Microsoft Warns Of Cybersecurity Complexities At Sporting Events

Posted in Commentary with tags on August 5, 2023 by itnerd

In a new study by Microsoft called the State of Play report, Microsoft highlighted the growing opportunities for threat actors to target high-profile sporting events, “especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities and attendees.”While managing the critical-infrastructure cybersecurity at the 2022 FIFA World Cup in Qatar, Microsoft observed attackers continuously attempting to compromise connected systems through identity-based attacks.

  • “What we saw was consistent, with cyber-criminals being opportunistic and seeing where they can infiltrate and find gaps between a lot of connected systems, in the context of a large event. The cybercrime economy’s sheer size and low barriers to entry make this kind of opportunism a significant risk to account for in planning and having layered defenses in place.
  • “What makes the sports landscape unique is that the IT assets and operations are so different, you have a lot of mobile devices across teams and staff, and a lot of connectivity across different stadiums, training facilities, hotels and other venues. And the nature of these connections is that they stand up and down as teams complete in seasons and tournaments,” said Justin Turner, Principal Group Manager, Microsoft Security Research.

Furthermore, this allows threat actors to simultaneously target mobile payment and retail systems, socially-engineer participants, and scan for unpatched/misconfigured devices. Also, security complexity is compounded as there are numerous parties managing a multitude of systems, such as corporate sponsors, municipal authorities and third-party contractors.

George McGregor, VP, Approov has this comment:  

“A key element are the apps which are launched for events (for example the FIFA Women’s World Cup app – 10M+ downloads on Android) which are intended to be a “one-stop shop” for events. Unless they are protected, they can leak personal financial data and also be a source of other information which can be used in broader infrastructure attacks.”

Amit Patel, SVP, Cyware follows up with this:  

“Anytime you gather tens of thousands of people together using shared infrastructure it’s an attractive target for attackers. Major sports leagues are realizing that they need to address security collectively – not relying on local capabilities. By monitoring threats globally, and sharing intel automatically across leagues and venues, and anticipating attacks, we can reduce risks considerably.”

Sporting events are clearly not the safe places that they once were. This is why not only the people who run these events have to make sure that there is a holistic view of their cybersecurity landscape, but we have to do our part by being mindful of the fact that there are threats that might be lurking at these events.

Leave a comment »

The UK Gov Fears That Cyberattacks On Infrastructure Could Kill Thousands

Posted in Commentary with tags on August 5, 2023 by itnerd

In the 2003 edition of the National Risk Register report, the UK government warns that a serious cyber-attack on UK critical infrastructure has a 5–25% chance of happening over the coming two years.

The report is based on the government’s internal, classified National Security Risk Assessment, and considers malicious risks such as terrorism and cyber-attacks alongside non-malicious risks like severe weather incidents. It lists several cyber-related risks, including attacks on:

  • Gas infrastructure
  • Electricity infrastructure
  • Civil nuclear facilities
  • Fuel supply infrastructure
  • Government
  • Health and social care systems
  • Transport sector
  • Telecommunications systems

The assessment ranks the likelihood of these attacks happening in the next two years as a “4” on a scale of 1–5. The predicted attacks involve “encrypting, stealing or destroying data upon which critical systems rely on or disruption to operational systems” resulting in economic cost measuring in the billions of pounds, possible fatalities of up to 1000 people and casualties of up to 2000.
 
The report also mentions AI as a “chronic risk” that poses “continuous challenges that erode our economy, community, way of life, and/or national security.”

George McGregor, VP, Approov had this to say: 

“This report presents quite a wide-ranging litany of threats and their consequences but unfortunately the “response capability requirements” for each one are very generic and do not make clear which players must take action. Linking this document to more specific mitigation and response guidelines for each area (eg cybersecurity) would make it more actionable.”

We’re past the point where cyberattacks are a mere inconvenience to businesses and the general public. They’re now in a place where they could kill people. If that isn’t an incentive for organizations of all sizes in all sectors to get their houses in order from a cybersecurity perspective, I don’t know what will make them do the right thing.

Leave a comment »

Ransomware Attacks Targeting Industrial Organizations Surge

Posted in Commentary with tags on August 4, 2023 by itnerd

Ransomware attacks targeting industrial organizations and infrastructure have doubled since the second quarter of 2022, according to a report from industrial cybersecurity firm Dragos. In the second quarter of 2023, Dragos observed 253 ransomware incidents, marking an 18% increase from the first quarter of 2023, which had 214 attacks. The rise in attacks is attributed to ransomware revenue plunging in 2022 as more victims refused to pay up.  

