New Salesforce Study: Data Is Doubling, But Data Skills Are Struggling To Keep Up

Posted in Commentary with tags on February 22, 2023 by itnerd

New Salesforce research that reveals while companies agree about the advantages of using data to make decisions, there’s a clear disconnect from how they’re using it in practice.

Salesforce’s Untapped Data Research published today, surveyed nearly 10,000 global business leaders. Here are some key findings below:

  • Companies do agree data can help drive decisions73% of business leaders agree that data helps reduce uncertainty and make more accurate decisions in business conversations.
  • Data is doubling, but data skills are struggling to keep up: 41% of business leaders cite a lack of understanding of data as a barrier to entry.
  • Companies are struggling to put data into practice as leaders can’t make sense of it: 8 in 10 (80%) business leaders say data is critical in decision-making at their organization, but 1/3 of business leaders cite the lack of ability to generate insights from data.

Please see here for the Untapped Data Research newsroom post.

Leave a comment »

Telstra Incorporated Earns Great Place to Work Certification

Posted in Commentary on February 22, 2023 by itnerd

Telstra Incorporated, the U.S.-based entity of Telstra, was recently certified as a Great Place to Work® in recognition of its ongoing efforts to create an extraordinary employee experience. 

As a result of a company-wide survey, 94 percent of employees said Telstra is a great place to work, compared to just 57 percent of employees at a typical U.S.-based company. This honor highlights Telstra’s demonstrated track record of consistently fostering a supportive and fully inclusive work environment for all employees, with a focus on workplace culture, collaboration, empowerment, and career development and mentorship.

To earn the prestigious certification, Telstra employees were asked to take a confidential survey administered by Great Place to Work and focused on how they view their workplace, including questions about diversity and inclusion, management, work/life balance, and professional development. Highlights from the survey include:

  • Nearly 100 percent of employees believe people are treated fairly, regardless of their sexual orientation, race, age, or gender
  • 99 percent of employees believe management trusts people to do a good job without watching over their shoulders
  • 97 percent of employees feel they are encouraged to balance their work life and their personal life
  • 96 percent of employees believe management is approachable and easy to talk with
  • 96 percent of employees are proud to tell others they work at Telstra
  • 96 percent of employees feel good about the ways Telstra contributes to the community
  • 95 percent of employees feel they are offered adequate training or development to further themselves professionally

Additionally, according to research from Great Place to Work, job seekers are 4.5 times more likely to find a great boss at a Great Place to Work certified workplace. Employees at certified workplaces are also 93 percent more likely to look forward to coming to work, and are twice as likely to be paid fairly, earn a fair share of the company’s profits and have a fair chance at promotion.

In addition to providing valuable perspectives on the employee experience, Great Place to Work certification has been shown to help job seekers identify which companies genuinely offer a great company culture. Certification also gives employers a recruiting advantage by providing a globally recognized and research-backed verification of a great employee experience.

Check out Telstra’s careers page to find open positions.

Leave a comment »

Deepwatch Announces $180 Million in Investments And Appointment Of New CFO

Posted in Commentary with tags on February 22, 2023 by itnerd

Deepwatch, the leader in advanced managed detection and response (“MDR”) security, today announced a total of $180 million in equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures and Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic credit and financing partner focused on the enterprise software, data and technology markets. The combined capital will enable Deepwatch to accelerate platform innovation and product development while expanding its partner ecosystem to meet the growing demand for managed security services.

Deepwatch MDR protects businesses from an ever-increasing volume of cyber threats. The company delivers an always-on cybersecurity platform backed by experts who work as an extension of customer teams. With many leading global brands as customers, Deepwatch is uniquely positioned to deliver advanced, cloud-based cybersecurity solutions that serve the stringent needs of the most demanding enterprise environments.

Deepwatch experienced 100 percent year-over-year sales growth in 2022, with more than two-thirds of customers expanding their service. The company introduced new offerings and advancements to the Deepwatch security operations platform to speed the detection and containment of threats across the enterprise.  This included the release of its Threat Analytics App 2.0 bolstered by its innovative Threat Probability Value ML backed software and managed extended detection and response (MXDR) for endpoint and identity.  The company was also named to the 2022 Forbes list of America’s Best Startup Employers and received A Great Place to Work certification. The new investment provides the capital and resources for Deepwatch to further advance its platform and meet record customer demand while further establishing its leadership position in managed security.

The new investors join ABS Capital and Goldman Sachs who have backed Deepwatch’s rapid growth over the last four years.

