US Agencies warn of ransomware gang targeting critical infrastructure

Posted in Commentary with tags on March 5, 2024 by itnerd

The CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an advisory warning of TTPs Phobos ransomware attacks are using to target government and critical infrastructure entities.

“Structured as a ransomware as a service (RaaS) model, […] Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars,” the advisory said.

Attack chains typically leveraged phishing as an initial access vector, or vulnerable networks are breached by hunting for exposed RDP services and exploiting them by means of a brute-force attack.

Once successful, the threat actors deploy additional remote access tools, taking advantage of process injection techniques to execute malicious code and evade detection, and making Windows Registry modifications to maintain persistence within compromised environments.

“Additionally, Phobos actors have been observed using built-in Windows API functions to steal tokens, bypass access controls, and create new processes to escalate privileges by leveraging the SeDebugPrivilege process. Phobos actors attempt to authenticate using cached password hashes on victim machines until they reach domain administrator access,” the agencies said.

Phobos has been active since May 2019, with multiple variants identified. Cisco Talos disclosed in November that those behind 8Base ransomware are utilizing a variant of Phobos for their attacks.

BullWall Executive, Carol Volk had this to say:

   “The recent Phobos advisory from CISA, the FBI, and the MS-ISAC sheds light on the continued rise of ransomware attacks targeting government and critical infrastructure sectors. As with many ransomware attacks, the Phobos attacks employed phishing and exploitation of vulnerable RDP services and highlights the importance of robust cybersecurity measures at every level.

   “Organizations must prioritize implementing multi-layered defense mechanisms, including strong email security protocols and regular security awareness training to thwart phishing attempts.  Additionally, securing remote access points and promptly patching vulnerabilities in RDP services can significantly reduce the risk of exploitation.

   “However, we continue to see that even well prepared defenses will be breached by determined actors, so regular air-gapped backups, a ransomware containment system and MFA to protect RDP sessions should be part of the defense stack for the day your defenses are breached.”


John Benkert, CEO, Cigent follows with this:

   “Broken record here. Protecting critical infrastructure from Ransomware-as-a-Service (RaaS) attacks requires a multifaceted approach that spans technological, regulatory, and educational domains. Given the increasing sophistication and accessibility of RaaS platforms, which allow even low-skilled attackers to launch ransomware campaigns, the security of essential services such as healthcare, energy, transportation, and water systems has never been more important.

   “The foundational step in defending against these threats involves the implementation of robust cybersecurity measures that already exist. This includes regular software updates and patch management to close vulnerabilities, advanced threat detection systems to identify and neutralize threats early, and comprehensive data backup strategies to ensure data integrity in the event of a breach.

   “Let me be clear, solutions already exist in the commercial sector to protect against these threats. Instead of cultivating these commercial solutions, the government is more concerned with putting out regulations and standards that take years to approve and become obsolete before they are published.”

This should be a clear warning that defences for critical infrastructure specifically, but all organizations and sectors in general need to be a priority. The question is, how many warnings will it take for organizations to get the message?

Leave a comment »

Cloud Range Launches First Cyber Incident Commander Training 

Posted in Commentary with tags on March 5, 2024 by itnerd

Cloud Range, the industry’s leading cyber range solution to reduce exposure to cyber risk across the organization, today announced the launch of its new training program, Cybersecurity Incident Commander Training. Offered for a limited time at no cost, the training is tailored to those managing incidents in the security operations center (SOC).

Previously existing tools and training only focus on individual jobs and tasks in the SOC and, while critical to the team’s ability to detect and remediate incidents, they do not target the Incident Commander role. Further, many teams do not have a specific “commander” role or backup if the designated team lead is unavailable. This new training by Cloud Range is dedicated to the Incident Commander who oversees the SOC team when an incident or event occurs, such as a ransomware attack, data breach, or any other cybersecurity incident. 