Dragos predicts that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations due to political tensions and ransomware groups shifting their focus towards larger organizations.  

North America is the most affected region, followed by Asia. The manufacturing sector remains the most targeted, with industrial control systems (ICS), transportation, and oil and gas sectors also experiencing significant attacks. Among the monitored ransomware groups, LockBit, Alpha V, and Black Basta are the most active in launching attacks. 

Carol Volk, EVP, BullWall leads with is comment:

“Industrial sector organizations must prioritize cybersecurity by strengthening defenses with advanced protection tools, network segmentation, regular data backups and for the inevitable breach, ransomware containment. Educating employees about cybersecurity risks, collaborating with reputable cybersecurity firms, and fostering cooperation among governments and industries for threat information sharing are crucial steps.” 

Emily Phelps, Director, Cyware follows with this comment:                  

“Ransomware attacks can devastate organizations. Adversaries don’t only outnumber cybersecurity pros; they collaborate effectively too. To mitigate the potential damage, enterprises should have preparations that enable them to maintain business continuity in case of an attack.    

“Organizations should regularly back up and test data and systems on an air-gapped network or at least on a network not constantly connected to the internet; segment their environments to contain outbreaks; regularly patch and update systems, applications, and software; invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics; and invest in context-rich threat intelligence that enable security teams to proactively identify and prioritize threats that are more likely to impact their business.”

Finally Stephen Gates, Principal Security SME, Horizon3.ai:

“Simply put, attackers who gain remote access to any internal computing device are the primary threat industrial organizations face. Once an attacker achieves access, they use it to take over networks and ransom critical systems.   

“In comparison to a natural disaster, fire, or other similar incident, a cyber event like ransomware that halts production is just as critical to plan for, especially in terms of risk management and business continuity.   

   “The most effective way to defeat ransomware-based attacks is to continuously assess your own infrastructure, find the attack paths an attacker would take, and then fix those issues and validate that your fixes defeated the discovered attack paths. Once complete, you rinse and repeat the process regularly to discover new attack paths. No other defensive or offensive method of reducing the risk of ransomware will be as effective as the method explained here.”

Clearly the threat actors are moving to attack sectors where they think they will get paid. The best way to stop that from happening is to make every sector as difficult to breach as possible. That way the threat actors have less opportunities for a big payday.

Leave a comment »

Fisker Unveils Ronin Supercar, PEAR Urban Vehicle, Alaska Pickup Truck Models

Posted in Commentary with tags on August 4, 2023 by itnerd

Fisker Inc. today showcased its future vehicle lineup in Huntington Beach, CA. The Manhattan Beach-based carmaker presented four vehicles, as well as technology and sustainability visions, to an audience of investors, analysts, employees, and the media. 

Chairman and CEO Henrik presided over reveals of the Fisker Ocean SUV with a Force-E offroad package; the 1,000-plus-horsepower Fisker Ronin grand-touring four-door convertible; the Fisker PEAR sustainable city EV; and the Fisker Alaska all-electric pickup truck.

In addition to the vehicles that were displayed on stage, the company detailed its Fisker Blade computer, a central computing platform that will greatly reduce complexity in forthcoming vehicles. Fisker also reviewed its Environmental, Social and Governance (ESG) objectives as it strives to become the world’s most sustainable carmaker.

After the conclusion of the Huntington Beach event, Fisker opened reservations for both the Fisker Ronin ($2,000 for first reservation, $1,000 fully refundable for second) and the Fisker Alaska ($250 for first reservation, $100 fully refundable for second).

Details on the newly revealed vehicles are as follows:

Fisker Ronin is the world’s first all-electric four-door convertible GT sports car.  

  • A true five-seat GT with a carbon fiber hard-top convertible, four butterfly doors, a high-tech luxury interior, and uniquely futuristic exterior design.
  • An integrated battery pack powers Ronin to a targeted 600-plus mile range
  • A triple motor all-wheel drive powertrain is projected to deliver massive 1,000-plus horsepower and 0-60 mph in approximately 2.0 seconds.
  • A showcase for Fisker engineering, powertrain, and software capabilities, Ronin will be ultra-luxury priced and built in limited quantities.

Fisker PEAR (Personal Electric Automotive Revolution) is Fisker’s vision of a sustainable EV as a connected mobility device. 