The company also announced the appointment of Mel Wesley as Chief Financial Officer (CFO). Wesley is a seasoned finance executive with over 25 years of experience in financial planning, analysis, and operational finance, with a proven track record of driving growth and building high-performance finance teams. For the past 18 years, he has served as CFO for publicly traded and private technology companies. As Deepwatch’s CFO, Wesley will support the Company during hyper-growth while overseeing finance, legal and corporate development.

In the last ten years as a CFO, Wesley supported three companies through financial transactions and exits totaling nearly $3 billion. As CFO, he has managed investor relations, directed IPO-readiness efforts and raised significant equity and debt.

Wesley remains on the Board of Directors of Cofense, Inc. (formerly PhishMe, Inc.), where he previously served as the CFO before joining Deepwatch. During his tenure as CFO, he supported the Company’s growth initiatives and IPO-readiness efforts, and steered the Company through a significant sale for $400 million.

Before that, Wesley held multiple CFO positions. During his tenure at comScore, Inc. (NASDAQ: SCOR), the Company purchased and merged with another public company. During his tenure at Mandiant Corporation, the Company was sold to FireEye, Inc. (NASDAQ: FEYE) for over $1 billion. Wesley remained at FireEye as CFO of Global Services and Cloud Solutions, supporting integration efforts. During his tenure at OPNET Technologies (NASDAQ: OPNT), the Company’s revenue grew from $50 million to $175 million before the company sold for over $1 billion.

Leave a comment »

US & EU E-Commerce Websites Put Payment Data at Risk Via JavaScript

Posted in Commentary with tags on February 22, 2023 by itnerd

Jscrambler, a leading security solution for JavaScript protection and real-time webpage monitoring, has released research findings on the top US and EU e-commerce websites which are under risk of data skimming attacks due to unprotected JavaScript running on the payment page.  

Payment pages on websites are flooded with third party JavaScripts. Jscrambler found that 60% of analyzed websites in the US have more than 10 different vendors on their payment pages. 

Unless these sites find a way to identify, monitor and control the behavior of these third-party scripts, the attack surface will remain vast and unchecked.  

With British Airways recently falling victim to a £20m fine after the data of 400,000 customers was leaked through JavaScript vulnerability, these risks are not only costly for the customer, but pose a large financial burden on the business as well. 

The external risk and high-value placed on e-commerce in users’ daily lives shows the vital importance in having visibility and control over the pages which enable payments. 

You can read the research here.

Leave a comment »

76% of Ransomware Attacks Use Old Vulnerabilities 

Posted in Commentary with tags on February 21, 2023 by itnerd

new study by Ivanti and others found ransomware operators used a total of 344 unique vulns in attacks in 2022, an increase of 56 over the prior year. A full 76% of all vulnerabilities were from 2019 or older. The oldest vulnerabilities found were RCE bugs in *Oracle products from 2012.

Top Findings for 2022

  • Kill chains impact more IT products: A complete MITRE ATT&CK now exists for 57 vulnerabilities associated with ransomware. Ransomware groups can use kill chains to exploit vulnerabilities that span 81 unique products.
  • Scanners are not detecting all threats: Popular scanners do not detect 20 vulnerabilities associated with ransomware.
  • Multiple software products are affected by open-source issues: Reusing open-source code in software products replicates vulnerabilities, such as the one found in Apache Log4i. For example, CVE-2021-45046, an Apache Log4j vulnerability, is present in 93 products from 16 vendors and is exploited by AvosLocker ransomware. Another Apache Log4j vulnerability, CVE-2021-45105, is present in 128 products from 11 vendors and is also exploited by AvosLocker ransomware.
  • Old is still gold for ransomware operators: More than 76% of vulnerabilities still being exploited by ransomware were discovered between 2010 and 2019. In 2022, of the 56 vulnerabilities tied to ransomware, 20 were discovered between 2015 and 2019.

David Maynor, Senior Director of Threat Intelligence at Cybrary:

   “As a person who has done both offense and defense security work I am not surprised by these statistics. There is a public perception these groups are Wizard level hackers but in reality they rely on organizational sprawl for attacks. 

   “Scanners have never detected all exploitable threats. It’s just not possible. One of the reasons is that vendors like Oracle have had a hostile relationship with external security companies since the beginning of this century. In fact, *Oracle’s CSO Mary Ann Davidson wrote a scathing blogpost in 2015 about how people who find vulnerabilities in Oracle’s products should not tell the company about it. The post has been removed but was covered by Wired here: https://www.wired.com/2015/08/oracle-deletes-csos-screed-hackers-report-bugs/

   “CVSS scores do mask vulnerability severity or at least how companies use it for risk detection and mitigation. I have seen companies set SLAs on producing threat intel reports based solely on the CVSS score. Because the reports are generally generated by regurgitating versions of other people’s reports and not hands on testing, the Threat Intel manager won’t push back. This report from Ivanti highlights the typical misuse of Threat Intel since actual ransomware attacks are coming from old or lower risk attacks being chained together. CVSS is not designed to evaluate an exploits value to a actors kill chain. While the CVSS has been updated over the years it remains an example of early 2000s thinking being used to make threat intelligence and risk decisions in 2023.”

