Datadobi and Climb Channel Solutions Launch StorageMAP File System Assessment Service 

Posted in Commentary with tags on March 14, 2023 by itnerd

Datadobi, the global leader in unstructured data management, today announced the launch of the StorageMAP File System Assessment Service. In collaboration with Climb Channel Solutions and other Datadobi partners, and with the intelligence capabilities of StorageMAP, channel partners can now provide their customers with a comprehensive understanding of their expanding unstructured data environment and help them make informed decisions regarding its management, build business cases to secure the resources required, and take definitive action to meet objectives and overcome challenges.

The launch of the new service is in response to the exigent demands of unstructured data. More specifically, Gartner has estimated that 80% – 90% of data is unstructured and that it is growing three-times faster than structured data. And recent research from Techjury reveals that 95% of businesses cite the need to manage unstructured data as a problem for their business.

Partners can provide their end clients with the insights they need to minimize risk – including legal and regulations compliance, reduce inefficiency and lower costs, cultivate sustainability, and gain competitive advantage from their unstructured data.

In related news, Datadobi today announced the general availability launch of StorageMAP software version 6.4 which now includes additional Executive Level Reporting along with highly detailed reports via its Analytics Module and the unique Datadobi Query Language (DQL). These new capabilities provide the foundation for the new StorageMAP Assessment Service.

To learn more about the StorageMAP Assessment Service, please visit: https://www.climbcs.com/site/content/datadobi#datadobi-form

Leave a comment »

The Downfall Of Silicon Valley Bank May Lead To Attacks By Threat Actors

Posted in Commentary with tags on March 13, 2023 by itnerd

Hot on the heels of the downfall of Silicon Valley Bank, there are growing concerns regarding threat actors using the news to target users with phishing and credential stealing attempts. I am going to be watching this story closely to see if that is the case. But in the meantime, I already have commentary from Yaron Kassner, CTO and Cofounder, Silverfort:

     “As always, uncertainty and panic are threat actors’ closest allies, and we are already witnessing a distinct surge in fraud attacks that attempt to leverage the confusion to lure users into fraudulent transfers as well as credential disclosure.

“For example, threat actors will impersonate suppliers, claiming it has moved from SVB to another bank, urgently asking you to wire payment to this new account.

“Additionally, attackers will send emails impersonating FDIC, SVB or another government agency with a reassuring message that a deposit in SVB can be fully returned. However, users must urgently login to their new bank account in a provided link. Needless to say, this link leads to an adversary-controlled web page, with credentials now being compromised.

“Business email is the primary attack vector adversaries employ to deliver fraud attacks. While employee education is paramount in counteracting these attempts, it must be paired with security control. To prevent threat actors from compromising user accounts and sending messages on their behalf, organizations should enforce the following:

  • Enforce MFA verification on any access to an employee’s email address.
  • Disable legacy email protocols that are more susceptible to compromise.
  • Block access to email from risky locations”

While I hope I am wrong, I expect a wave of attacks because of the downfall of Silicon Valley Bank. Because for threat actors, this situation is too good to pass up.

2 Comments »

BlackFog Wins Big in Cybersecurity Excellence and Globee® CybersecurityAwards

Posted in Commentary with tags on March 13, 2023 by itnerd

BlackFog today announces it has been named a winner of three Cybersecurity Excellence Awards and that The Globee® Awards, organizers of the world’s premier business awards programs and business ranking lists, has named BlackFog a winner in the 19th Annual 2023 Globee Cybersecurity Awards.  

The awards BlackFog has received for the 6th annual Cybersecurity Excellence Awards:

  • Silver Winner for Most Innovative Cybersecurity Company in North America
  • Gold Winner for Best Virtual CISO in North America
  • Silver Winner for Ransomware Protection 

BlackFog received Gold place for Best Cybersecurity Newsletter of the Year in the 19th Annual 2023 Globee® Cybersecurity Awards for its monthly State of Ransomware Report. 

