Things seem to be getting worse. On top of this outage and this outage that I just reported on, it seems that Down Detector are now reporting that WhatsApp and Twitter are also down:
I just tested Twitter, Google and WhatsApp and found no issues. But others aren’t so lucky apparently. I’ll be keeping a close eye on Down Detector to see what else breaks today.
It appears that Meta services are not the only services that have issues today. Joining Facebook, Instagram and Messenger on Down Detector’s list of services that are down are YouTube and Google Play:
Now I just tested YouTube and this is what I get:
I don’t have an Android phone on me as I am currently offsite. Like the Meta outages, there’s no ETA for resolution at this time.
If you’re trying to get access to Facebook, Instagram or Messenger, good luck with that as all three services appear to be down based on downdetector.ca:
As it stands, you might not be able to log into any of these services, or you might have been forcefully logged out of those platforms. At this time there’s no ETA as to when this will be resolved.
I am also tracking other outages that might be happening at the moment and I will post a separate story once I confirm or deny that those services are working or not.
Today, KAYAK, the world’s leading travel search engine, is dropping a new suite of AI products to help make travel planning decisions faster, easier and more intuitive. These innovations are the result of extensive training of ChatGPT’s AI model on KAYAK’s proprietary database of billions of consumer travel queries.
At the forefront of today’s release is KAYAK PriceCheck, a new patent-pending price comparison tool. Anyone with KAYAK’s app can upload a screenshot of a flight itinerary from any site, and KAYAK will quickly check hundreds of sites to verify they’re getting a great price.
Also launching today is Ask KAYAK – the company’s latest AI-driven innovation designed to improve and personalize the search experience. Ask KAYAK lets travelers use simple text entries to search and refine their results.
Wondering where to go with your family for spring break that’s less than 3 hours from NYC and will cost less than $300 per person? Just Ask KAYAK and you’ll get family-friendly destinations a short-distance away that fit your budget.
Travelers will also see a chat box in the results page where they can input their specific hotel, car or flight requirements. For example, they can enter “United, nonstop, morning departure, <$500” and quickly see their results. Ask KAYAK starts rolling out today and will soon be available to all users in the US, UK and Canada with more markets to follow.
But wait, there’s more. KAYAK is also introducing the following new ways to make travel planning easier:
There’s a lot of great stuff happening at KAYAK. Learn more about the features announced today HERE.
Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Red Canary can detect suspicious activity across all major cloud environments and seamlessly correlate that data with other leading cloud security products, enabling enterprises to find and stop threats before they can cause damage. Red Canary’s vendor-agnostic approach underpins these new capabilities, providing security teams with actionable threat intelligence and comprehensive visibility from the control plane to containers and workloads.
Security teams rely on various tools, but integrating them internally for threat detection and response can be challenging, especially in large organizations with multicloud environments. Recent research shows that many businesses are currently using or planning to use at least two cloud infrastructure providers and about 31 percent are using four or more. As a result, IT and security teams are facing an increasing number of new cloud threats. In fact, in 2023, Red Canary detected cloud account compromises 16 times more frequently than in 2022, ranking it among the top five MITRE ATT&CK techniques analyzed across 58,000 confirmed threats identified in 216 petabytes of telemetry.
With Red Canary, organizations can protect their cloud environments, identities, and endpoints, all using a single, intelligence-led security operations platform. This industry-leading approach significantly improves the productivity of overwhelmed security analysts by eliminating the need to look across multiple tools, sift through raw alerts from various sources, and manually analyze data. By trusting Red Canary to detect and respond to prevalent threats, internal security teams can have more time to focus on their business’s specific security needs and requirements.
What’s new:
Defend complex environments and streamline workflows with comprehensive detection and response coverage across all major cloud providers
Get 24×7 access to cloud security expertise
Enhance threat protection across containers and production environments
Enrich threat data with identified risks and misconfigurations
Operationalize cloud-native SIEM investments
MDR for Cloud availability:
Additional resources:
Right now Elon Musk is fighting an insane number of lawsuits related to his purchase of Twitter. You can now add one more to that as a bunch of ex-execs from Twitter are suing him over unpaid severance:
Former Twitter executives including CEO Parag Agrawal, Chief Financial Officer Ned Segal, head of legal Vijaya Gadde and General Counsel Sean Edgett filed a new lawsuit against Elon Musk and X Corp. in federal court arguing that they are owed $128 million in unpaid severance.