  • A category-breaking lifestyle vehicle built on Fisker’s SLV-1 platform, PEAR is built using Fisker’s Steel++ development process, resulting in the use of 35% fewer parts than other EVs in class.
  • Features a highly connected and revolutionary electrical engineering architecture, and the first implementation of the Fisker Blade central computing platform.
  • Unique Houdini Trunk (hideaway liftgate) and a front storage compartment called the Froot (“front boot”) simplify cargo loading in city parking.
  • Compact body length delivers sporty handling, while allowing room for spacious and modular interior with seating for up to six.
  • Futuristic design includes an ultra-wide wraparound windscreen, sculptural exterior design, and slim LED lighting.
  • Designed to be the future of clean and affordable mobility for a global mass market, PEAR is available in four trim levels, priced starting at $29,900, and scheduled to be available in mid-2025.

Fisker Alaska is Fisker’s versatile, advanced, and powerful all-electric four-door pickup truck. 

  • Built on an extended adaptation of Fisker Ocean’s platform called the FT31, Alaska is both a sporty everyday ride and a highly flexible utility pickup.
  • Built for multiple cargo configurations, including a cargo bed extendable from 4.5 feet to 7.5 feet to 9.2 feet, and a Houdini bed divider which hides away to connect cargo bed and rear cabin.
  • Designed to be the world’s lightest EV pickup truck.
  • Designed to be the world’s most sustainable truck.
  • Shares the Fisker Ocean’s modern design DNA and fast, road-holding EV performance, and has a projected range of 230-340 miles.
  • Expected deliveries in 2025 and priced starting at $45,400 before incentives.

Force E is the dynamic and durable off-road package for the Fisker Ocean SUV

  • Designed to maximize Fisker Ocean’s outstanding torque, power, and best-in-class range for sustainable off-roading adventure.
  • Will be available for all-wheel drive Ultra and Extreme trims, both at vehicle purchase and as a post-purchase add-on package.
  • Includes 33” tires on 20” wheels, higher ground clearance, specialized dampers, roof basket, front and rear skid plates, and an underbody plate for greater durability.
  • Scheduled to be available in Q1 2024, with pricing to be announced.

You can watch the event here to see all of Fisker’s new vehicles.

Leave a comment »

Threat Actors Are Abusing Cloudflare Tunnel in New Effort to Use Legitimate Tools for Attacks

Posted in Commentary with tags on August 3, 2023 by itnerd

Nic Finn, Senior Threat Intel Consultant at GuidePoint Security, released new research, which you can read here identifying a new legitimate tool that threat actors are using to execute attacks – Cloudflare Tunnel, also known by its executable name, Cloudflared. 

Background: Cloudflared is functionally very similar to ngrok, an ingress-as-a-service tool that’s been used by Threat Actors for quite some time now. However, Cloudflared differs from ngrok in that it provides a lot more usability for free, including the ability to host TCP connectivity over Cloudflared. Additionally, Cloudflared provides the full suite of Access controls, Gateway configurations, Team Management, and User Analytics.

Why this Matters: This tool is a legitimate binary, supported on every major operating system, and the initial connection is initiated through an outbound HTTPS connection to Cloudflare-owned infrastructure, followed by data exchanged to tunnel connections over QUIC on port 7844. This means that most firewalls or network-based defenses will allow this traffic, as most firewall rules are far more relaxed toward outbound connections. Threat Actors don’t have to expose any of their infrastructure, except the token assigned to their tunnel, to anyone except Cloudflare prior to a successful connection, and their ability to modify the configuration of the tunnel in real time means post-breach analysis is severely limited if the TA covers their tracks. 

Leave a comment »

Google rolls out new privacy features to help users stay safe online

Posted in Commentary with tags on August 3, 2023 by itnerd

Online safety and security is always top of mind for Google. Today, the company announced new ways to help users stay in control of their personal information, privacy and online safety, including:  

  • Results About You: Last year, Google launched the Results about you tool to make it easy for people to request the removal of search results that contain their personal details, right from the Google app or however they access Search. TomorrowGoogle will announce a new dashboard that will let you know if web results with your contact information are showing up on Search. This tool will be available in the U.S. in English to start, and Google is working to bring it to new languages and locations soon. 
  • SafeSearch Blurring Setting: SafeSearch blurring setting is rolling out for all users globally, and will, by default, blur explicit imagery on Search, such as adult, graphic or violent content.
  • Personal Explicit Images: Google has long had policies that enable people to remove non-consensual explicit imagery from Search. Now, it’s building on these protections to enable people to remove from Search any of their personal,  explicit images that they no longer wish to be visible in Search.  For example, if you created and uploaded explicit content to a website, then deleted it, you can request its removal from Search if it’s being published elsewhere without approval. More broadly, whether it’s for websites containing personal information, explicit imagery or any other removal requests, we’ve also updated and simplified the forms for users to submit removal requests. 

