HP announces 2024 Digital Equity Accelerator in Canada to drive global digital inclusion

Posted in Commentary with tags on February 15, 2024 by itnerd

In an effort to bridge the global digital divide and foster inclusive opportunities, HP Inc. (NYSE: HPQ) and the HP Foundation invite submissions for the 2024 Digital Equity Accelerator. The program offers 10 selected nonprofit organizations a USD $100,000 grant, HP technology (~USD $100,000 value), and six months of virtual training to scale digital equity solutions focused on educational, healthcare, and economic opportunities. HP will accept applications until March 1, 2024, and organizations in Canada*, Brazil, and Poland are invited to apply.

A $1 trillion-plus digital divide is limiting billions from achieving equal access to educational, healthcare, and economic opportunities. Through the Digital Equity Accelerator, HP is helping to create a more equitable world through access to hardware, connectivity, digital literacy, and quality, relevant content. The Accelerator helps organizations strengthen capacity and scale impact for digital equity solutions, particularly among people who are traditionally excluded.

Since 2022, Accelerator alum have focused on helping to drive progress for women, advancing technology for people with disabilities and aging populations, and increasing digital equity in underrepresented or under-resourced communities including women and girls, people with disabilities and aging populations, historically disconnected groups, and educators and healthcare practitioners. Over the first two years, the Accelerator helped extend the reach of 17 participating organizations by 8.1 million people.

2024 Program Countries: Driving Digital Equity in Canada*, Brazil, and Poland 

HP has strategically selected countries to address specific digital equity gaps. These countries represent diverse challenges in digital equity, aligning with HP’s commitment to fostering inclusive access globally.

  • Canada*, despite high internet usage, has persistent inequalities among Indigenous and rural communities and other marginalized groups, with targeted efforts to bridge connectivity gaps.1
  • Brazil, despite increased home internet access, has a pronounced digital gap affecting vulnerable groups, including Indigenous and Afro-Brazilian populations and aging demographics.2
  • Poland faces lingering divides, especially in rural areas and among refugee populations.3

Global Digital Divide Limits Equal Access to Educational, Healthcare, and Economic Opportunities

The growing digital divide is reshaping the educational landscape, impacting learning experiences of young individuals and influencing the future workforce, as highlighted by Global Business Coalition for Education (2022):

  • Digital Inequity: In 2020, only (34%) of primary, (41%) of secondary, and (68%) of tertiary education students had access to an internet-connected computer at home.
  • Educational Shortfalls: Over half of young individuals are falling behind in acquiring essential skills for employment by 2030.
  • Looming Talent Deficit: Projections indicate a significant ‘human talent shortage’ exceeding 85 million people by the year 2030.

Communities that bridge the digital divide have greater access to healthcare and economic opportunities:

  • Enhanced Healthcare Reach: In 2021, (37%) of adults accessed telemedicine services, with usage correlated to education levels, family income, and urbanization, as reported by the CDC (2022).
  • Bridging Urban-Rural Gaps: Globally, (82%) of urban residents utilized the Internet in 2022, marking a 1.8-fold increase compared to rural areas. This ratio has steadily reduced from 2.3 to 1.8 over the past three years, showcasing a narrowing divide, according to ITU (2022).

HP’s Commitment to Digital Equity and Sustainable Impact

As nearly half of the world’s population remains offline, closing the digital divide through equitable access to technology, skills and content will transform lives and communities and create a more equitable world. Since the beginning of 2021, HP has been on a journey to accelerate digital equity for 150 million people by 2030. HP’s vision is to become the world’s most sustainable and just technology company, which is reflected in its focus areas of climate action, human rights and digital equity.

For more information on the Digital Equity Accelerator, please visit the website.

