Activision Has Been Pwned As It Were A N00b Playing Call Of Duty

Posted in Commentary with tags on February 22, 2023 by itnerd

It appears that video game company Activision has been pwned by hackers. And this hack is really bad. Here’s a quick synopsis:

  • Sunday 2/19 – Cybersecurity research group vx-underground Tweeted screenshots of data purportedly stolen from Activision, including a content release schedule for Call of Duty.  “Activision did not tell anyone.”
  • Monday 2/20am – Insider Gaming said it confirmed the Activision data breach after obtaining “the entirety” of the stolen data (not published by vx-underground).
  • Monday 2/20pm – Nothing to see here: “Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.” Activision confirmed to Bleeping Computer that their systems were breached through an SMS text phishing attack on an HR employee, gaining access to their Slack on December 2 and tried to trick other employees into clicking malicious links..
  • However, Insider Gaming claims to have reviewed the entirety of the stolen data, saying the data also contained sensitive employee information, including full names, emails, phone numbers, salaries, places of work, and more.

And seeing as they are being purchased by Microsoft, this could not have come at a worse time for the company. And Activision’s response to this has been, shall we say, sub-optimal.

David Maynor, Senior Director of Threat Intelligence at Cybrary had this to say:

   There is no one “SOP” for breaches. This timeline shows a typical public reaction to a breach. Some entity, in this case VX-Underground, notices something on a market and tells the world about it. Reporters that follow VX-Underground use it as a tip and suddenly the victims switchboard/email server gets loaded with requests for comment. 

   “There is also the fog of war effect where different people have different parts of a puzzle and make assumptions. This leads to different hot takes contradicting each other.

   “From the trial last year of the Uber CISO, Joseph Sullivan, we know that big corps can handle breaches differently. What I can say from personal experience is that the responses to questions as well as public statements are approved by if not written by a crisis communications team. The default response is deescalate, deflect, then deny. This is why the infosec community values technically insightful Root Cause Analysis (RCA) from a victim.”

Tim Morris, Chief Security Advisor, AMER at Tanium follows up with this:

   “There is conflicting information on this one. Specifically, about what was accessed /stolen. Regardless, the initial attack vector was a social engineered phishing/smishing attack, obtaining access via SMS / 2FA. Proving once more that SMS / 2FA isn’t the most robust form of authentications and other, stronger MFA methods should be used.

   “Also, training of users is still needed. Users should treat SMS messages with the same scrutiny as email phishing scams. Be wary of phone calls from “IT Support”. Unless initiated by the user, they should be suspect. Either ignore or call back to a known number. For SMS, ignore and never give out any 2FA codes sent via text.

   “Principle of least privilege needs to be implemented, so that if/when an employee’s account credentials are stolen the “blast radius” is small, i.e. what the attacker has access to is minimized. Threat hunting, good incident response, and monitoring are key to find these intrusions quickly, and limit their reach.

   “Have a good PR plan on what to do when a breach happens. This successful attack happened two and a half months ago, and is only public now because some leaked data was published on vx-underground.”

Given the profile of Activision who makes the Call Of Duty franchise, and their relationship with Microsoft, a lot of eyes are going to be on this one. If I were Activision, I’d be working very hard to find out what happened, what was stolen, and how to stop this from happening again. Then I would put all of that out in the public domain as quickly as possible. Because right now, Activision look like a bunch of n00bs.

Leave a comment »

Guest Post: Social media used AI to create the new big tobacco. So, what’s next?

Posted in Commentary with tags on February 22, 2023 by itnerd

By Bill Ready, CEO at Pinterest

AI has been advancing rapidly over the last 10 years, doubling every 6 months. Until recently, the advancements have mostly been behind the scenes from a consumer perspective. But in the last few months a next generation of AI has been made available to the public and captured the attention and imagination of many. In fact, two of the largest providers of search, Google and Microsoft (with OpenAI), are showing significant advancements in AI that appear set to create a next major step forward in how search works. I’m excited about that, as are countless others. I’m also very glad to see that it has sparked a broader dialog about the appropriate use of AI and the ethical issues it raises. It’s encouraging that Microsoft and Google have been directly speaking to how they are attempting to address those issues—even though many questions remain.  

What’s missing is a discussion of the other major use of AI in our world today: social media. Social media used AI to create the new big tobacco. It has addicted all of us—but especially young people—over the last decade. But laced with a now evermore powerful AI, it’ll only get worse for our mental health. What comes next is a choice. What will social media do with this next generation of AI? Calls for change have come from parents, researchers, whistle-blowers, regulators, and lawmakers for years. But the call needs to come from within social media as well. 

