Certero and Jisc Partner to Transform UK Academic Sector’s IT Management

Posted in Commentary with tags on February 22, 2024 by itnerd

Certero, leaders in unified IT hardware, software, SaaS and cloud asset management solutions, today announced a new multi-year agreement with Jisc, a not-for-profit negotiating body representing UK higher education and academic research institutions. Under this new partnership, the companies will launch the Certero Chest agreement, providing preferentially priced academic licenses for their commercially available software and selected services.

The Certero Chest agreement signifies a strategic move in Certero’s growth, extending its reach within the IT channel network through partnerships with leading solution providers across various industries and regions. This expansion not only showcases Certero’s exceptional capabilities in uncovering, illustrating, and enhancing IT infrastructure but also introduces its innovative solutions to new industry sectors and channel partners.

Integral to this agreement is access to a suite of products powered by Certero’s unified platform, which enables organizations to address a broad range of IT visibility, governance, cost-optimization, and risk mitigation challenges, all through a holistic ‘single-pane-of-glass’ solution that spans common environments – including Mac, Windows, Linux, Unix, etc.

  • Jisc members can now access the following Certero products, which are available for flexible deployment either on-premises or as fully provisioned SaaS solutions: Certero Enterprise Standard Edition – A streamlined IT Asset Management (ITAM) and Software Asset Management (SAM) solution, offering centralized visibility of all networked assets with an IP address. With advanced discovery capabilities, it automatically recognizes software and provides real-time control over software licensing, effectively putting an end to the typical 30% overspend on software that organizations often incur.
  • Certero App Centre – A self-service software portal that enables users to independently access applications while offering IT departments control for compliance and cost management; featuring a customizable interface, it allows automatic installations or multi-level approval configurations.
  • Certero for SaaS: M365 and Adobe – A solution to see, manage, and eliminate overspend of SaaS subscriptions –typically, a 50% saving on what you’re currently paying for”.
  • PowerStudio – An out-of-the-box, enterprise-level, PC power management software solution which, by applying centralized computer power policies, enables organizations to meet energy-saving goals without affecting user productivity.

Certero complements the above products with a range of services delivered by its in-house services function, including:

  • Implementation and Configuration Services – Ensure correct installation, coverage, and personalized configuration for your new solution, guaranteeing peace of mind and maximizing the technology’s value quickly.
  • Product Training and Education – Efficient knowledge transfer from Certero experts ensures you get the most value from your products and solutions.
  • Certero Professional Services – Certero provide a range of professional services to help organizations optimize spend, mitigate risk, and drive efficiencies. Whether this is one-off effective license positions or audit defense services or more strategic SAM managed services, we can help organizations reach their goals. 

For more information about the Certero Chest Agreement and discover how its solutions can benefit your organization, visit: Certero Chest Agreement.

Certero will host a webinar titled, “Holistic ITAM & SAM” on Tuesday, February 20, 2024 from 12-12:30pm GMT to provide an overview of how Certero Solutions can help companies gain visibility and control of their entire portfolio of IT hardware and software Assets. To register, visit: their registration page.

Leave a comment »

Mission Cloud Recognized on CRN’s 2024 MSP 500 List in the Elite 150 Category

Posted in Commentary with tags on February 22, 2024 by itnerd

Mission Cloud, a US-based Amazon Web Services (AWS) Premier Tier Partner, announced today that CRN®, a brand of The Channel Company, has named Mission Cloud to its Managed Service Provider (MSP) 500 list in the Elite 150 category for 2024.

The MSP 500 list compiled by CRN serves as a comprehensive guide to identifying and recognizing the top Managed Service Providers (MSPs) in North America. MSPs play a crucial role in supporting businesses by offering managed services that enhance efficiency, simplify IT solutions, and optimize return on investment.

The annual MSP 500 list is divided into three sections: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on- and off-premises services; and the Managed Security 100, recognizing MSPs focused primarily on off-premises and cloud-based security services.