*Excluding The Province Of Quebec

Leave a comment »

Cyber Ad-versaries Using Analytics to Measure “Victims per Click” Says HP

Posted in Commentary with tags on February 15, 2024 by itnerd

HP Inc. today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are continuing to find innovative ways to influence users and infect endpoints. The HP Wolf Security threat research team uncovered several notable campaigns including:

  • DarkGate campaign uses Ad tools to sharpen attacks: Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware. 
    • By using ad services, threat actors can analyze which lures generate clicks and infect the most users – helping them refine campaigns for maximum impact. 
    • Threat actors can use CAPTCHA tools to prevent sandboxes from scanning malware and stopping attacks by ensuring only humans click. 
    • DarkGate hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware.
  • A shift from macros to Office exploits: In Q4, at least 84% of attempted intrusions involving spreadsheets, and 73% involving Word documents, sought to exploit vulnerabilities in Office applications – continuing the trend away from macro-enabled Office attacks. But macro-enabled attacks still have their place, particularly for attacks leveraging cheap commodity malware like Agent Tesla and XWorm.
  • PDF malware is on the rise: 11% of malware analyzed in Q4 used PDFs to deliver malware, compared to just 4% in Q1 and Q2 2023. A notable example was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnif malware.
  • Discord and TextBin being used to host malicious files: Threat actors are using legitimate file and text sharing websites to host malicious files. These sites are often trusted by organizations, helping the sites to avoid anti-malware scanners, increasing attackers’ chances of remaining undetected. 

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches. 

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:

  • Archives were the most popular malware delivery type for the seventh quarter running, used in 30% of malware analyzed by HP.
  • At least 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
  • The top threat vectors in Q3 were email (75%), downloads from browsers (13%) and other means like USB drives (12%).

HP Wolf Security runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior. 

About the data

This data was gathered from consenting HP Wolf Security customers from October-December 2023

Leave a comment »

Former Twitter Engineer Speaks Out After Being Fired By Elon Musk

Posted in Commentary with tags on February 15, 2024 by itnerd

Business Insider has the story of a Twitter engineer who was, according to him, fired by Elon Musk after being accused of leaking company information to the press:

Randall Lin was reportedly told that he had violated the employee handbook and was let go from Twitter in February 2023, several months into Elon Musk’s takeover.

Speaking to Zoë Schiffer in her newly released book, “Extremely Hardcore,” Lin said that someone lied about him leaking information to the press. Schiffer is a managing editor of the tech newsletter, Platformer.

And:

On 24 February 2023, Lin was called to meet with the corporate security team.

He says they claimed to have proof that he was the source behind two Platformer articles, written by Schiffer and a colleague — a report about the firing of an engineer who had been critical of Musk and a story about Musk’s tweets being boosted after the Super Bowl.

“I’ve never talked to Zoë [Schiffer] in my life,” he told the security team.

Schiffer corroborates this in the book, saying that she had never spoken to Lin at that point in time — and assumed that as he was so close to Musk’s inner circle, he wouldn’t talk to her.

But Lin’s laptop was taken and the following day he was fired.

As he left, Lin claims a colleague told him that James Musk, one of Elon Musk’s cousins, was telling people that Lin had admitted to leaking dozens of articles.

Fearing that he was going to be sued as well, he reached out to Schiffer for more information. She couldn’t tell him anything but passed on the names of two attorneys representing Twitter employees.

Troy Batterberry, CEO and Co-founder, EchoMark had this to say:

“People who leak or steal information harm the organization’s brand, employee morale, ongoing information flow, and customer trust. Collectively, this also damages leadership effectiveness. People who leak information are also typically sabotaging other aspects of the organization. To add insult to injury … organizations are literally paying these saboteurs to remain employed within their organization. Insiders leaking or stealing information is on the rise, too – growing nearly 50% annually.

“It’s important to be able to accurately identify the culprit and take action to stop the damage. At EchoMark, we have found that the use of stenography can help accurately identify the source of such leaks, and even prevent them from happening in the future.”

The problem is in this case that it doesn’t look like Elon Musk didn’t even try to get the facts right if you believe Mr. Lin’s account. Which is what we’ve come to expect from Elon as he’s not that detail oriented. Hopefully Mr. Lin sues the pants off of Elon to teach him some sort of lesson.

Leave a comment »

Prudential Financial Pwned In Cyberattack…. But It Could Have Been Worse

Posted in Commentary with tags on February 15, 2024 by itnerd

Prudential Financial has disclosed that its network was breached last week, with the attackers accessing/stealing employee and contractor data before being blocked from compromised systems one day later.