   “This is why training a team to be able to do hands on research and testing in an org’s environment is extremely important. No scanner detects all the flaws, no vendor gets every patch right, so a layered defense being driven by a well-trained security team is the best way to de-risk your operations.”

Given that ransomware attacks have huge costs, I’d be looking at Mr. Maynor’s advice as well as reading this report and forming a game plan to make sure that old vulnerabilities don’t come back to haunt you.

Leave a comment »

Samsung adds zero-click attack protection to Galaxy S23

Posted in Commentary with tags on February 21, 2023 by itnerd

Samsung announced on Friday it has developed a new security system to protect Galaxy S23 owners from image-based, zero-click exploits using a new virtual quarantine feature called Message Guard. These images require no interaction from the user to compromise the device.

Message Guard works by automatically placing any image file your phone receives into a virtual quarantine, otherwise known as a “sandbox” and “automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm,” explains Samsung.

Eventually, this protection will become a standard feature across the entire range of Samsung’s Galaxy devices.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this to say:

   “I am a fan of the forward-thinking Samsung does in their products, like DeX. DeX turns your phone into a desktop computing environment just by plugging in a monitor and keyboard. This means that Samsung’s mobile devices could face not just mobile attacks but the same attacks as any laptop/desktop user depending on installed software.

    “Samsung already has Knox on mobile devices. Knox creates separate workspaces for a users personal data and a different one for work data. Message guard works in concert with Knox by attempting to detect attacks in each workspace by attackers looking to exploit zero-click exploits like those used by the NSO Group’s CNE software Pegasus.

   “I use a Samsung Galaxy Fold 4 as both a personal and work phone and can’t wait for Message Guard to come to my platform.”

I have to admit that this is a cool feature that I hope not only appears in other Android phones, but makes its way over to iOS as zero click threats are the “holy grail” of threats as they don’t require any user interaction to execute. And the sooner that day comes, the better off we all will be.

Leave a comment »

Cradlepoint successfully demonstrates SD-WAN and 5G network slicing for distributed enterprises at Ericsson D-15 Labs 

Posted in Commentary with tags on February 21, 2023 by itnerd

Cradlepoint today presented a real-world implementation of 5G Standalone (SA) network slicing. The demonstration highlights how 5G network slicing will allow enterprises to take advantage of end-to-end performance guarantees over 5G Wireless WANs, similar to the SLAs available with MPLS. This will entice more enterprises to adopt wireless as critical WAN infrastructure for their business-critical applications. 

Cradlepoint performed the demonstration at the Ericsson D-15 Labs, a state-of-the-art innovation centre located in the heart of Silicon Valley. Leveraging Ericsson’s 5G SA core and Radio Access Network (RAN), combined with Cradlepoint’s NetCloud Exchange Service Gateway and E3000 Series Enterprise Routers, the demonstration shows how video applications are protected from congestion when steered across an ultra-reliable low latency slice. Using such a high-priority slice ensures an optimal quality of experience across distributed sites, vehicles, IoT and remote work environments. 

With an estimated 30 per cent of potential 5G use cases requiring network slicing as an enabler, 5G Standalone networks represent a significant inflection point for the next generation of wireless. As 5G SA deployments accelerate, cellular-optimized SD-WAN will play a key role in enterprises adopting network slicing as part of their essential Wireless WAN infrastructure, allowing organizations to recognize, classify, and steer applications to the appropriate slice.  

Cradlepoint’s NetCloud Exchange is the industry’s first 5G-optimized SD-WAN solution. It is uniquely designed to optimize traffic over LTE, 5G non-standalone networks, 5G SA network slices, broadband, and Wi-Fi as WAN. NetCloud Exchange, an extension of the Cradlepoint NetCloud Service, allows for integrated 5G SD-WAN and zero-trust security services to be deployed across Wireless WANs, enhancing resiliency, security, and quality of experience. For more information on Cradlepoint’s NetCloud Exchange SD-WAN solution, please visit: https://cradlepoint.com/products/sd-wan/.     