The Globee Cybersecurity Awards recognize cybersecurity companies and professionals for their innovative approaches and effective solutions in ensuring security in the digital age. The awards cover various categories such as risk management, threat detection, cloud security, data privacy, and more. The program aims to raise awareness about cybersecurity issues and honor those who have made significant contributions in protecting organizations and individuals from cyber threats.

BlackFog has released a monthly State of Ransomware report for the past three years, analyzing ransomware attacks and the statistics around them, including:

  • Reported ransomware attacks by month
  • Key trends
  • Prevalent threat groups 
  • Size of organizations being attacked
  • Attacks by industry sector

BlackFog newly added the tracking and inclusion of non-publicly disclosed ransomware attacks, which it has included in its 2023 State of Ransomware reports. 

BlackFog’s Virtual CISO (vCISO) platform includes a dedicated team of experts that provide monthly assessments, constant monitoring with the BlackFog solution, detailed custom reporting for compliance and auditing, and a customer-branded Enterprise console, managed by their team.

About the Globee Awards 
Globee Awards are conferred in nine programs and competitions: the American Best in Business Awards, Business Excellence Awards, Cybersecurity World Awards®, Disruptor Company Awards, Golden Bridge Awards®, Information Technology World Awards®, Leadership Awards, Sales, Marketing, & Customer Success Awards, and the Women In Business Awards®. Learn more about the Globee Awards at https://globeeawards.com

About BlackFog

Founded in 2015, BlackFog is a global cybersecurity company that has pioneered on-device anti data exfiltration (ADX) technology to protect companies from global security threats such as ransomware, spyware, malware, phishing, unauthorized data collection and profiling. Its software monitors enterprise compliance with global privacy regulations and prevents cyberattacks across all endpoints. BlackFog uses behavioral analysis to preemptively prevent hackers from exploiting vulnerabilities in enterprise security systems and data structures. BlackFog received recognition as a Gold award winner in the Cybersecurity Excellence Awards for Best Data Security and Best Ransomware Protection North America, as well as the Bronze award in Most Innovative Cybersecurity Company and Best Cybersecurity Start-up in 2022. BlackFog was named a 2020 HOT Vendor in Privacy and Security by Aragon Research. 

BlackFog’s preventative approach to security recognizes the limitations of existing perimeter defense techniques and neutralizes attacks before they happen at multiple points in their lifecycle. Trusted by corporations all over the world, BlackFog is redefining modern cyber security practices. For more information visit https://www.blackfog.com

Leave a comment »

Jscrambler to Partner with PCI Security Standards Council

Posted in Commentary with tags on March 13, 2023 by itnerd

Jscrambler, the leading security solution for JavaScript protection and webpage real-time monitoring, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a new Principal Participating Organization. Jscrambler will help drive the future of global payment security with a strategic level of leadership, participation, and influence with the Council. 

PCI SSC leads the global effort to increase payment security by providing flexible, industry-driven, and effective data security standards and programs. Global industry collaboration is critical to this mission. The Council’s Participating Organizations program brings together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem.

As a Principal Participating Organization, Jscrambler will provide strategic direction to help shape the future of the Council. Jscrambler will impact the direction of PCI SSC standards, drive technical discussions, and have input into Council initiatives.

About the PCI Security Standards Council 

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches.

Jscrambler is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance. Jscrambler was recently recognized as a winner in the 2023 BIG Innovation Awards. Find out more at: https://jscrambler.com/

Leave a comment »

Elon Musk Wants You To Pay $42K A Month Or More To Access Data Via Twitter’s API… WTF?

Posted in Commentary with tags on March 13, 2023 by itnerd

I’ll start with the top level headline from Wired in terms of what Elon Musk would like you to pay for access to data via Twitter’s API, then I’ll tell you what I think:

Twitter’s API is used by vast numbers of researchers. Since 2020, there have been more than 17,500 academic papers based on the platform’s data, giving strength to the argument that Twitter owner Elon Musk has long claimed, that the platform is the “de facto town square.”