The company is the second-largest life insurance company in the U.S. and employs 40,000 people worldwide managing roughly $1.4 trillion in assets. Prudential had reported revenues of more than $50 billion in 2023.

In a 8-K form filed with the SEC this week, Prudential said a “threat actor… had accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

The breach is said to have occurred on February 4th and was detected one day later, on Feb 5th, whereupon the company immediately shut systems down and began remediation. The company reported the breach to law enforcement agencies and notified all relevant regulatory authorities of the event.

“… we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,” Prudential said.

“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the company said.

Craig Harber, Security Evangelist: Open Systems had this to say:

    “Prudential Financial disclosed its network was breached last week by cyber criminals. It did not provide any specific details of how the threat actor breached the system, nor did it give details on the extent of the compromised data beyond the fact it was contractor and employee user data, not non-employee customer data.

   “The threat actors accessed the company network from what they described as “information technology systems.” The company did not disclose whether this system was a Prudential-managed system or whether this system was third-party-managed. Prudential notified law enforcement agencies and regulatory authorities of the breach in accordance with the new Cyber Incident Reporting for Critical Infrastructure Act and other regulatory requirements, such as the SEC’s new rules on cybersecurity disclosure.

   “Based on all available reporting, incident response teams blocked the threat actor within the first 24 hours of breach detection. This type of response requires investment in preventing cyber-attacks and preparedness in case of an inevitable cyber event. 

   “Prevention includes everything from investing in backup and recovery systems to patching operating systems and applications to deploying robust, proactive cyber defense technologies to actively threat hunt within the network to fortify business operations from cyber threats and attacks. 

   “Preparation involves developing policies and a playbook for handling incidents and exercising these plans under simulated attack scenarios to ensure teams can assess, contain, and mitigate an active threat while maintaining business operations.

   “The key takeaway from this data breach is cybercrime is a complex and evolving challenge that impacts individuals, organizations, and societies globally. Vigilance, cybersecurity measures, including incident response preparedness, and international cooperation are crucial in combating this digital menace.’

Dave Ratner, CEO, HYAS follows with this comment:

   “While it’s a good thing that the breach and attack is not expected to affect company operations or financials, it still highlights the rampant onslaught of breaches that expose data, putting employees, contractors, and others at risk.  Without appropriate proactive intelligence and cyber resiliency strategies, these events will unfortunately continue.”

The good news is that the threat actors were detected quickly and it looks like Prudential regained control in short order. Swift detection is one of the tools in the toolbox that has to be present to make sure that threat actors cannot set up shop and start to move within a victim’s environment.

1 Comment »

Salesforce rolls out trusted generative AI for Canadian Slack customers

Posted in Commentary with tags on February 14, 2024 by itnerd

Salesforce today announced the rollout of Slack AI, a trusted and intuitive generative AI experience available natively in Slack, where work happens. Customers can easily tap into the collective knowledge shared in Slack through guided experiences for AI-powered search, channel recaps, thread summaries, and soon, a digests feature. These capabilities will enable customers to find answers, distill knowledge, and spark ideas faster.

Why it matters: Nearly half of digital workers struggle to find the information they need to efficiently do their jobs, according to Gartner. This, paired with an increasing number of tools and ways to exchange ideas, adds to workers’ cognitive load and makes it difficult to catch up quickly and feel on top of the work day. AI holds enormous potential to make internal knowledge more contextual, relevant, and easier to find and prioritize.

Innovation in action: Starting today, Slack AI’s search and summarization capabilities can help customers easily find and consume large volumes of information quickly. These features are trustworthy, easy to use, and require no training. Users initiate them through guided, contextual interactions, ensuring they don’t have to learn brand new skills to enjoy the benefits. And each output is secure, cited, and personalized to the user. With Slack AI, customers can access:

  • AI-powered search that delivers personalized, intelligent responses to any question: Users can ask a question conversationally and get a concise answer based on relevant Slack messages. Users can find what they need faster, whether they want to learn about a new marketing campaign, get up to speed on company policies, glean insights about past decisions from historical context, or define unfamiliar acronyms.
  • Channel recaps that generate key highlights from accessible channels: Users can catch up on unread messages, summarize the last seven days, or set a custom date range to summarize. Users can quickly catch up after time away from work, get up to speed on a new project, or jump in quickly to help resolve time-sensitive issues.
  • Thread summaries that catch users up on long conversations: Users can get the gist of a long conversation in one click, and clear sources are included in each summary, allowing users to dive deeper into a highlight. Users can instantly summarize key decisions and next steps from a thread with a lot of back and forth, get up to speed on a customer support ticket, or catch up on a team stand-up to get a bird’s eye view of priorities.

