New BEC 3.0 Attack Utilizes Google Workspace to Send Malicious Crypto Links

Posted in Commentary with tags on March 9, 2023 by itnerd

Last week, researchers at Avanan, a Check Point Software company wrote about BEC 2.0, a variant of BEC attacks that remains a significant problem for security services and companies. This week, Avanan will discuss BEC 3.0, a variant of these scams using legitimate services to unleash an attack.

Avanan’s latest research discusses how hackers are utilizing Google’s services within comments on Google Workspace documents to redirect users to a fake cryptocurrency site. This attack, still ongoing, has been targeted at nearly 1,000 companies in the last two weeks. 

In this attack, hackers utilize the comments feature in Google Workspace (ex: Google Sheets or Google Docs) to send out legitimate Google emails, however, containing malicious redirects using a legitimate Google Scripts URL, a coding platform hosted by Google. Clicking on the provided link redirects users to a fake cryptocurrency page. 

You can read the follow up research here.

Leave a comment »

Guest Post: ESET Announces Eighth Annual Women in Cybersecurity Scholarship in North America

Posted in Commentary with tags on March 9, 2023 by itnerd

If this year’s International Women’s Day theme teaches us anything, it’s that in order to have true gender equity, it is essential for society to provide economic opportunity in spaces where women are underrepresented. 

To embrace women and support their journey, ESET, a global leader in IT security, will once again #EmbraceEquity with its eighth annual Women in Cybersecurity Scholarship, awarding the prize to four women in North America.

ESET will be providing $10,000 USD scholarships to two women in the United States and $5,000 CAD scholarships to two women in Canada. Applicants are required to be enrolled in a graduate or undergraduate program majoring in a STEM (science, technology, engineering and mathematics) field. In addition, the students will be asked to detail their career goals, and what steps they plan to take to “pay it forward” for other women pursuing careers in STEM.

Celeste Blodgett, Vice President of Human Resources at ESET is thrilled with how successful the scholarship has been over the years. “At ESET we believe in a culture of inclusion and a culture of equity – without opportunity, there can be no equity,” she said. “Year after year, we choose to support and empower women through the ESET Women in Cybersecurity Scholarship so they may pursue their passions in cybersecurity and STEM. This work is critical for us to break down barriers of entry into the field to support the next generation of female cybersecurity experts.”

Applications are now being accepted and are due by April 7, 2023, at 11:59 p.m. PT. Those who are ineligible to apply are encouraged to share this opportunity with friends and family.

A 2022 (ISC) Women in Cybersecurity Report found that women accounted for 30% of global cybersecurity workers who are under the age of 30; additionally, they accounted for just 14% of those 60 or older. Slowly and through every generation, there is progress being made but there is still so much more to do.

“Shifts are happening within the industry and while at first glance, they might seem dramatic, it is more of a trickle-down effect and there needs to be resources in place to speed up the culture of equity in the workplace,” said Blodgett. “I’ve been lucky enough to hear the stories of the inspiring women who have applied for the scholarship, showing both their passion in the technology field and desire to do good in the world. I look forward to awarding the ESET scholarships to another round of strong, inspiring candidates this year.” 

REQUIREMENTS, DETAILS AND HOW TO APPLY

ESET will award scholarship to a woman who is currently enrolled as a graduate/undergraduate student in North America, majoring in a STEM field of study.

How do I qualify for the scholarship?

You must be enrolled in or accepted to an accredited college or university within North America. (The graduate/undergraduate program does not have to be a cybersecurity program; however, in your application, you should make clear that you aspire to have a career in the cybersecurity industry.)

New this year: ESET has decided to forego minimum GPA requirements so anyone interested and passionate in science, technology and cybersecurity can apply.

What is the deadline for submission?

Submissions will be accepted from March 8, 2023 – April 7, 2023 at 11:59 p.m. EST.

ESET will announce the winner in May 2023.

What do I submit / How do I submit my application?

Applicants can apply and learn more about the scholarships by visiting our application pages. If you’re a US student, you can apply here; if you’re a Canadian student, apply here.

Additional details

  • Essays may be submitted in English or Spanish for US students.
  • Essays may be submitted in English or French for Canadian students. 
  • Finalists may be required to supply additional personal or professional references.
  • Judging is conducted by a panel of ESET staff, including cybersecurity experts.
  • Winners will be asked to provide a photo of themselves, which may be used for promotional purposes.
  • If the application or essays are incomplete, they will not be considered.
  • Immediate family members or dependents of ESET employees are not eligible to participate.