Aligned with the job description developed by FEMA and the National Incident Management System (NIMS), the Incident Commander is one of the most critical roles during an incident because it orchestrates the team and resources and is the source of “ground truth” on the incident. That’s why the Incident Commander role requires “soft skills” such as leadership and communication that, without, can lead to team breakdowns. 

The Incident Commander training is a new stand-alone, online, self-paced course valued at $499. The goal is to provide security professionals with an overview of the responsibilities and skills needed to swiftly resolve an incident. Incorporating real-world scenarios enables learners to determine how to assign tasks, communicate across multiple levels of the organization, and lead the team effectively. The course is designed to highlight strengths and weaknesses so the trainee can improve their ability to manage their team in future situations. The result is that the Incident Commander has a better understanding of their role, how to manage an incident and improve time management, and how to elevate the performance of the incident response team. 

After successfully taking the course, which is the first part of the certification process, trainees receive a badge to show completion. 

Trainees are eligible for the complete certification after also being the Incident Commander during two of Cloud Range’s live-fire cyber attack exercises, which are dynamic, team-based simulations of real-world attacks on Cloud Range’s virtual cyber range. Like a flight simulator, the attack simulations enable the Incident Commander to fully step into the role, guide the team, work with the incident reporter, and practice all the skills and techniques required to be effective. The comprehensive, two-part training process gives security professionals deep knowledge, insight, and hands-on experience that equips them to be an effective Incident Commander.

Learn more and sign up for the Cloud Range Incident Commander Training, valued at $499 and offered at no cost for a limited time here.

Leave a comment »

Canadians Affected By “Battery Gate” To Get Paid By Apple

Posted in Commentary with tags on March 4, 2024 by itnerd

If you’re Canadian and you were affected by “Battery Gate”, I have some news for you. A court in BC has approved a settlement related to this where Apple will pony up $14.4 million CAD to make this issue go away. More information on how to submit a claim will be shared on the settlement website, but here’s the TL:DR in terms of who this covers:

  • You are a current or former resident of Canada (excluding Quebec)
  • You have to have owned a iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, and/or iPhone SE with iOS 10.2.1 or later installed or downloaded, and/or an iPhone 7 or iPhone 7 Plus with iOS 11.2 or later installed or downloaded, before December 21, 2017.
  • You need the serial number of said phone.

Now as usual for these sorts of things, Apple denies that it did anything wrong. And to be frank, $14.4 million CAD is a rounding error for Apple. But “Battery Gate” is done and dusted in Canada.

And I guess that it goes without saying that if you were affected by “Battery Gate”, you need to dig up that serial number and make sure you get your share of this.

3 Comments »

American Express Service Provider Pwned Exposing American Express Customer Data

Posted in Commentary with tags on March 4, 2024 by itnerd

American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In the data breach notification filed with the state of Massachusetts, Amex said the breach occurred at one of its service providers used by their travel service division, American Express Travel Related Services Company. 

Darren Williams, CEO and Founder, BlackFog had this comment:

     “The potential impact of the American Express data breach is not yet known, as it is unclear whether customers’ data was simply accessed or if it has been exfiltrated through the third party provider. If the sensitive data of customers, including card numbers and expiration dates, has been exfiltrated by attackers, it can be used to not only make fraudulent purchases, but also to extort customers into further payments. All service providers who hold customer data should be investing in threat intelligence and anti data exfiltration technology to avoid attacks just like these.”

Since American Express filed a data breach notification, I assume that more details will be forthcoming. Because this data breach could be bad, or really really bad. And it is in everyone’s best interests to find out which.

Leave a comment »

Action1 Achieves 376% YoY Growth in 2023

Posted in Commentary with tags on March 4, 2024 by itnerd

Action1 Corporation, a provider of the #1 risk-based patch management platform designed for distributed enterprise networks, today announced outstanding results for 2023, including 376% global sales growth. Other key highlights include recognition by trusted review platforms G2 and Gartner Digital Markets and achievement of authoritative security certifications.

Market Momentum:

  • Action1 reported a 376% global sales growth compared to 2022, thanks to the rapid expansion in the US, Europe, and worldwide.
  • Action1 demonstrated exceptional growth in multiple sectors, including education, healthcare, and technology.