Sales spotlight: Sales teams are under pressure to streamline their operations and maximize team effectiveness. With Slack AI, sales reps can:

  • Easily identify and bring in the right subject matter expert when a customer has a specific question or concern during a deal cycle.
  • Summarize an account channel and get the context they need to prepare for a customer meeting more effectively.
  • Generate key takeaways from a long discussion about deal progress to help keep the team on track.

Engineering spotlight: The incident management process can be time-consuming and complex. With Slack AI, engineering teams can:

  • Find answers in past incident channels to uncover potential solutions and apply learnings.
  • Get the right information they need so they can quickly get situated and jump in to help find a resolution.
  • Recap an incident channel and use it as a starting point to draft a root-cause analysis faster.

Slack’s trusted and secure AI experience: Trust is the number one value at Salesforce, and Slack is committed to building AI products safely, responsibly, and ethically. 

  • Slack AI runs on Slack’s infrastructure and upholds the same security practices and compliance standards that customers expect.
  • Slack AI’s large language models (LLMs) are hosted directly within Slack, ensuring customer data remains in-house and exclusively for that organization’s use. Customer data remains siloed and will not be used to serve other clients, directly or indirectly.
  • Slack AI does not use customer data for LLM training purposes.

The future of native generative AI in Slack: More features that help users summarize and prioritize information are on the horizon. Soon, Slack AI will create digests summarizing key highlights from channels that users want to stay informed on but may not require immediate attention, enabling them to stay up to speed on what they could otherwise miss while focusing on their top priorities. Additionally, Slack is building a native AI integration with Einstein Copilot, a new conversational AI assistant for Salesforce CRM, that will provide answers to questions directly in Slack that are grounded in trusted customer data.

These new search and summarization features are just the beginning of how Slack will enable people to work smarter and faster. In the future, Slack will be the command center for work and the conversational interface for generative AI.

Slack’s AI-ready platform: In addition to these native AI capabilities, partners are bringing additional AI functionality into their Slack apps. Available today, upgraded AI-powered apps from Slack’s partner ecosystem allow users to ask PagerDuty Copilot for help resolving incidents, automatically summarize Notion documents in link previews, and more. And coming soon, a brand new AI integration with Perplexity will allow users to subscribe to AI-powered insights and pipe them into Slack.

Pricing and availability:

  • Slack AI is available now as a paid add-on for Slack Enterprise plans.
  • Slack AI is available now in U.S. and UK English only.
  • Additional Slack plans and language support are coming soon.
  • AI-powered partner apps are available now in the Slack App Directory.

Learn more:

Leave a comment »

Appdome Revolutionizes Geo Compliance for Mobile Brands

Posted in Commentary with tags on February 14, 2024 by itnerd

Appdome today unveiled its new Geo Compliance feature set, allowing mobile brands to trust the user’s location and detect location spoofing, fake GPS apps, VPN use, SIM swaps and other methods used to circumvent geo restrictions in mobile applications. Mobile brands already use Appdome to simplify and accelerate delivery of mobile app security, anti-fraud, anti-bot and other defenses in Android & iOS apps. Now, mobile brands can combine Appdome’s new, no-code, no-SDK, Geo Compliance features with any other mobile app defense features on its unified mobile app defense platform. 

