CybersecurityUpdate https://www.webpronews.com/technology/cybersecurityupdate/ Breaking News in Tech, Search, Social, & Business Tue, 15 Oct 2024 17:13:15 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 CybersecurityUpdate https://www.webpronews.com/technology/cybersecurityupdate/ 32 32 138578674 Hackers Claim to Have Breached Cisco As Company Investigates https://www.webpronews.com/hackers-claim-to-have-breached-cisco-as-company-investigates/ Tue, 15 Oct 2024 16:46:32 +0000 https://www.webpronews.com/?p=609401 Hacker are claiming to have breached Cisco and stolen data, with the company saying it is investigating the claims.

According to BleepingComputer, bad actors have been trying to sell data purportedly stolen from Cisco via online forums. The hackers making the claims are the well-known “IntelBroker,” working along with “EnergyWeaponUser and “zjj.”

Tune in as we dive into hackers’ claims of breaching Cisco!

 

“Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!,” reads the post on one hacking forum.

Cisco says it is aware of the hackers’ claims and it is investigating their validity.

“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson told BleepingComputer.

“We have launched an investigation to assess this claim, and our investigation is ongoing.”

The hackers say they breached Cisco on October 6 and provided samples of the purported stolen data, although they did not provide details on how the hack was carried out.

]]>
609401
MoneyGram Data Breach Is Worst-Case Scenario https://www.webpronews.com/moneygram-data-breach-is-worst-case-scenario/ Tue, 08 Oct 2024 18:16:35 +0000 https://www.webpronews.com/?p=609337 MoneyGram has notified users of a data breach, and initial details suggest the breach is is about as bad as it could possibly be.

MoneyGram issues a notice on Monday of a data breach. On September 27, 2024, the company discovered “that an unauthorized third party” had access the company’s systems between September 20 and 22. The company detailed the data that was stolen and—spoiler alert—it’s worst-case scenario.

The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud). The types of impacted information varied by affected individual.

The company says it has already taken certain system offline, which is temporarily impacting its ability to serve its customers. MoneyGram is also working with law enforcement and cybersecurity experts.

In the meantime, MoneyGram recommends users “remain vigilant” to potential fallout from the breach.

We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your free credit reports. If you are in the U.S. and would like to check your credit report, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. U.S. residents can order a free credit report by visiting www.annualcreditreport.com or calling toll-free at 1-877-322-8228. The U.S. Reference Guide provides recommendations by the U.S. Federal Trade Commission on the protection of personal information. We also recommend that you remain alert for unsolicited communications involving your personal information.

MoneyGram is also offering impacted US customers identity and credit monitoring services, free of cost for two years.

In terms of data breaches, this one takes the cake, in terms of the impact it could have on consumers. Names, dates of birth, Social Security Numbers, government-issued IDs, bank account info, and transaction data give bad actors everything they need to open fraudulent accounts, not to mention gain access to existing accounts.

Only time will tell how such a devastating data breach occurred, but it’s safe to say this one is going to haunt MoneyGram and its customers for a long time.

]]>
609337
FCC Unveils $200 Million Program to Secure Schools and Libraries https://www.webpronews.com/fcc-unveils-200-million-program-to-secure-schools-and-libraries/ Thu, 03 Oct 2024 16:18:27 +0000 https://www.webpronews.com/?p=609181 The Federal Communications Commission has unveiled the Schools and Libraries Cybersecurity Pilot Program, dedicating $200 million to the cause.

Schools and libraries are some of the most vulnerable cybersecurity targets, largely because they often lack the budget to employ the necessary professionals to protect their organizations from threats. The FCC is hoping to address that situation with its Pilot Program.

Catch our conversation on the FCC’s program to secure schools and libraries!

 

Modeled after the FCC’s Connected Care Pilot, the Pilot Program will evaluate the effectiveness of using Universal Service funding to support cybersecurity services and equipment to protect school and library broadband networks and data in order to determine whether to fund them on a permanent basis.

The program will allow participant schools and libraries seek reimbursement for eligible cybersecurity expenses.

Pilot Program participants will be eligible to seek reimbursement for a wide variety of cybersecurity services and equipment, subject to an overall cap. Eligible services and equipment include: Advanced/Next Generation Firewalls; Endpoint Protection; Identity Protection and Authentication; and Monitoring, Detection, and Response

The FCC said it will prioritize facilities based on the populations that are most in need of cybersecurity support.

To facilitate the inclusion of a diverse set of Pilot projects and to target Pilot funds to the populations most in need of cybersecurity support, the FCC will award support to a combination of large and small and urban and rural schools, libraries, and consortia, with an emphasis on funding proposed Pilot projects that include low-income and Tribal applicants.

Once schools and libraries are accepted into the Pilot Program, they will receive a letter informing them of their inclusion and can begin submitting reimbursement requests.

Applicants selected to participate in the Pilot Program will be announced by Public Notice. The Public Notice will provide additional information regarding next steps, including the process for soliciting bids and procuring desired cybersecurity services and equipment. After participants complete a competitive bidding process, they will submit requests for services and, upon approval, they will receive a Funding Commitment Decision Letter (FCDL) approving or denying their funding requests.

Once an FCDL is issued and the delivery of services has started, participants and service providers may submit requests for reimbursement from the Pilot Program. If necessary, participants can request reimbursement and request certain changes to their funding requests from the Universal Service Administrative Company (USAC), the Pilot Program administrator.

Given the rise of cybersecurity threats targeting non-commercial entities, the FCC’s Pilot Program is sure to help provide a lifeline to some of the most vulnerable organizations.

