Cars Can Be Pwned Via Flaws In SiriusXM And Other Software: Report

Posted in Commentary with tags , on December 1, 2022 by itnerd

Every car these days comes with a SiriusXM receiver. And depending on what car you have, that might be an attack vector for hackers to pwn your car. This according to this article:

Researcher Sam Curry on Wednesday described a recent car hacking project targeting Sirius XM, which he and his team learned about when looking for a telematic solution shared by multiple car brands.

An analysis led to the discovery of a domain used when enrolling vehicles in the Sirius XM remote management functionality, Curry said in a Twitter thread.

Initial tests were conducted on the NissanConnect mobile application, which led to the discovery of a vulnerability that could allow a remote hacker to obtain a vehicle owner’s name, phone, number, address and car details simply by knowing their VIN, which is typically visible on the windshield. The attacker would need to send specially crafted HTTP requests containing the victim’s VIN in a certain parameter.

Further analysis showed that the same vulnerability could be exploited to run vehicle commands, including locate, unlock and start a car, as well as to flash headlights and honk the horn.

The researchers determined that such an attack could be launched against Honda, Nissan, Infiniti, and Acura cars.

Sirius XM immediately patched the vulnerability after being informed of its existence. The company said it released a patch within 24 hours and noted that it has no evidence of any data getting compromised or unauthorized modifications being made.

That’s not good. But neither is this

In a separate Twitter thread this week, Curry reported a different vulnerability, one that allowed researchers to control some functions of Hyundai and Genesis vehicles — including locks, engine, horn, headlights and trunk — by knowing the email address the victim had used to register a user account.

The attack allegedly worked on vehicles made after 2012. Hyundai and Genesis also released patches after being notified.

So upon reading this article, I looked at the research and it illustrates that connected cars are subject to the same sort of problems that everything else is. Thus car companies and SiriusXM need to up their game to keep car owners safe. And they need to be held accountable for making sure that cars are secure. Preferably by a third party.

Leave a comment »

Remember That LastPass Hack Back In August? The Company Now Admits That Hackers Got Access To Customer Data

Posted in Commentary with tags on December 1, 2022 by itnerd

Back in August, LastPass was pwned by hackers. At the time the company said this:

Earlier this week, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

It now turns out that this wasn’t the case as the company now admits that user data was accessed by the hackers who pwned them:

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. 

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. 

We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass, which can be found here

Well, that’s not good. And it highlights why entrusting your passwords to a third party may not be a good idea. While I do use a password manager and do my best to practice good password hygiene, I don’t entrust my passwords to a third party. Instead the password file is encrypted and stored on my NAS at home, or on some cloud provider so that I can get access to it on the road as well as sync it with all my devices. If one of those cloud providers gets pwned, all they will get is an encrypted file that they can’t do anything with.

In any case, LastPass needs to be completely transparent about what happened here and how much it affects end users as that’s the only way they will maintain the trust of their customer base.

UPDATE: Yoav Iellin, Senior Researcher, Silverfort offers this advice:

“Given the vast amount of passwords it protects globally, Lastpass remains a big target.

The company has admitted the threat actor gained access using information obtained in the previous compromise. Exactly what this information is remains unclear but, typically, It’s best practice after suffering a breach for the organization to generate new access keys and replace other compromised credentials. This ensures things like cloud storage and backup access keys cannot be reused.

For worried users, ensure you watch out for updates from the company and take time to verify these are legitimate before taking any action. In addition, ensuring you have two-factor authentication on any applications with passwords in LastPass and changing passwords will provide the utmost level of security. “

UPDATE #2: Chad McDonald, Chief of Staff and CISO, Radiant Logic provides this comment:

    “We’ve seen today another hack of the credential wallet vendor, LastPass which isn’t at all surprising. This isn’t an indictment of LastPass by any means, rather a criticism of the underlying problem that has driven vendors like LastPass to be very successful and effectively a staple both for home users and the enterprise. Any software, given enough time and effort, is crackable or hackable, and LastPass is certainly no exception. While LastPass’s Zero Knowledge strategy with regard to password encryption seems to have kept the attackers from accessing passwords, this didn’t keep them from apparently accessing source code. Attackers will always find a way to defeat security controls–always. Technology practitioners will work to harden code, applications and networks, but in the end given time and resources the attackers will get in.   