Mobile application commerce continues to rise rapidly. The geo-location integrity of the mobile end user and transaction data is critical. In many cases, Know-Your-Customer (KYC) policies, regulations like business licensing, advertising restrictions, consumer safety and privacy all rely on valid geographic data and restrictions in mobile apps. On top of that, mobile brands need a greater array of signals to detect fraud. They also need to ensure malicious users are not faking their mobile location to bypass geo restrictions or obtain access to offer inventory and services outside of an approved geography. Putting the quality of the user experience center stage, these same brands need geo compliance to validate user identities in mobile applications, including in P2P and social-based mobile applications.

Legacy geo compliance, mobile app security, and anti-fraud products are point products, providing narrow detection and defense coverage. Using more than one of these point products in the same mobile app requires complex app-level code changes to overcome compatibility challenges and resolve in-app conflicts from overlapping feature sets. These challenges don’t exist when using Appdome, as all detection and defenses options including the new Geo Compliance features, come fully interoperable with all other 300+ Appdome defenses out-of-the-box. 

With Appdome’s Geo-Compliance Service, mobile brands can detect:

  • Fake Location: Combat the growing threat of location spoofing, using a method to manipulate or falsify of the geographical location transmitted by a mobile device.
  • Fake GPS Apps: Detected Fake GPS Apps, used by mobile end users as a location service provider, when your mobile app is in use. 
  • VPN In Use: Advanced techniques to detect attempts to bypass geographical restrictions using Virtual Private Networks (VPNs). 
  • SIM Swaps: Robust SIM swap detection, alerting brands to SIM card or eSIM changes, when other location variables remain unchanged. 
  • Random Locations: Identifies mismatches in location telemetry from on-device settings or components, including manual overrides to on-device location services.
  • Teleportation: Improbable location changes within timeframes.
  • Banned Locations: Detect when an app trying to be used in a country/region where the mobile brand does not allow use.
  • Other Geo-Compliance features: several other geo-compliance features provide data and control to mobile brands with location-based services, offers and promotions.

The new Geo Compliance features can be combined with any of the 300+ mobile app defenses in mobile app security, anti-malware, anti-fraud, MOBILEBot™ Defense, anti-cheat, MiTM attack prevention, code obfuscation, and more in Android and iOS apps. All features are fully automated and built on-demand in the language of the mobile app by the Appdome platform, inside the mobile DevOps and CI/CD pipeline.

For more information on Appdome’s Geo-Compliance feature set, visit https://www.appdome.com/geo-compliance.

Leave a comment »

Review: HyperX Pulsefire Haste 2 Mouse

Posted in Products with tags on February 14, 2024 by itnerd

When you’re serious about pwning n00bs in whatever game you play, skill only gets you so far. Because if you’re playing with the average mouse, that will be the difference between winning and losing. That’s where a mouse like the HyperX Pulsefire Haste 2 comes in. This is a very lightweight gaming mouse that has a maximum polling rate of 8000Hz. Meaning that if you sense that someone is behind you, this mouse will allow you to quickly spin around and pick them off before they can pick you off.

Let’s have a look at the mouse:

From the top, it looks like every other mouse out there. But the tell tale RGB lighting is present, which tips you off that this is a gamer focused mouse. But there’s another thing that will make it clear that this mouse is focused on gaming:

You can add rubber grips to the buttons….

…. and the sides to make sure that your fingers don’t slip at a critical moment. Speaking of buttons, you get four plus the scroll wheel. You can program all of the buttons on this mouse using the HyperX NGENUITY Software (and I should mention that you can customize the RGB light as well using this software), but you can’t reprogram the scroll up/down inputs, and the left- and right-click button functions can only be switched. Not a deal breaker, but some of the competition allow you that level of customization. One big plus is the cable. It’s made out of paracord material and I had no issues with it snagging on anything. Why is that important? It’s important because it’s distracting and that might get you pwned.

I tested this first with Call of Duty Warzone, then with Team Fortress 2. Long story short, this mouse works well. It’s light which means that it won’t tire your hands, and it is very precise. I was able to precisely get headshots in Team Fortress 2 much easier with this mouse versus the mouse that I usually use. All the buttons are very tactile which takes away that moment of “did I click the button” that one might have in an intense gaming session. Finally, the rubber grips are something that you should try, especially if you have sweaty hands as it simply makes gaming better.