]]>
609181
Microsoft Defender Adds Insecure Wi-Fi Network Protection https://www.webpronews.com/microsoft-defender-adds-insecure-wi-fi-network-protection/ Tue, 01 Oct 2024 17:33:54 +0000 https://www.webpronews.com/?p=609089 Microsoft Defender is expanding its protection, adding the ability to protect users when they connect to insecure Wi-Fi networks.

Free Wi-Fi networks are offered by businesses of all sizes, but those networks can often pose serious threats to users’ security and privacy. Any number of attacks, including man-in-the-middle attacks, evil twin attacks, and data theft are just a few of the risks insecure networks pose.

Catch our chat on Microsoft Defender’s new Wi-Fi protection feature!

 

Microsoft Defender, the company’s cybersecurity app, is add features to protect users for those times when they need to access public Wi-Fi networks. The company already added VPN support, since VPNs are one of the go-to solutions to keep data safe on an insecure network.

The company is adding the following features:

  • Auto detection and notification of unsecure Wi-Fi connections with the ability to turn on a virtual private network (VPN) in the Defender app for added safety
  • Privacy protection (VPN) is now available on all our supported device platforms including Windows, macOS, Android, and iOS.
  • Feature availability in more countries including US, UK, Germany, and Canada. And more countries are coming soon. We’re adding privacy protection to ten additional countries5 in Europe, Asia, and LATAM regions soon.

The suspicious Wi-Fi detection, in particular, will go a long way toward keeping users safe.

We’ve added detection for un-safe Wi-Fi (suspicious Wi-Fi). These detections are possible using Defender heuristics that examine multiple characteristics of a Wi-Fi hotspot to determine if it is suspicious. As with unsecure Wi-Fi, you get a notification for un-safe Wi- Fi as well and can turn on Defender VPN for added safety.

Microsoft has committed to revamping its security after a string of embarrassing breaches. It’s good to see the company displaying an equal level of concern for keeping users safe and secure.

]]>
609089
FCC Fines T-Mobile, Forces Company to Improve Cybersecurity https://www.webpronews.com/fcc-fines-t-mobile-forces-company-to-improve-cybersecurity/ Tue, 01 Oct 2024 15:18:50 +0000 https://www.webpronews.com/?p=609085 The Federal Communications Commission announced a “groundbreaking data protection and cybersecurity settlement with T-Mobile,” fining the company and forcing changes to its operations.

T-Mobile has an atrocious record when it comes to cybersecurity, suffering multiple data breaches in recent years, some of which have impacted tens of millions of users. Hackers even bragged about accessing the company’s internal networks more than 100 times in 2022 alone. Despite settling several class-action cases for a whopping $350 million, the company has continued to struggle with cybersecurity.

Catch our chat on T-Mobile’s FCC fine over cybersecurity violations!

 

The FCC appears to have reached the limits of its patience, and is now forcing the company to do better.

The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication. The Commission believes that implementation of these commitments, backed by a $15.75 million cybersecurity investment by the company as required by the settlement, will serve as a model for the mobile telecommunications industry. As part of the settlement, the company will also pay a $15.75 million civil penalty to the U.S. Treasury.

The settlement address multiple data breaches, including incidents from 2021-2023. The FCC acknowledged the carrier networks are prime targets for hackers, but that doesn’t excuse lapses in security. Instead, it only underscores the need for such companies to provide the best security possible.

“Today’s mobile networks are top targets for cybercriminals,” said FCC Chairwoman Jessica Rosenworcel. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections. We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”

As part of the agreement, T-Mobile agreed to the following:

  • Corporate Governance – T-Mobile’s Chief Information Security Officer will give regular reports to the board concerning T-Mobile’s cybersecurity posture and business risks posed by cybersecurity. This is a foundational requirement for all well-governed companies. Corporate boards need both visibility and cybersecurity domain experience in order to effectively govern. This commitment ensures that the board’s visibility into cybersecurity is a key priority going forward.
  • Modern Zero-Trust Architecture – T-Mobile has agreed to move toward a modern zero trust architecture and segment its networks. This is one of the most important changes organizations can make to improve their security posture.
  • Robust Identity and Access Management – T-Mobile has committed to broad adoption of multi-factor authentication methods within its network. This is a critical step in securing critical infrastructure, such as our telecommunications networks. Abuse of authentication methods, for example through the leakage, theft, or deliberate sale of credentials, is the number one way that breaches and ransomware attacks begin. Consistent application of best practice identity and access methods will do more to improve a cybersecurity posture than almost any other single change.

“The wide-ranging terms set forth in today’s settlement are a significant step forward in protecting the networks that house the sensitive data of millions of customers nationwide,” said Loyaan A. Egal, Chief of the Enforcement Bureau and Chair of the Privacy and Data Protection Task Force. “With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to improve our national cybersecurity posture and help prevent future compromises of Americans’ sensitive data. We will continue to hold T-Mobile accountable for implementing these commitments.”

Hopefully the FCC’s actions send a clear message to all companies that they must protect the data customers entrust them with.

]]>
609085
Tor Project and Tails OS Have Merged https://www.webpronews.com/tor-project-and-tails-os-have-merged/ Thu, 26 Sep 2024 15:46:05 +0000 https://www.webpronews.com/?p=608937 The Tor Project announced it has merged with the Tails OS project, in an effort to improve collaboration, reduce overhead, and improve users’ access to freedom-preserving options.

Tor is the leading privacy option for users trying to circumvent surveillance, designed from the outset to route traffic through multiple encrypted servers, masking a user’s browsing activity even when a network is being monitored. Tails OS is a Debian-based Linux distro that is designed to be run 100% from a USB stick. As a result, an individual can temporarily use any computer as their own by booting off of the USB stick, leaving not trace behind when they power the machine down and leave.