Questions? Email us at US-scholarship@eset.com [US-only inquiries] or CA-scholarship@eset.com [Canada-only inquiries] with any questions, and we’ll get back to you as soon as possible.

Leave a comment »

Acer Gets Pwned…. But The Company Downplays Extent Of The Hack

Posted in Commentary with tags , on March 9, 2023 by itnerd

This is not a good look for computer maker Acer. The company has confirmed that they have been pwned by hackers:

Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what’s claimed to be the Taiwanese PC maker’s confidential information.

“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” an Acer spokesperson told The Register on Tuesday. “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”

According to a Monday post on cyber crime hangout BreachForums by a rapscallion going by the name Kernelware, the “various confidential stuff” allegedly stolen from Acer totals 160GB, including 655 directories and 2,869 files.

Kernelware claimed the stolen goods included confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.

“Honestly, there’s so much shit that it’ll take me days to go through the list of what was breached lol,” Kernelware bragged. 

This data is now up for sale. But the thing is, I am not a believer that customer data is not part of that. Because LastPass said something similar when they got pwned, and we all know how that ended.

Tim Schultz, VP of Research & Engineering at  SCYTHE:

   “As companies shift away from paying ransoms, threat actors are adapting by increasing their focus on IP data theft to increase the potential business impact of each compromise. In the near term, we’ll see the same playbook similar threat actors have taken upon stealing IP and attempting to monetize it.

   “A longer-term challenge for Acer is that the internal information stolen included data on tools and infrastructure that can aid future threat actors. Asset inventory is a challenge for most organizations, and policies around technology business operations can be very difficult to change quickly in the event a threat actor is able to identify a vulnerability.”

Hopefully Acer is transparent about what was and wasn’t stolen during this hack. Because until they are transparent about this, I am really thinking that they are downplaying how serious this hack is.

Leave a comment »

Rogers Continues To Have Issues That Are Making Customers Irate

Posted in Commentary with tags on March 9, 2023 by itnerd

When my phone started to ring an hour ago, I knew I was going to have a busy day. I say that because I woke up this morning to Rogers continuing to have issues with various parts of their network. I have clients who have no email. I also have clients with no Internet. And Down Detector seems to confirm this:

I suspect that as the day goes on, user reports of problems will increase seeing as it’s 8AM as I type this. So, given that I documented that Rogers was having issues earlier this week, I think it’s safe to say that they haven’t fully recovered from those issues. In fact it may be getting worse. And it’s testing the patience of their customers:

https://twitter.com/utube1362/status/1633804481384050689

Rogers really has some serious explaining to do as on the surface, they have the reliability of Twitter at the moment. And that’s not good company to be in. If Rogers were smart, they would communicate with their customers about what is going on, what steps they are taking to restore service, and when that is going to happen. But from what I see on Twitter and what my clients are reporting to me, that’s not happening. And that really reflects poorly on Rogers. And it’s now to the point where my clients are asking me what they should do, and I have no choice but to respond that they should consider moving to Bell if they can. That won’t help my clients with email issues, but it will help the ones with Internet issues.

Rogers needs to do better. And they need to do better now.

UPDATE: I’ve posted a workaround for those who have issues with sending or receiving Rogers email here.

10 Comments »

“Tool Bloat” Slows Cloud Threat Resolution Time: Palo Alto Networks

Posted in Commentary with tags on March 8, 2023 by itnerd

According to a survey conducted by Palo Alto Networks, 39% of global organizations reported a surge in breaches over the past year. The security vendor polled over 2500 respondents in the US, Australia, Germany, France, Japan, Singapore and the UK:

  • 90% said they are unable to detect, contain and resolve cyber-threats within an hour
  • 42% reported an increase in mean time to remediate
  • 30% reported a major increase in intrusion attempts and unplanned downtime


Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

  • 76% said that the number of cloud security tools they use creates blind spots
  • 77% said they struggle to identify what tools are necessary to achieve their objectives

previous Palo Alto study revealed that organizations rely on over 30 tools for security, including 6–10 cloud security products.

I have two comments on this. The first is from Dave Ratner, CEO at HYAS:

   “The growing complexity of cloud environments, whether it is hybrid cloud, multi-cloud, or simply a growing infrastructure, means that it’s easy to lose the visibility of what’s actually going on inside the environment.  Without the proper visibility, it’s increasingly difficult to ensure proper controls, which provides great opportunities for bad actors to hide without being seen, communicate with their command-and-control for instructions and data exfiltration without being detected, and otherwise perform nefarious actions at will.  

   “What’s required is the proper level of visibility and observability into the environments to detect, in real-time, any and all anomalous communications — only then can organizations actually enforce their controls, cut down on the mean-time to detect anomalous communications, and shine a light on the bad actors’ hiding spots.  

