Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs published by Horizon3.ai

Posted in Commentary with tags on February 21, 2023 by itnerd

Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs, with indicators of compromise and a link to the team’s proof of concept on GitHub.

FortiNAC is Fortinet’s network access control solution that “enhances the Fortinet Security Fabric with visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic response to a wide range of networking events,” Fortinet’s website notes.

The FortiNAC CVE-2022-39952 allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.

You can read the deep dive here: https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/

Leave a comment »

Guest Post: VPN Usage in Russia increased by 167% in 2022

Posted in Commentary with tags on February 21, 2023 by itnerd

Russian authorities have attempted to isolate their nation’s internet from the rest of the world since the start of the war in Ukraine on February 24, 2022. Hundreds of websites have already been blocked, including two major social media platforms – Instagram and Facebook. 

Russians are turning to VPNs to bypass the country’s tightening internet controls. 

The recently updated VPN Adoption Index by Atlas VPN reveals that VPN downloads in Russia grew from 12.59 million in 2021 to 33.54 million in 2022, representing a YoY growth of 167%. 

In 2020, only 4.9 million downloads originated from Russia, which put the VPN adoption rate at 3.37%, ranking the country at the 55th spot globally. 

While last year, nearly a quarter (22.98%) of the country’s population installed VPN services on their devices, with Russia becoming the 8th most popular market for VPNs

The most significant wave of VPN installs from Russia began on March 11, 2022, when the Russian government’s communication agency announced it would block Instagram and Facebook after finding Meta Platforms Inc. “extremist.”

On March 14, 2022, the number of VPN installs originating from Russia increased by 11,253% above the norm. 

To read the full article, head over to: https://atlasvpn.com/blog/vpn-usage-in-russia-increased-by-167-in-2022

Leave a comment »

TELUS launches Critter Comforts Playlist

Posted in Commentary with tags on February 20, 2023 by itnerd

The research speaks for itself – animals have a profound impact on Canadians’ wellbeing. From this study that shows watching images and videos of animals for just 30 minutes positively affects blood pressure, heart rate, and anxiety, or this study that shows those who engaged in a 10-minute interaction with a live animal reported higher levels of contentment, it’s clear we look to critters for comfort and joy. 

TELUS has launched the Critter Comforts video playlist on YouTube and Optik TV, providing Canadians with a healthy dose of relaxation and delight watching their favourite TELUS critters. Watching the playlist won’t just help viewers feel good, it will also do good for animals and the charities that support them: for every view of the Critter Comforts playlist on YouTube, TELUS will give $1, up to $100,000, through the TELUS Friendly Future Foundation, to charities that support service animals, wildlife rehabilitation and animal therapy across the country. 

Similar to the fireplace channel or calming musical playlists, the TELUS Critter Comforts playlist is designed to boost Canadians’ well-being with a warm combination of calm and joy in a convenient, digital way, featuring TELUS’ iconic critters who Canadians have come to know and love. 

To further examine the human-animal bond, and just how much critters mean to us – whether in our homes, on our screens, or in our natural environments – TELUS conducted an online survey (between January 20-27, 2023) surveying a nationally representative random sample of 2,114 Canadians adults. 

Below are the top survey findings. 

Canadians feel that simply watching animal content online has a positive affect on their mood: 

  • 63% of Canadians said that videos like TELUS’s Critter Comforts Playlist content improved their mood and made them feel happy (58%), relaxed (48%), and joyful (41%).
  • Those who consume animal content online are more likely to feel happiness (80%).
  • Top Animal Video Content for Canadians are baby animal videos or photos (52%), pet rescues (51%), or touching and wholesome animal stories (50%). 
  • And some believe their pets enjoy entertainment too! 56% of Canadians leave the TV or other entertainment on for their pet when they go out so they don’t feel alone. 

In general, Canadians feel pets are good for their wellbeing: 

  • 6-in-10 Canadian households (59%) currently have a pet. 
  • Two-thirds of Canadians have a dog, and half of Canadians are cat owners. Other pets include fish, birds, reptiles, farm animals, and squirrels.
  • Even non-pet owners agree that having a pet, or interacting with any animal has a positive impact on health and overall wellbeing (83%) with seven-in-ten Canadians noting they spend time in nature to support their mental health (69%). 
  • 70% of Canadian pet owners were motivated to get a pet to help with their anxiety and/or depression, to battle their loneliness, or to reduce their stress levels. 
  • 94% of Canadian pet owners agree that pet ownership has positively impacted their life, and nearly all pet owners agree that animals have a positive impact on all people’s health and wellbeing. 
  • 78% of parents said they were motivated to bring a pet home to their children to help with their children’s loneliness, to help with their anxiety, or to help boost their children’s self-esteem and confidence. 