But new charges, included in documentation seen by WIRED, suggest that most organizations that have relied on API access to conduct research will now be priced out of using Twitter.

It’s the end of a long, convoluted process. On February 2, Musk announced API access would go behind a paywall in a week. (Those producing “good” content would be exempted.) A week later, he delayed the decision to February 13. Unsurprisingly, that deadline also slipped by, as Twitter suffered a catastrophic outage

The company is now offering three levels of Enterprise Packages to its developer platform, according to a document sent by a Twitter rep to would-be academic customers in early March and passed on to WIRED. The cheapest, Small Package, gives access to 50 million tweets for $42,000 a month. Higher tiers give researchers or businesses access to larger volumes of tweets—100 million and 200 million tweets respectively—and cost $125,000 and $210,000 a month. WIRED confirmed the figures with other existing free API users, who have received emails saying that the new pricing plans will take effect within months.  

I see thee possibilities for this rather stupid pricing scheme:

  • Elon has completely lost the plot in terms of his desperation to get Twitter to make money. And this is akin to a “Hail Mary” from Elon to get money in Twitter’s bank account.
  • Elon doesn’t want anyone doing deep dives on Twitter. Perhaps to cover up what a hate filled, right wing cesspool that it has become under Elon’s leadership. Thus he’s pricing it out of reach to accomplish that.
  • All of the above.

Nobody is going to pay these prices. That’s the bottom line. And the second possibility that I listed is perhaps bolstered by this:

While this sounds like a substantial dataset, it only accounts for around 0.3 percent of Twitter’s monthly output, meaning it is far from being a comprehensive snapshot of activity on the platform. Twitter’s free API access gave researchers access to 1 percent of all tweets.

If Elon is truly stupid enough to go ahead of this, it may cause him a big headache:

The timing of the change comes as the European Commission on Thursday will publish its first reports from social media companies, including Twitter, about how they are complying with the EU’s so-called code of practice on disinformation, a voluntary agreement between EU legislators and Big Tech firms in which these companies agree to uphold a set of principles to clamp down on such material. The code of practice includes pledges to “empower researchers” by improving their ability to access companies’ data to track online content.

Thierry Breton, Europe’s internal market commissioner, talked to Musk last week to remind him about his obligations regarding the bloc’s content rules, though neither discussed the upcoming shutdown of free data access to the social network.

“We cannot rely only on the assessment of the platforms themselves. If the access to researchers is getting worse, most likely that would go against the spirit of that commitment,” Věra Jourová, the European Commission’s vice president for values and transparency, told POLITICO.

“It’s worrying to see a reversal of the trend on Twitter,” she added in reference to the likely cutback in outsiders’ access to the company’s data.

While the bloc’s disinformation standards are not mandatory, separate content rules from Brussels, known as the Digital Services Act, also directly require social media companies to provide data access to so-called vetted researchers. By complying with the code of practice on disinformation, tech giants can ease some of their compliance obligations under those separate content-moderation rules and avoid fines of up to 6 percent of their revenues if they fall afoul of the standards.

Yet even Twitter’s inclusion in the voluntary standards on disinformation is on shaky ground. 

The company submitted its initial report that will be published Wednesday and Musk said he was committed to complying with the rules. But Camino Rojo — who served as head of public policy for Spain and was the main person at Twitter involved in the daily work on the code since November’s mass layoffs — is no longer working at the tech giant as of last week, according to two people with direct knowledge of the matter, who spoke on the condition of anonymity to discuss internal discussions within Twitter. Rojo did not respond to a request for comment.

If Elon seriously thinks he can take on the the EU and win, he’s delusional. Microsoft lost against them and Google lost against them. Which means he has zero chance against the EU. If I were him, I’d open up the API to all who want it at a level that makes sense for free. Say 1% to 5% of Tweets. But he’s not going to do that and as a result, he’s going to get into a fight with a group he has no hope of beating.