The only real downside to this mouse is that left handed people need not look at this mouse. That’s not unusual for mice, but it would be nice to see a gaming mouse that can be used by anyone. Having said that, I’d recommend this mouse if pwnage matters above all else. The HyperX Pulsefire Haste 2 is $80 CDN and worth it as far as I am concerned.

Leave a comment »

Living Security Unveils Technology Alliance Program 

Posted in Commentary with tags on February 14, 2024 by itnerd

Living Security, the global leader in Human Risk Management (HRM), announces the formation of its Technology Alliance Program (TAP), enabling dozens of the most utilized cybersecurity tools to deliver additional visibility and value through seamless integration and interoperability with the Living Security Unify Human Risk Management platform.

As cyber threats continue to target vulnerable members of the workforce and evolve in sophistication, collaboration among security tools becomes paramount in fortifying defenses. Living Security’s Technology Alliance Program bridges this gap by fostering integrations with a diverse array of industry-leading platforms, including but not limited to Microsoft Azure, Proofpoint, Sailpoint, Okta, Mimecast, Netskope, ZScaler, Crowdstrike, Microsoft Defender, Rapid7, VMWare Carbon Black, Sophos, Abnormal, Cofense, KnowBe4, Proofpoint, and Workday.

The key to effective Human Risk Management lies in understanding human behavior. Through simple API integrations facilitated by the Technology Alliance Program, Living Security can harness valuable behavioral insights from various sources such as email, web, IAM, SIEM, Endpoint, Device, DLP, and HR platforms. This enables organizations to identify human risk, protect employees, and foster positive behavior change.

The integrations facilitated by the Technology Alliance Program encompass various aspects of cybersecurity including:

  • Authentication, Access, and Activity: Analyzing authentication patterns, access attempts, and user activity to enable proactive risk mitigation strategies.
  • Data Security and Privacy: Facilitating proactive risk mitigation strategies by analyzing user behavior and context to safeguard sensitive information and ensure compliance.
  • Endpoint Security: Providing real-time insights into device activity, configurations, and vulnerabilities through seamless integration with endpoint security platforms.
  • Phishing and Email Security: Building a comprehensive Human Risk Index by incorporating phishing and email security data to track key behaviors and mitigate risks effectively.
  • Training: Leveraging training events to determine the effectiveness of security awareness and compliance training programs.

Living Security’s Technology Alliance Program exemplifies the company’s commitment to innovation and collaboration in the cybersecurity landscape. By fostering integrations with a diverse array of industry-leading technologies, Living Security empowers organizations to bolster their cybersecurity posture and mitigate human-related risks effectively.

For more information about Living Security’s Technology Alliance Program and its integrations, visit https://www.livingsecurity.com/technology-alliance-program.

Leave a comment »

GAO Notifies Employees Of A Breach Of CGI Federal That Affects Them

Posted in Commentary with tags on February 13, 2024 by itnerd

Yesterday, in a breach notification letter seen by Reuters, the U.S. Government Accountability Office said that one of its IT contractors, CGI Federal, notified the agency of a data breach last month affecting the PII of about 6,000 GAO employees that worked between 2007 to 2017.

CGI Group, the information systems and management consultancy, has shifted to cybersecurity in recent years, and said in a congressional testimony that it provides IT protection for “100 participating agencies” including the State, Justice, Commerce, and Labor departments, as well as the FCC and the US Agency for International Development.

The notification letter said that the threat actor exploited a “vulnerability in an externally provided platform” and the data exposed included:

  • Names
  • SSNs
  • Addresses
  • Banking information

A GAO spokesperson said the agency was notified about the breach on Jan. 17 but provided few other details.

Emily Phelps, VP, Cyware had this comment:

   “Public sector breaches facilitated through IT contractors, demonstrate the multifaceted nature of cybersecurity threats that the public sector faces. It highlights the urgent need for a modernized and proactive defense strategy, where collaboration and information sharing between agencies and their partners are paramount. The concept of collective defense becomes particularly relevant here, emphasizing the idea that protecting one agency effectively contributes to the security of the entire public sector network.”


