ManageEngine RCE Bug Used For Pwnage By Hackers

Posted in Commentary with tags on January 24, 2023 by itnerd

Zoho ManageEngine has an extremely serious remote code execution (RCE) bug that apparently been exploited by hackers. Here’s the background that you need to know via Bleeping Computer:

Unauthenticated threat actors can exploit it if the SAML-based single-sign-on (SSO) is or was enabled at least once before the attack to execute arbitrary code.

Last week, Horizon3 security researchers released a technical analysis with proof-of-concept (PoC) exploit code and warned of incoming ‘spray and pray’ attacks.

They found over 8,300 Internet-exposed ServiceDesk Plus and Endpoint Central instances and estimated that roughly ​10% of them are also vulnerable.

One day later, multiple cybersecurity companies warned that unpatched ManageEngine instances exposed online are now targeted with CVE-2022-47966 exploits in ongoing attacks to open reverse shells.

​Post-exploitation activity seen by Rapid7 security researchers shows that attackers are disabling real-time malware protection to backdoor compromised devices by deploying remote access tools.

All Federal Civilian Executive Branch Agencies (FCEB) agencies must patch their systems against this actively exploited bug after it was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, according to a binding operational directive (BOD 22-01) issued in November 2021.

The federal agencies have three weeks, until February 13th, to ensure that their networks are secured against ongoing exploitation attempts.

Although BOD 22-01 only applies to U.S. FCEB agencies, the cybersecurity agency also strongly urged all organizations from private and public sectors to prioritize patching this vulnerability.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise,” CISA said on Monday.

Sylvain Cortes, VP of Solutions, Hackuity had this comment:

     “Most worryingly, vulnerabilities such as these are often dangerously accessible to attackers, many of whom are state-backed groups that exploit ManageEngine flaws to target multiple critical national infrastructure sectors, including finance and healthcare.

Threat actors thrive on Remote Code Execution vulnerabilities when the SAML-based single-sign-on (SSO) was or is enabled prior to the attack, in order to execute arbitrary code.

This raises huge security concerns for all Federal Civilian Executive Branch Agencies (FCEB) in particular, who must patch their systems against this bug after it was added to CISA’s Known Exploited Vulnerabilities (KEV) list.

The access that these vulnerabilities provide to threat actors leave hundreds of thousands of users at risk for cyber attacks, malware, social engineering attacks and more. Any interruption to these systems can also have a widespread impact in terms of revenue, loss of reputational damage. Organizations must focus on patching these exposed vulnerabilities as their main priority.”

The fact that the CISA is involved shows how serious this is. And it shows that you need to take this seriously as well if you use ManageEngine. Which means that you should ensure that all ManageEngine patches are applied so that you’re not the next victim.

Leave a comment »

Venafi Announces TLS Protect For Kubernetes

Posted in Commentary with tags on January 24, 2023 by itnerd

Venafi, the inventor and leading provider of machine identity management, today introduced TLS Protect for Kubernetes. As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud and multi-cluster Kubernetes environments. By delivering increased visibility, control and automation over machine identity management within more complex cloud native infrastructures, it helps enterprises improve application reliability and reduce development and operational costs. 

Built with a fully supported version of the cert-manager open source project – the de facto cloud native solution designed by Jetstack, a Venafi company, for developers to automate TLS and mTLS certificate issuance and renewal – TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, as well as offers options for security controls over certificate issuance to meet the security team policy for enforcing trust. It also includes a management interface that provides full visibility of public trusted certificates for ingress TLS, as well as private certificates for inter-service mTLS for pod-to-pod and service mesh use cases. By building a detailed view of the enterprise security posture across multiple clusters and cloud platforms, including certificates that have been manually created by developers, it proactively identifies operational issues that help platform teams maintain cluster integrity and prevent outages.

