New Zealand Becomes The Latest To Ban TikTok On Government Devices

Posted in Commentary with tags on March 17, 2023 by itnerd

The march to ban TikTok continues with news that New Zealand is going to be the latest country to ban TikTok on government devices:

New Zealand said on Friday it would ban TikTok on devices with access to the country’s parliamentary network due to cybersecurity concerns, becoming the latest nation to limit the use of the video-sharing app on government-related devices.

Concerns have mounted globally about the potential for the Chinese government to access users’ location and contact data through ByteDance, TikTok’s Chinese parent company.

The depth of those concerns was underscored this week when the Biden administration demanded that TikTok’s Chinese owners divest their stakes or the app could face a U.S. ban. 

In New Zealand, TikTok will be banned on all devices with access to parliament’s network by the end of March.

Parliamentary Service Chief Executive Rafael Gonzalez-Montero said in an email to Reuters that the decision was taken after advice from cybersecurity experts and discussions within government and with other countries.

    “Based on this information, the Service has determined that the risks are not acceptable in the current New Zealand Parliamentary environment,” he said.

The thing is that TikTok other than saying things like it it “disappointed” by these bans, hasn’t really offered up anything in the way of a substantive rebuttal to accusations that the social media app is a tool for the Chinese Communist Party to spy on the west and spread Chinese propaganda. Until they do that, these bans will simply continue. And likely expand to outright bans where TikTok will be erased from phones everywhere. Such as the one that seems to be coming in the US. So as a result of that, I expect these bans to continue to accelerate and expand.

Leave a comment »

CISA to begin scanning for vulnerabilities

Posted in Commentary with tags on March 17, 2023 by itnerd

On Monday, CISA announced that under its new Ransomware Vulnerability Warning Pilot (RVWP) program it has started scanning critical infrastructure entities’ networks for vulnerabilities to warn and help entities fix the flaws ahead of the bad actors.

As part of RVWP, CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks. Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.

CISA accomplishes this work by leveraging its existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority granted to CISA under Section 2209 of the Homeland Security Act of 2002.

Naveen Sunkavalley, Chief Architect at Horizon3.ai had this to say:

   “CISA’s new program is a necessary and definite step in the right direction to protect critical infrastructure. Many N-day vulnerabilities are now being exploited by threat actors within days of being disclosed. Time is of the essence. The faster organizations are notified of critical vulnerabilities, the faster they can react to avoid compromise.

   “CISA’s program is not a panacea though. Many vulnerabilities are exploited as zero days, and there is often a delay of at least a few days between the time a new vulnerability is disclosed and when CISA adds that vulnerability to its Known Exploited Vulnerabilities catalog. Understanding which vulnerabilities are likely to be exploited and notifying prior to any known exploitation would be valuable.

   “Moreover, exploiting vulnerabilities isn’t the only method ransomware actors have at their disposal. Phishing attacks and leaked credentials are used just as often (for instance with the Colonial Pipeline attack). Organizations need to operate under the mindset that a breach will eventually happen, and critically evaluate their attack surface, both external and internal, against a wide spectrum of possible attacks.”


Dave Ratner, CEO of HYAS follows up with this:

   “We continue to see increasing attacks on all aspects of critical infrastructure and believe that increased visibility and observability into what is happening in real-time inside the environment is critical to rapid identification of these attacks and shutting them down before they expand into major incidents.  

   “Attackers continue to find new and innovative ways to circumvent the perimeter and breach both IT and OT networks; however, given that the malware then needs to beacon out for instructions, visibility into outgoing communication – which domains and what infrastructure is being communicated with and how often — can identify anomalous and nefarious activity inside the network and provide a key layer of protection, if not the “last line of defense”, for all aspects of critical infrastructure.”

This is a good step in terms of fighting threat actors. But it is only a step. This has to be combined with the hard work of those responsible for defending networks against threat actors along with spending money on the tools to effectively fight threat actors. Otherwise the CISA’s work will mean nothing.

Leave a comment »

Independent Living Is Largest Healthcare Hack of 2023 – SO FAR

Posted in Commentary with tags on March 17, 2023 by itnerd

On March 14th, Miami based Independent Living Systems (ILS) disclosed a healthcare data breach that impacted more than 4 million individuals, the largest reported healthcare data breach of 2023, so far. More on the so far part later.

Hackers were in their network from June 30th to July 5, 2020, when the company discovered that its network was accessed and employee data had been exfiltrated. Here’s a snippet of what the data breach notice said.

On July 5, 2022, ILS experienced an incident involving the inaccessibility of certain computer systems on its network. ILS responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, ILS learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed. Upon containing the incident and reconnecting its computer systems, ILS conducted a comprehensive review to understand the scope of potentially affected information and identify the individuals to whom such information relates. ILS received the results of this review on January 17, 2023, and then worked as quickly as possible to validate the results and provide notice to potentially impacted individuals and entities. 