The MSP 500 list aims to showcase and celebrate MSPs that are driving growth and innovation in the industry. These service providers not only enable businesses to harness complex technologies but also contribute to maintaining a strong focus on core business goals without stretching financial resources. By categorizing MSPs based on their business models and areas of expertise, the list helps end-users find the right partners to meet their specific needs and challenges in the rapidly evolving technology landscape.

Mission Cloud is dedicated to accelerating the cloud and AI evolution for startups, small and medium sized businesses (SMBs), and enterprises on AWS. Renowned for its extensive AWS certifications and capabilities, the company excels in empowering customers to leverage cutting-edge technologies such as generative AI. Offering a suite of top-tier professional and managed services, including AWS cloud operations, migrations, modernizations, AI, and analytics, Mission Cloud’s offerings are meticulously crafted to meet the distinct needs of AWS customers.

The MSP 500 list will be featured in the February 2024 issue of CRN and online at http://www.crn.com/msp500.

Leave a comment »

AT&T Is Having A Rogers Style Outage In The US

Posted in Commentary with tags on February 22, 2024 by itnerd

As I type this, AT&T is having a massive outage that stated early this morning. By massive, I mean the sort of outage that Canadians experienced almost two years ago with Rogers. Here’s the details from Reuters:

A cellular outage on Thursday hit thousands of AT&T users in the United States, disrupting calls and text messages as well as emergency services in major cities including San Francisco.

More than 73,000 incidents were reported around 8:15 a.m. ET, according to data from outage tracking website Downdetector.com.

AT&T said some of its customers were facing interruptions and it was “working urgently” to restore service. “We encourage the use of Wi-Fi calling until service is restored,” it said.

The AT&T outage has impacted people’s ability to reach emergency services by dialing 911, a post on social media platform X from the San Francisco Fire Department said.

This is bad. It’s bad enough that cell phone service is out. But when it stops people from phoning emergency services, that’s potentially life threatening. Hopefully this gets resolved quickly. And when it does, I would not at all be surprised to see some AT&T execs called to Capitol Hill to explain what happened to lawmakers and what they will be doing to ensure that it doesn’t happen again.

2 Comments »

Infinite Reality & Vodafone to Unveil Revolutionary Automotive Onboarding Service Featuring Generative AI and VR at Mobile World Congress Barcelona 2024

Posted in Commentary with tags , on February 21, 2024 by itnerd

 Infinite Reality (iR), a global leader in artificial intelligence innovations and immersive virtual experiences, together with telecommunication giant Vodafone, is thrilled to announce the unveiling of an innovative automotive original equipment manufacturer (OEM) onboarding service at Mobile World Congress 2024 in Barcelona. This pioneering product, set to redefine automotive retail and customer onboarding, will be showcased in a state-of-the-art mixed reality experience, demonstrating the advanced capabilities of Vodafone’s Pairpoint technology. 

AI-Onboard utilizes the latest in generative AI, coupled with augmented reality (AR) and virtual reality (VR), to offer an immersive and interactive experience that showcases the future of customer engagement and retail. This initiative serves as a powerful example of how Infinite Reality is reshaping customer engagement through cutting edge, immersive solutions.

This extension of Infinite Reality and Vodafone’s partnership, highlights their collective commitment to innovation and bringing forward customer-centric solutions. Building from their collaborative success at the 2023 London Tech Week, the Mobile World Congress 2024 showcase promises to be a landmark event, illustrating the transformative impact of advanced AI-driven immersive experiences with Pairpoint Technology in the retail sector.

For more information about AI-Onboard and future collaborations between Infinite Reality and Vodafone, visit the websites of Infinite Reality and Vodafone

Leave a comment »

71% Surge In Identity Exploitation As Top Access Method: IBM

Posted in Commentary with tags on February 21, 2024 by itnerd

According to IBM’s 2024 X-Force Threat Intelligence Index, data shows a 71% increase in cybercriminals exploiting legitimate credentials to access and compromise corporate networks, representing 30% of the total initial access vectors used in 2023.
 