Features in TLS Protect for Kubernetes include:

  • Observability – Through a comprehensive web-based management interface, security and platform teams can easily discover machine identities used across all clusters, including alerts on machine identity management infrastructure health, compliance and configuration. It provides an instant visual status of all workload certificates, including their association with Kubernetes resources and X.509 certificate configurations. This includes certificates that have been manually created by developers. The interface works as both a cluster monitoring and machine identity management tool to identify potential security holes, such as unauthorized workloads, and proactively recommend fixes for identified cluster configuration errors.
  • Consistency – TLS Protect for Kubernetes enforces machine identity policy for TLS, mTLS and SPIFFE VID across all clusters based on enterprise security policies and ensures the proper version of cert-manager is used and configured consistently.
  • Reliability – The product integrates natively with Kubernetes environments to ensure performance and scalability, including a commercially supported, FIPS 140-2 compliant and signed version of the open source cert-manager project to provide enterprise-grade machine identity management across Kubernetes environments. As each new cluster is created, security teams can empower platform teams by using TLS Protect for Kubernetes to automatically bootstrap a fully supported and hardened version of cert-manager with each new cluster. This delivers better consistency for the way security tooling is managed across multi-cluster environments and reduces the risk of security drift for production environments.
  • Freedom of Choice – TLS Protect for Kubernetes supports multi-cloud configurations, cloud platform providers and Kubernetes distributions. It also integrates with popular secrets vaults and other DevOps and cloud native solutions.

TLS Protect for Kubernetes is generally available today to all customers. To learn more about the new product, please visit https://venafi.com/tls-protect-for-kubernetes/ or join the upcoming “Using Venafi for policy and control of certificate lifecycle management in Kubernetes” webinar on February 23 at 8:00am PST/11:00am EST/4:00pm GMT. Register for the webinar at https://trust.venafi.com/automate-certificate-policy-in-kubernetes/

Leave a comment »

Nozomi Networks Delivers The Industry’s First OT and IoT Endpoint Security Sensor 

Posted in Commentary with tags on January 24, 2023 by itnerd

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Nozomi Arc™, the industry’s first OT and IoT endpoint security sensor designed to exponentially speed time to full operational resiliency. Built to automatically deploy across large numbers of sites and devices anywhere an organization needs visibility, Nozomi Arc adds crucial data and insights about key assets and network endpoints. This data is used to better analyze and deter threats, as well as correlate user activity, all without putting a strain on current resources or disrupting mission-critical networks. 

Arc is a game-changer when it comes to complete asset visibility, deployment speed and reach across complex and remote OT and IT networks. Nozomi Arc is designed to:

  • Analyze endpoint vulnerabilities,
  • Identify compromised hosts,
  • Be deployed remotely; and 
  • Accelerate monitoring deployments in mission critical systems. 

According to the most recent SANS ICS security report, two of the biggest challenges facing security professionals center on the lack of security resources and the inability to track industrial control devices and applications. Nozomi Networks Arc is purpose-built to address both issues, while complementing the network-based analysis provided by Nozomi Networks’ Vantage and Guardian platforms. 

With Nozomi Arc, users benefit from:

Faster Time to Resiliency: Nozomi Arc eliminates time, resource, geographic and internal policy constraints that come with network-based deployments. It gets new sites online quickly and makes it possible to monitor and analyze once unmanaged or unreachable connections and networks. 

Lower Cyber Risk and Increased Security: Nozomi Arc is the only OT solution in the market to detect malicious hardware. It’s the first solution to provide continuous visibility into (active and inactive) network assets and key endpoint attributes as well as information about who is using them. With access to the full attack surface of host systems, Arc provides more complete threat analysis and monitors potential attack entry points than is possible with a network-based sensor alone. Additional points of visibility include attached USB drives and log files. 

Extended Visibility and Context: In addition to shining a light on more assets and devices and potential vulnerabilities, Arc identifies process anomalies as well as any suspicious user activity. This reduces the potential for insider threats or compromised hosts. Arc also adds continuous monitoring capabilities for endpoint assets, monitoring that is not possible with network sensors alone.

Lower Operational Overhead: Because Arc can be deployed remotely via software download, Nozomi Arc does not require extensive network changes to be deployed anywhere in the world – even the most remote location. There is no administrative overhead to manage thousands of endpoints across multiple sites. Deployments can be automated across environments, whether they are installed as part of a standard operating environment or periodically deployed to collect data and then removed. 