Product Enhancement:

  • Action1 has introduced real-time vulnerability discovery and remediation to empower organizations to reduce the mean time to remediate (MTTR) vulnerabilities.
  • The company extended its Software Repository maintained in-house by security experts for streamlined third-party patching, which now includes 99% patching coverage for most enterprise environments.
  • Action1 has established a data center in Europe, enabling EU customers to meet the stringent GDPR standards, ensuring data residency and sovereignty, and is now looking to further expand by opening a data center in Australia.

Industry Certifications:

  • Action1 became the first patch management vendor to achieve SOC 2 and ISO 27001 certifications, underscoring its commitment to security.

Recognition:

  • Action1 has been consistently rated as the #1 easiest-to-use patch management solution by G2.
  • Gartner Digital Markets awarded Action1 31 badges in six categories.
  • G2 recognized Action1 as High Performer and Momentum Leader for patch management in its quarterly reports for multiple times, rewarding the company for excellence and for its high-growth trajectory.

Research:

Leave a comment »

ServiceNow, Hugging Face, and NVIDIA Release New Open-Access LLMs to Help Developers Tap Generative AI to Build Enterprise Applications

Posted in Commentary with tags on March 4, 2024 by itnerd

ServiceNowHugging Face, and NVIDIA, has announced StarCoder2 which was released on February 28th, a family of open‑access large language models (LLMs) for code generation that sets new standards for performance, transparency, and cost‑effectiveness.

StarCoder2 was developed by the BigCode community, stewarded by ServiceNow, the leading digital workflow company making the world work better for everyone, and Hugging Face, the most‑used open‑source platform where the machine learning community collaborates on models, datasets and applications.

Trained on 619 programming languages, StarCoder2 can be further trained and embedded in enterprise applications to perform specialized tasks such as application source code generation, workflow generation, text summarization, and more. Developers can use its code completion, advanced code summarization, code snippets retrieval, and other capabilities to accelerate innovation and improve productivity.

StarCoder2 offers three model sizes: a 3 billion‑parameter model trained by ServiceNow, a 7 billion‑parameter model trained by Hugging Face, and a 15 billion‑parameter model built by NVIDIA with NVIDIA NeMo and trained on NVIDIA accelerated infrastructure. The smaller variants provide powerful performance while saving on compute costs, as fewer parameters require less computing during inference. In fact, the new StarCoder2 3 billion‑parameter model also matches the performance of the original StarCoder 15 billion‑parameter model.

Fine‑Tuning Advances Capabilities with Business‑Specific Data

StarCoder2 models share a state‑of‑the‑art architecture and carefully curated data sources from BigCode that prioritize transparency and open governance to enable responsible innovation at scale.  

The foundation of StarCoder2 is a new code dataset called The Stack v2 which is more than 7x larger than The Stack v1. In addition to the advanced data set, new training techniques help the model understand low‑resource programming languages (such as COBOL), mathematics, and program source code discussions.

StarCoder2 advances the potential of future AI‑driven coding applications, including text‑to‑code and text‑to‑workflow capabilities. With broader, deeper programming training, it provides repository context, enabling accurate, context‑aware predictions. These advancements serve seasoned software engineers and citizen developers alike, accelerating business value and digital transformation.

Users can fine‑tune the open‑access models with industry or organization‑specific data using open‑source tools such as NVIDIA NeMo or Hugging Face TRL.

Organizations have already fine‑tuned the foundational StarCoder model to create specialized task‑specific capabilities for their businesses.

ServiceNow’s text‑to‑code Now LLM was purpose‑built on a specialized version of the 15 billion‑parameter StarCoder LLM, fine‑tuned and trained for ServiceNow workflow patterns, use‑cases, and processes. Hugging Face also used the model to create its StarChat assistant.

BigCode Fosters Open Scientific Collaboration in AI

BigCode represents an open scientific collaboration jointly led by Hugging Face and ServiceNow. Its mission centers on the responsible development of LLMs for code.

