BidenCash Market Posts 2Mill Credit Cards Online In Birthday Blitz 

Posted in Commentary with tags on March 7, 2023 by itnerd

First reported by Cyble researchers last week, this story continues to get lot of buzz from Fox News and others this week. A web site that goes by the name of Biden Cash Market has posted 2 million credit cards online as a promotional blitz to attract customers. The site operates on both on the dark and clear web, offering credit card data for sale to the public.

The leaked information includes cardholders’ full names, card numbers, bank details, expiration dates, CVV codes, home addresses, and over 500,000 email addresses. According to D3Lab’s Head of Threat Intelligence, Andrea Draghetti, while tens of thousands the numbers are duplicates, over two million of the entries are unique.

Last fall the same BidenCash Market released a free dump of over a million credit cards in a similar promotional gimmick. 

Baber Amin, COO of Veridium had this to say:

   “Even the most security aware can have their credit card information compromised and made available. This can happen due to no fault of the individual.

   “The data dump is not just about credit card information but contains valuable information that can be used for Identity theft. This second part should be a more serious concern, as it can lead to damage to credit score, reputation, and possibly legal issues. The damage from identity theft is long lasting.

On the financial side, the two main points of credit card compromise are:

  1. Point of sale and
  2. magecart or online skimming.

   “EMV or chip cards were supposed to stop point of sale skimming. But because all EMV cards also have a mag stripe, if someone compromises the POS terminal where users are putting in their card, they can skim the information from the magstripe bypassing chip security.

   “Contactless cards aka “Touch and Pay” is thus more secure than even EMV, as the card never needs to be inserted into any device and never leaves the user.

  • As a merchant, make sure your POS terminals are up to date, especially for areas that are publicly visible, e.g. gas pumps, vending machines, ticket kiosks, etc.
  • As an end user, always opt to use contactless payment at the point of sale.

   “Magecart or online skimming is the compromise of online shopping carts and checkout process.  Bad actors can inject malware into ill maintained ecommerce sites. 

   “Additionally, all the security offered by EMV and contactless cards is nullified, when the user voluntarily enters the CC information at checkout. Not only that, but they also enter information that can be used for Identity Theft, e.g. email address, shipping address, possibly a username and a password, etc.

  • It is important for website administrators to stay up-to-date with their content management system’s patches and plugins. 
  • Buying from reputable online vendors is the best option for end users:
    • If possible, use virtual cards online
    • Use unique usernames and passwords on each site if you must create an account
    • If they offer PayPal during checkout, use it, as it creates an indirect level of payment
    • A better solution is to use services like Apple Pay and Google Pay, which replace sensitive information with arbitrary tokens (Tokenization). These services provide a more secure and convenient experience, as they use tokenization to protect sensitive information. Since these tokens disappear after each authorization, they cannot be reused if stolen. The other advantage of these services is that they work both in person and for online shopping. EMV or chip cards are reduced to the security of the older non chip card when paying online, as there is no chip reader available.”

These are all good tips that I hope become the norm so that scams like this become a thing of the past.

Leave a comment »

EPA To Require States To Report Public Water System Cyber Threats 

Posted in Commentary with tags on March 6, 2023 by itnerd

On Friday the White House said it would require states to report on cyber threats noted in their audit reports of public water systems. This comes a day after they released their new cybersecurity strategy:

The Environmental Protection Agency said public water systems are increasingly at risk from cyberattacks that amount to a threat to public health. 

“Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable,” said EPA Assistant Administrator Radhika Fox. “Cyberattacks have the potential to contaminate drinking water.” 

Fox said the EPA would assist states and water systems in building out cybersecurity programs, adding that states could begin using EPA’s guidance in their audits right away. The agency did not respond immediately to questions about enforcement deadlines.

Public water systems could be easy targets for hackers and with minimal security attention/funding might act as a front door to ransomware attacks not unlike the recent attack on Oakland, CA.

Jan Lovmand, CTO of BullWall had this to say:

   “Often forgotten in the battle to prevent cyber attacks, physical municipal infrastructure such as public water supplies can provide an open attack surface for hackers, as evidenced by 2021 attack on a Florida water supply. The EPA Assistant Administrator, Radhika Fox, noted that a threat to public water systems is also a threat to public health, as cyber-attacks have the potential to contaminate drinking water and said that it is essential to address the cybersecurity of these systems as a top priority to protect public health.