   “While this visibility may have been performed in the past through deep packet inspection or other mechanisms, the growth and complexity of the cloud environments makes that nearly impossible at scale; nevertheless, organizations which monitor and track their DNS traffic can actually address this problem in a light-weight, easy to deploy, easy to manage, and inexpensive to operate manner.  This allows organizations to shift left, move into a true business resiliency and business continuity program, detecting and shutting down anomalies in the network before they become significant breaches and issues.”


Bryson Bort, Founder and CEO at SCYTHE follows up with this:

   “A threat can only hack what they can touch: surface area is the technical range of this. The more code (software) with the more features accessible (beware default configurations!), the more opportunities you have provided a potential threat. A large percentage of software is installed with the default configurations (this is now part of the threat’s text matrix for their attacks) or sub-optimally configured (likely increasing risk).

   “First step, which takes a just few minutes: map all of your tools by category of what they defend (assets, users, etc) against the NIST CSF defensive phases: Identify (Configuration Management), Protect, Detect, Respond, and Recover. Now you know what’s generally covered and you’ve identified overlap where you are over-exposed. Now, make the tools work for you! Invest in validating your assumptions (does this block/see what I think it does?) and optimizing how they’re configured.

   “Security is defined by the threat, so a Continuous Threat and Exposure Management approach is the best practice by driving real threat behaviors safely in your environment and continuously so it’s helping you adapt to the rate of change of your business.”

The complexity of managing cloud environments has clearly become the next battleground between threat actors and those who defend against them. Hopefully those who are on the side of the good guys read reports like these and take action to prevent bad things from happening to them.

Leave a comment »

SAP Introduces SAP Datasphere 

Posted in Commentary with tags on March 8, 2023 by itnerd

SAP SE today announced key data innovations and partnerships that give customers access to mission-critical data, enabling faster time to insights and better business decision-making. SAP announced SAP Datasphere solution, the next generation of its data management portfolio, which give customers easy access to business-ready data across the data landscape. SAP also introduced strategic partnerships with industry-leading data and AI companies – Collibra NV, Confluent Inc., Databricks Inc. and DataRobot Inc. – to enrich SAP Datasphere and allow organizations to create a unified data architecture that securely combines SAP software data and non-SAP data.

Until today, accessing and using data located in disparate systems and locations – across cloud providers, data vendors and on-premise systems – has been a complex challenge. Customers have had to extract data from original sources and export it to a central location, losing critical business context along the way and recapturing it only through ongoing, dedicated IT projects and manual effort. With today’s announcements, SAP Datasphere helps eliminate this hidden data tax, enabling customers to build a business data fabric architecture that quickly delivers meaningful data with business context and logic intact.

SAP Datasphere

Available today, SAP Datasphere is the next generation of the SAP Data Warehouse Cloud solution. It enables data professionals to deliver scalable access to mission-critical business data. With a unified experience for data integration, data cataloging, semantic modeling, data warehousing, data federation and data virtualization, SAP Datasphere enables data professionals to help distribute mission-critical business data – with business context and logic preserved – across their organization’s data landscape. SAP Datasphere is built on SAP Business Technology Platform (SAP BTP), which includes strong enterprise security capabilities, such as database security, encryption and governance.

No additional steps or migrations are required for existing customers of SAP Data Warehouse Cloud, who will benefit from new SAP Datasphere functionality in their product environment. New functionality includes data cataloging that automatically discovers, manages and governs data; simplified data replication to deliver data and its constant updates in real-time; and enhanced data modeling that preserves the rich business context of data in SAP applications. Additional application integration capabilities that link data and metadata from cloud solutions from SAP to SAP Datasphere are planned.

Messer Americas, a leading industrial and medical gas company in North and South America, needed simple and secure access to data from SAP and non-SAP solutions within the company to strengthen data-driven decision-making and free up IT resources to focus on other strategic tasks. With SAP Datasphere, Messer Americas was able to build a modern data architecture that maintained the context of its enterprise data.

Strategic Partnerships

SAP and its new open-data partners will help hundreds of millions of users across the world make informed business-critical decisions rooted in massive amounts of data. SAP’s strategic partners provide the unique strengths of their ecosystems and enable customers to combine all their data like never before. 