Methods the cybercriminals use to access valid accounts include obtaining or buying credentials from the dark web and/or through infostealing malware. In 2023, X-Force observed a 266% increase in infostealing malware.
 
While 70% of attacks globally targeted critical infrastructure, 84% of observed incidents on critical infrastructure “could have been mitigated with best practices and security fundamentals, such as asset and patch management, credential hardening and the principle of least privilege.”
 
IBM assessed that AI hasn’t been a serious threat so far but could become one in the future. Charles Henderson, head of IBM X-Force, commented:

“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown. Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic.”

The 2024 X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion daily security events in more than 130 countries.

Dave Ratner, CEO, HYAS had this to say:

   “With so many attacks exploiting legitimate credentials for access and exploitation, the need for cyber resiliency solutions has never been greater, especially for critical infrastructure providers and MSSP/MSPs that may protect their smaller cousins.  The use of legitimate credentials means that much of the existing security stack is bypassed and ineffective — cyber resiliency solutions that see the anomalous behavior inside the environment, and track and shut down the command-and-control communication, provide security and safety regardless of the credentials being used for initial access.”


Troy Batterberry, CEO and Founder, EchoMark follows with this:

   “Employees continue to contribute to cybersecurity risks faced by organizations, either through their poor credential practices or worse, deliberate acts of theft or leakage. Organizations must holistically raise their cybersecurity bar, including through much better identity requirements for their employees and also broader insider risk programs.”

Hopefully organizations are paying attention to this IBM report because it proves where the weak points in your defences are, and where you need to invest to address them.

Leave a comment »

White House Executive Order Aims to Combat Cyber Threats To US Ports

Posted in Commentary with tags on February 21, 2024 by itnerd

Today, the White House will issue an executive order starting a rulemaking process to add cyber requirements to US ports aimed at increasing defenses through additional authorities to the Coast Guard. The administration also pledged to invest over $20 billion in port infrastructure over five years.
 
The executive order will require the maritime sector to increase digital defenses and report cyber incidents to the Coast Guard also giving the Coast Guard the authority to respond to cybersecurity incidents, such as controlling the movement of vessels that present a cyber threat.
 
With concern over Chinese companies owning almost 80% of US ship-to-shore cranes and many controlled remotely, the Coast Guard is issuing a nonpublic maritime security directive that requires cranes manufactured by China to face “a number of security requirements”.

“America’s system of ports and waterways accounts for over $5.4 trillion of our nation’s annual economic activity, and our ports serve as a gateway for over 90% of all overseas trade. Any disruption to the [maritime transportation system], whether manmade or natural, physical or in cyberspace has the potential to cause cascading impacts to our domestic or global supply chains,” Rear Adm. Jay Vann, commander of the U.S. Coast Guard Cyber Command said.

Troy Batterberry, CEO, EchoMark has this comment:

   “It is not only systems that have been infiltrated by foreign states. In my discussions with CISOs across the country, many believe there are employees within their organization that are capable of acting in alignment with foreign states. Unfortunately, 90% of organizations are completely unprepared for the risks imposed by insiders. Dealing with insider risk is the next big area of growth for the cybersecurity industry.”
 
Emily Phelps, Director, Cyware shares this thought:

   “The executive order is a good step towards securing critical national infrastructure. By mandating enhanced cyber defenses and incident reporting in the maritime sector, we’re addressing a significant vulnerability in our national security framework. The focus on the maritime sector, especially given the strategic importance of ports to our economy and supply chain, is timely and essential. This move, coupled with the substantial investment in port infrastructure, demonstrates a proactive approach to cybersecurity, ensuring the resilience of vital assets against emerging threats.”

Neal Dennis, Senior Threat Intelligence Specialist, Cyware had this to say:

   “This completely makes sense. However, this threat is nothing new overall. Government extension of authority to support mitigating the threat is just a sign of validation on the reality of the threat.”