   “The cyber risk to public water systems is not just due to their connectivity to government networks, as it could be just as easy to shut down a city by controlling their water supply as any other aspect of their infrastructure. Municipalities that do not prioritize cybersecurity and do not have robust protections in place are at higher risk of falling victim to these types of attacks.

   “The White House is proposing that states report on cyber threats noted in their audit reports of public water systems and the EPA is offering guidance to states to assist them in building out their water supply cybersecurity programs. However, given the critical importance of these systems to public health and safety, municipalities had best prioritize cybersecurity investments now, to prevent cyber-attacks and safeguard their water supplies.”


David Brunsdon, Threat Intelligence, Security Engineer at Hyas follows up with this comment:

   “Water systems utilize a significant amount of automation and are monitored simultaneously by the control systems, and human operators. Like in Florida, 2021, threat actors could misuse the system to introduce chemicals to the water. A more sophisticated attack would be covert and would obfuscate the changes from both the plant operators and automated monitoring systems.

   “Municipal governments and water treatment plants are vulnerable to well-funded nation-state actors, and so protecting water systems should be considered a national security concern.”

This is a good move by the EPA and I hope this leads to an improvement in terms of the security of these facilities. Because really bad things could happen if these facilities don’t up their game.

Leave a comment »

Twitter Took A Dirt Nap Today Because Of A Single Engineer

Posted in Commentary with tags on March 6, 2023 by itnerd

Once again, Platformer has got to scoop on what’s happening inside Elon Musk’s Twitter. In today’s episode, the have details about today’s Twitter’s latest dirt nap. And it illustrates the effects of Elon’s cost cutting measures:

But in a sign of just how deep Elon Musk’s cuts to the company have been, only one site reliability engineer has been staffed on the project, we’re told. On Monday, the engineer made a “bad configuration change” that “basically broke the Twitter API,” according to a current employee.

The change had cascading consequences inside the company, bringing down much of Twitter’s internal tools along with the public-facing APIs. On Slack, engineers responded with variations of “crap” and “Twitter is down – the entire thing” as they scrambled to fix the problem. 

Elon Musk was furious, we’re told.

“A small API change had massive ramifications,” Musk tweeted later in the day, after Twitter investor Marc Andreessen posted a screenshot showing that the company’s API failures were trending on the site. “The code stack is extremely brittle for no good reason. Will ultimately need a complete rewrite.”

Some current employees are sympathetic to that view, which places at least part of the blame for Twitter’s problems on technical failures that predate Musk’s ownership of the company. The fail whale became an icon of the old Twitter for a reason.

“There’s so much tech debt from Twitter 1.0 that if you make a change right now, everything breaks,” one current employee says. 

Still, when Musk took over the company, he promised to dramatically improve the speed and stability of the site. His associates screened the existing staff for their technical prowess, ultimately cutting thousands of workers who were deemed not “technical” enough to succeed under Musk’s leadership.

But nonstop layoffs have left the company with under 550 full-time engineers, we’re told. And just as former employees have predicted from the start, the losses have made Twitter increasingly vulnerable to catastrophic outages.

Yeah. Elon’s got a major problem on his hands. He’s basically backed himself into a corner where he doesn’t have the resources to run Twitter and keep it stable. And there’s no clear path for him to exit that corner. Which basically means that we need to buckle up as things are about to get even more turbulent than they already are in the Twitterverse.

Leave a comment »

Asigra to Protect the World’s Catalog of SaaS Apps with SaaSBACKUP

Posted in Commentary with tags on March 6, 2023 by itnerd

 Asigra Inc., a leader in ultra-secure backup and recovery, today announced SaaSBACKUPSM a powerful new SaaS-based backup platform designed to provide comprehensive backup and recovery capabilities to SaaS applications that include Salesforce, Microsoft 365, Google Workspace and far beyond. Through innovative API connectivity, SaaSBACKUP is able to support a large macrocosm of SaaS applications with enterprise-class data protection that ensures business continuity.

According to Fortune Business Insights, “The global Software as a Service (SaaS) market size was valued at USD $215.10 billion in 2021 and is expected to grow from USD $251.17 in 2022 to USD $883.34 billion by 2029, exhibiting a CAGR of 19.7% during the forecast period.”