The BigCode community actively participated in the technical aspects of the StarCoder2 project through working groups and task forces, leveraging ServiceNow’s Fast LLM framework to train the 3 billion‑parameter model, Hugging Face’s nanotron framework for the 7 billion‑parameter model, and the end‑to‑end NVIDIA NeMo cloud‑native framework and NVIDIA TensorRT‑LLM software to train and optimize the 15 billion‑parameter model.

Fostering responsible innovation is at the core of BigCode’s purpose, demonstrated through its open governance, transparent supply chain, use of open‑source software, and the ability for developers to opt data out for training. StarCoder2 was built using responsibly sourced data under license from the digital commons of Software Heritage, hosted by Inria.

StarCoder2, as with its predecessor, will be made available under the BigCode Open RAIL‑M license, allowing royalty‑free access and use. Furthermore, the supporting code for the models resides on the BigCode project’s GitHub page.

All StarCoder2 models will also be available for download from Hugging Face and the StarCoder2 15B model is available on NVIDIA AI Foundation models for developers to experiment with directly from their browser, or through an API endpoint.

For more information on StarCoder2, visit https://huggingface.co/bigcode.

Leave a comment »

CyberProtonics Redefines Data Protection with the Most Powerful, Lightweight, Quantum-Resistant Software-Based Cryptosystem for Digital Ecosystem, IoT and Generative AI

Posted in Commentary with tags on March 4, 2024 by itnerd

CyberProtonics, trailblazers in quantum-resistant data protection, today introduced the first lightweight, software-based cryptosystem that makes being quantum-ready easy, affordable, and practical. Embeddable virtually anywhere, any time, the advanced cryptosystem generates blistering-fast encryption speeds of 512 bits to up to 10K bits, rendering data useless when a breach occurs. CyberProtonics also today announced a major OEM agreement with Simplifi, leaders in secure remote computing.

Legacy-friendly and plug-and-play features allow its cryptosystem to seamlessly integrate in all types of applications, including IoT, e-sim, and generative AI Private Large Language Models (PLLMs). CyberProtonics protects data at rest and in transit, without performance impacts, and is recognized as the first truly lightweight quantum-resistant commercial solution for rendering stolen data completely useless.

Anywhere, Anything, Every Time Protection

In today’s increasingly hostile cyber threat landscape, everyone should be protected from bad actors and malicious cyberattacks, wherever their data resides. CyberProtonics adds an indispensable, affordable additional layer of quantum-resistant security at the source where data is created to protect legacy, current, and future cybersecurity system architectures, networks, and devices.

Among applications are:

Work from Home: Employees continue to work from home, and cybersecurity is more important than ever for the hybrid workforce. CyberProtonics keeps confidential work data secure, at rest or in transit.

Internet of Things (IoT): CyberProtonics’ cybersecurity protocols protect IoT devices and networks from the latest threats with reliable and robust security.

Generative AI: Large Language Models that companies want to keep private are protected by CyberProtonics’ proprietary cryptosystem.

Defense: CyberProtonics’ 512-bit to 10k-bit encryption protects data at rest or in transit in theaters of operations, supporting unmanned aerial vehicles (UAVs), wearable devices, connected vehicles, smart infrastructure, and portable communications.

Satellite: End-to-end encryption in the ground terminal and in the satellite itself safeguards transmissions, ensuring data security and confidentiality.

Industrial Control Panel: Protects critical infrastructure with next-generation quantum-resistance technology, designed to ensure reliable and resilient security for factories, power plants, and wastewater treatment facilities.

Commercial Data: Banking and finance, healthcare, hyperconnected commerce, and more.

A New Era in Data Protection

CyberProtonics’ proprietary software employs a robust licensing engine for both connected and air-gapped models and solutions, with varying time periods and iterations. It delivers:

Strength: Post-quantum symmetric key-based encryption, with key lengths of 512 bits, increasing up to 10k bits.