How regional locations stack-up on all-things-critters: 

  • 63% of Canadians said that videos like TELUS’s critter content improved their mood and made them feel happy (58%), relaxed (48%), and joyful (41%). 
    • Quebecers reported to feel happy the least (48%), while Atlantic Canadians felt happy the most (68%). 
  • Those living in the Atlantic provinces (63%) and the Prairies (63%) currently have a pet – higher than the national average (59%). 
  •  62% of Atlantic Canadians leave the TV or other entertainment on for their pet when they go out. 
  • Atlantic Canadians like to watch TV with their pets (77%). 
  • Atlantic Canadians are most likely to look to their pets for comfort on emotionally challenging days (77% compared to national average of 66%), with Quebecers least likely to seek solace from their pets (60%). 
  • 70% of Canadian pet owners were motivated to get a pet to help with their anxiety and/or depression, to battle their loneliness, or to reduce their stress levels. 
    • Higher in Atlantic – To help with my anxiety and/or depression (27%).
    • Higher in Quebec – Battling loneliness (23%). 
    • Higher in Ontario – To reduce stress levels (35%). 
  • British Columbians were more likely to both celebrate their pets ‘gotcha day’ and to take their pet on a play-date to meet other pets, versus any other province (63% and 51% respectively, compared to national averages of 55% and 40% respectively).

Leave a comment »

Let’s Walk Through This Phishing #Scam Using Norton’s Name To See Why It’s A Scam And Why It’s Dangerous

Posted in Commentary with tags on February 20, 2023 by itnerd

It’s been a while since a scam email has hit my inbox. But, I have a new one that is pretty interesting to me. Let’s start with the email in question

So this scam leverages the Norton brand to do its dirty work. That makes sense as you’re more likely to respond to a scam if it purports to be from someone whose name you recognize. But what is interesting is that there’s nothing for you to click on such as a link to a website for example. We’ll get to that part of the scam in a moment. But let’s dissect this to understand why this is a scam. You’ll note that the English in this email is really bad as evidenced by phrases like “In sympathy” and “please contact us as soon as possible to avoid the recent transaction dispute”. But there’s one other hint that this is a scam. When I check the email address, this is what I see:

Norton is owned by Broadcom which is a massive billion dollar company. Billion dollar companies don’t use Gmail. Ever. So if you see an email from a billion dollar company, or a million dollar company for that matter that uses Gmail or any public email service, it’s a scam and you should delete the email in question.

So, let’s get back to the fact that the email doesn’t have you click on any links. The clear intention the email is to get you to phone into the scammer. Presumably to get you to let some person take control of your computer to do who knows what to it. Or to gain your confidence to allow them to do something like take over your bank account. Which reminds me of this case where a client of mine almost lost a pile of money to a scam like this.

In the interest of finding out what this scam is all about, I called the number, WHICH YOU SHOULD NEVER DO, and got a very bad connection to someone who was clearly in India based on the accent. This person had me “verify” the payment number at the top of the email and put me on hold. There was actually hold music playing until he accidentally disconnected me. I called back and got the same guy which implies that this is a small operation. Though I did hear other people in the background which might imply that he was in a call centre of some sort. In any case, he then claimed that a “David from Ohio” had purchased Norton Antivirus and if I was him. When I said that I wasn’t, he claimed that someone had gotten my “financial details” and he needed to walk me through the process to cancel the software. That’s when he directed me to TeamViewer.com. I hung up at that point as I got everything that I needed. What this scammer was going to do was get access to my computer, then likely walk me to a fake website, then use that as a means to get to my bank account so that they could drain it. In other words, it is a similar scam to the one that I linked to in the paragraph above.

So, what is the take away from this? If you get an email from a company that you don’t have any services with, delete the email as falling for a scam like this never ends well.

UPDATE: A reader correctly points this out:

Leave a comment »

Microsoft Outlook Spam Filtering Appears To Be Broken Right Now

Posted in Commentary with tags on February 20, 2023 by itnerd

So far this morning, I’ve had four clients call me to ask if I can “fix” their email. And by “fix” I mean to stop a flood of spam from coming in. All the clients have one thing in common. They’re using Microsoft’s Outlook email service which used to be knows as Hotmail. And in researching this, it seems that spam filtering is completely broken with Outlook at the moment. Leading some to complain loudly on Twitter:

https://twitter.com/wildcatdds/status/1627645405339975682

I haven’t seen any official comment or acknowledgement by Microsoft on this issue. But clearly there is an issue that they hopefully will address soon as I can’t imagine how I would handle this situation if I had a Microsoft Outlook email account.