Dave Ratner, CEO, HYAS follows with this comment:

“Criminals will often go after a link in the chain, which means they may extract information about government employees not from the agency directly but from targeted contractor company. It’s just one more reason why everyone should be implementing cyber resiliency strategies immediately as part of their 2024 initiatives as these kinds of breaches, and worse, will continue to occur.”

When a cybersecurity company gets pwned, that’s bad. But when a customer gets pwned, that’s worse. This truly isn’t a great day for CGI Federal.

Leave a comment »

Bank of America Suffers A Data Leak Because A Vendor Of Theirs Got Pwned

Posted in Commentary with tags on February 13, 2024 by itnerd

Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was pwned last year:

On or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications. On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America’s systems were not compromised.

In response to the security incident, IMS retained a third-party forensic firm to investigate and assist with IMS’s recovery plan, which included containing and remediating malicious activity, rebuilding systems, and enhancing response capabilities. To date, IMS has found no evidence of continued threat actor access, tooling, or persistence in the IMS environment. 

When someone who clearly has access to the Bank of America network gets pwned, everything downstream is pwned. Or at least it should be. John Gunn, CEO, Token comments on why that appears not to have happened here:

You can be certain that Bank of America has the highest level of security and imposes incredibly stringent cybersecurity requirements on their third-party partners, with the latter being legendary. With large global organizations that have thousands of service providers, these events are nearly impossible to prevent. Cybercriminals have stepped up their attacks on outsource service providers knowing they cannot directly defeat the cybersecurity of a major bank. The silver lining is that this event impacted less than 1/1000th of their customer base.

In this case, Bank of America might have dodged a major bullet. But that doesn’t mean that they will continue to do so. Thus I hope they look at their processes and security and make sure that they give themselves the best chance of avoiding pwnage.

UPDATE: I have additional commentary. Starting with Paul Valente, CEO & Co-Founder, VISO TRUST:

    “Bank of America’s breach involving IMS is a stark reminder that even the strongest security fortresses can be undermined by exploiting the expanded attack surface connected third party ecosystems represent. CISOs know it’s all too common that companies invest millions in top-notch security only to entrust their data to lesser-known vendors with questionable defenses. Questionnaires won’t cut it – we need a thorough understanding of a vendor’s security program maturity. Time for a reality check in the world of data protection.”


Next up is Craig Harber, Security Evangelist: Open Systems:

   “The Bank of America (BoA) data breach highlights the importance of companies implementing third-party risk management. To protect their customers, companies must implement consistent security standards across their entire business ecosystem to help mitigate cyber-attacks originating through partner and supplier systems.

   “Third-party partners like IMS are critical to most modern businesses, including the financial sector. Unfortunately, these partnerships introduce inherent risks because the resulting interconnected IT/business systems do not deliver the critical trust relationship to prevent supply chain attacks, data breaches, and reputation damage. The notorious ransomware gang LockBit, who claimed responsibility for this attack, exploited this known weakness.

   “To prevent further occurrences, security teams must implement consistent security standards across the entire business ecosystem, including all its subsidiaries’ IT/business systems, not just IMS. Consistent security practices include requiring prompt and regular patching of system vulnerabilities, implementing multi-factor authentication to prevent exploitation of weak credentials, and deploying comprehensive monitoring tools to identify and neutralize cybersecurity threats.”


Finally here’s a comment from Jason Keirstead, VP of Collective Threat Defense, Cyware:

   “Because suppliers have access to sensitive or proprietary information that attackers want to exploit, they need effective cybersecurity controls in place to protect their own systems and data as well as those of their customers. A collective defense approach enhances the cybersecurity posture of both large institutions and their third-party vendors by sharing information and best practices across the supply chain. By working together as a team against common threats, both parties can achieve greater resilience and security than they could individually.”


Dave Ratner, CEO, HYAS:
 
   “Criminals will often go after a link in the chain, which means they may extract information and data not from the company directly but from targeted contractor agencies. It’s just one more reason why everyone, from enterprises to MSSP and MSP providers, should be implementing cyber resiliency strategies immediately as part of their 2024 initiatives as these kinds of breaches, and worse, will continue to occur.”

1 Comment »

« Older Entries
Newer Entries »