The network slicing demonstration will also be on display at Mobile World Congress Barcelona from February 27 – March 2, 2023, at booth 2L20. For more information on the event, visit: https://www.mwcbarcelona.com/exhibitors/cradlepoint

Leave a comment »

Angry At Netflix Regarding Their Password Sharing Crackdown? Here’s How You Cancel Your Subscription

Posted in Commentary with tags on February 21, 2023 by itnerd

Everywhere I turn, people are mad about Netflix’s attempt to crack down on password sharing. I even went out to dinner with my wife last week and got into a discussion about it with a couple who was mad about this due to the fact that their son at university would be affected by this. So clearly this has created a whole lot of noise that Netflix likely didn’t want, and it will likely spur people to cancel their subscriptions. But before I tell you how to cancel your subscription, some background for you.

Under Netflix’s password-sharing rules, it’s fine for multiple people to use and share one account provided they live together. But in certain countries (I’ll post the list of countries in a moment), that’s about to change. In those countries, if you don’t all live together then you’re no longer going to be allowed to do share your Netflix account. Well, not for free anyway. When this rolls out to your region, you’ll be asked to set a “primary location”. Netflix hasn’t given a whole lot of detail about how they will enforce this. That’s likely because they don’t want people to figure out how to circumvent it once it rolls out.

Once this primary location is set, people who don’t live at it will have three options.

  • Option 1: Cancel Netflix 
  • Option 2: Sign up for their own private Netflix account 
  • Option 3: Pay an additional fee and become an “extra member” to the existing account 

The list of countries that are affected by this currently are:

  • Canada
  • Chile
  • Costa Rica
  • New Zealand 
  • Peru
  • Portugal
  • Spain 

And this rolls out to Canada today. While the U.S. isn’s subject to this as I type this, you can bet it’s going to be at some point.

So, if you’re mad about this and you want to cancel your Netflix account as a result, here’s how you do it. Let’s start with the Netflix app:

  • Open the Netflix app
  • Tap on your profile icon on the top right.
  • Tap on ‘Account’
  • Tap on ‘Cancel Membership’

You will then be asked to confirm the cancellation, with your current subscription ending on the day of plan renewal. Tap on ‘Finish Cancellation’ to confirm.

And if you’re doing it via a web browser, here’s what you need to do:

  • Go to www.netflix.com/browse and log in to your account.
  • Hover over your profile icon on the top right of the screen and click on ‘Account.’ Under ‘Membership and Billing’
  • Click on ‘Cancel Membership,’ and then ‘Finish Cancellation’ to confirm.

I get why Netflix is doing this. But I really think that this has been handled badly by the company. We are in a day and age where companies are winning marketshare by being “frictionless” and easy to use. Thus it is beyond comprehension that Netflix would do such a stupid thing. I say that because I have an Apple TV+ subscription and I can watch what I want where I want and Apple doesn’t seem to care. I assume other streaming services are the same way, though I am free to be corrected on that front. In any case, Netflix has seriously shot itself in the foot by doing this by destroying a lot of good will with their customer base. And I seriously doubt that they will get that good will, along with those customers back as a result.

Leave a comment »

John Paul Cunningham Joins Silverfort As CISO

Posted in Commentary with tags on February 21, 2023 by itnerd

Silverfort, a leader in Unified Identity Protection, today announced the appointment of John Paul Cunningham as Chief Information Security Officer. With over 24 years’ experience managing cyber risk at Fortune 100 companies – and another 8 years in the Fortune 1000 – John Paul will work with customers and partners to build an understanding of the strategic benefits of modern identity protection. In addition, he will also design and implement Silverfort’s own cybersecurity program. 

In his previous role as CISO at Bank of Hope, John Paul was responsible for working with the board to build operating models designed to reduce cost and cyber risk, while also adhering to rigorous compliance standards. Prior to this, he held similar positions at Docupace, Ares Management and J.P. Morgan Asset Management building information security, risk management, and security operations programs from scratch.      

Silverfort extends modern identity security to the sensitive resources targeted by attackers, including those which couldn’t be protected previously, such as legacy applications, command line interfaces, service accounts and more.   For more information, visit www.silverfort.com

“His experience operating at a senior level within large organizations will help us as we continue pushing into a greater number of enterprise environments. John-Paul’s background building risk management programs will also be invaluable as we scale our own security operations.”   

Leave a comment »

Russia Threat Researcher Recaps Role of Telegram in Ukraine Conflict A Year Later

Posted in Commentary with tags on February 21, 2023 by itnerd

Dov Lerner, Head of Threat Research of global threat intelligence firm, Cybersixgill, has released a report that delves into the major role Telegram played in the last year of the Ukraine conflict. 

According to Dov, chatter on Telegram tended to follow events in the war. War-related posts in Russian or Ukrainian peaked at over 122,000 per week in mid-October, coinciding with the strike against the Crimean bridge and subsequent Russian missile attacks.

You can read this fascinating report here.

Leave a comment »

« Older Entries
Newer Entries »