Hopefully this executive order forces those in this sector to improve their preparation for cyber threats both new and old. Because critical infrastructure is a prime target for threat actors.

Leave a comment »

ConnectWise ScreenConnect Authentication Bypass POC, IOCs Released

Posted in Commentary with tags on February 21, 2024 by itnerd

On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe two vulnerabilities, an authentication bypass with CVSS 10.0 and a path traversal with CVSS 8.4 (both currently without assigned CVE IDs). 

The first vulnerability (auth bypass) was disclosed with a critical base CVSS scoring of 10, as it enables access to the path traversal vuln, which in turn enables unauthorized file access.

James Horseman, Horizon3.ai Exploit Developer, has just published ConnectWise ScreenConnect: Authentication Bypass Deep Dive which dives into the technical details of the authentication bypass, provides indicators of compromise, and includes a link to a Horizon3.i proof of concept auth bypass vulnerability on GitHub here.

Leave a comment »

PKI Solutions Host Web Seminar on Avoiding Pentesting Pitfalls

Posted in Commentary with tags on February 21, 2024 by itnerd

 PKI Solutions will host a PKI Insights Series Web Seminar to help IT security professionals avoid common mistakes prior to scheduled Penetration Testing and better secure important PKI system.  Mark B. Cooper, president and founder of PKI Solutions, and Nick Sirikulbut, director of business development will host this event on Thursday, February 22, 2024 at  11-11:30am MST.  The PKI Spotlight event will cover real world case studies to highlight common mistakes that lead to PKI failures and cover steps teams can take immediately to better manage their PKI environment.

To register for the PKI Insights Web Seminar, go to https://www.bigmarker.com/pkisolutions/PKI-Insights-Avoiding-Pen-Test-Pitfalls.

Leave a comment »

Gayming Awards Moves 2024 Host City To LA

Posted in Commentary with tags on February 21, 2024 by itnerd

Now in its fourth year, the Gayming Awards, the world’s only LGBTQ video game award show, returns on April 7th, 2024, from Los Angeles, hosted by DEERE and MiladyConfetti.

The celebration of queer geek culture is continuing its journey to become a key player on the global video game stage by heading over to California, the home of the video game industry, with a broadcast set in Los Angeles. The ceremony also recognizes television and film moments in a brand-new category, LGBTQ Geek Entertainment Moment of the Year – celebrating The Last of Us, Doctor Who, Harley Quinn, Nimona, Scott Pilgrim Takes Off, and The Legend of Vox Machina.

Building on the huge success of the 2023 Awards which were hosted in New York City and saw the honors of the night being shared amongst an incredibly diverse lineup of games, content creators and companies, the Gayming Awards are set to grow even more as it pivots to a virtual, pre-recorded show.

The show is being produced by the creative powerhouse of Nathan Noyes and Ian Devoglaer (The Boulet Brothers’ Dragula) and will broadcast on April 7th at 2pm PT (5pm ET/10pm UK) on Gayming Magazine’s Twitch and TikTok accounts. There will also be a Spanish language co-stream on TikTok and a captioned stream on YouTube, greatly increasing the accessibility and reach of the Gayming Awards. 

Nominees, celebrities, industry professionals and press will gather and celebrate at an exclusive VIP event hosted in Los Angeles on the award’s day itself.

The contenders for the coveted Game of the Year title encompass an impressive lineup with Baldur’s Gate 3, Final Fantasy XVI, Legend of Zelda: Tears of the Kingdom, Thirsty Suitors, Spider-Man 2, and Stray Gods: The Roleplaying Musical

In recognition of outstanding contributions and commitment to inclusivity in the gaming industry, the nominees for the Industry Diversity Award showcase a remarkable array of companies and organizations trailblazing the way for diversity: Humble Games, Larian Studios, Latinx In Gaming, Qweerty Gamers, Roll7 and Women in Games International.