What happened? 

Remember when social media first came into broad use? It helped reconnect us with old friends, share family updates with relatives, and meet and connect with neighbors. It gave us hope that we could create a more curious, connected, and compassionate world. 

That feels like a distant memory. Today, social media has made us more distracted, more depressed, and more divided. It has turned us against our neighbors and focused us on our differences rather than our commonalities. 

That’s because social media companies put AI in charge of what we see and they asked it to maximize view time. AI quickly figured out that people were more likely to view something for longer when it triggered their basest instincts: fear, anger, envy, greed. 

The points of view that would get the most engagement were the most extreme rather than the most sensible. The more you were enraged, the more you would engage. With each refinement of social media apps, users are less and less in control of what they see and more and more vulnerable to an increasingly powerful AI that is tuned to keep them viewing, no matter the cost to their wellbeing.  

To give a simple metaphor of how this works, let’s take an experience we’ve all had: You’re sitting in a traffic jam and there’s an accident up ahead. You know you shouldn’t look. You know it won’t make you feel good. But…there’s an urge to look anyway. If you ask people afterwards whether they’d like to see another car crash, almost everyone would say no. And fortunately, we don’t have to encounter these situations every day in the real world. But in the world of social media,  the AI is going to show you another car crash. And you can’t help but glance at that one, too. So it shows you another and another, until eventually all you see are car crashes. 

Defenders of social media will say they are simply giving users what they want. But do we really think this is what people want: more fear, more anger, more envy, more violence, more hate speech, more trolling? A world where all we see are car crashes? That people want to feel worse about themselves and the world around them?

Social media may not have initially understood the unintended consequences of telling AI to maximize view time, but those consequences are overwhelmingly clear now. Even worse, these choices have become deeply ingrained in the business model of much of social media. 

As CEO of Pinterest, I’m writing this because I believe it to be one of the most important societal issues of our time. We must build a more positive place online. And it is possible. 

To that end, we’ve made a particular set of choices.

From implicit to explicit signals 

First, we train our AI models to prioritize explicit intent signals. That could include what people pin to our platform in the first place (say, an amazing brunch recipe), what they might search for once they are here (bold summer makeup), or what they save to their boards to act on later (clever ideas to decorate a dorm room).

When you tune AI on those more conscious, explicit actions, you get very different outcomes than when you optimize for views alone. In that environment, additive rather than addictive content wins, largely because the user is playing a more deliberate role in choosing. 

So far, it’s working. And we know this because of our next choice.

From tactics to outcomes

Second, we’re committed to holding ourselves accountable to more positive wellbeing outcomes. There’s no shortage of tactics that social media companies could implement or propose that seem like they ought to help. But unless they result in demonstrably better wellbeing outcomes,those efforts will always be woefully inadequate. In order to build a better internet for our better selves, emotional wellbeing has to be a real, measurable result—and should become the standard for the entire industry. 

A recent study we ran with UC Berkeley’s Greater Good Science Center found that 10 minutes a day of active engagement with inspiring content on Pinterest by Gen Z users buffers against rising burnout, stress and social disconnectedness. We replicated similar findings across the UK, Canada, Australia, Germany, France, Brazil, and Japan. More than a dozen studies over the last five years—commissioned and not—show that positive spaces like Pinterest have a wide range of benefits for users.

It’s still early and we don’t profess to have all the answers. We have had our own regrettable moments in which our AI models have served negative or damaging content to users. But we’re committed to better outcomes and bolstered by these early studies that show it’s possible.  

A more positive internet is possible.

We got here by making different choices about AI. By placing our users’ wellbeing over their view time. And by holding ourselves accountable for more positive outcomes on mental health—not simply empty tactics. We’ve seen the effects of what social media has been asking AI to do for the last decade. My question is this: what will social media companies ask this new, more powerful generation of AI to do next?

What comes next is a choice.

A choice that leaders must make, a choice that users deserve and should participate in, and a choice that the good of society depends on. Pinterest is committed to using our platform—and the AI that powers it—to create more positive wellbeing outcomes.

We’re making our choice and our intentions clear. 

Read more on our research withGreater Good Science Center at University of California Berkeley.

Read more about what Pinterest is doing to support emotional wellbeing and create a better internet for our better selves.