In their complaint, lawyers for the ex-Twitter executives say that after Musk backed himself into a deal to buy Twitter, now X Corp., for $44 billion, he took revenge against these executives personally, and tried to recover some of his expenses by “repeatedly refusing to honor other clear contractual commitments.”
Musk and X Corp. have been “stiffing employees, landlords, vendors, and others” since they took over Twitter, the lawyers allege, an allusion to more than 25 vendor nonpayment lawsuits filed against the social media business by companies including software and service providers and a landlord.
“Musk doesn’t pay his bills, believes the rules don’t apply to him, and uses his wealth and power to run roughshod over anyone who disagrees with him,” the complaint says.
The complaint also alludes to comments Musk made to his official biographer, Walter Isaacson, that “he would ‘hunt every single one of’ Twitter’s executives and directors ‘till the day they die.’”
The ex-Twitter executives’ lawyers argue, “These statements were not the mere rantings of a self-centered billionaire surrounded by enablers unwilling to confront him with the legal consequences of his own choices. Musk bragged to Isaacson specifically how he planned to cheat Twitter’s executives out of their severance benefits in order to save himself $200 million.”
The suit, Agrawal et al v. Musk et al, was filed in California’s Northern District and follows news that settlement talks between X Corp. and ex-Twitter managers broke down in a related case in Delaware, Woodfield v. Twitter Inc., where $500 million in unpaid severance to former Twitter managers and engineers is in dispute.
Well, that’s likely to enrage Elon. While I am not a lawyer, I don’t see how Elon can simply continue to do this and expect to come out on the winning side. Perhaps it might be in his interest to settle these lawsuits. But Elon rarely does things that are in his interest.
I’ve been sitting on this for a few days, but now that the City Of Hamilton has confirmed that they got pwned in a ransomware attack, I’m publishing this story. Here’s what is known about the incident:
City manager Marnie Cluckie named the nature of the cyber attack for the first time during a virtual call Monday afternoon, alongside Mayor Andrea Horwath. The call was the city’s first media conference since the breach began on Feb. 25.
The incident has shut down almost all city phone lines, paralyzed city council and impacted dozens of services including the bus schedule app, library WiFi and permit applications.
The city hasn’t provided a timeline for when the situation will be resolved.
“It’s impossible to know how long it will take us to get fully up and running again,” Cluckie said.
“I can tell you that we will only restore systems when we are confident we can do so safely and securely.”
The city does not believe personal data has been accessed, she said. Hamilton police have been notified and will be investigating.
Cluckie said she’s been tightlipped about what’s happening behind the scenes as the situation is “sensitive” and would not reveal the amount of money the attackers are asking for or where they’re located.
The city has insurance coverage for cybersecurity breaches, she said.
This illustrates that no organization is safe from an attack like this without proper defences being in place. I for one would like to know exactly how they got in and what the City of Hamilton will do to make sure that this doesn’t happen again. Because anything that shuts down services on a scale like this is a non trivial event.
Today, HP is continuing to build on their news at CES, announcing HP’s newest Envy and Pavilion laptop PCs – now the broadest consumer portfolio of AI-enhanced laptops. These devices are designed to unlock your creativity and productivity with the latest AI capabilities for the most personalized experiences yet.
Exciting new features across both the Envy and Pavilion portfolios include:
The HP Pavilion Series – Personalized Computing for Every Creative Pursuit
The HP Pavilion series combines premium features with customizable performance for maximum value. Whether editing content or enjoying a little down time, the latest Pavilion laptop PCs provide sharp 16:10 visuals, an expanded port lineup, and long-lasting battery life to match your hustle.
The new HP Pavilion 16-inch Laptop PC brings a brilliant OLED display option to the Pavilion lineup for the perfect portable powerhouse, providing:
The HP Pavilion 16 is expected to be available in April at HP.com, Best Buy and Costco. The version with Intel®Core™ processors has a starting price of $1,199.99. The version with AMD Ryzen™ processors has a starting price of $899.99.