Catch our chat on the big merger between Tor Project and Tails OS!

 

The projects are joining forces to pool their resources and make privacy-preserving tools more readily available to at-risk individuals, as well as average users.

Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.

In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails’s operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.

The merger builds on 15 years of collaboration and solidarity between the two projects, but will allow Tails to tap into Tor’s resources.

“Running Tails as an independent project for 15 years has been a huge effort, but not for the reasons you might expect. The toughest part wasn’t the tech–it was handling critical tasks like fundraising, finances, and HR. After trying to manage those in different ways, I’m really relieved that Tails is now under the Tor Project’s wing. In a way, it feels like coming home,” says intrigeri, Team Lead Tails OS, The Tor Project.

A History of Collaboration

Merging the two projects will expand Tor’s focus, allowing it to address privacy and security issues beyond just the web browser.

Whether it’s someone seeking access to the open web or facing surveillance, Tor and Tails offer complementary protections. While Tor Browser anonymizes online activity, Tails secures the entire operating system–from files to browsing sessions. For journalists working in repressive regions or covering sensitive topics, Tor and Tails are often used as a set to protect their communications and safeguard their sources. The merger will lead to more robust treatment of these overlapping threat models and offer a comprehensive solution for those who need both network and system-level security in high-risk environments.

It will also open up broader training and outreach opportunities. Until now, Tor’s educational efforts have primarily focused on its browser. With Tails integrated into these programs, we can address a wider range of privacy needs and security scenarios. Lastly, this merger will lead to increased visibility for Tails. Many users familiar with Tor may not yet know about Tails OS. By bringing Tails within the Tor Project umbrella, we can introduce this powerful tool to more individuals and groups needing to remain anonymous while working in hostile environments.

Joining Forces a Win for Users

“Joining Tor means we’ll finally have the capacity to reach more people who need Tails. We’ve known for a long time that we needed to ramp up our outreach, but we just didn’t have the resources to do so,” intrigeri.

“By bringing these two organizations together, we’re not just making things easier for our teams, but ensuring the sustainable development and advancement of these vital tools. Working together allows for faster, more efficient collaboration, enabling the quick integration of new features from one tool to the other. This collaboration strengthens our mission and accelerates our ability to respond to evolving threats,” says Isabela Fernandes, Executive Director, The Tor Project.

The announcement is good news for the privacy community, and will be a major help to journalists, activists, and other at-risk groups who depend on such software for their life and work.

]]>
608937
EU Votes Today On Controversial Effort to Destroy Private Messaging https://www.webpronews.com/eu-votes-today-on-controversial-effort-to-destroy-private-messaging/ Mon, 23 Sep 2024 19:44:01 +0000 https://www.webpronews.com/?p=608809 The European Union is voting today (September 23) on its controversial chat control legislation, a measure security and privacy experts warn will destroy private messaging in the bloc.

The EU has been engaged in a concerted effort to undermine privacy and security by trying to pass legislation that would force companies to break end-to-end encryption (E2EE). The bloc has proposed the use of “client-side scanning,” a technology that scans files on the devices and alerts the authorities if anything illegal is discovered.

Tune in as we dive into the EU’s vote that could spell the end of private messaging!

 

After previous efforts were shot down, the EU has relabeled “client-side scanning” as “upload moderation,” essentially an effort to force users to agree to client-side scanning if they want to be able to send or upload any media files via a messaging platform that otherwise features E2EE. “Upload moderation” is a clever way to essentially render E2EE moot, while still being able to technically tout support for strong encryption.

Signal President Meredith Whittaker called out the EU for its efforts, slamming the bloc for trying to pull a fast one on users, and ignoring the mathematical reality that there is no way to maintain secure and private communication while simultaneously trying to undermine or circumvent E2EE.

Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label. Instead of using the previous term “client-side scanning,” they’ve rebranded and are now calling it “upload moderation.” Some are claiming that “upload moderation” does not undermine encryption because it happens before your message or video is encrypted. This is untrue.

Rhetorical games are cute in marketing or tabloid reporting, but they are dangerous and naive when applied to such a serious topic with such high stakes. So let’s be very clear, again: mandating mass scanning of private communications fundamentally undermines encryption. Full stop. Whether this happens via tampering with, for instance, an encryption algorithm’s random number generation, or by implementing a key escrow system, or by forcing communications to pass through a surveillance system before they’re encrypted. We can call it a backdoor, a front door, or “upload moderation.” But whatever we call it, each one of these approaches creates a vulnerability that can be exploited by hackers and hostile nation states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.

We ask that those playing these word games please stop and recognize what the expert community has repeatedly made clear. Either end-to-end encryption protects everyone, and enshrines security and privacy, or it’s broken for everyone. And breaking end-to-end encryption, particularly at such a geopolitically volatile time, is a disastrous proposition.

Patrick Breyer–former Pirate Party Member of the European Parliament and co-negotiator of the European Parliament’s critical position on the proposal—says the EU is voting on the revised measure today and goes on to describe the issues such a measure will cause if it passes.

“Instead of empowering teens to protect themselves from sextorsion and exploitation by making chat services safer, victims of abuse are betrayed by an unrealistic bill that is doomed in court, according to the EU Council’s own legal assessment,” writes Breyer. “Flooding our police with largely irrelevant tips on old, long known material will fail to save victims from ongoing abuse, and will actually reduce law enforcement capacities for going after predators. Europeans need to understand that they will be cut off from using commonplace secure messengers if this bill is implemented – that means losing touch with your friends and colleagues around the world. Do you really want Europe to become the world leader in bugging our smartphones and mandating untargeted blanket surveillance of the chats of millions of law-abiding Europeans?”