Because of the surge in SaaS adoption, it has become increasingly important to protect the mission critical data in these applications. However, many businesses and IT users do not realize that most of these applications offer weak or in many cases, basic data protection capabilities or guarantees of data recovery. Depending on the SaaS application, data recovery may be the sole responsibility of the user. This puts the burden on the user organization to deploy a backup platform capable of providing the required level of protection.

Asigra SaaSBACKUP was developed to deliver protection for business users across the widest range of SaaS applications, including apps in the areas of Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), Content Management System (CMS), Project Management, sales, marketing, eCommerce solutions and much more.

The new SaaSBACKUP platform provides the following advanced features:

  • Multi-SaaS Support – SaaSBACKUP is designed to protect data across a multitude of SaaS environments, ensuring 24x7x365 protection of business data.
  • Fast, Simple Deployment – SaaSBACKUP provides mass deployment across hundreds or thousands of SaaS application users simultaneously for immediate and consistent protection. 
  • Bring your Own Storage – Store data in your own storage repository, own the data and if you don’t have one, leverage our relationship with select partners.
  • Simple Pay Per Use Model – pay for what you use. Per user, per app, per month.
  • Unique Multi-person Approvals – Configure the software to require multiple people to approve potentially destructive actions to protect against credential theft, user error or insider threat. Designed to require multiple people to approve within a set period of time for key functions such as deleting a data set.
  • SaaSBACKUP Marketplace – A future addition to our platform will be a marketplace enabling a simple revenue share opportunity for partners who build connectors to new SaaS applications.

Unique in the data protection space, SaaSBACKUP is a True Platform as a Service that is turnkey and requires no infrastructure installation. Additionally, all maintenance is updated by Asigra and managed in the cloud. The platform is secure by design, built from the ground up with integrated security, including MFA (multifactor authentication) and MPA (Multi-person Approval) to protect against unauthorized acts due to credential theft, user error or insider threat. The platform features military-grade encryption with FIPS 140-2 certification to protect data at the highest security and compliance levels.

Developed for Managed Service Providers (MSPs), Asigra partners will ultimately have access to a software development kit (SDK). The SDK enables rapid SaaS application connector growth, allowing partners to continually add new SaaS app connectors as needs arise. Regarding the backup repository, MSPs will select their own storage environment, including AWS or any other S3-compatible cloud storage platform. Complementary to traditional on-premise backup solutions, there is no need to rip and replace existing software as the solution is additive, bringing new revenue to partners.

Availability

Asigra SaaSBACKUP will be available in North America in Q3–2023 and Europe/UK in Q4–2023. Managed service providers may register to receive updates or to become a Launch Partner at https://www.asigra.com/saasbackup

Leave a comment »

US Federal Reserve Becomes A Zoombombing Victim

Posted in Commentary on March 6, 2023 by itnerd

I haven’t heard of this happening for a long time. But apparently a Zoom call hosted by the US Federal Reserve got Zoombombed according to Reuters:

A virtual event with Federal Reserve Governor Christopher Waller was canceled on Thursday after the Zoom video conference was “hijacked” by a participant who displayed pornographic images.

“We were a victim of a teleconference or Zoom hijacking and we are trying to understand what we need to do going forward to prevent this from ever happening again. It is an incident we deeply regret,” said Brent Tjarks, executive director of the Mid-Size Bank Coalition of America (MBCA), which hosted the event via a Zoom link. “We have had various programs and this is something that we have never had happen to us.”

He said that he suspects one of the security switches that mutes those watching an event was set incorrectly, but he was not sure of the details. The decision to cancel was made in consultation with the Fed after the intrusion.

Zoombombing was a huge problem a few years ago. But after Zoom did some changes and a lot of education, I stopped hearing about this. Thus this Zoombombing instance is a bit of a surprise to me. I for one will be very interested to find out how this happened and what they, along with Zoom are going to do to make sure that this doesn’t happen again. Because this was a high profile Zoombombing incident. Which means that this will spur other incidents in the coming days and weeks ahead.