Nozomi Arc is available now via subscription from Nozomi Networks and its extensive global network of channel partners. Pricing is based on the number of assets monitored. 

For more information:

Read the Blog: Get More Insight into Endpoint Activity and Threats with Nozomi Arc 

Read the Product Overview: Nozomi Arc

Leave a comment »

Guest Post: Nearly 90% of the Pentagon supply chain fails basic cybersecurity requirements

Posted in Commentary with tags on January 24, 2023 by itnerd

The first-ever thorough analysis of the state of cybersecurity of the US defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.

Defense contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The in-depth analysis of the Pentagon supply chain was commissioned by CyberSheath, a cybersecurity compliance service provider, and was carried out by Merrill Research, a leader in providing custom, multi-methodological research services. Access the State of The Defense Industrial Base Report here

The survey questioned 300 US-based DIB contractors via an online survey in July 2022.

The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the DoD’s single, authorized system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed non-compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cybersecurity regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum.  

Over 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant.

The research conclusions show a clear and present risk to US national security.

These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of non-compliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the United States. Using foreign cybersecurity services has a risk on its own.

Other flaws were discovered in the following areas:

  • 80% do not have a vulnerability management system.
  • 79% do not have a robust multi-factor authentication (MFA) system in place, and 73% do not have an endpoint detection and response (EDR) solution.
  • 70% of organizations have not implemented security information and event management (SIEM)

These security measures are legally required by the DIB, and if they are not satisfied, the DoD and its capacity to undertake armed defense face a major danger. 

To read the full article, head over to: https://atlasvpn.com/blog/nearly-90-of-the-pentagon-supply-chain-fails-basic-cybersecurity-requirements

Leave a comment »

Apparently Trump Wants To Ditch His Own Social Media Company To Go Back To Twitter

Posted in Commentary with tags on January 24, 2023 by itnerd

Former President Donald Trump apparently wants to go back to Twitter so bad, he wants to ditch the social media company that he helped to found, which of course is Truth Social to do it. Mind blowing isn’t it. But according to Rolling Stone, he can’t, at least not yet, and here’s why:

When Trump first founded Trump Media & Technology Group (TMTG), he agreed to a “social media exclusivity term” that required him to “first channel any and all social media communications” to his Truth Social account for six hours before posting the content to other platforms, according to SEC filings.

Since late last year, former President Trump has informed several people close to him that he doesn’t want to re-up the exclusivity agreement with his social media company, Truth Social, two sources familiar with the matter tell Rolling Stone. “There’s not going to be a need for that,” is how one of the sources recalls Trump describing his soon-to-expire contractual obligation. 

The 18-month term of that requirement is up in June — right as the Republican primary is expected to begin heating up. After that, Trump’s exclusivity term would automatically renew for six month periods “unless notice is given.” In the event his exclusivity term expires, Trump would still be “required to post contemporaneously to Truth Social.”

“He said there’s an expiration date and that he didn’t want to make commitments,” the other source says. 

Asked whether Trump planned to continue to make Truth Social his exclusive social media home, a company representative directed Rolling Stone to a recent appearance by TMTG CEO Devin Nunes on Newsmax where the former California congressman said Trump “has no interest in going back to Twitter.” 

Sure he doesn’t. But assuming that he’s going to try and run for president again, Truth Social isn’t going to cut it as a means to get his message out there. Thus he needs Twitter. And it should be pointed out that Twitter needs him and more importantly his followers a lot more than Trump needs Twitter. Having his followers follow Trump to Twitter would be the sort of shot of the arm that Twitter desperately needs to survive. But I am not sure that Twitter having to wait until June for Trump to return would help Twitter. Thus you have to wonder if Elon Musk is going to offer some sort of incentive to get Trump to jump ship earlier. After all, Elon is a desperate guy these days.