Leave a comment »

Pop Up #Scams…. What They Are And What You Can Do To Stop Them

Posted in Commentary with tags on March 12, 2023 by itnerd

One of the most common ways that scammers try to get access to your computer to do their evil deeds is to plant the Internet with scam pop ups that will prompt you to call into the scammers.

First of all, let me get this out of the way. If you see any pop up that claims to come from Apple, Microsoft, or anyone else that prompts you to call a number to resolve some sort of virus or security issue, it is fake. No company would do this. And your antivirus software will never prompt you to call a number.

Now, let’s talk about how to spot and deal with these scams:

  1. Do not click on the pop-up
  2. Look for spelling mistakes and unprofessional images. These scams are filled with this sort of stuff.
  3. Do not call the number in the pop-up. Nor should you give out personal details or payment details if for whatever reason you call the number. Which again, you should never, ever do. And you should never give anyone remote access to your computer ever.
  4. Try to close your browser to get rid of the pop ups.
  5. If that doesn’t work, try to restart your computer.
  6. If that doesn’t work, then you should run an antivirus application to try to get rid of the pop ups.
  7. If that doesn’t work, see a computer professional for assistance.

In terms of of preventing the possibility of pop up scams hitting your computer, here’s some suggestions:

  • Use anti-virus software or a complete internet security solution.
  • Keep your anti-virus and internet security software updated
  • Keep your browser, software and operating system updated
  • Do not click on unverified links in spam emails, messages or unfamiliar websites
  • Never open attachments in spam emails

Pro Tip #1: You should block pop-ups in your browser by default. Turn on your browser’s ad blocker and block pop-ups by default. Inspect any website or page that requires you to turn off these features—or better yet, avoid them altogether.

Pro Tip #2: Deleting unusual apps and extensions from your browser. If you find any unusual apps or programs on your device, especially ones you didn’t install. They’re likely infected bad.

Finally, I want to reiterate that Apple, Microsoft, or anyone else that prompts you to call a number to resolve some sort of virus or security issue. So if you see one of these pop ups, please take the advice that I have written above to protect yourself accordingly.

Leave a comment »

Xenomorph Android malware now steals data from 400 banks

Posted in Commentary with tags on March 11, 2023 by itnerd

ThreatFabric is reporting on a new fully automated Android banking Trojan referred to as “Xenomorph 3rd Generation.” By its maker, the Hadoken Security Group. The first version of this malware was spotted by ThreatFabric in February of 2022, where it had over 50,000 downloads. The malware was targeting 56 European banks dropper apps published on the Google Play Store. That first version used injection for overlay attacks and abused accessibility services permissions to intercept and steal one time codes.

The second generation of this Trojan was released in June of 2022 and was notable for having a complete code overhaul but was only released in low volume short bursts, apparently for testing purposes. Researchers say that this third version is the most flexible yet, fully automating the process of data theft, including credentials, account balances, perform banking transactions, and finalize fund transfers.

This third version is being offered on a dedicated website and targets more than 400 banking and financial institutions, including several crypto wallets and includes financial institutions from all continents.

“This new version of the malware adds many new capabilities …, most notably the introduction of a very extensive runtime engine powered by Accessibility services, which is used by actors to implement a complete ATS framework. …, Xenomorph is now able to completely automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.”

Ted Miracco, CEO, Approov had this comment:

   “The fact that this malware has gone through several iterations since its initial detection in February 2022, with each version becoming more advanced and sophisticated, demonstrates the ongoing efforts of cybercriminals to stay ahead of security measures.

   “This includes using multi-factor authentication wherever possible, and correctly. For example SMS based 2FA on the same mobile device that is using the compromised mobile app to access sensitive data will be completely vulnerable against attacks using this Xenomorph trojan attack. The second factor needs to be on a non-compromised platform, for example another device or a hardware based authentication key to be effective. As technology continues to advance, so too will the sophistication of cyber threats, making it essential for all of us to remain vigilant and proactive in protecting ourselves and our data.”

Seeing as this malware has gone through three revisions illustrates the fact that the makers of this malware are here to stay. Which means that the average consumer as well as those who hunt for this sort of thing have to work twice as hard to make sure that nobody gets taken advantage of by the people behind threats like this.

