of ex-execs from Twitter are suing him over unpaid severance:
Former Twitter executives including CEO Parag Agrawal, Chief Financial Officer Ned Segal, head of legal Vijaya Gadde and General Counsel Sean Edgett filed a new lawsuit against Elon Musk and X Corp. in federal court arguing that they are owed $128 million in unpaid severance.
In their complaint, lawyers for the ex-Twitter executives say that after Musk backed himself into a deal to buy Twitter, now X Corp., for $44 billion, he took revenge against these executives personally, and tried to recover some of his expenses by “repeatedly refusing to honor other clear contractual commitments.”
Musk and X Corp. have been “stiffing employees, landlords, vendors, and others” since they took over Twitter, the lawyers allege, an allusion to more than 25 vendor nonpayment lawsuits filed against the social media business by companies including software and service providers and a landlord.
“Musk doesn’t pay his bills, believes the rules don’t apply to him, and uses his wealth and power to run roughshod over anyone who disagrees with him,” the complaint says.
The complaint also alludes to comments Musk made to his official biographer, Walter Isaacson, that “he would ‘hunt every single one of’ Twitter’s executives and directors ‘till the day they die.’”
The ex-Twitter executives’ lawyers argue, “These statements were not the mere rantings of a self-centered billionaire surrounded by enablers unwilling to confront him with the legal consequences of his own choices. Musk bragged to Isaacson specifically how he planned to cheat Twitter’s executives out of their severance benefits in order to save himself $200 million.”
The suit, Agrawal et al v. Musk et al, was filed in California’s Northern District and follows news that settlement talks between X Corp. and ex-Twitter managers broke down in a related case in Delaware, Woodfield v. Twitter Inc., where $500 million in unpaid severance to former Twitter managers and engineers is in dispute.
Well, that’s likely to enrage Elon. While I am not a lawyer, I don’t see how Elon can simply continue to do this and expect to come out on the winning side. Perhaps it might be in his interest to settle these lawsuits. But Elon rarely does things that are in his interest.
US Airman Pleads Guilty To Leaking Classified Documents As History Repeats Itself
Posted in Commentary with tags Leak on March 5, 2024 by itnerdThere has been a guilty plea by Airman Jack Teixeira, a 22-year-old Massachusetts Air National Guardsman, for leaking intelligence information on Discord:
Teixeira has agreed to sit for a debrief with members of the intelligence community and the Department of Defense, court documents say, as well as turn over all relevant documents he has or knows the location of.
In exchange, prosecutors have said that they will ask a judge to impose a sentence of 200 months in prison, or over 16 years. The hefty sentence recommendation is far less time than the potential decades-long prison sentence he could have faced had he not struck a deal. Prosecutors have also promised not to charge Teixeira with additional counts under the Espionage Act, according to court documents.
“Jack Teixeira will never get a sniff of a classified piece of information for the rest of his life,” the US Attorney for the District of Massachusetts Josh Levy said at a news conference following Teixeira’s guilty plea.
“This guilty plea brings accountability, and it brings a measure of closure to a chapter that created profound harms for our nation’s security,” said Matt Olsen, the assistant attorney general for national security at the Department of Justice.
Troy Batterberry, CEO, EchoMark:
“Airman Teixeira sadly destroyed his life through his dishonorable acts that directly harmed our national security. The 102nd Intelligence Wing had their mission paused as a result of Teixeira’s actions… further spreading the pain by those who serve.
“The situation highlights that airman Teixeira had access to far too much diverse confidential information. Airman Teixeira was only caught because he was sloppy. With just a bit more care, he would never have been caught. Other leakers, who simply exercised a bit more caution, such as the person who leaked the Dobbs Supreme Court ruling to Politico, have never been caught. It highlights a BIG gap in how information is currently protected, and every major organization should be asking what harms an insider could potentially do, and how to prevent insider leaks.. The use of stenography is an exciting new way to prevent leaks from ever happening, and if they still do happen, quickly find the source.
“Every company and BoD should be asking: Do we have a Jack Teixeira in the organization? What is going to stop that person from leaking or stealing our intellectual property? Stenography can help prevent these highly damaging and sad situations from happening.”
Sadly, just as this was happening, another US airman was indicted for leaking classified docs to a woman he met on a dating app. Clearly the threat of an insider is a real problem.
Leave a comment »