1 Comment »

Bumble & Netflix Team Up To Help You Find The Date You’ve Been Watching For 

Posted in Commentary with tags , on January 23, 2023 by itnerd

Bumble, the women-first dating and social networking app,  and Netflix have teamed up to help members Find the Date You’ve Been Watching For. The campaign inspires the well-watched to celebrate the shows they love while building connections over their Netflix knowledge in a new way.

Beginning January 30, the Bumble community can put their insider knowledge to the test by playing a Netflix-themed Question Game, “Netflix Nights In”, with their matches around some of Netflix’s biggest shows including Emily in Paris, Stranger Things, Squid Game, Selling Sunset, Love is Blind, Outer Banks and more. The Bumble community can also expect to see some familiar faces in-app and on social, such as Emily in Paris’ Ashley Park, Alexa Lemieux of Love is Blind, and Selling Sunset’s Amanza Smith, as each week’s questions will be introduced by someone from the corresponding show.

Much like being well-traveled or well-read can lead to a conversation over shared interests, being well-watched can be a catalyst for making new connections. According to Netflix, members watch an average of six different genres a month, and a recent Bumble survey found that 53% of Canadian respondents agree that it’s easier to talk to matches or dates if they’ve watched the same movies or tv shows and 56% of Canadians surveyed are more likely to match with someone if they mention a tv show or movie they like on their profile. *

Bumble’s “Netflix Nights In” Question Game requires both people who have matched to answer the question before responses are revealed. Bumble also shared the percentage of good chats is higher when the Question Game is played.

“Netflix Nights In” will be available each Monday in the Bumble app in the US, Canada, and the UK through March 13.

Leave a comment »

Is Twitter Down To 1300 Full Time Employees?

Posted in Commentary with tags on January 23, 2023 by itnerd

According to a report from CNBC, Twitter is down to full time employees after Elon Musk has taken the axe and started to randomly swing it:

Twitter’s full-time headcount has dwindled to approximately 1,300 active, working employees, including fewer than 550 full-time engineers by title, according to internal records viewed by CNBC. Around 75 of the company’s 1,300 employees are on leave including about 40 engineers.

The company’s trust and safety team, which makes policy recommendations, design and product changes with the aim of keeping all of Twitter’s users safe, is down to fewer than 20 full-time employees.

Elon clearly is sensitive about this as he Tweeted that the report was incorrect:

The thing is that Elon offered no proof of anything that he said. While on the other hand, CNBC saw documents that allowed them to write this story. Which means that they thought the proof was good enough to go to press so to speak. That gives the believability factor to CNBC. Though I will point this out. Doing some quick math, I see this:

  • If you take CNBC’s numbers at face value, Twitter’s current staff is less than 20% of the 7,500 employees that the company had before Musk’s buyout.
  • If you take Musk’s numbers at face value, the company has retained about 30% of its employees.

Honestly, neither of those numbers look good if you’re Elon. And I can see why Elon might be a wee bit sensitive about this topic as the clear implication is that he’s cut so close to the bone that bad things are going to happen. I suspect that we’ll see who’s right very shortly.

Leave a comment »

One-Year Report On The Uber / UFCW Canada Agreement Is Out

Posted in Commentary with tags on January 23, 2023 by itnerd

This week marks one year since Uber Canada and UFCW Canada signed an agreement to give over 100,000 workers on the Uber platform access to representation, and to advocate to provincial governments for new benefits and protections for all app-based workers. As a reminder, the benefits Uber is jointly advocating for are a 120% minimum earning standard, a benefits fund, notice of termination, health and safety protections, and access to workers’ rights.

Today, Uber is releasing a report that shows how this agreement has been working for drivers and delivery people over the last year. Key highlights are:

  • Through representation services offered by the agreement, UFCW Canada filed cases on behalf of 794 workers. 
  • Of those cases, 201 had a positive resolution. 72 workers regained access to the platform and 129 had an account-related issue resolved. 