One of the problems I see with simply continuing to harden the IT stack is that it fundamentally doesn’t acknowledge what is driving ongoing reliance on password wallets for so many people.  IT sprawl and more specifically identity sprawl have driven most of us mad with the number of credentials we need to manage simply to get through our personal and professional lives everyday. Assuming we’re trying to be good netizens, we’ll also try to juggle complex passwords and potentially multi-factor authentication. This additional complexity exacerbates the identity problem.  We’re effectively left with no choice other than to archive our credentials in a wallet like LastPass or god forbid a notebook somewhere.  (Please tell me you aren’t keeping your passwords on the bottom of your keyboard.). 

On a personal level, it isn’t realistic to expect a home user to implement an IAM strategy. The enterprise, however, should have an IAM strategy that limits identity sprawl, provides adequate credential security, and limits the need for its users to manage countless sets of credentials in the workplace.  Corporations really do themselves and their users a disservice when they continue to push down responsibility for broad credential management to staff. It’s really a recipe for disaster. Consolidation, protection, and effective management of identities and credentials by the enterprise drives internal productivity, deflects Helpdesk calls, and reduces friction on staff that should be focused on their core responsibilities, rather than tracking down their 14th set of credentials and a 20 character password to log in to the CRM system.  

While LastPass was the latest victim here, it won’t be the last.  I expect that the organization will recover quickly and again work to harden processes and code, but I think the enterprise should do its part as well.  Let’s focus on our own IAM strategies so that we can ideally be a bit less reliant on credential wallets in the first place.”

2 Comments »

Guest Post: Over 95% of all new malware threats discovered in 2022 are aimed at Windows

Posted in Commentary with tags on December 1, 2022 by itnerd

Windows is the most popular operating system among desktop and laptop users. It occupies around 30% of the OS market share worldwide. This may be one of the reasons why it is also the most targeted by malware.

According to the data analyzed by the Atlas VPN team, based on AV-TEST GmbH statistics, 59.58 million new Windows malware samples were detected in the first three quarters of 2022. They make up a whopping 95.6% of all new malware discovered in that period.

Linux malware takes the second spot on the list with 1.76 million new malware samples — 2.8% of the total new malware threats in Q1 through Q3 of 2022.

Following Linux is Android malware. The first three quarters of 2022 saw 938,379 newly found Android malware threats. They constitute 1.5% of the new malware in Q1 through Q3 of 2022.

Finally, 8,329 never before seen malware threats aimed at macOS were detected in the same period.

Despite various anti-malware measures that exist today, cybercriminals continuously come up with new malware threats. A total of 62.29 million new malware samples were detected in the first three quarters of 2022 across all operating systems. It comes to almost 228,164 malware threats daily.

However, compared to the same period last year, new malware has actually decreased by 34%. Even though there is a clear downward trend in new malware samples, the number of threats still remains exceptionally high.

To read the full article, head over to:

https://atlasvpn.com/blog/over-95-of-all-new-malware-threats-discovered-in-2022-are-aimed-at-windows

Leave a comment »

Hackers Spoof Amazon Notification Emails To Steal Credentials In Phishing Campaign

Posted in Commentary with tags on December 1, 2022 by itnerd

Researchers at Avanan, a Check Point Software Company, will reveal its latest analysis on how hackers send fake Amazon account notices, targeting Japanese companies, in the hopes of getting credentials.

In this attack, users are presented with an email, written in Japanese, notifying them that their Amazon Prime Auto-Renewal has been deactivated and their membership information must be verified to prevent further account restriction. Clicking on the provided link will lead users onto a fake page that will steal credentials and payment details. 

You can read the analysis here.

Leave a comment »

Guest Post: The 10 Best Warm Weather Destinations for Digital Nomads this Winter According To Wise

Posted in Commentary with tags on December 1, 2022 by itnerd

For digital nomads, the possibilities of where to work are virtually limitless. When frigid winter weather rolls around, it’s natural for those who can work remotely to start thinking about snowbirding out to a more temperate locale far from snow, ice, and frozen flurries.

After all, when the temperatures drop, it’s hard to do your best work when all you want to do is curl up in front of the fire.

That’s why Wise put together a list¹ of the best warm cities for digital nomads to visit this winter based on an evaluation of weather, safety, and cost of living data — along with their exchange rates² with.

Canadian currency so you can make the most of your budget as you chase the sun. The list includes cities within +/- one hour of continental Canadian time zones, so it will be easy to adapt your schedule and stay in touch with everyone you work with.