Initial partners include:

  • Collibra plans to have a tailored integration with SAP, enabling customers to achieve an enterprise governance strategy by building a complete data catalog with lineage across their entire data landscape – both SAP and non-SAP data. Collibra makes trusted data discoverable across any organization. 
  • Confluent plans to connect its data streaming platform, empowering companies to unlock valuable business data and connect it with external applications in real time. Confluent’s cloud-native offering is the foundational platform for data in motion – permitting the uninhibited flow of real-time data from various sources across an organization.
  • Databricks customers can integrate their Data Lakehouse with SAP software so data can be shared with semantics preserved, helping customers simplify their data landscape.
  • DataRobot enables customers to leverage multimodal automated machine learning capabilities on top of SAP Datasphere and bring it directly into their business data fabric on whichever cloud platform it resides.

For more information, visit the Announcement Blog.

Leave a comment »

The City Of Hamilton Ontario Bans TikTok And “Paused” Their TikTok Account

Posted in Commentary with tags on March 8, 2023 by itnerd

The bad news for TikTok continues to pile up. Hot on the heels of a likely ban in the US, comes news that the city of Hamilton Ontario which is just west of Toronto is going not only ban TikTok from city issued devices, but they have also “paused” their TikTok account which they created this year:

In a notice on Friday, the city’s director of communications pointed directly at federal and some provincial government bans as motivation for a similar directive targeted for city staff.

He said the ban was “out of an abundance of caution” after consultation with the IT division, senior leadership and social media team.

“In addition, the city’s Communications TikTok account will be paused and made dormant while staff await result of the Federal Office of the Privacy Commissioner probe alongside privacy regulators from provinces of Quebec, British Columbia and Alberta,” Matthew Grant said in an update.

Well, that’s not good if you’re TikTok as it’s all these bans and investigations into the social media app are going to make the average citizen think twice about having it on their phones. If I were ByteDance, I would extremely concerned as these bans clearly have momentum now.

1 Comment »

Nyriad Field CTO Adam Roberts to Speak at Storage Technology Showcase 

Posted in Commentary with tags on March 8, 2023 by itnerd

Nyriad announced today that Field CTO Adam Roberts will present at Storage Technology Showcase(STS) and discuss how organizations can achieve exceptional performance and stability with erasure codes on a combined CPU/GPU design. Nyriad will also showcase UltraIO, the company’s data storage system that helps organizations enhance agility, accelerate innovation, and gain the competitive advantage necessary to achieve business growth and success.

Today’s data-driven organizations must process massive amounts of data to reengineer operations, accelerate innovation and implement more efficient service delivery models. These organizations rely on computing performance to help drive their success with greater agility, reliability and efficiency. However, traditional RAID implementations for block storage pose performance issues and failure domain problems that can lead to serious risks.

Nyriad offers a new approach that implements erasure codes on a combined CPU/GPU architecture with intelligent data placement, enabling true performance and resilience in the same solution. A properly designed combined CPU and GPU architecture, leveraging block-level erasure codes, provides stable performance even after numerous drive failures, retaining performance similar to an optimized array. Block-based erasure codes can be implemented in such a way that the storage system will experience less than a 5% performance degradation to the array, even when as many as 20 drives out of a 204-drive array have been marked as failed.

Storage Technology Showcase is a vendor-neutral symposium for high-volume digital and long-term storage engineers and executives. STS addresses the current and future challenges of fast-moving storage technologies. Attendees and participating solution providers represent thought leadership from around the world, with installations of 100s of petabytes of local cloud or on-premise storage.

Event details

  • Storage Technology Showcase will be held March 13-15 at the Marriott University Park in Tucson, Arizona
  • Roberts’ presentation will take place on Wednesday, March 15, at 11 a.m. pacific time
  • Attendees may stop by and visit Nyriad’s station at the Marriott

Leave a comment »

Guest Post: Americans lost a record $8.8 billion to fraud in 2022

Posted in Commentary with tags on March 8, 2023 by itnerd

Americans are losing more to fraud than ever before. According to the data presented by the Atlas VPN team, based on the numbers provided by the Federal Trade Commission, consumers in the United States lost an unprecedented $8.8 billion to various scams in 2022 — a 43% rise from the previous year. 

While fraud losses increased, the number of fraud cases dropped by a fifth from 2.9 million in 2021 to 2.4 million in 2022. 

Fraudsters utilize a range of techniques and scams to cash in from unsuspecting victims. However, some scams are more lucrative than others. 

Investment-related fraud hurt consumers the most, with reported losses reaching $3.8 billion in 2022, up 116% from $1.8 billion in 2021. Funds lost to investment fraud alone constituted nearly half the total losses to fraud in the US last year. Overall, there were 104,703 investment fraud cases recorded in 2022. 

While US citizens lost the most money to investment fraud, imposter scams were the most prevalent, with 725,989 cases reported in 2022. Together they cost US consumers $2.7 billion — 11% more than the previous year.