“Regardless of the objective – imagine the postal service simply opened and snooped through every letter without suspicion,” Breyer adds. “It’s inconceivable. Besides, it is precisely the current bulk screening for supposedly known content by Big Tech that exposes thousands of entirely legal private chats, overburdens law enforcement and mass criminalises minors.”

The EU Acknowledges the Measure Is Privacy-Invasive

Interestingly, the EU does not even try to hide the fact that its proposed measures are the most privacy-invasive solution available to it.

The company described its solution in 2022:

At the same time, the detection process would be the most intrusive one for users (compared to the detection of known and new CSAM) since it would involve searching text, including in interpersonal communications, as the most important vector for grooming.

Even more telling is the fact that EU ministers want to make sure they are exempt from the chat control legislation, the most damning indication of all that the EU is aware of the privacy implications of its efforts.

“The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” said Breyer. “They seem to fear that even military secrets without any link to child sexual abuse could end up in the US at any time. The confidentiality of government communications is certainly important, but the same must apply to the protection of business and of course citizens communications, including the spaces that victims of abuse themselves need for secure exchanges and therapy. We know that most of the chats leaked by today’s voluntary snooping algorithms are of no relevance to the police, for example family photos or consensual sexting. It is outrageous that the EU interior ministers themselves do not want to suffer the consequences of the destruction of digital privacy of correspondence and secure encryption that they are imposing on us.”

Why Is the EU Pushing for Chat Control?

Given the issues surrounding chat control, many may wonder why the EU is hell-bent on passing such legislation, especially when the bloc touts itself as pro-privacy.

In short, chat control is being promoted as a way to combat child sexual abuse material (CSAM). Unfortunately, while such a goal is certainly admirable, trying to tackle it with chat control legislation is problematic at best.

“Let me be clear what that means: to detect grooming’ is not simply searching for known CSAM. It isn’t using AI to detect new CSAM, which is also on the table. It’s running algorithms reading your actual text messages to figure out what you’re saying, at scale.” — Matthew Green (@matthew_d_green), May 10, 2022.

“It is potentially going to do this on encrypted messages that should be private. It won’t be good, and it won’t be smart, and it will make mistakes. But what’s terrifying is that once you open up ‘machines reading your text messages’ for any purpose, there are no limits.” — Matthew Green (@matthew_d_green), May 10, 2022.

Private messaging platform Threema further describes the issues:

Of course, sharing CSAM is an absolutely intolerable, horrific crime that has to be punished. Before CSAM can be shared online, however, a child must have suffered abuse in real life, which is what effective child protection should be trying to prevent (and what Chat Control does not focus on). For this and many other reasons, child protection organizations such as Germany’s Federal Child Protection Association are against Chat Control, arguing that it’s “neither proportionate nor effective.”

Besides, there’s no way of really knowing whether Chat Control would actually be (or remain) limited to CSAM. Once the mass-surveillance apparatus is installed, it could easily be extended to detect content other than CSAM without anyone noticing it. From a service provider’s point of view, the detection mechanism, which is created and maintained by third parties, essentially behaves like a black box.

Experts Say There Are Better Options

In Germany’s arguments against the EU’s efforts, Chief Prosecutor Markus Hartmann, Head of the Central and Contact Point Cybercrime North Rhine-Westphalia, said the EU was going to far in its proposals. Instead, he said law enforcement agencies should be better funded and supported so they could better combat CSAM using traditional techniques. Other experts agree with Chief Prosecutor Hartmann.

“Child protection is not served if the regulation later fails before the European Court of Justice,” said Felix Reda from the Society for Freedom Rights. “The damage to the privacy of all people would be immense “, he added. “The tamper-free surveillance violates the essence of the right to privacy and cannot therefore be justified by any fundamental rights assessment.”

“The draft regulation basically misses the goal of countering child abuse representations,” emphasized the Computer scientist and spokeswoman for the Chaos Computer Club, Elina Eickstädt (via computer translation). “The design is based on a gross overestimation of capabilities of technologies “, especially with regard to the detection of unknown material.

What Happens If the Legislation Passes?

If the EU is successful in passing the legislation, citizens will lose access to private communications platforms, such as Signal and Threema, as both platforms have vowed to pull out of the EU.

In due time, the issue will likely make its way to EU courts, and experts hope the legislation will be struck down there.

In the meantime, [as Matthew Green says](“the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR.”), EU citizens will have to contend with “the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR.”

]]>
608809
Microsoft Takes Steps Toward Protecting the Windows Kernel https://www.webpronews.com/microsoft-takes-steps-toward-protecting-the-windows-kernel/ Fri, 13 Sep 2024 10:30:00 +0000 https://www.webpronews.com/?p=607992 Microsoft has taken the first steps toward reimagining how security firms protect Windows, including making it possible for security apps to run outside the kernel.

A failed CrowdStrike update brought the internet to its knees, largely because CrowdStrike’s security platform runs at the Windows kernel level—the lowest level of the operation system. As a result, admins were unable to recover from the failed update without physical access to the impacted machines.

In the aftermath of the outage, Microsoft signaled that it was interested in restricting kernel access, blaming a 2009 EU agreement in which Microsoft guaranteed third-party access to the kernel.

At the company’s Windows Endpoint Security Ecosystem Summit, Microsoft made progress toward addressing the industry’s security needs, while protecting Windows from future CrowdStrike-like incidents.

A key consensus point at the summit was that our endpoint security vendors and our mutual customers benefit when there are options for Windows and choices in security products. It was apparent that, given the vast number of endpoint products on the market, we all share a responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions.