1. Medellin, Colombia

Nicknamed the “City of Eternal Spring” and famous for its annual Flower Festival, Medellin is an ideal place for digital nomads to go for the winter. The weather there is near-perfect during the winter months — not too hot and not too cold.

Plus, there are a variety of coworking spaces available, so you can easily find a place to set up shop and get your work done. The cost of living is very reasonable, and there are many museums, including the Museo de Antioquia, coffee farms, and nature parks to explore in your free time.

The official currency of Colombia is the Colombian peso and the exchange rate is $1,000 CAD = 3,638,960 COP

2. Quito, Ecuador

The capital of Ecuador, nestled in a valley at the base of the majestic Andes Mountains, Quito is a beautiful city built on the ruins of an ancient Incan settlement.

It’s home to a growing community of digital nomads, who are drawn to Quito for its affordable cost of living, fast internet speeds, vibrant cultural scene, and rich architectural heritage.

The city enjoys year-round mild temperatures, making it an excellent place for working remotely in the winter.

The official currency of Ecuador is the US dollar and the exchange rate is 1,000 CAD = 751.03 USD

3. Buenos Aires, Argentina

For digital nomads, Buenos Aires offers an appealing mix of mild weather, affordability, and culturally rich city life. Located in the southern hemisphere, Argentina’s bustling capital city enjoys warm weather even in the middle of winter.

While prices have been rising in recent years, Buenos Aires is still relatively affordable compared to other major cities — and for many, the chance to be surrounded by the city’s beautiful 19th-century architecture is well worth a slight cost increase.

The official currency of Argentina is the Argentine peso and the exchange rate is 1,000 CAD = 121,761K ARS

4. Bogota, Colombia

Located in the Andean mountain range and featuring a subtropical highland climate, Bogota is the sprawling capital city of Colombia and one of the largest cities in South America.

Bogota is a great place for digital nomads to go for the winter because of its temperate climate, affordable cost of living, and abundance of coworking spaces. Plus, the city is full of gorgeous colonial-era landmarks, including the Teatro Colón, and many intriguing museums and historical sites.

The official currency of Colombia is the Colombian peso and the exchange rate is 1,000 CAD = 3,638,960 COP

5. Montevideo, Uruguay

The seaside capital of Uruguay, Montevideo is an affordable city with lovely warm weather during the winter months. Revolving around the beautiful Plaza de la Independencia, Montevideo has a lively and vibrant culture, and can be an excellent place to learn Spanish.

It’s a terrific winter destination for digital nomads looking to escape the cold weather of the northern hemisphere, while still being able to work and enjoy life in a welcoming city full of fascinating Art Deco and colonial architecture.

The official currency of Uruguay is the Uruguayan peso and the exchange rate is 1,000 CAD = 29,927.60 UYU

6. San José, Costa Rica

Built on the coffee trade and brimming with elegant Victorian mansions, San José is a fantastic city for digital nomads to visit for the winter, featuring warm weather and many coworking spaces.

The cost of living is also very reasonable, and you can find apartments for rent at a fraction of the cost of what you might pay in major cities like Toronto, New York or London, while still being able to get out and enjoy world-class museums, parks, and historic buildings.

The official currency of Costa Rica is the colon and the exchange rate is 1,000 CAD = 459,990.00 CRC

7. Cali, Colombia

Cali is known for its beautiful weather, friendly people, and vibrant salsa dancing street parties. In addition, Cali is an affordable, sunny place to live a relaxed lifestyle during the winter months, with many apartments and hotels offering monthly rates.

This makes it a budget-friendly option for digital nomads who want to enjoy all that the city has to offer, including its spectacular neoclassical architecture and historic museums, without breaking the bank.

The official currency of Colombia is the Colombian peso and the exchange rate is 1,000 CAD = 3,638,960 COP

8. Mexico City, Mexico

Full of stunning historical landmarks dating back to the time of the Spanish conquistadors, Mexico City has a large community of expats and digital nomads — and there are plenty of coworking spaces, cafes, and restaurants to work from.

The weather is also perfect for spending time outdoors, and there are plenty of historic buildings, museums, and nature parks to explore. If you’re looking for a vibrant, culturally rich spot for both work and adventure this winter, Mexico City could be a great choice.