The types of impacted information varies by individual and could have included: name, address, date of birth, driver’s license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.  

But the part that catches my attention is this:

ILS previously notified potentially affected individuals on September 2, 2022 by posting a preliminary notice of this data event on its website. Additionally, ILS previously provided preliminary notice to its primary state and federal regulators. Now that its review and validation efforts are complete, ILS is notifying potentially affected individuals via this media release, posting supplemental notice on its website, and mailing letters to potentially affected individuals for whom ILS has address information. ILS is also providing supplemental notice to its primary state and federal regulators, initial notice to certain additional state regulators (as required), and initial notice to the three major consumer reporting agencies (i.e., Equifax, Experian, and TransUnion). 

Yeah, it took over six months to identify and notify victims. #Fail.

Tim Schultz, VP, Research & Development at SCYTHE had this to say:

   “Healthcare data – the most treasured record in the Underground Economy.

   “The healthcare industry is going to continue to be targeted by threat actors and I don’t see it stopping anytime soon. Similar to other industries where more restrictive cybersecurity controls may have a broader business impact, cybersecurity maturity lags behind. Since medical information can be leveraged in future attacks against individuals either for social engineering or extortion, the data stolen will be valuable for a long time.”

Healthcare is a huge target for threat actors as evidenced by these major breaches:

•    February, Heritage Provider Network – 3.3 million patients
•    February, Community Health Systems – 1 million patients
•    March, Cerebral – 3.1 million patients

The take home message here is that the healthcare sector needs to up its game to stop this from happening over and over again. Because with the scale of hacks that we see in this sector, there clearly isn’t enough being done to safeguard data.

Leave a comment »

Things Get Worse For TikTok As The FBI And DOJ Are Apparently Investigating Them

Posted in Commentary with tags on March 16, 2023 by itnerd

I suspect that Chinese owned social media company TikTok is really in deep trouble here as Forbes is reporting that they are under investigation from the FBI and DOJ:

The FBI and the Department of Justice are investigating the events that led TikTok’s Chinese parent company, ByteDance, to use the app to surveil American journalists, including this reporter, according to sources familiar with the departments’ actions.

According to a source in position to know, the DOJ Criminal Division, Fraud Section, working alongside the Office of the U.S. Attorney for the Eastern District of Virginia, has subpoenaed information from ByteDance regarding efforts by its employees to access U.S. journalists’ location information or other private user data using the TikTok app. According to two sources, the FBI has been conducting interviews related to the surveillance. ByteDance’s use of the app to surveil U.S. citizens was first reported by Forbes in October, and confirmed by an internal company investigation in December.

“We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance. Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us,” said ByteDance spokesperson Jennifer Banks. TikTok did not respond to a request for comment.

The Office of the U.S. Attorney for the Eastern District of Virginia, the DOJ and the FBI did not immediately respond to a request for comment.

This is the first report of the federal government investigating ByteDance’s surveillance practices. It is not clear if the DOJ’s subpoena is connected to the FBI’s interviews.

The reporter behind this story is Emily Baker-White who broke a couple of stories linked above on TikTok spying on journalists last year. And she herself was tracked by TikTok. All of this is highly problematic to TikTok and I am of the opinion that this will lead to an outright ban sooner rather than later. And I am talking about very soon. As in weeks and not months.

That has to be TikTok’s greatest nightmare. Let’s see what they, or their Chinese Communist Party overlords can do about it.

Leave a comment »

Silicon Valley Bank Phishing Scams Are In High Gear Says INKY

Posted in Commentary with tags on March 16, 2023 by itnerd

NKY has published an article detailing how cybercriminals are using the Silicon Valley Bank collapse in a credential harvesting phishing scheme. Which is something I’ve been predicting for a few days now.

This report details how the phisher is using a fake DocuSign email notifications requiring the unsuspecting customer to sign important documents.

You can read the report here.

Leave a comment »

OVHcloud purchases its first Quandela quantum computer

Posted in Commentary with tags on March 16, 2023 by itnerd

 OVHcloud, the European cloud leader, further confirms its ambitions and support of the growing quantum computing ecosystem with the purchase of its first quantum powered machine to kick-off new efforts in the fields of research and development. Designed by French company Quandela, the MosaiQ computer is powered by a photonic processor.  

Doubling down on its efforts in quantum computing, the Group’s goal is to provide its research and development department with the right tools to experiment with a Quantum Processing Unit (QPU) based machine for various use cases. This comes in addition to the announcement, last summer, of a plan to offer quantum-based calculation as-a-service through several emulators, including Perceval, the programming framework developed by Quandela.  