Microsoft and its partners emphasized the importance of the company building out a solution that can operate outside the kernel, while still protecting the OS.

Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions. At the summit, Microsoft and partners discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors.

Some of the areas discussed include:

  • Performance needs and challenges outside of kernel mode
  • Anti-tampering protection for security products
  • Security sensor requirements
  • Development and collaboration principles between Microsoft and the ecosystem
  • Secure-by-design goals for future platform

As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security.

Microsoft’s partners praised the company and results of the summit.

“We are honored to be a part of the Windows Endpoint Security Ecosystem Summit,” said Joe Levy, CEO, Sophos. “It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem. We were very pleased to see Microsoft support many of Sophos’ recommendations, based on the collection of architectural and process innovations we’ve built over the years and present today on the 30 million Windows endpoints we protect globally. The summit was an important and encouraging first step in a journey that will produce incremental improvement over time, and we look forward to collaborating in the design and delivery of more resilient and secure outcomes to our customers.”

At least one partner, however, voiced concern about the possibility of losing access to the kernel.

“ESET supports modifications to the Windows ecosystem that demonstrate measurable improvements to stability, on condition that any change must not weaken security, affect performance, or limit the choice of cybersecurity solutions. It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats. We look forward to the continued collaboration on this important initiative.”

Microsoft is not shutting down kernel access just yet, but the company is certainly trying to move developers toward a safer option, with the Windows Endpoint Security Ecosystem Summit moving the needle in that direction—even if just a little.

]]>
607992
Kaspersky Offloads US Customers to Ultra AV https://www.webpronews.com/kaspersky-offloads-us-customers-to-ultra-av/ Sat, 07 Sep 2024 16:41:56 +0000 https://www.webpronews.com/?p=607643 Kaspersky is offloading its US antivirus customers following a ban on its software, reaching a deal with Pango Group to migrate them to its Ultra AV.

US lawmakers banned Kaspersky in the US in June, citing “undue and unacceptable risks” as a result of the company’s ties to the Kremlin.

“The case against Kaspersky Lab is overwhelming,” Senator Jeanne Shaheen said the time. “The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented.”

Kaspkery said it would wind down its US business in response, saying the ban ensured “business opportunities in the country are no longer viable.”

According to Axios, Kaspersky has reached a deal with Pango that will at least see customers continue to receive support and software updates to their antivirus software.

“The good news is that there’s really no action required by customers,” Pango CEO Neill Feather told the outlet.

“Those things that they do need to be aware of and need to know, we’ll lay out for them in a series of email communications and then we also have our customer support team ramped up and ready to assist,” he added.

While any forced software migration is always difficult, especially when it comes unexpectedly, it appears that Kaspersky and Pango are doing what they can ease the transition as much as possible.

]]>
607643
Palo Alto Networks Completes Purchase of IBM’s QRadar SaaS Assets https://www.webpronews.com/palo-alto-networks-completes-purchase-of-ibms-qradar-saas-assets/ Thu, 05 Sep 2024 19:16:17 +0000 https://www.webpronews.com/?p=607562 Palo Alto Networks has closed a deal for the Software as a Service assets of IBM’s QRadar, bolstering the company’s threat detection capabilities.

QRadar Suite “is a modernized threat detection and response solution designed to unify the security analyst experience and accelerate their speed across the full incident lifecycle.” The suite leverages enterprise-grade AI and automation to improve response, analysis, and overall security.

Palo Alto announced it has completed its acquisition of the QRadar assets, and will see IBM be a preferred managed security services provider. IBM also committed to further deploying Palo Alto’s “security platforms with the deployment of Cortex XSIAM for its own next-gen security operations, and Prisma SASE 3.0 for zero-trust network security to safeguard more than 250,000 of its global workforce.”

The company says customers will see the following benefits:

  • Seamless Migration: Palo Alto Networks, alongside IBM Consulting and its team of security experts, will offer free migrations services to eligible customers, ensuring a smooth transition to the Cortex XSIAM® platform while retaining existing best practices .
  • Enhanced Security Operations: Cortex XSIAM integrates multiple SOC tools into a Precision AI-powered platform, to provide comprehensive functionality, reduce manual workload and enable more effective threat response.
  • Advanced Analytics and Automation: Cortex XSIAM uses Precision AI-powered analytics to consolidate security alerts into fewer high-priority incidents
  • IBM Consulting Platform Support: The companies will offer immersive experiences for customers interested in adopting Palo Alto Networks security platformization, and IBM is training over 1,000 consultants on Palo Alto Networks security solutions.
  • On-Premises Customer Continuity: QRadar clients who remain on QRadar on-prem will continue receiving IBM features and support. QRadar SaaS customers will also receive uninterrupted customer service and support until they are ready to move to Cortex XSIAM.

“We are on a mission to help organizations transform their security operations and harness the potential of Precision AI-powered platforms to better protect their businesses,” said Nikesh Arora, Chairman and CEO, Palo Alto Networks. “Our partnership with IBM reinforces our commitment to innovation and our conviction in the tremendous benefit of QRadar customers adopting Cortex XSIAM for a robust, data-driven security platform that offers transformative efficiency and effectiveness in defending against evolving cyber threats.”

“Together, IBM and Palo Alto Networks are shaping the future of cybersecurity for our customers and the industry at large,” added Arvind Krishna, Chairman and CEO, IBM. “Working with Palo Alto Networks will be a strategic advantage for IBM as our two companies partner on advanced threat protection, response, and security operations using Cortex XSIAM and watsonx, backed by IBM Consulting. At the same time, IBM will continue innovating to help secure organizations’ hybrid cloud environments and AI initiatives, focusing our investments on data security and identity and access management technologies.”