The official currency of Mexico is the Mexican nuevo peso and the exchange rate is 1,000 CAD = 14,598.10 MXN

9. São Paulo, Brazil

The sparkling financial center of Brazil, São Paulo is home to many iconic architectural landmarks, including the 1929 Martinelli skyscraper. It’s a bustling, highly populous city with a significant community of digital nomads who occupy the many co-working spaces available.

As Brazil’s richest city, São Paulo isn’t always the cheapest, but for those seeking to explore its beautiful buildings, memorable museums, and peaceful parks, it may be worth a little splurge.

The official currency of Brazil is the real and the exchange rate is 1,000 CAD =  4.002.85 BRL

10. Panama City, Panama

The capital of Panama, Panama City features a multitude of colonial-era landmarks and vibrant plazas with popular cafes that digital nomads can work from. The city’s warm weather is ideal for those who want to escape the cold, and the nightlife is vibrant.

There are also a variety of beaches to visit, and plenty of opportunities to explore the rest of Panama — or simply relax and watch the ships sailing through the city’s iconic canal. It’s the safest city on this list, although the weather isn’t always as pretty as in some other locales.

The official currency of Panama is the Panamanian balboa, and the exchange rate is 1,000 CAD = 750.75 PAB

Paying Like a Local

If you’re seeking warmer horizons this winter, there are so many exciting places where you can soak up the sun and make incredible memories, all while staying within your digital nomad budget.

Just make sure you have a good financial plan in place that enables you to pay like a local wherever you choose to roam. But adventurers beware: that’s probably not simply using your go-to Canadian bank account. From foreign transaction fees and high ATM withdrawal fees, to hidden markups in exchange rates, traditional Canadian bank accounts aren’t typically digital nomad-friendly.

Before you depart, consider setting up a Wise Account and card. Wise is everywhere money: 170 countries, 50 currencies and one card. With a Wise Account you can easily send, receive, hold, and spend money with no hidden fees³. That means paying for rent, groceries, activities and your new friends back easily in local currency.

And while many countries are digital-first, a lot of destinations — including many on this list — still prefer cash payments. With the Wise card, there’s no need to have the cash converted ahead of time. You can simply withdraw cash from local ATMs, and Wise will convert the amount automatically for you at the best conversation rate at the time for a low fee. For making purchases at places that do accept cards, the Wise Card functions like any other debit card in your wallet.

With Wise’s transparent pricing and mid-market exchange rate policy, you always know what you’re paying. That means less financial stress and uncertainty, and more time enjoying your warm weather digital nomad excursions this winter.

¹ Methodology: To compile this list, Wise looked at cities that operate within plus- or minus-one hour of continental Canadian time zones. Cities were then scored based on their rankings on third-party data sources assessing cost of living including rent (source: Numbeo), weather (source: Global Residence Index) and safety (source: Numbeo), as well as whether or not their countries offer digital nomad visas.

² Exchange rates were pulled via Wise.com on November 15, 2022.

³ Please see Terms of Use for your region or visit Wise Fees & Pricing: Only Pay for What You Use for the most up to date pricing and fee information.

Leave a comment »

Elon Musk Takes A Trip To See Tim Cook…. And Other News From The Twitter Circus

Posted in Commentary with tags on November 30, 2022 by itnerd

Elon Musk continues to make news. And I will start with his most recent piece of news which is that Elon paid a visit to the Apple Campus to see Tim Cook.

No word on what they talked about. But seeing as Elon teed off on Apple multiple times earlier this week, and Apple cutting advertising and deleting its Tweets, he might have had to take a trip to make peace with Apple CEO Tim Cook. This despite word that Elon wants to find a way to keep Apple from taking 30% from every Twitter Blue subscription, which by the way means that Twitter Blue is apparently on hold until that part is figured out. Knowing how Elon can’t keep his mouth shut, I am sure that we will find out some version of this story soon enough.

Another story that surfaced today is that Tesla stock has taken a huge hit since Elon took over at Twtter:

Tesla stock is down 30% since Musk, the electric-car maker’s chief executive, completed his acquisition of Twitter on Oct. 28.

And:

Tesla stock is down 52% since Musk first revealed a 9% stake in Twitter in early April.

If you own the stock, you are likely not happy. And if you’re Elon, the ability for Tesla stock to fund the day to day operations of Twitter has decreased as a result.