Leave a comment »

Is Antivirus Software Still Relevant? Report Shows Americans Say “Yes” And Rely On Free Over Paid Programs

Posted in Commentary with tags on February 22, 2023 by itnerd

Even as Apple and Microsoft invest billions in protecting their own devices, 85 percent of American adults are continuing to rely on third-party antivirus software, up from 77 percent a year ago.

That is one finding of Security.org’s annual report on the antivirus market:

Security.org’s latest report also found:

  • Nearly three-in-four Americans still strongly believe computers need antivirus to protect their devices
  • More than half (61 percent) of antivirus users rely on free programs, such as Microsoft Defender, which comes installed on their PCs
  • Only eight percent of free antivirus users experienced a breakthrough virus in the past year, compared to 10 percent of paid users
  • An estimated 33 million households pay for antivirus software, many of which include popular features that boost internet security, such as VPNs, password managers, or secure browsers
  • Seven percent of people in the study – an estimated 16 million Americans – will be in the market for antivirus software in the next six months

You can read the full report here. I will say that this mirrors a lot of the experience that I have with my home/SMB clients which makes this report worth reading.

Leave a comment »

Uber Is Renewing Their Commitment To The Canadian Black Chamber Of Commerce

Posted in Commentary with tags on February 22, 2023 by itnerd

In 2021, the Canadian Black Chamber of Commerce (CBCC) and Uber Canada announced the nationwide launch of Black Business Direct, the newest national digital directory to help even more Black-owned businesses be discovered. Today, Uber Canada is renewing its commitment to the CBCC and Black Business Direct for another two years.

Black Business Direct is a free, easy-to-access resource for Canadians to search and support local Black-owned businesses across the country. Over the last two years, Black Business Direct has grown to over 1000 listings with new additions every day. CBCC has also made the directory bilingual, introducing a French version of the site. 

You can get more details on their website here.

Leave a comment »

New Salesforce Study: Data Is Doubling, But Data Skills Are Struggling To Keep Up

Posted in Commentary with tags on February 22, 2023 by itnerd

New Salesforce research that reveals while companies agree about the advantages of using data to make decisions, there’s a clear disconnect from how they’re using it in practice.

Salesforce’s Untapped Data Research published today, surveyed nearly 10,000 global business leaders. Here are some key findings below:

  • Companies do agree data can help drive decisions73% of business leaders agree that data helps reduce uncertainty and make more accurate decisions in business conversations.
  • Data is doubling, but data skills are struggling to keep up: 41% of business leaders cite a lack of understanding of data as a barrier to entry.
  • Companies are struggling to put data into practice as leaders can’t make sense of it: 8 in 10 (80%) business leaders say data is critical in decision-making at their organization, but 1/3 of business leaders cite the lack of ability to generate insights from data.

Please see here for the Untapped Data Research newsroom post.

Leave a comment »

Telstra Incorporated Earns Great Place to Work Certification

Posted in Commentary on February 22, 2023 by itnerd

Telstra Incorporated, the U.S.-based entity of Telstra, was recently certified as a Great Place to Work® in recognition of its ongoing efforts to create an extraordinary employee experience. 

As a result of a company-wide survey, 94 percent of employees said Telstra is a great place to work, compared to just 57 percent of employees at a typical U.S.-based company. This honor highlights Telstra’s demonstrated track record of consistently fostering a supportive and fully inclusive work environment for all employees, with a focus on workplace culture, collaboration, empowerment, and career development and mentorship.

To earn the prestigious certification, Telstra employees were asked to take a confidential survey administered by Great Place to Work and focused on how they view their workplace, including questions about diversity and inclusion, management, work/life balance, and professional development. Highlights from the survey include:

  • Nearly 100 percent of employees believe people are treated fairly, regardless of their sexual orientation, race, age, or gender
  • 99 percent of employees believe management trusts people to do a good job without watching over their shoulders
  • 97 percent of employees feel they are encouraged to balance their work life and their personal life
  • 96 percent of employees believe management is approachable and easy to talk with
  • 96 percent of employees are proud to tell others they work at Telstra
  • 96 percent of employees feel good about the ways Telstra contributes to the community
  • 95 percent of employees feel they are offered adequate training or development to further themselves professionally

Additionally, according to research from Great Place to Work, job seekers are 4.5 times more likely to find a great boss at a Great Place to Work certified workplace. Employees at certified workplaces are also 93 percent more likely to look forward to coming to work, and are twice as likely to be paid fairly, earn a fair share of the company’s profits and have a fair chance at promotion.