]]>
607562
Data Broker At Center of Data Leak Involving 170 Million Records https://www.webpronews.com/data-broker-at-center-of-data-leak-involving-170-million-records/ Tue, 03 Sep 2024 19:45:02 +0000 https://www.webpronews.com/?p=607469 Data broker People Data Labs (PDL) appears to be at the center of a massive data breach, one that has exposed at least 170 million records.

Cybernews reports that its research team found a dataset online that contained more than 170 million records. The dataset was exposed via an unprotected Elasticsearch server, although it was not directly connected PDL. As a result, the leak could be the result of a mishandled server from one of PDL’s partner companies.

The leaked data includes:

  • Full names
  • Phone numbers
  • Emails
  • Location data
  • Skills
  • Professional summaries
  • Education background
  • Employment history

Unfortunately, this is not the first time PDL has been involved in a data leak. As Cybernews reports, PDL suffered a data leak of more than a billion records in 2019. Interestingly, that data breach was also the result of an unprotected Elasticsearch, raising the possibility that this latest breach could be a subset of data from the original 2019 breach.

As the outlet points out, the breach brings increased scrutiny on the data broker industry.

“The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties. Leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks,” said the Cybernews research team.

Unlike the EU, the US lacks comprehensive privacy legislation, meaning data brokers are not nearly as regulated as on the other side of the Atlantic. As a result, users’ data—as well as their privacy—continues to be collected, saved, bartered, sold, used, and abused.

While a data breach is never a good thing, hopefully it will add to the growing chorus of users, lawmakers, and critics who want more oversight of such companies.

]]>
607469
Unlike Musk And X, Apple May Be Giving In To Brazil’s Censorship https://www.webpronews.com/unlike-musk-and-x-apple-may-be-giving-in-to-brazils-censorship/ Mon, 19 Aug 2024 17:21:49 +0000 https://www.webpronews.com/?p=606609 Apple appears to be blocking the download of VPN apps from the App Store, a notably different choice than X and Elon Musk recently made.

Musk made headlines when he opted to pull X out of Brazil in response to what he called “secret censorship.” Brazilian Supreme Court Justice Alexandre de Moraes had ordered X to remove certain content and secretly provide information about certain users.

As we noted in our previous coverage, the order was condemned by legal scholars who labeled it judicial overreach.

“This is a clear case of a judiciary overreaching its power,” said Javier Moreno, a legal scholar specializing in international law. “Forcing a company to comply with secret orders that violate multiple international laws sets a dangerous precedent.”

Despite the strong stand Musk and X took, it Appears Apple may be going a different route. According to Proton, users are having trouble downloading Proton VPN.

We have received multiple reports today from users in Brazil having difficulties installing the Proton VPN app on iOS devices via the Apple App Store. We can confirm that the issue is not on our side, but likely with the App Store itself, which is controlled by Apple. What makes this an extremely strange coincidence is that it is also impacting multiple other VPNs in the Brazilian app store.

Proton acknowledges it’s not 100% certain if the issue is accidental or the result of secret censorship.

Most likely, something has happened on the Apple side, and we do not know if it is accidental, or if Apple is secretly implementing a censorship order. But because of Apple’s monopoly on iOS app distribution, there is no other way to get the app on iOS devices.

Of course, the timing is suspicious—coming right after an attempt at secret censorship of X—as is the fact that VPN apps appear to be the only ones impacted.

WPN has reached out to Apple for comment and will update with any response received.

]]>
606609
Device Encryption Enabled By Default On Windows https://www.webpronews.com/device-encryption-enabled-by-default-on-windows/ Wed, 14 Aug 2024 17:22:11 +0000 https://www.webpronews.com/?p=606477 Microsoft is continuing its efforts to improve Windows security, with its latest move being to enable Device Encryption by default.

Device encryption helps keep users’ data secure when the computer is turned off, or the user is logged out. It’s an important security feature, especially for mobile users who are at greater risk of having their machine stolen.

According to Microsoft, Device Encryption works with BitLocker to encrypt the device and its operating system.

Device Encryption is a Windows feature that enables BitLocker encryption automatically for the Operating System drive and fixed drives. It’s particularly beneficial for everyday users who want to ensure their personal information is safe without having to manage complex security settings.

The company says Device Encryption will be enabled by default for those using a Microsoft account.

When you first sign in or set up a device with a Microsoft account, or work or school account, Device Encryption is turned on and a recovery key is attached to that account. If you’re using a local account, Device Encryption isn’t turned on automatically.

Unlike BitLocker Drive Encryption, which is available on Windows Pro, Enterprise, or Education editions, Device Encryption is available on a wider range of devices, including those running Windows Home.

The change should help improve Windows security for the average user.

]]>
606477
United Nations Members Adopt First Cybersecurity Convention https://www.webpronews.com/united-nations-members-adopt-first-cybersecurity-convention/ Wed, 14 Aug 2024 11:30:00 +0000 https://www.webpronews.com/?p=606464 The United Nations member states are serious about tackling cybersecurity threats, adopting “the first global legally binding instrument on cybercrime.”

UN member states negotiated on the draft convention text for the last three years, before finally coming to an agreement on August 9, 2024. The UN says the convention is the culmination of five years of work, including getting input from academics, civil society, and the private sector.

“The finalization of this Convention is a landmark step as the first multilateral anti-crime treaty in over 20 years and the first UN Convention against Cybercrime at a time when threats in cyberspace are growing rapidly,” said UNODC Executive Director Ghada Waly. “I congratulate Member States and the Ad Hoc Committee, under the leadership of Ambassador Faouzia Boumaiza-Mebarki as Chair and a strong representative of women diplomats, for guiding negotiations and reaching consensus on the final text. UNODC is immensely proud to have supported the negotiation process and to serve as the Secretariat of the Convention. We will continue to play a central role in assisting in the implementation and ratification of the Convention, once adopted by the General Assembly, as well as providing technical assistance to Member States, as we work with all countries and partners to safeguard digital spaces.”