Leave a comment »

ASUS Finally Seems To Have A Firmware For The ZenWiFi XT8 That Works

Posted in Commentary with tags on February 20, 2023 by itnerd

Over the last few months, I’ve been telling out to either avoid or be cautious about firmware updates for the ASUS ZenWiFi XT8. And in the latter case, I said this:

ASUS really needs to get a firmware release out that stabilizes things for the vast majority of their users. And unfortunately, this specific firmware doesn’t seem to be it. Based on what I am reading in the Reddit threads that I linked to above, some people are getting fed up with being treated as “beta testers”. That in the long term will affect the probability that these users will buy another ASUS product in a negative way. Thus ASUS would be well advised to get on getting a firmware out that is stable for all.

Well we might, key word MIGHT have that firmware. Last week ASUS rolled out version 3.0.0.4.388.22525 of their firmware and it from all reports has been stable for most. Specifically, the connection between the nodes which has been a source of grief for many. I’ve been testing this for the last few days and have found zero issues with it myself. But I should note that I found zero issues with the last firmware that ASUS put out before Christmas, while many other had issues. But what gives me hope that this is stable is that looking at places like SNB Forums, the majority of users seem to be having a good experience with this firmware.

My firmware upgrade process for ASUS routers is as follows: 

  • Log into the router using a computer and a web browser
  • Backup the configuration using these instructions
  • Update the firmware.
  • After updating I do a factory reset of the router using these instructions
  • Using a computer and a web browser, connect to the router and using the advanced options in the setup wizard, upload the backup of the configuration that I saved in the first step.

I do this because I have found that simply upgrading to the latest ASUS firmware can create problems. And doing this while taking up to 30 – 40 minutes to perform results in zero issues.

I would be very interested to hear the experience of other XT8 owners with this firmware. Is it better? Is it worse? Please leave a comment and share your thoughts.

2 Comments »

Here’s How To Keep Your Twitter Account Secure Without Paying Elon Musk $8 A Month

Posted in Commentary with tags on February 20, 2023 by itnerd

In a pretty naked attempt to generate revenue, Twitter announced that if you want to use two factor authentication or 2FA via text message, you’re going to have to hand over $8 a month to Elon Musk. To be frank, Elon forcing users to pay to secure their Twitter account is shameful, and is one more reason for you to dump Twitter. But if you must be on Twitter, here’s how you can secure your account without giving Elon any of your money. Specifically, you should use an authentication app or security key. Here’s a quick explainer as to what they are:

  • A security key is a small, portable device that you plug into your computer authenticate an online account. It can also take the form of a fob that generates seemingly random numbers to do the same thing.
  • An authentication app uses a similar approach of a fob that generates seemingly random numbers, but instead of a separate physical device, the app is on your phone.

I would recommend the latter as there are many apps out there that do this sort of thing such as Microsoft Authenticator, Duo Mobile, or Google Authenticator. They’re free in the App Store of your choosing. From there you can use one of these resources below to set up 2FA:

  • Duo has instructions on how to set up 2FA with its app here.
  • Cloud Insights has a really good how to guide on setting up 2FA with Microsoft Authenticator here.
  • Beebom has a really good how to guide on setting up 2FA with Google Authenticator here.
  • Twitter itself has general instructions here to set up 2FA on Twitter.

One bonus of not using text message based 2FA is that text message 2FA is vulnerable to SIM swap attacks where an attacker takes over the SIM card in your phone to get access to your online accounts. In general it is a good idea to move away from text message based 2FA to protect all your online accounts. Which makes me wonder why Elon is wanting to charge for something that is generally believed to be less secure than other 2FA methods. I guess it’s his desperation to make money that is at work here as like other moves that he’s made with Twitter, he clearly hasn’t thought this through. And it makes me wonder if he’ll find a way to do the same thing with other methods of 2FA once enough people point out to him that this won’t make him any money by doing this. But until that happens, I’d suggest changing your method of 2FA to something more secure and free while you can.

Leave a comment »

Meta Decides To Copy Twitter And Offer Their Own Subscription Based Verification System…. And Unlike Elon Musk They Actually Thought This Through

Posted in Commentary with tags on February 19, 2023 by itnerd

I am not sure what they’re smoking at Meta. Perhaps it’s the weed that Twitter is now peddling. But they’ve decided to offer their own subscription based verification system. The announcement was made by Mark Zuckerberg himself on Facebook. Here’s the details:

  • This is coming to Instagram and Facebook
  • Australia and New Zealand will get this first
  • You get verify your account with a government ID
  • You get a blue badge
  • You get extra impersonation protection against accounts claiming to be you
  • You get direct access to customer support.
  • Meta Verified starts at $11.99 / month on web or $14.99 / month on iOS

All of this sounds so much more thought out versus the half baked verification system that Twitter came up with. Though they must have missed the part that Twitter has had almost zero traction with Twitter Blue. Thus I question how much success Meta will have with this. As always, Meta is free to prove me wrong on that front. And seeing as they’re still a public company, we’ll find out in the next few quarters how well this scheme does or doesn’t work.