I’m also sharing a couple of stories from drivers who were helped through the agreement:

Waseem from Ontario

Waseem came to Canada from Pakistan in 2003 and lives in Mississauga with his family. He’s been driving with Uber for the last six years because he gets to work for himself and does not have a fixed schedule. He also enjoys meeting people and likes how professional and easy the app is to use. In the summer of 2022, Waseem got a new vehicle and was having difficulty uploading his insurance documents. The app eventually blocked him and deactivated his account due to potential fraud. This resulted in seven weeks without earnings. Waseem turned to UFCW Canada and they helped him resolve the issue by working with his insurance company and with Uber. Now he’s back on the Uber platform with his new vehicle.

Sandeep from BC 

Sandeep has lived in Surrey, BC with his family since 2019. He started driving with Uber during the pandemic because he likes the flexible schedule and is able to make a good earning. Last year, his account was deactivated due to a misunderstanding with a rider and their drop off location. Sandeep was having a hard time getting his account reactivated through Uber’s support channels. He received an email from Uber about its agreement with UFCW. He contacted UFCW who helped take his case to Uber, and after a couple of months, his account was reactivated. Now he’s happy to be back on the road.

Leave a comment »

Elon Musk Says Twitter Has Too Many Ads… And He’s Going To Fix That… How’s That Going To Work?

Posted in Commentary with tags on January 22, 2023 by itnerd

So let’s recap.

Twitter got taken over by Elon Musk. That sent a lot of advertisers to the exits. And with those advertisers went money that Elon desperately needs to keep Twitter afloat. But even with all of that, there are apparently too many ads according to Elon:

So maybe I am missing something, but Twitter Blue was supposed to have less ads than just having a free Twitter account. And now Elon is going to have another tier above that so that you will see zero ads. So if I’m an advertiser and I read this, precisely what incentive do I have to advertise on Twitter? I know that Elon wants Twitter’s income to come from sources other than ads, but this seems to be one of his short sighted moves that will drive away the cash that he needs in the short and medium terms to keep Twitter afloat.

This seems to be another of Elon’s “Ready, fire, aim” moments that will end badly for him methinks. And like a lot of other moves like this, it will likely end badly for him.

Leave a comment »

UK’s NCSC Finds Ransomware And Phishing Amongst The Biggest Threats To The Charity Sector

Posted in Commentary on January 21, 2023 by itnerd

The UK’s NCSC’s latest report has found that phishing and ransomware are amongst the biggest threats to the charity sector:

The report, published by the NCSC in association with the Charity Commission for England and Wales, explains why charities might be targeted and the challenges they face when compared to business and government organisations. For example, charities are more likely to rely on staff using their own IT (also known as Bring your own Device or BYOD), and these are harder to secure than devices that are owned (and managed) by the organisation itself.

It includes case studies from the sector to bring the report to life, as well as key statistics from the DCMS’s Cyber Security Breaches Survey. Crucially, it also directs readers to a range of online resources, so you can put in place the necessary measures to protect your charity and donors. These resources include the new Funded Cyber Essentials Programme, which offers eligible charities free support to put protections in place.

Given the times that we currently live in where the most vulnerable need help from charities, this is not good news:

Dr. Darren Williams, CEO and Founder, BlackFog had this to say:

Phishing and more specifically spear phishing is the tool of choice for most cyber gangs in order to breach an organization and launch a ransomware attack. As we have seen from this year’s annual statistics (https://www.blackfog.com/2022-ransomware-attack-report/), ransomware continues to break new records each month, with 2022 ending with a record number of attacks and an overall  29% increase over 2021. We continue to see specific sectors such as education and government become the most targeted, with charities falling into the same category as they are seen as low-hanging fruit without adequate resources for protection, both in terms of skilled cyber professionals as well as cybersecurity technology. Since the goal of any attack is to breach an organization and steal valuable information, charities pose a very high risk as they are gatekeepers to many high-net-worth individuals’ details which can then be leveraged for extortion. This is similar to the way such individuals were targeted in an attack on Daylesford in the UK last year, where high net-worth individuals’ details were leaked online. Like any organization, charities need to look carefully at how they are protecting their data and what they are doing in terms of anti-data exfiltration generally. 

Hopefully this spurs the charity sector to do what they can to make themselves less of a target. And hopefully the U.K. government pitches in because they truly can’t do this alone.

Leave a comment »

« Older Entries
Newer Entries »