In addition to providing valuable perspectives on the employee experience, Great Place to Work certification has been shown to help job seekers identify which companies genuinely offer a great company culture. Certification also gives employers a recruiting advantage by providing a globally recognized and research-backed verification of a great employee experience.

Check out Telstra’s careers page to find open positions.

Leave a comment »

Deepwatch Announces $180 Million in Investments And Appointment Of New CFO

Posted in Commentary with tags on February 22, 2023 by itnerd

Deepwatch, the leader in advanced managed detection and response (“MDR”) security, today announced a total of $180 million in equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures and Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic credit and financing partner focused on the enterprise software, data and technology markets. The combined capital will enable Deepwatch to accelerate platform innovation and product development while expanding its partner ecosystem to meet the growing demand for managed security services.

Deepwatch MDR protects businesses from an ever-increasing volume of cyber threats. The company delivers an always-on cybersecurity platform backed by experts who work as an extension of customer teams. With many leading global brands as customers, Deepwatch is uniquely positioned to deliver advanced, cloud-based cybersecurity solutions that serve the stringent needs of the most demanding enterprise environments.

Deepwatch experienced 100 percent year-over-year sales growth in 2022, with more than two-thirds of customers expanding their service. The company introduced new offerings and advancements to the Deepwatch security operations platform to speed the detection and containment of threats across the enterprise.  This included the release of its Threat Analytics App 2.0 bolstered by its innovative Threat Probability Value ML backed software and managed extended detection and response (MXDR) for endpoint and identity.  The company was also named to the 2022 Forbes list of America’s Best Startup Employers and received A Great Place to Work certification. The new investment provides the capital and resources for Deepwatch to further advance its platform and meet record customer demand while further establishing its leadership position in managed security.

The new investors join ABS Capital and Goldman Sachs who have backed Deepwatch’s rapid growth over the last four years.

The company also announced the appointment of Mel Wesley as Chief Financial Officer (CFO). Wesley is a seasoned finance executive with over 25 years of experience in financial planning, analysis, and operational finance, with a proven track record of driving growth and building high-performance finance teams. For the past 18 years, he has served as CFO for publicly traded and private technology companies. As Deepwatch’s CFO, Wesley will support the Company during hyper-growth while overseeing finance, legal and corporate development.

In the last ten years as a CFO, Wesley supported three companies through financial transactions and exits totaling nearly $3 billion. As CFO, he has managed investor relations, directed IPO-readiness efforts and raised significant equity and debt.

Wesley remains on the Board of Directors of Cofense, Inc. (formerly PhishMe, Inc.), where he previously served as the CFO before joining Deepwatch. During his tenure as CFO, he supported the Company’s growth initiatives and IPO-readiness efforts, and steered the Company through a significant sale for $400 million.

Before that, Wesley held multiple CFO positions. During his tenure at comScore, Inc. (NASDAQ: SCOR), the Company purchased and merged with another public company. During his tenure at Mandiant Corporation, the Company was sold to FireEye, Inc. (NASDAQ: FEYE) for over $1 billion. Wesley remained at FireEye as CFO of Global Services and Cloud Solutions, supporting integration efforts. During his tenure at OPNET Technologies (NASDAQ: OPNT), the Company’s revenue grew from $50 million to $175 million before the company sold for over $1 billion.

Leave a comment »

US & EU E-Commerce Websites Put Payment Data at Risk Via JavaScript

Posted in Commentary with tags on February 22, 2023 by itnerd

Jscrambler, a leading security solution for JavaScript protection and real-time webpage monitoring, has released research findings on the top US and EU e-commerce websites which are under risk of data skimming attacks due to unprotected JavaScript running on the payment page.  

Payment pages on websites are flooded with third party JavaScripts. Jscrambler found that 60% of analyzed websites in the US have more than 10 different vendors on their payment pages. 

Unless these sites find a way to identify, monitor and control the behavior of these third-party scripts, the attack surface will remain vast and unchecked.  

With British Airways recently falling victim to a £20m fine after the data of 400,000 customers was leaked through JavaScript vulnerability, these risks are not only costly for the customer, but pose a large financial burden on the business as well. 

The external risk and high-value placed on e-commerce in users’ daily lives shows the vital importance in having visibility and control over the pages which enable payments. 

You can read the research here.

Leave a comment »

76% of Ransomware Attacks Use Old Vulnerabilities 

Posted in Commentary with tags on February 21, 2023 by itnerd

new study by Ivanti and others found ransomware operators used a total of 344 unique vulns in attacks in 2022, an increase of 56 over the prior year. A full 76% of all vulnerabilities were from 2019 or older. The oldest vulnerabilities found were RCE bugs in *Oracle products from 2012.