Leave a comment »

Twitter Yet Again Takes A Dirt Nap… But That’s Not The Worst Thing That’s Happened On Twitter In The Last Day

Posted in Commentary with tags on February 18, 2023 by itnerd

Outages at Twitter are clearly becoming more and more frequent. Besides this outage and this one during the Super Bowl as well as this one last week, we have another one today as documented by Down Detector:

This highlights the fact that Twitter is extremely unstable and Elon Musk is unwilling or more likely unable to rectify the situation. Thus you should fully expect these sort of outages to become the norm. And Elon’s life to become more difficult.

Having said that, this was not the worst thing to happen to Twitter users in the last 24 hours. This was:

Twitter Blue subscribers will be the platform’s only users able to use text messages as a two-factor authentication method, Twitter announced Friday

The change will take place on March 20. Twitter users will have two other ways to authenticate their Twitter log-ins at no cost: an authentication mobile app and a security key. 

Two factor authentication, or 2FA, requires users to type in their password and then enter a code or security key to access their accounts. It is one of the primary methods for users to keep their Twitter account secure. 

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said in a blog post Friday. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”

To be frank, that’s likely BS. What is more likely to be true is that Elon is trying to find new ways to force people to sign up to Twitter Blue, seeing as next to nobody has subscribed. Making a security feature something that you have to pay for is incredibly cynical. But it shows how desperate Elon is for cash.

By the way, there’s also this:

Twitter said non-subscribers will have 30 days to disable the text method and enroll in another way to sign in using 2FA. Disabling text message 2FA won’t automatically disassociate the user’s phone number from their account, Twitter said.

To borrow an Among Us phrase, that sounds a bit “sus“. Twitter got into serious trouble prior to Elon taking over for using phone numbers associated with 2FA for purposes other than 2FA. If Elon is even considering going down that road again, I am 99% sure that it will end badly for him. But I guess we’ll see what he’s up to. And whether the blow back from this will force him into yet another u-turn.

2 Comments »

GoDaddy Gets Pwned…. Again…. And This Time It’s Really Bad

Posted in Commentary with tags , on February 18, 2023 by itnerd

GoDaddy is saying that it suffered a data breach where unknown attackers stole source code and installed malware on its servers. GoDaddy discovered the breach in early December of 2022 following customer reports the domain is being redirected but apparently the attackers had access to the network for multiple years. Which of course is bad. Very bad.

What’s worse is that by my count, this is the third time that GoDaddy has been pwned. The first was in 2020, the next one was a year later, and now this one. If I am a GoDaddy customer, I’d be very concerned.

Brad Hong, Customer Success Lead at Horizon3ai had this to say:

   “Beyond all the buzzwords in the breach notification, at the core, the attackers didn’t “hack” their way into GoDaddy, but rather used known compromised credentials to log in and leave vectors for reentry.

   “Supply chain management has gotten immensely more complex as any company providing any service to any internet user, especially with the increasing use of infrastructures-as-a-service, is now a part of this often omitted evaluation. This includes web hosts like GoDaddy and WordPress and picking vendors based on their security efforts, usually out of expertise for the layman.

   “This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents. Was it that this APT Group was that skilled or that GoDaddy’s security is that bad?

    “The call for Federal-level legislation comes from a place of frustration from the consumer-level as virtually no persons are now untouched by data breaches and the pressure continues to build in an already whistling kettle of company apologies.

   “Companies collect, digest, and even sell our data as data custodians, right up until they lose it and with little incentive or punishment for improvement, or lack thereof, consumers are going to continue to see more incidents like this and the impact will only get worse.

   “As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free “Website Security Deluxe and Express Malware Removal” services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?

   “Every organization takes on the responsibility of serving as a protector of data when a person does business with them and as such should continuously be validating their security controls and tools through testing, from every perspective and blast radius, and ensure blue teams are not at max capacity just playing whack-a-mole but making valiant strides to future-proof the security stack.”

I think the message here is clear. If you’re a GoDaddy customer, I would strongly consider hosting with another provider. Clearly GoDaddy has security issues that they can’t fix, and they’re leaving to their customers to keep themselves safe. Which is a #fail all day and every day.

Leave a comment »

« Older Entries
Newer Entries »