Leave a comment »

CybSafe Appoints Hylton Southey and Geraint Owen as VPs of Sales and Finance

Posted in Commentary with tags on March 6, 2023 by itnerd

CybSafe, the human risk management platform helping organizations change behaviour to reduce security risk, today announced the appointment of Hylton Southey and Geraint Owen as VPs of Sales and Finance, respectively. These new executives will be crucial to the company’s continued growth and momentum.

Hylton and Geraint will play an integral part in expanding the company’s global reach with entrance into the North American market by increasing its presence in the United States and leading CybSafe’s financial, operational, and cultural development at a time of significant opportunity for the company. These new appointments prove CybSafe’s commitment to further growth in 2023 and beyond.

Hylton joins CybSafe as the VP of Sales and brings over two decades of experience in sales leadership, corporate development, and business strategy within the information technology and services industry. He has an extensive background in SaaS, enterprise software, and growing early-stage companies.

Prior, Hylton was Managing Director at LeanIX, responsible for accelerating the company’s growth. He was also the VP of North American Sales at MailControl. Hylton was at Mimecast for over nine years. He started off as an account executive and sales director. He then worked his way up to VP of Sales in North America, and global VP of Corp Development. Hylton’s leadership presence in Boston, MA, reinforces CybSafe’s expansion into North America and supports the company’s intent to increase the size of the team to strengthen customer support, sales and partnerships in the United States.

Geraint, as the VP of Finance, will lead CybSafe’s financial strategy and operations. He has over 15 years of experience as a finance leader, focusing on scaling SaaS companies. His background includes leading finance functions in fast-growing technology companies. Geraint was the CFO at Grip, an AI-powered event, matchmaking, and networking platform.

He was also the Finance Director at Questback, and Manager at Deloitte, working with businesses on funding rounds and IPOs. Geraint enjoys working with all aspects of the company to help drive the business forward. Geraint understands how to execute strategic financial growth plans and operational excellence. He will play an essential role as the company accelerates and scales.

Leave a comment »

Twitter Has Once Again Taken A Dirt Nap… And This Time It’s Big

Posted in Commentary with tags on March 6, 2023 by itnerd

Another day, another outage with Twitter. This outage has broken all links on Twitter because of errors with the t.co link shortener redirect API. When you click on a link, you get this or something like it:

But that’s not all. Elon has managed to break more stuff. Images on Twitter are also completely broken for many users. The entire Tweetdeck web experience is also broken. And there’s still more than that. Specifically:

  • Twitter subdomains are broken for things like Developers, Ads, etc. are broken
  • The ability to report an account or a Tweet is broken

Of all the recent Twitter outages, this has been the worst by far. Thus confirming what I have been predicting for a while. Twitter’s reliability is on the decline and there’s nothing that Elon can do to stop the inevitable demise of Twitter. That’s really not going to help Elon make money from the platform because advertisers aren’t going to want to advertise on a platform that has one foot in the grave. Never mind people signing up for Twitter Blue. Because in either case, you’d just be throwing away your money.

Happy Monday Elon.

UPDATE: Speaking of Elon, he actually had something to say about this:

The platform wasn’t anywhere this “brittle” before he took over. Just an observation.

UPDATE #2: Twitter appears to be working…. For now.

1 Comment »

Mujjo Releases Canopy AirTag Keychain

Posted in Commentary with tags on March 6, 2023 by itnerd

Mujjo has released their brand new Canopy AirTag Keychain.

They spent months refining the details to ensure that it matches the high quality of Mujjo products. It’s made from a single piece of our soft veg-tanned leather and offers a durable solution for keeping your keys secure and trackable.

Features

  • 3D moulded – We 3D moulded the leather pocket to ensure a perfect fit for your AirTag, with a side opening for easy insertion.
  • Seamless design – There isn’t one seam in the high-quality leather, so this slim keychain feels great in your hand.
  • Hidden magnet – The AirTag is securely held in place by a hidden magnet that does not affect its shape, size, or usability.
  • Durable coating – The keyring is finished in a long-lasting black PVD coating that resists corrosion and key scratches.
  • Signature leather – Made with our veg-tanned leather that ages beautifully, rated Gold for environmental standards. 
  • Pairs perfectly – Available in Tan, Black, and Monaco Blue, matching the leather and color options of our iPhone cases, AirPod cases, and MagSafe wallets.

Available for €24 | £24 | $24 on mujjo.com.