Top Findings for 2022

  • Kill chains impact more IT products: A complete MITRE ATT&CK now exists for 57 vulnerabilities associated with ransomware. Ransomware groups can use kill chains to exploit vulnerabilities that span 81 unique products.
  • Scanners are not detecting all threats: Popular scanners do not detect 20 vulnerabilities associated with ransomware.
  • Multiple software products are affected by open-source issues: Reusing open-source code in software products replicates vulnerabilities, such as the one found in Apache Log4i. For example, CVE-2021-45046, an Apache Log4j vulnerability, is present in 93 products from 16 vendors and is exploited by AvosLocker ransomware. Another Apache Log4j vulnerability, CVE-2021-45105, is present in 128 products from 11 vendors and is also exploited by AvosLocker ransomware.
  • Old is still gold for ransomware operators: More than 76% of vulnerabilities still being exploited by ransomware were discovered between 2010 and 2019. In 2022, of the 56 vulnerabilities tied to ransomware, 20 were discovered between 2015 and 2019.

David Maynor, Senior Director of Threat Intelligence at Cybrary:

   “As a person who has done both offense and defense security work I am not surprised by these statistics. There is a public perception these groups are Wizard level hackers but in reality they rely on organizational sprawl for attacks. 

   “Scanners have never detected all exploitable threats. It’s just not possible. One of the reasons is that vendors like Oracle have had a hostile relationship with external security companies since the beginning of this century. In fact, *Oracle’s CSO Mary Ann Davidson wrote a scathing blogpost in 2015 about how people who find vulnerabilities in Oracle’s products should not tell the company about it. The post has been removed but was covered by Wired here: https://www.wired.com/2015/08/oracle-deletes-csos-screed-hackers-report-bugs/

   “CVSS scores do mask vulnerability severity or at least how companies use it for risk detection and mitigation. I have seen companies set SLAs on producing threat intel reports based solely on the CVSS score. Because the reports are generally generated by regurgitating versions of other people’s reports and not hands on testing, the Threat Intel manager won’t push back. This report from Ivanti highlights the typical misuse of Threat Intel since actual ransomware attacks are coming from old or lower risk attacks being chained together. CVSS is not designed to evaluate an exploits value to a actors kill chain. While the CVSS has been updated over the years it remains an example of early 2000s thinking being used to make threat intelligence and risk decisions in 2023.”

   “This is why training a team to be able to do hands on research and testing in an org’s environment is extremely important. No scanner detects all the flaws, no vendor gets every patch right, so a layered defense being driven by a well-trained security team is the best way to de-risk your operations.”

Given that ransomware attacks have huge costs, I’d be looking at Mr. Maynor’s advice as well as reading this report and forming a game plan to make sure that old vulnerabilities don’t come back to haunt you.

Leave a comment »

Samsung adds zero-click attack protection to Galaxy S23

Posted in Commentary with tags on February 21, 2023 by itnerd

Samsung announced on Friday it has developed a new security system to protect Galaxy S23 owners from image-based, zero-click exploits using a new virtual quarantine feature called Message Guard. These images require no interaction from the user to compromise the device.

Message Guard works by automatically placing any image file your phone receives into a virtual quarantine, otherwise known as a “sandbox” and “automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm,” explains Samsung.

Eventually, this protection will become a standard feature across the entire range of Samsung’s Galaxy devices.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this to say:

   “I am a fan of the forward-thinking Samsung does in their products, like DeX. DeX turns your phone into a desktop computing environment just by plugging in a monitor and keyboard. This means that Samsung’s mobile devices could face not just mobile attacks but the same attacks as any laptop/desktop user depending on installed software.

    “Samsung already has Knox on mobile devices. Knox creates separate workspaces for a users personal data and a different one for work data. Message guard works in concert with Knox by attempting to detect attacks in each workspace by attackers looking to exploit zero-click exploits like those used by the NSO Group’s CNE software Pegasus.

   “I use a Samsung Galaxy Fold 4 as both a personal and work phone and can’t wait for Message Guard to come to my platform.”

I have to admit that this is a cool feature that I hope not only appears in other Android phones, but makes its way over to iOS as zero click threats are the “holy grail” of threats as they don’t require any user interaction to execute. And the sooner that day comes, the better off we all will be.

Leave a comment »

« Older Entries
Newer Entries »