Leave a comment »

Stopping Abuse In The Digital Age: The Anti-Human Trafficking Intelligence Initiative

Posted in Commentary with tags on March 11, 2023 by itnerd

Human trafficking is one of the most horrendous yet tragically overlooked crimes of our times. And the practice is unfortunately thriving in the digital age. For example, the BBC recently called out “Pig Butchering” call centers in South East Asia who are luring young people with promises of great jobs and perks “overseas”, only to literally trap them into a life existence they are not allowed to leave, working in criminal fraud call centers.

Charitable organizations such as the Anti-Human Trafficking Intelligence Initiative (ATII) are fighting to put an end to this modern “digital” slavery by donating time and resources to help investigate cases and working with police to shut down this shadow industry. While researching enhanced intelligence solutions to improve upon their mission, they approached HYAS, a world-leading authority on cyber adversary infrastructure, to better leverage their limited resources.

In a blog post, HYAS details how they are working with ATII, donating time and resources and joining in the battle to stop human trafficking. Larry Cameron, CISO for ATII said that HYAS Insight, “Saved us weeks of investigation time.” And when it comes to an industry as nefarious as human trafficking, each minute can mean the difference between life and death.

I encourage you to read the blog post and consider what you can do to fight this crime which is unacceptable by any standard.

Leave a comment »

TikTok Has A New Problem…. An Employee Is Fighting It On Capitol Hill With Allegations That China Can See Users Data

Posted in Commentary with tags on March 10, 2023 by itnerd

TikTok has a bunch of problems in a bunch of places at the moment. But its problems in the US have just gotten worse. Here’s how that is the case:

In an exclusive interview with The Washington Post, the former employee, who worked for six months in the company’s Trust and Safety division ending in early 2022, said the issues could leave data from TikTok’s more than 100 million U.S. users exposed to China-based employees of its parent company ByteDance, even as the company races to implement new safety rules walling off domestic user information.

His allegations threaten to undermine this $1.5 billion restructuring plan, known as Project Texas, which TikTok has promoted widely in Washington as a way to neutralize the risk of data theft or misuse by the Chinese government. 

They could also fuel speculation that the wildly popular short-video app remains vulnerable to having its video-recommendation algorithm and user data distorted for propaganda or espionage. U.S. authorities have not shared evidence that the Chinese government has accessed TikTok’s data or code.

Well, if you’re TikTok you’re thinking that you’re in deep trouble here. They’ve already pushed back on his claims. But at this point, nothing the company says is going to make lawmakers on Capitol Hill feel different and a ban via the RESTRICT act is likely. And that ban is likely to be copied by other countries which means that TikTok could disappear from millions of phones in short order.

It sucks to be TikTok.

1 Comment »

Belgium Bans TikTok On Government Phones

Posted in Commentary with tags on March 10, 2023 by itnerd

Belgium becomes the latest country to ban TikTok as news is out that Belgian federal government employees will no longer be allowed to use the Chinese-owned video app TikTok on their work phones, Belgian Prime Minister Alexander De Croo said today:

De Croo said the Belgian national security council had warned of the risks associated with the large amounts of data collected by TikTok, which is owned by Chinese firm ByteDance, and the fact that the company is required to cooperate with Chinese intelligence services. “That is the reality,” the prime minister said in a statement. “That’s why it is logical to forbid the use of TikTok on phones provided by the federal government. The safety of our information must prevail.” The European Commission and the European Parliament last month banned TikTok from staff phones due to growing concerns about the company, and whether China’s government could harvest users’ data or advance its interests.

It’s now getting to the point where I am wondering who is next to ban TikTok. Clearly there is momentum building around the world to get TikTok off of government phones. Thus you have to wonder when and not if that’s going to spread to everyone else. Perhaps that could happen as soon as the RESTRICT act is passed in the US?

Leave a comment »

« Older Entries
Newer Entries »