Staying true to its commitment towards open ecosystems, OVHcloud actively supports development efforts in the field of quantum computing via its France Quantum conference initiative, where OVHcloud is a co-founding member, and through its Startup Program. The latter provides technical assistance as well as credits elevating innovation in quantum computing with startups, active both in the hardware and software fields. Over the years, this commitment already led to significant breakthroughs with Quandela’s early proof of concept effectively using OVHcloud infrastructure and Quandela’s first customers being able to connect to their QPU through OVHcloud. Hosted in OVHcloud datacentres in France (GRA) and Canada (BHS), Quandela’s Perceval notebook is also available here for OVHcloud Public Cloud customers so that they can discover quantum emulation. 

Marking a significant milestone and paving the way for a quantum ready future, Quandela’s system is expected for delivery sometime this fall. It relies on an upgradeable platform thanks to the use of photonics. With a QPU that can be reconfigured, the system will prove to be upgradable through new modules to quickly ramp up the overall computing capabilities.  

Leave a comment »

Nuspire Introduces Managed Microsoft Defender Solution

Posted in Commentary with tags on March 16, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), has announced the launch of its Managed Microsoft Defender services for Endpoint, ID, O365 and Cloud App Security. The new service will help organizations realize the full value of Microsoft Defender through a seamless, expert-led managed solution.

Microsoft Defender offers robust protection against a wide range of threats, including malware, ransomware and other sophisticated attacks. However, configuring, tuning, maintaining and monitoring Microsoft Defender can be challenging, especially when it comes to technology and operating systems outside of the Windows environment. In addition, there is still a significant talent shortage in the security industry, and companies have fewer resources to manage security solutions like Defender and respond to threats.

To address these challenges, Nuspire’s Managed Microsoft Defender services leverage the expertise of seasoned security professionals to guide integration and implementation. Nuspire’s team will monitor, mitigate, respond to and remediate threats directly in a client’s environment. The service also provides 24×7 monitoring and SOC support to reduce false positives and alert fatigue.

For more information on Nuspire’s Managed Microsoft Defender services, please visit https://www.nuspire.com/services/managed-security/managed-microsoft-defender.  

Leave a comment »

HP Wolf Security report shows move to block macros by default is forcing threat actors to think outside the ‘box’

Posted in Commentary with tags on March 16, 2023 by itnerd

HP today issued its latest quarterly HP Wolf Security Threat Insights Report, showing cybercriminals are diversifying attack methods, including a surge in QR code phishing campaigns. By isolating threats on PCs that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 25 billion email attachments, web pages, and downloaded files with no reported breaches. Further HP Wolf Security insights will be featured at the upcoming Amplify Partner Conference, March 28-30, McCormick Place Chicago.

From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found:

  • The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.
  • HP noted a 38% rise in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorized access to systems, which are used as beachheads to deploy ransomware.
  • 42% of malware was delivered inside archive files like ZIP, RAR, and IMG: The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint. 

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families – compared to just two similar campaigns in the previous year. The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites. 

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior. 

The full report can be found here: https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/

Leave a comment »

Hackuity Partners With Appurity

Posted in Commentary with tags , on March 16, 2023 by itnerd

Hackuity, the risk-based vulnerability management company, today announced a new partnership with Appurity, a specialist in mobile and application security. Appurity will take Hackuity’s solution to market with enterprises in critical infrastructure, finance, pharma, and other sectors that recognize the pressing need to protect their entire estates against vulnerabilities. The goal is simple yet ambitious: provide a new level of control for reported security alerts and enable security departments to better prioritize them.

Hackuity has been growing its channel partners across Europe with a strategic focus on the UK. As Hackuity aims to solve vulnerability management issues within the enterprise workforce, the company will partner with providers which focus on creating a seamless, single point of view for internal security teams.

Appurity specializes in assessing security environments and delivering best-in-class mobile and application security solutions which adhere to the requirements of regulations and schemes such as Cyber Essentials and ISO’s Information Security Standards. Appurity works with companies to develop and implement impenetrable security strategies which utilize the latest technologies and security frameworks, including ZTNA, SSE, CASB, and MTD.

Find out more about Hackuity at https://www.hackuity.io and find out more about Appurity at https://appurity.co.uk/

Leave a comment »

New Vishing Attack Targets 160,000 End Users: Armorblox

Posted in Commentary with tags on March 16, 2023 by itnerd

As tax season approaches, cybercriminals are getting more creative in their attempts to steal sensitive information. Armorblox has released its newest research on the latest attack that impersonated one of the most trusted government entities in the US, the Social Security Administration, in an attempt to prey on the trust and uncertainty that many end-users experience during tax season.

These emails, targeting over 160,000 end users of a large educational institution, bypassed native email security.

How it Works: In this attack, end users were presented with an email, from what appeared to be the Social Security Administration, notifying them of suspicious activity that requires immediate action. For recipients who opened the attachment, they were welcomed with a blunt account suspension letter on what looks like official SSA letterhead. The end goal of this targeted vishing email attack was to get victims to open the email attachment, call the customer support number included, and render personal information.

You can read the research here.

Leave a comment »

« Older Entries
Newer Entries »