The convention is designed to help law enforcement agencies by fostering greater international cooperation, paving the way for technical assistance, and improve the necessary computing capacity needed to fight cybercrime.

The full draft convention can be found here.

]]>
606464
6 Ways Finance Companies Can Prevent Data Breaches https://www.webpronews.com/prevent-data-breaches/ Tue, 13 Aug 2024 20:08:13 +0000 https://www.webpronews.com/?p=606459 Finance companies work with data every day. In fact, they hold a lot of sensitive information about people and businesses. They keep records of bank account details, social security numbers, and even their customers’ personal data. 

All of this information is valuable, and it is why hackers target them. These hackers try to get into a company’s system and steal this data. A data breach can cause a lot of problems for both the company and its customers. From identity theft to even outright fraud, there are so many issues finance companies have to prevent.

Therefore, it is very important for finance companies to have strong measures in place to protect this information. 

6 Ways to Prevent Data Breaches

Data breaches are not exactly new to the business world. Over the years, there have been quite a few incidents. Finance firms are at risk of data breaches because of the potential for fraud and abuse. So keeping hackers out of your system is crucial. 

Here, we will look at six simple ways finance companies can prevent a data breach.

Monitor for Suspicious Activity

Finance companies are meant to have a system in place to monitor their networks. So, if there is any unusual activity, it can help them catch a data breach early. There are many tools available that can monitor your company’s data. They will quickly alert you if your data is being accessed or if someone is trying to log in from an unusual location. With a hedge fund cybersecurity solution, they can detect it before too much damage is done. 

Use Strong Passwords

Another way they can protect their data is to use strong passwords. It is better to use a strong password, especially one that is long and has a mix of letters, numbers, and special characters. Your password should not be something that is easy to guess.

It is important that employees change their passwords regularly. Also, they should not use the same password for different accounts. The company can even use tools that manage passwords to help their employees create and store strong passwords.

Keep Software Up to Date

If your systems are old and not updated, it will be easy for hackers to get in. Most of the time, software companies release updates when they fix a problem with their software. If your company does not update its software, it will leave the door open for hackers. 

Hence, it is important that finance companies make sure all their software is up-to-date. They can set up automatic updates so they don’t miss anything.

Besides updating the software, companies may also need a total overhaul of outdated hardware. There’s only so much software can fix. If the hardware is outdated, it may not meet international standards. This may incur a cost, but the cost is cheaper than the result of a hack. 

Train Employees

Even before your systems, your employees are the first line of defense against data breaches. So you need to train them on what to look out for. This way, they can know what to do if they see something suspicious. Ensure that your company has regular training sessions for employees. 

Let them know how to recognize phishing emails and other common hacking attempts. They should also know the importance of keeping their work environment secure. Employees should learn how to lock their computers when they are away from their desks.

These trainings should be organized randomly and regularly to ensure that employees are properly sensitized. As technology advances, they need to be up to date with the new ways cyber thieves employ to steal information.

Use Encryption

When data is encrypted, even if a hacker manages to steal it, they will not be able to read it. Encryption makes sure that the data is unreadable to anyone who does not have the right key to view it. Hence, finance companies should use encryption for all sensitive data. They can encrypt data regardless of where it is stored or sent to. 

A good cybersecurity solution provides top notch encryption services to put both the financial business and their customers at ease. 

Outsource cybersecurity 

While having an in house cybersecurity team is a good thing, it may not necessarily keep your business safe from hackers. The reason is simple. Hackers work every day to come up with new technologies to gain access to company systems. In house cybersecurity teams get trained but may not have up to date training to keep hackers at bay. 

On the other hand, when you outsource your cybersecurity team, you’ll work with seasoned professionals who constantly update their knowledge. They can work around the clock to keep finance systems safe and reduce operational risk. This kind of middle office outsourcing service is cheaper in the long run compared to the cost of getting hacked. 

Final thoughts 

It is important to have a good cyber security protocol in place to keep data safe. Companies hold the trust of their customers and a data breach destroys that trust. Not to mention the loss on the company’s part. Finance companies can protect themselves and their customers from the serious consequences of data breaches. However, they need a good monitoring system to ensure that there isn’t any breach. Everyone in the company has a role to play in keeping information safe. From training staff to outsourcing the cybersecurity team, finance companies can

]]>
606459
ADT Breach Sees Consumer Data Sold Online https://www.webpronews.com/adt-breach-sees-consumer-data-sold-online/ Mon, 12 Aug 2024 11:30:00 +0000 https://www.webpronews.com/?p=606380 ADT is the latest company to experience cybersecurity incident, revealing that bad actors accessed some of its customer databases.

ADT revealed the incident in an SEC filing:

ADT Inc. (“ADT” or the “Company”) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses.

The company says it does not believe the bad actors were able to compromise any information directly related to customers’ security systems, nor does it believe the breach will have any significant impact on the company’s financial outlook.

Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base. While the investigation remains ongoing, as of the date of this filing, the Company believes this cybersecurity incident has not materially impacted its operations and does not expect that this incident is reasonably likely to have a material impact on the Company’s overall financial condition, results of operations, or ability to meet its 2024 financial guidance.

A company that provides security for business and home customers alike is bound to be a high-priority target for bad actors. Fortunately, it appears the damage is fairly limited.

Nonetheless, hackers have reportedly been selling the ADT customer data online, so individuals will likely see an uptick in scam and phishing attacks.