The HP Envy Series – Unparallelled Adaptability for Limitless Personalization
The new HP Envy x360 14 inch 2-in-1 Laptop PC and HP Envy x360 16 inch 2-in-1 Laptop PC are adaptable companions that move with you, delivering:
The 14- and 16- inch models are expected to be available beginning in March at HP.com as well as Best Buy and Staples. The HP Envy x360 14 with Intel® Core™ processors has a starting price of $1,399.99. The AMD version has a starting price of $1,299.99. The HP Envy x360 16 with Intel® Core™ processors has a starting price of $1,799.99. The AMD version has a starting price of $1,499.99.
Today, Visa announced the appointment of Michiel Wielhouwer, previously the Executive Director of Visa’s France, Belgium, and Luxembourg business, to President and Country Manager for Visa Canada. He will succeed Stacey Madge, who served in this role for the past seven years.
Wielhouwer joins Visa Canada at a time of growth and opportunity as the company establishes new secure ways to pay, driven by its innovation and fintech strategy. Wielhouwer will continue to deliver value for Visa’s key clients, partners, and stakeholders while living the company’s purpose to uplift everyone, everywhere by being the best way to pay and be paid.
Wielhouwer is a Visa veteran with 22 years of experience across five different markets. He brings deep financial services knowledge and leadership to Canada. Originally from the Netherlands and a multi-lingual speaker, Wielhouwer’s global background is a welcome addition to the multicultural and bilingual Canadian market.
Wielhouwer steps into the role following the successful leadership of Stacey Madge. In Madge’s seven years with the organization, Visa Canada has seen tremendous growth through new client relationships, fintech collaborations, product innovations, and acceleration of money movement. Under her leadership, Canada has become a talent hub for Visa and a respected payments leader in the country. In her next chapter, Madge will be dedicating her talents to board, community, and foundation work.
Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout
Posted in Commentary with tags horizon3.ai on March 5, 2024 by itnerdHorizon3.ai today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high, and organizations may be struggling to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to fulfill the internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.
The demand for manual penetration testing ranges from the Payment Card Industry Data Security Standard (PCI DSS) v4.0 and the updated Self-Assessment Questionnaires (SAQs) to System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and many organizations’ internal requirements.
Horizon3.ai Pentesting Services for Compliance embraces the concept of Human-Machine teaming, where a world-class team of Offensive Security Certified Professional (OSCP) pentesters conduct their pentests to the methodologies specified in each standard, e.g., authenticated and unauthenticated, internal and external perspectives, segmentation checks, and so on. They are equipped with the NodeZero™ autonomous pentesting platform, which leverages artificial intelligence to identify exploitable attack paths that go far beyond the capabilities of vulnerability scanners to add scale, speed, contextual relevance, and consistency to their penetration tests.
The combination of expert human analysis and NodeZero’s autonomous testing results in a comprehensive and actionable evaluation of the network infrastructure being examined. With the service, clients receive a meticulous Pentesting Report and a Fix Action Report with detailed and prioritized guidance. They also have access to their pentest results on the NodeZero platform for 12 months to help guide and streamline their remediation efforts. Clients can even confirm that their corrections are effective with NodeZero’s 1-click verify tool. 1-click verify is targeted retesting of identified weaknesses that the client can execute repeatedly after they remediate to check that an issue is in fact resolved. When the remediation is verified, clients can download an associated report to share with their auditors as essential evidence. That means clients no longer have to schedule additional consulting engagements to verify issues have been remediated. As an additional benefit, the service encompasses rapid response alerts from Horizon3.ai’s accomplished Attack Team about emerging zero-day and N-day vulnerabilities that could impact their environment.
Organizations can also opt to integrate their pentesting engagement with a bundled subscription to NodeZero for continuous security testing, both to move beyond mere “point-in-time” compliance and also to alleviate the remediation burdens of upcoming audit cycles. This allows organizations to assess and improve their security posture with a number of operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.
Horizon3.ai Pentesting Services for Compliance are tuned to meet the needs of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. As of 31 March 2024, PCI DSS v3.2.1 will be retired and v4.0, which introduces more rigorous, continuous security practices, will become the only active version of the standard.
Learn more about the Horizon3.ai Pentesting Services for Compliance.
For more information, send your inquiry to info@horizon3.ai
Leave a comment »