Speed: Lightning-fast operation does not affect a device’s computing or memory cycles, even for the smallest sensor or IoT device.

Size: The lightweight footprint of CyberProtonics’ cryptosystem’s binary runtime enables end-to-end encryption at the data generation source, with single-digit MB of code.

Security: Encryption of data in transit and at rest for both on-premises legacy systems and modern secure access service edge.

Breach Immunity and Unwavering Compliance: Valuable data is made useless. Full compliance with regulatory mandates and industry standards such as GDPR, HIPAA, PCI DSS, and SOX is automatic and assured.

Market-Proven SDK: Symmetric key encryption optimized for small footprint applications (crucial for IoT devices), stronger than any currently deployed application of AES, RSA, or ChaCha20. Fully automated key management that eliminates manual key distribution human errors. C language callable APIs.

Leave a comment »

Apple Gets Slapped With An Almost $2 Billion Fine For Taking Shots At Spotify

Posted in Commentary with tags on March 4, 2024 by itnerd

On a day where Apple wanted to control the narrative by launching new MacBook Air models, the EU has decided to rain on their parade. The European Commission has fined Apple €1.8 billion which is $1.95 billion USD for anti-competitive conduct against rival music streaming services. By rival music streaming services, that would be Spotify:

The European Commission has fined Apple over €1.8 billion for abusing its dominant position on the market for the distribution of music streaming apps to iPhone and iPad users (‘iOS users’) through its App Store. In particular, the Commission found that Apple applied restrictions on app developers preventing them from informing iOS users about alternative and cheaper music subscription services available outside of the app (‘anti-steering provisions’). This is illegal under EU antitrust rules.

I encourage you to read the full decision as I’m not sure that I buy into this reasoning. Regardless of whether you do or don’t buy into that reasoning, Apple is pretty ticked off about this decision:

Today, the European Commission announced a decision claiming the App Store has been a barrier to competition in the digital music market. The decision was reached despite the Commission’s failure to uncover any credible evidence of consumer harm, and ignores the realities of a market that is thriving, competitive, and growing fast.

The primary advocate for this decision — and the biggest beneficiary — is Spotify, a company based in Stockholm, Sweden. Spotify has the largest music streaming app in the world, and has met with the European Commission more than 65 times during this investigation.

Today, Spotify has a 56 percent share of Europe’s music streaming market — more than double their closest competitor’s — and pays Apple nothing for the services that have helped make them one of the most recognizable brands in the world. A large part of their success is due to the App Store, along with all the tools and technology that Spotify uses to build, update, and share their app with Apple users around the world.

That’s pretty much why I don’t buy into the EU’s decision. Spotify the last time I checked was the big boy on the block. So I unless I am missing something, I can’t see how Apple is the bad guy here. Yes, Apple aren’t saints and have been known to do things to take out or impair competition. But I’m honestly not seeing it here. Apple is going to appeal the decision and that appeal will be interesting to watch.

Leave a comment »

Brenda Christensen Honored Among TechRound’s Top 50 Women in Startups & Tech

Posted in Commentary with tags on March 3, 2024 by itnerd

Brenda Christensen, the CEO of Stellar Public Relations, has been honored as one of the 2024 “Top 50 Women in Startups & Tech” by TechRound. An Inc. 500 and Entrepreneur of the Year executive, this accolade is a testament to her vast contributions and pioneering efforts in the technology sector, underscoring her leadership, innovation, and significant impact in shaping the future of technology. 

TechRound’s Top 50 Women in Tech recognizes the incredible talent, resilience, and ingenuity of women who are at the forefront of the traditionally male-dominated industry. The list is the result of a rigorous selection process, celebrating individuals who have shown exceptional leadership, innovation, and influence in the tech world.

With decades of experience, Christensen has made her mark as a world leader in public relations, investor relations, branding, funding, and corporate guidance, contributing to multimillion-dollar growth. Frequently featured in Forbes, Fortune and other leading publications, she has served as an advisor on private boards across North America and was a corporate officer for a publicly held technology company, impacting multiple continents.