The third spot on the list is occupied by business and job opportunities fraud. US consumers reported 92,723 such fraud instances, totaling $367.4 million in losses. Compared to 2021, losses to business and job opportunities fraud increased by 76%.

Other fraud types that caused US consumers significant losses include online shopping and negative reviews scams ($358.1) and prizes, sweepstakes, and lottery scams ($301.9 million).

​​Cybersecurity writer at Atlas VPN, Ruta Cizinauskaite, shares tips on how to avoid falling victim to fraud:

“While fraudsters continuously find innovative ways to deceive victims, there are some general rules you can follow to protect yourself from falling victim to fraud. Be wary of unsolicited calls, emails, or messages, try to verify the identity of the person or organization contacting you, and take the time to think through any requests or offers before making a decision. Most importantly, don’t share your personal information, such as your social security number, bank account information, or credit card details, unless you are absolutely sure it is necessary and legitimate.”

To read the full article, head over to: 

https://atlasvpn.com/blog/americans-lost-a-record-8-8-billion-to-fraud-in-2022

Image

Leave a comment »

A TikTok Ban Appears To Be Very Likely In The US

Posted in Commentary with tags on March 8, 2023 by itnerd

I’ve been saying for a while that given the fact that TikTok hasn’t really done anything to take the fact that it is Chinese owned and the Chinese Communist Party exerts influence in how it operates, it should be banned. It now appears that a ban is coming in the US. There’s a bill that is making its way through the Senate that has White House backing called the RESTRICT act:

The legislation would empower the Commerce Department to review deals, software updates or data transfers by information and communications technology in which a foreign adversary has an interest. TikTok, which has become a viral sensation in the U.S. by allowing kids to create and share short videos, is owned by Chinese internet giant ByteDance.

Under the new proposal, if the Commerce secretary determines that a transaction poses “undue or unacceptable risk” to U.S. national security, it can be referred to the president for action, up to and including forced divestment.

The bill was dubbed the RESTRICT Act, which stands for Restricting the Emergence of Security Threats that Risk Information and Communications Technology.

Sen. Mark Warner, D-Va., who chairs the Senate Intelligence Committee, formally unveiled the legislation on Capitol Hill alongside a bipartisan group of Senate co-sponsors. The White House issued a statement publicly endorsing the bill while Warner was briefing reporters.

“This bill presents a systematic framework for addressing technology-based threats to the security and safety of Americans,” White House national security adviser Jake Sullivan said in a statement, adding that it would give the government new tools to mitigate national security risks in the tech sector.

Sullivan urged Congress “to act quickly to send the bill to the President’s desk.”

“Critically, it would strengthen our ability to address discrete risks posed by individual transactions, and systemic risks posed by certain classes of transactions involving countries of concern in sensitive technology sectors,” said Sullivan.

A TikTok spokeswoman did not respond Tuesday to CNBC’s request for comment.

TikTok has to be freaking right now as a ban in the US would likely create a domino effect of other countries banning TikTok. So one has to wonder how TikTok will respond to this as if they lose in the US, they lose everywhere.

This should be interesting to watch.

UPDATE: Kevin Bocek, VP Ecosystem and Community at Venafi had this comment:

The recently introduced RESTRICT Act would establish new, broad powers for the US Government to target possible threats to national security, personal privacy, and competitive threats. This goes well beyond a TikTok ban. It could change everything, from the phones in our pockets, to who gets to use emerging AI. And it brings back memories of the Encryption Wars of the 1990s when governments sought to control encryption technologies that we take for granted with bans and backdoors.

We’re now at a serious point in time, where the technologies in our pockets, homes, streets, businesses, airports and beyond can be used as part of kinetic warfare. And the RESTRICT Act targets the issues that we must face in the West.

Governments are finally waking up to the fact that adversaries don’t just use missiles and tanks – but instead, they take advantage of modern-day technology, controlled by machines connecting to the Internet. The worrying reality is that this technology can be monitored and controlled. For example, cranes built in China that offload containers from ships can not only be monitored but also potentially hijacked to create chaos and damage. Likewise, technologies from generative AI, to the graphic cards that make machine learning happen, are available globally and can be abused by adversaries.

The potential impact of the RESTRICT Act isn’t just a ban on TikTok. It’s the opening to what’s likely to be a decades long technology Cold War. One where the machines and software they run – which powers economies and innovation – will become a battleground for governments looking to stop adversaries in the AI, always-connected, and cloud computing driven age.

6 Comments »

« Older Entries
Newer Entries »