Next, from the “see I told you so” department is this:

Elon Musk has been told he faces “huge work ahead” to bring Twitter into compliance with new European rules on disinformation or face a possible ban.

European Union commissioner Thierry Breton made the comments in a meeting with Mr Musk on Wednesday.

He said the social media site would have to address issues such as content moderation, disinformation and targeted adverts.

The back-and-forth comes as the new law is set to go into effect.

And what happens if Elon doesn’t get his act together? Well…:

If firms are found to be violation, they face fines of up to 6% of global turnover – or a ban in the case of repeated serious breaches.

And it’s a safe bet that Elon can’t afford the fines, nor can he afford to have Twitter banned in the EU. Which means that he has a problem. Just like I said he would. It will be interesting to see if he tries to comply with the EU, and anger the rather unsavory characters that he’s encouraged to jump onto Twitter. Or he thumbs his nose at the EU, and risks fines that he can’t afford along with potentially being Thanos snapped out of the 27 EU member states.

One thing that was interesting from this report was this:

In a statement after the meeting, Mr Breton said he welcomed Mr Musk’s assurances that he would get Twitter ready to comply.

“Let’s also be clear that there is still huge work ahead, as Twitter will have to implement transparent user policies, significantly reinforce content moderation and protect freedom of speech, tackle disinformation with resolve, and limit targeted advertising,” he said.

“All of this requires sufficient AI (Artificial Intelligence) and human resources, both in volumes and skills. I look forward to progress in all these areas and we will come to assess Twitter’s readiness on site.”

The EU plans to conduct a “stress test” in 2023 ahead of a wider audit, his office said.

So while that sounds like he’s going to comply, I am not willing to put money on that just yet.

Finally Twitter put out a blog post that among other things, said this:

  • First, none of our policies have changed. Our approach to policy enforcement will rely more heavily on de-amplification of violative content: freedom of speech, but not freedom of reach.
  • Our Trust & Safety team continues its diligent work to keep the platform safe from hateful conduct, abusive behavior, and any violation of Twitter’s rules. The team remains strong and well-resourced, and automated detection plays an increasingly important role in eliminating abuse.
  • When urgent events manifest on the platform, we ensure that all content moderators have the guidance they need to find and address violative content. 
  • As we improve our policies and processes, bad actors will also develop new methods of disruption. This is not new. Our team of experts is constantly adapting to identify and defuse threats, and we are proud of our early results: impressions on violative content are down over the past month, despite the growth in overall usage on the platform.
  • Finally, as we embark on this new journey, we will make mistakes, we will learn, and we will also get things right. Throughout, we’ll communicate openly with our users and customers, to get and share your feedback as we build. 

We remain committed to providing a safe, inclusive, entertaining, and informative experience for everyone. We will continue to be transparent as we move through this transition period. And we will listen to you, the people who make Twitter what it is: the town square of the internet. 

I’m sorry. But everything that has happened to date seems to indicate the opposite is happening at Twitter. I’d sit here and pick this apart, but I haven’t got that kind of time. The fact is that this blog post is window dressing that was put out there in hopes of putting out the many fires that Elon has started since he took over. Nobody is going to buy this. Not governments, not advertisers, and not the users who feel that Twitter is no longer safe. If Twitter in general, or Elon specifically want to talk about Twitter being a safe space for all, the need to start proving it. Immediately.

Leave a comment »

Cisco AppDynamics Launches Business Transaction Insights in AppDynamics Cloud

Posted in Commentary with tags on November 30, 2022 by itnerd

Cisco AppDynamics announced today major updates to its cloud-native observability solution AppDynamics Cloud. Business transaction insights combines business transaction monitoring with AppDynamics Cloud’s continuous-context experience. This allows organizations to expand observability over cloud-native applications correlated with business context across their Amazon Web Services (AWS) environment and beyond. The AIOps-derived insights enable teams to observe applications the same way customers and end users experience them and quickly take action to optimize performance and remediate issues in near real-time.

The new capabilities will initially support digital services, cloud-native applications, and workloads on Amazon Web Services (AWS). Cisco AppDynamics and AWS continue to empower organizations across the entire IT estate on their journey to full-stack observability.

Modern cloud-native applications can be highly distributed and complex. Ops teams often have to rely on siloed, domain-specific tools to collect and interpret massive amounts of data generated by their technology stack during normal operations. As a result, they can struggle to deliver dependable digital experiences for end-user customers because they lack the correlated insights to identify how critical issues impact business outcomes.