For more information and details please read the Google Blog post here

Leave a comment »

Dasera Releases Mesa Verde

Posted in Commentary with tags on August 3, 2023 by itnerd

Dasera, the premier automated data security and governance platform for data-driven enterprises, expands data security and governance coverage, empowering organizations to safeguard structured and unstructured data with precision and efficiency. Now with a comprehensive and seamless approach to securing unstructured data sources, Dasera is redefining the standards of data security. Unlike traditional models, its solution effectively bridges the gap across all data types and sources, ensuring consistent protection regardless of whether the data is on-premise or in the cloud. This expansive approach makes Dasera one of the few in the industry delivering such a broad scope of data security.

New product features include:

  • Improved Risk Remediation for Applications Accessing Data 
    Dasera’s already extensive risk detection capabilities receive a boost with the ability to track risks associated with certain service account users. The platform now offers improved workflow enhancements, accurately disambiguating user actions and attributing risks to specific individuals, including those leveraging service accounts.
  • Expanded Data Classification Support for Unstructured Data 
    Dasera expands its data classification capabilities, now providing unparalleled support for unstructured data sources, including the widely used Amazon S3. Businesses can now seamlessly discover and classify sensitive data from unstructured sources, broadening Dasera’s coverage and empowering customers to proactively protect their data.
  • Data Classification for Images Leveraging AI 
    The latest update introduces the ability to classify sensitive data within images, including text and handwriting. Leveraging the power of AI, Dasera users can now identify unstructured data hidden in images, ensuring that no critical information goes undetected. This extension of coverage marks a significant advancement in data security for businesses handling image files.
  • ‘Continuous Compliance Check’ Reporting 
    Dasera automates data security reporting with the introduction of scheduled PDF reports delivered directly to executives’ and stakeholders’ inboxes. This feature provides real-time visibility into data security risks, enabling key decision-makers to shift from ad-hoc audit surveys to always-on automated ‘continuous compliance check’.
  • Streamlined Infrastructure Onboarding 
    Dasera now offers improved infrastructure onboarding capabilities through enhanced CloudFormation and Terraform templates. This streamlines the onboarding process for various data stores on popular cloud platforms such as AWS, Azure, and GCP. Customers can efficiently connect to their data infrastructure, saving valuable time and resources. (Dasera had launched Ski Lift for Snowflake customers during the Snowflake Summit in June.)
  • Azure Tenant-Based Onboarding for Discovery at Scale 
    With the latest release, Dasera introduces Azure Tenant Based Onboarding, enabling customers to onboard their Azure Subscriptions at scale. This optimization accelerates the onboarding and discovery process for Azure users providing full visibility in a matter of minutes.

To learn more about these updates and how Dasera helps organizations protect their environment across the data lifecycle, visit booth SC202 at Black Hat or read Dasera’s whitepaper on how to Harness the Power of Data Security.

Leave a comment »

TELUS strengthens its cybersecurity portfolio as Norton’s exclusive breach response provider in Canada

Posted in Commentary with tags on August 3, 2023 by itnerd

 TELUS announced that it will be the official Canadian breach response provider for Norton, a leading consumer cyber safety brand of Gen, delivering support to employees and customers of organizations affected by data breaches. This marks an expansion of the incident response services offered by TELUS, providing businesses with a diverse range of solutions to help minimize the impacts of a data breach. As cybercrime rates rise and the demand for solutions increases, TELUS Online Security goes beyond standalone identity monitoring services in the market by helping businesses offer their employees and customers breach response and remediation plans that include tools like dark web monitoring, daily or monthly credit reports, dedicated identity restoration support and identity theft reimbursement coverage of up to $1 million for related expenses.

TELUS Online Security powered by Norton™ offers two premium plans for businesses to help protect their employees and customers: Guardian and Guardian Plus. Key benefits include:

  • Identity Theft Protection: Fraudsters can use stolen personal information to open new financial accounts, apply for tax refunds, rent or buy properties, or perform other fraudulent activities. If an employee or customer’s identity is compromised, a dedicated identity restoration specialist will handle the case from start to finish.
  • Credit Monitoring: Employees and customers are alerted to key changes to their credit file, such as a change of address or name, credit report inquiries or new accounts being opened.2
  • Dark Web Monitoring: Detects and notifies employees and customers when their monitored personal information is found on the dark web, including email addresses, bank account numbers, credit card numbers, contact details and driver’s license numbers.