Leave a comment »

Guest Post: One-third of the Arab population used VPNs in 2022

Posted in Commentary on March 6, 2023 by itnerd

Arab nations are governed by hereditary rulers who wield the majority of administrative, legislative, and judicial power. Civil rights of both citizens and noncitizens are severely restricted.

To overcome some of those limitations, residents search for tools that could help them regain their liberties. Virtual Private Networks (VPNs) are one of the primary tools people in Arab countries utilize to increase their freedom of expression and access restricted content.

According to the latest release of the VPN Adoption Index by Atlas VPN, Virtual Private Network downloads reached 353 million in 2022. Once again, Arab countries dominate the top of the table as the highest VPN adopters globally. 

United Arab Emirates, Qatar, Oman, and Saudi Arabia take four out of the top five spots on the list, with Kuwait in ninth place. On average, VPNs penetrated 31% of the market in these five countries last year.

The leading country in terms of VPN adoption in 2022 was the United Arab Emirates(UAE), with a 43.18% penetration rate. Close to 4.27 million downloads originated from the country.

Image

Stringent internet and freedom of speech restrictions are the primary cause behind the high virtual private network usage in the UAE.

The UAE’s two biggest ISPs prohibit any content that violates Islamic moral norms, with gambling sites, adult websites, and dating apps, including Tinder, as the primary focus. 

VoIP services, such as WhatsApp, Skype, FaceTime, Snapchat, Viber, and Facebook Messenger, are banned and unavailable in the United Arab Emirates. This is one of the main reasons why expatriates turn to VPNs.

On top of that, authorities restrict politically sensitive topics, particularly those that criticize the government.

Qatar reached second place in the rankings with a VPN penetration rate of 39.2% and 1.13 million downloads during the year. Qatar is another Gulf country with substantial internet restrictions, similar to those in the UAE.

The fourth place goes to Saudi Arabia. People in Saudi Arabia downloaded VPN applications 9.42 million times, which resulted in a 27.06% VPN penetration rate in 2022. 

The Saudi government is ruthless in its censorship of information, limiting access to a wide range of media, including newspapers, books, television, films, and all internet content.

Gaming and streaming spur VPN usage

Gamers in the Gulf employ VPNs to change their IP address so they would get matched with players in other regions and to avoid bandwidth throttling. Also, VPNs are necessary for streamers to prevent DDoS attacks.

In addition, the libraries of Netflix and other streaming platforms are highly limited in Arab countries. For example, in the US, Netflix has around 6,000 titles available, while in the UAE, citizens can see less than 1,000 movies and TV series.

In turn, those who want to enjoy some of the shows not available in the Gulf region turn to VPNs. 

To read the full article, head over to: https://atlasvpn.com/blog/one-third-of-the-arab-population-used-vpns-in-2022

Leave a comment »

Twitter’s Revenue Is In Free Fall

Posted in Commentary with tags on March 6, 2023 by itnerd

The Wall Street Journal is reporting that Twitter Inc reported a drop of about 40% year-over-year in both revenue and adjusted earnings for the month of December. Which I think qualifies as being in free fall:

In an update to investors, Twitter reported a decline of about 40% year-over-year in both revenue and adjusted earnings for the month, the people said.

Chief Executive Mr. Musk, who completed his acquisition of Twitter last October, is working to stabilize the company’s finances, which also have been challenged by high-cost debt. Twitter is responsible for repaying some $13 billion of debt that helped pay for Mr. Musk’s purchase of the company, with annual interest payments estimated at more than $1 billion.

The company recently made a first interest payment to a group of banks that lent the $13 billion, the people said.

That’s two months after Elon took over at Twitter and shows that his management of Twitter isn’t producing positive results. Then there’s also this:

However, more than 70 of Twitter’s top 100 advertisers from before Mr. Musk’s takeover weren’t spending on the platform as of the week ended Feb. 25, according to an analysis from research firm Pathmatics, which is part of Sensor Tower. 

That’s another sign that Elon isn’t getting the results that he’s looking for. He claims that advertisers are returning to the platform, but I take that with a grain of salt as Elon has a habit of saying stuff that never happens. I fully expect that the next story that the Wall Street Journal, Platformer, or anyone else writes about Twitter’s finances, the situation will be way worse.

Leave a comment »

« Older Entries
Newer Entries »