With business transaction insights, teams can leverage multiple streams of data drawn from OpenTelemetryTM and Amazon CloudWatch, all correlated to business context, and then optimize digital experiences at scale. They generate AIOps-driven alerts that allow teams to identify, prioritize, and resolve the most important issues that could impact the user experience and the overall business.

Cisco AppDynamics survey of 1,150 IT professionals revealed that 71% believe their organization will need to allocate resources toward observability of cloud-native applications and infrastructure. The addition of this new capability in AppDynamics Cloud gives technologists the simplicity and insights they need to streamline operations, increase business value of AWS products and services, and maximize current and future investments in areas including Kubernetes®, microservices, and other AWS infrastructure.

Additional Resources:

Leave a comment »

TELUS and Adera complete new Smart Building in North Vancouver

Posted in Commentary with tags on November 30, 2022 by itnerd

TELUS continues to grow its Residential Smart Building footprint with the completion of RED Lower Lynn, a new rental development located in North Vancouver’s vibrant Lynn Creek community. In partnership with west coast modern design builder Adera, this six-storey, 88-unit complex features TELUS’ cutting edge smart building technology and automation, offering luxury and comfort paired with savings and efficiency. Residents at RED Lower Lynn can control their smart suites from their smartphones through the easy-to-use TELUS Residential Smart Building app, giving them the flexibility to remotely lock and unlock their keyless doors, or adjust their lights from anywhere, at any time. 

With TELUS Residential Smart Building, residents are conveniently notified on their smartphone when someone opens the door, the temperature needs to be adjusted, or someone requires entry. RED Lower Lynn’s building operators are also using TELUS Residential Smart Building to access the latest in security technology, 24-hour monitoring, and tools to increase building efficiency, which reduces their carbon footprint and operating expenses. 

To help showcase TELUS Residential Smart Building technology and what it can offer residents and building operators, TELUS has secured a demo suite inside RED Lower Lynn located at 1550 Oxford St, North Vancouver. Anyone in the Vancouver area can experience the benefits of living in a Smart Building by emailing smartbuilding@telus.com to arrange a tour. 

Find out more about TELUS Residential Smart Building, powered by Canada’s fastest network, by visiting telus.com/smartbuilding.

Leave a comment »

CYBER WEEK RESULTS: Online Sales In Canada Down 8% YoY, But Up 2% globally

Posted in Commentary with tags on November 30, 2022 by itnerd

As Cyber Week 2022 draws to a close, Salesforce released its annual Cyber Week report, which analyses shopping data from over one and a half billion shoppers on the Salesforce Customer 360 platform. Overall, global sales reached $280.8 billion, a 2% increase YoY. However, Canadian shoppers held back as compared to last year.

In Canada, over the course of Cyber Week we saw:

  • Online sales down 8% YoY
  • While the online sales were down as compared to last year, the average order value was up by 0.3% at $106
  • Overall traffic was down 1% YoY. In terms of device traffic, mobile proved to be the most popular for shoppers to visit from, with 70% of Black Friday traffic coming from mobile, 29% from computer and 3% from tablet

Further information on the results is available in the Holiday Hub, which has been updated daily over Cyber Week.

Leave a comment »

UK Updates Cyber Security Regulations To Include MSPs

Posted in Commentary with tags on November 30, 2022 by itnerd

The UK Government has just updated their Network and Information Systems (NIS) regulations in order to bring providers of outsourced IT and managed service providers (MSPs) into scope. The regulations were introduced to improve the cyber security companies which provide services to energy, healthcare and transport sectors. Fines of up to £17m will could be issued for non-compliance.

Yaron Kassner, CTO and Cofounder, Silverfort had this commentary:

“The Government’s decision to update these regulations reflects how MSPs present a ripe target for attackers.

“As central points of cybersecurity management for lots of organizations – they provide a jumping-off point for lateral movement inside a large number of environments. As we saw with Operation Cloudhopper – attackers were able to access MSP customers using seemingly legitimate credentials, before moving through the network to exfiltrate data.

“While controls such as MFA on internal resources could technically help address attacks like this, the regulation provides a necessary impetus to ensure MSPs act according to best practice.”

Many clients that I work with use MSPs and they, along with anyone else who uses an MSP should heed this advice.

Leave a comment »

« Older Entries
Newer Entries »