These plans complement the comprehensive suite of breach response services already offered by TELUS Business, which support all elements of an organization’s needs, including preparedness, investigation and remediation of a cybersecurity incident.

The launch of TELUS Guardian and Guardian Plus plans comes as Norton and TELUS extend and deepen their partnership for an additional three years, with the shared goal of creating a safer digital world for all Canadians. For more information on how TELUS Online Security can help your organization, please visit telus.com/Guardian.

Leave a comment »

Review: Infinity Loops Apple Watch Ultra Titanium Link Bracelet

Posted in Products with tags on August 3, 2023 by itnerd

While my wife and I were in France on vacation, we were contacted by Infinity Loops offering us a couple of Apple Watch band to do a review on them. After having a look at the website, we decided to say yes to this request and in short order we had two bands were headed in our direction. Today’s review is of their Apple Watch Ultra Titanium Link Bracelet. At $122 Canadian for the band, is it a good option for Ultra owners (and owners of other Apple Watches as it’s also available in sizes to fit any Apple Watch)? Let’s dive in and find out.

The band arrives in a box like this with no markings on it other than the Infinity Loops logo. And inside you’ll see the band:

The entire band is wrapped in plastic. Which is a good thing as titanium has a tendency to collect light surface scratches easily. The first question that I had was if this was really titanium. To answer that, I took a magnet to it because titanium isn’t magnetic. Thus a magnet should not stick to it if it is titanium. From what I can tell, the links are titanium and part of the clasp is made of stainless steel as the magnet stuck to the underside of the clasp, but didn’t stick anywhere else. Speaking of the clasp, it has two buttons on the side to unlock the strap. And overall, it looks almost exactly like the Apple Link Bracelet which is stainless steel and costs a lot more than the Infinity Loops offering. Speaking of the Apple Link Bracelet, Infinity Loop “borrowed” one of the best features of the Apple offering:

There are buttons on the back of the band that allows you to size it for your wrist without requiring tools or a visit to your local jewelry store to pay someone to do it for you. I had mine perfectly sized inside of five minutes of getting it delivered to me by Canada Post. As for weight, I compared it to a stainless steel link bracelet of the same size and same design. It was about 5 grams lighter than that at 69 grams versus 74 grams for the stainless steel link bracelet.

As you can see, it more or less matches the shade of titanium on the Apple Watch Ultra. And it feels comfortable. And as I type this, no stray hairs have been caught in this band which is a common thing with bands such as this one. My only advice to you is if you resize the band, make sure all the links are snapped in place. I didn’t do that and the band came apart the first time I put it on after I put it on. The build quality is also excellent as I couldn’t find anything that I would call out as an issue. Especially with the lugs which fit as well as a stock Apple Watch band.

So, is the Infinity Loops Apple Watch Ultra Titanium Link Bracelet worth it at $122 CDN? I would say so without hesitation. This is a very good option for those who don’t want to spend the cash on Apple’s offering, or some other similar offerings that cost less than what Apple has to offer, but cost more than this band. But they want something more upscale for the Apple Watch. Be it the Ultra or some other model. I’m pretty happy with this band and it will be in my rotation of bands going forward. And I am sure that if you get one, you’ll be happy with it as well.

3 Comments »

New Mobile-Specific AppSec Product Launch Supports iOS Scan Apps & Detect Vulnerabilities

Posted in Commentary with tags on August 3, 2023 by itnerd

Guardsquare, the mobile application security provider, today announced that the company’s award-winning Mobile Application Security Testing (MAST) product, AppSweep, is now available for iOS. Built for developers and mobile application-specific, AppSweep allows users to scan Android and iOS apps to identify security risks. 

Security findings include actionable recommendations developers can leverage to fix the identified security issues ensuring AppSweep users quickly uncover and can solve security issues in mobile app code and dependencies. Free to use with no restrictions, AppSweep is now available for both iOS and Android.

With the ever-growing reliance on mobile apps across all verticals, organizations must prioritize the security of their mobile applications to ensure customer trust and brand loyalty, protect valuable IP, achieve compliance, and prevent loss of revenue. Yet only a third of those involved in mobile app development use a MAST tool, which can lead to insecure mobile apps and detrimental effects on organizations left vulnerable to risks. 

With the introduction of AppSweep for iOS, Guardsquare ensures that regardless of the operating system, organizations can safeguard their mobile apps and protect their users’ sensitive data. AppSweep helps development teams efficiently and effectively meet security needs in an actionable manner.

For more information about AppSweep for iOS and Android, visit https://www.guardsquare.com/appsweep-mobile-application-security-testing

Leave a comment »

« Older Entries
Newer Entries »