Christensen’s expertise in corporate communications and public relations has led to strategic corporate guidance and governance for top global technology companies, including Tinder, Apple, McAfee, and others. Her role has been pivotal in creating and managing global messaging campaigns, setting a benchmark in the industry.

Christensen’s accolades include being named “Qwoted Top 100 in PR,” “Top 15 in Security PR,” “PR SourceCode Top 10 Tech Communicators” and “Best PR in Tech.” HubSpot named her “Most Influential on Facebook” and Business2Community listed her a top PR professional to follow on Twitter.

Leave a comment »

Rogers Has An Opportunity To Fight Back Against Bell…. But They Likely Won’t Take It

Posted in Commentary with tags , on March 2, 2024 by itnerd

Recently, Bell was told by the CRTC that they had to open up their fibre networks to companies like Teksavvy so that in theory it would result in lower telco prices for Canadians. Bell in response acted like a two year old having a hissy fit and stopped rolling out fibre and dropping their 8 Gbps tier from being available for customers to get. Not that anyone needs speeds that fast. As a result, Bell’s decision to throw their toys out of the baby carriage has created is an opportunity for Rogers to step in and fill the void.

No. Seriously. Hear me out on this one.

Frequent readers of this blog will know that I have been extremely critical of Rogers. This organization has some serious issues that keep it from competing with Bell. Especially when it comes to the speed of their Internet offering where Bell has been putting the screws to them for years. But with Bell’s decision to hold Canadians hostage because they don’t like what the CRTC has said, Rogers could do the following to put the screws to Bell:

  • Rogers could aggressively roll out fibre to areas where Bell has seemingly abandoned: Rogers could roll into places like Barrie Ontario where Bell stopped their roll out and run fibre. And by fibre I mean fibre from end to end. Is that instant? No. But if they got shovels in the ground and put forward a date that they stuck to, Rogers would look like heroes. And they’d also gain back subscribers the they lost to Bell because cable simply doesn’t measure up to fibre.
  • Rogers could aggressively transition cable customers to fibre: If Rogers could start transitioning their cable customers to fibre, that would stop customers from defecting to Bell in areas where both companies operate and fibre on Bell is available. It would also show that Rogers recognizes that their cable offering has reached end of life and they are moving to technology that is better for their customers.
  • Rogers could leverage the one good thing about their Internet offering to beat Bell : Now I will admit that Rogers Internet isn’t the most reliable. For example they have problems keeping a DNS server live for any length of time. But Rogers does have one good thing that their Internet offering has. And that is IPv6 which is the future of the Internet and something that Rogers embraced that years ago. Bell on the other hand hasn’t for whatever reason hasn’t rolled out IPv6 on their Internet offering. And at some point very soon, it will come back to bite Bell. Rogers could simply accelerate that by having a fibre offering that leverages IPv6 and market it as “future proofing your Internet unlike the guys in blue”, then they could likely steal back market share. Because people like future proofing.

Now those bullet points are good. But the problem is that Rogers is unlikely to action these. I say that because they have to solve their stability problems. For example, their inability to keep a DNS server working that I mentioned earlier. But the real issue is that Rogers no longer seems to be the type of organization that would be willing to do any or all of this. Right now, Rogers seems willing to tread water and not push the envelope in any way. There seems to be no willingness on their part to innovate or even simply say “we can put Bell into the hurt locker if we do these things”. That seems to be a cultural thing at Rogers. And without a change in the culture at Rogers, mediocrity will rule the day. Thus they won’t leverage this opportunity that’s basically been handed to them on a silver platter.

Now I am free to be proven wrong by Rogers. And I would like to be proven wrong as Rogers doing these things might make Bell rethink their life choices and restart their fibre rollout as they might be afraid of Rogers taking market share from them. And that benefits Canadian consumers at the end of the day. So Rogers, I challenge you to put the screws to Bell. Let’s see what you’ve got.

2 Comments »

« Older Entries
Newer Entries »