In honor of the vibrant streaming community, where gamers unite to share their passions, the nominees for the LGBTQ+ Streamer of the Year Award are Apothicdecay, Eevoh, Elix, EspeSymone, Halfmoonjoe, MysticKittenn, Sheilur, and SpringSims.

The Gayming Awards are sponsored by TikTok, Devolver Digital, Logitech G and Art & Rev, and supported by Humble Games, Zynga, Out Making Games, Qweerty Games and NYC Gaymers. 

Full nominations for the Gayming Awards 2024 were announced on January 9, 2024.  For more information, head to gaymingawards.com and follow Gayming Magazine on all socials @gaymingmag 

Leave a comment »

Woman Sues Sex Toy Company For Collecting Her Sex Toy Searches…. No I Am Not Making This Up

Posted in Commentary with tags on February 21, 2024 by itnerd

Following on the heels of this story, I have another story about the dark side of sex toys and the Internet. Which to be clear isn’t really about sex toys. But it is about your privacy.

404 Media is reporting on a lawsuit where a woman is suing Adam & Eve for collecting details of her searches sex toys on their site. Brace yourself for the details:

A woman just brought a class action lawsuit against one of the biggest online retailers for sex toys, Adam and Eve, claiming that the site gave Google information about her searches for 8-inch dildos and strap-on harnesses. 

The plaintiff, who isn’t named in the complaint but goes by “Jane Doe,” claims that Adam and Eve uses Google Analytics, which has an anonymization feature that obscures IP addresses of users, but that the site didn’t have that feature enabled. She’s suing PHE, the owner of Adam and Eve, as well as Google, for allegedly disclosing her “sexual preferences, sexual orientation, sexual practices, sexual fetishes, sex toy preferences, lubricant preferences, and search terms” without her consent.

“By using the Google Analytics tool without anonymized IP feature, PHE is sharing with Google Plaintiff’s online activity, along with her IP addresses, even when consumers have not shared (nor have consented to share) such information,” the complaint claims.

Specifically, the plaintiff takes issue with PHE telling Google that she was browsing the site’s categories for “lesbian toys,” women’s sex toys, and realistic dildos. The complaint describes her online shopping trips in detail, claiming that Analytics captured her looking at listings for “Kingcock Strap-on Harness With 8-Inch Dildo” and showed that she added a “Pink Jelly Slim Dildo” to her cart. It also claims that “any information submitted by consumers through the search bar on the site’s homepage is shared with Google,” which in her case was a search for “strap-on dildo.” 

“The above information, combined with the consumer’s IP address, enables Google to identify the person who has interacted with PHE’s Website or has submitted information through the site,” the complaint claims. “Website consumers did not know that the communications between them and PHE would be shared with a third party, Google. PHE did not obtain consent or authorization of Website consumers to disclose communications about their Private and Protected Sexual Information. The surreptitious disclosure of Private and Protected Sexual Information is an outrageous invasion of privacy and would be offensive to a reasonable person.”

She’s suing PHE and Google for violations of the California Invasion of Privacy Act, which prohibits services from communicating information about users to third parties without their consent. Someone doesn’t have to have suffered “actual damages” to bring legal action under CIPA, and can sue for $5,000 per violation.

Now Google is saying that it doesn’t try to identify individuals and has policies to try and stop that from happening. And it’s really up to the retailer to do the right thing. In other words, Google is using the Shaggy excuse. As in “it wasn’t me.” Adam & Eve didn’t have anything to say to 404 Media. But let’s just take a step back and take the words “sex toys” out of this discussion. What this is really about is the fact that ANY retailer can take your shopping habits, collect that up, and use it or sell it however they see fit. If you’re on Amazon, you might not have an issue with that. But if you are shopping for something more “personal” you might have a problem with that. This really isn’t new. But it highlights the fact that your data is valuable and retailers will want to make money off of it, even if you don’t buy anything from them. That’s something that you might want keep in mind if you shop online.

Leave a comment »

« Older Entries
Newer Entries »