]]>
606380
macOS Sequoia Will Prompt Users For Screen Recording App Permission…WEEKLY https://www.webpronews.com/macos-sequoia-will-prompt-users-for-screen-recording-app-permission-weekly/ Thu, 08 Aug 2024 18:14:02 +0000 https://www.webpronews.com/?p=606306 Apple’s macOS Sequoia is about to take annoying to an all-new level, with the OS asking users to grant permission to screen recording apps every week and after every reboot.

Apple is well-known for its efforts to protect the privacy and security of its users, but its latest efforts may be a bridge too far for some users. According to 9to5Mac, the company is adding a prompt to Sequoia that will ask users to authorize access for any kind of third-party app that records screen activity or takes screenshots.

The prompt will display on first-run of the app, will ask again every week, and will ask every restart. To make matters worse, the prompt will display for every single app that falls into the impacted category.

Needless to say users and developers are not happy with the decision. xScope developer Craig Hockenberry was one of those speaking out about it on Mastodon.

I’ve always been proud that xScope is a tool that sits quietly in the background, ready when you need it.

So much for the “quietly” part…

Craig Hockenberry (@chockenberry@mastodon.social) | August 6, 2024

Hockenberry did go on to say that Apple’s Persistent Content Capture might be a solution to the problem, but pointed out that Apple has yet to provide any documentation on how to actually use it.

“A friend pointed me to this the other day and it feels like a solution to the (justified) uproar over the screen sharing nag,” he writes.

“The issue here is that Apple has provided no documentation or any other guidance on how to get this entitlement and prevent an app from becoming nagware.”

Hockenberry goes on to say that Apple should have communicated such important changes ahead of time, rather than surprising users.

“You’d think that Apple would have figured out that letting developers know about Security changes ahead of time would be a good idea,” he continued.

“Instead, we get intrusive dialogs that cause everyone to (rightfully) freak out.”

There’s no doubt that screen capture and recording apps pose a larger security risk than some other categories. A malicious app could capture sensitive data and send it to bad actors. Apple is rightly concerned about making sure users understand the risks and have knowingly installed and activated such features.

Nonetheless, security that comes in the form of pestering users with endless prompts hardly seems like the right approach, and will hurt developers and end users alike.

]]>
606306
Microsoft Backs CrowdStrike, Says Delta Declined Help Repeatedly https://www.webpronews.com/microsoft-backs-crowdstrike-says-delta-declined-help-repeatedly/ Thu, 08 Aug 2024 16:22:28 +0000 https://www.webpronews.com/?p=606298 Microsoft is confirming CrowdStrike’s version of events, saying CrowdStrike repeatedly turned down offers of help from Microsoft, including CEO Satya Nadella.

Multiple industries were impacted when CrowdStrike pushed a faulty update to its cybersecurity software that bricked millions of Windows PCs. Because CrowdStrike’s software runs at the kernel level, bringing the computers online required phyiscal access. Although multiple airlines were impacted, Delta was affected far worse, at a cost of $500 million and some 5,000 canceled flights.

Delta and CrowdStrke Trade Barbs

Delta CEO Ed Bastian said his company was considering a lawsuit to recover some of its losses.

“We’re not looking to wipe out these companies, but we are looking for fair compensation and assurances that this won’t happen again,” Bastian said last week.

CrowdStrike was quick to fire back, saying that Delta was to blame for the extra issues it enountered, versus its competitors, since it refused help from CrowdStrike.

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not,” wrote Michael Carlinsky, an attorney representing the cybersecurity firm, in a letter to Delta.

Microsoft’s Response

Delta was quick to point the blame at Microsoft as well. Delta’s attorney, David Boies, wrote in a July 29 letter: “We have reason to believe Microsoft has failed to comply with contractual requirements and otherwise acted in a grossly negligent, indeed willful, manner in connection with the Faulty Update.”

Microsoft has now weighed in, supporting CrowdStrike’s telling of events. According to CNBC, attorney Mark Cheffo, a Dechert partner, sent a letter to Delta on behalf of Microsoft.

“Our preliminary review suggests that Delta, unlike its competitors, apparently has not modernized its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendants,” Cheffo wrote.

Cheffo also said Microsoft repeatedly offered Delta help that the airline declined. In fact, Microsoft employees reached out to Detal every day from July 19 to July 23. Nadella even tried reaching out to Bastian, but never received a reply, the same thing that happened when CrowdStrike CEO George Kurtz tried contacting Bastian.

Cheffo cited one of Microsoft’s attempts to help Delta in the form of a letter on July 22, in which a Delta employee responded: “All good. Cool will let you know and thank you.”

According to CNBC, evidence is also mounting that Delta has been diversifying the platforms it relies on since 2021, using IBM and even picking AWS as its preferred cloud provider. That point was directly addressed in Cheffo’s letter to the airline.

“It is rapidly becoming apparent that Delta likely refused Microsoft’s help because the IT system it was most having trouble restoring — its crew-tracking and scheduling system — was being serviced by other technology providers, such as IBM, because it runs on those providers’ systems, and not Microsoft Windows or Azure,” Cheffo wrote in his letter.

Conclusion

There is clearly some reason why Delta’s recovery from the CrowdStrike outage was fraught with far more difficulties than its rivals. Whatever that cause may be, it is increasingly looking like it may not have been for any lack of effort on the part of Microsoft or CrowdStrike.

In fact, Delta’s troubled recovery may well have been the result of decisions made by Delta personnel across the entire company, up to an including CEO Ed Bastian himself.

]]>
606298
Microsoft Authenticator Will Overwrite Your Saved Accounts https://www.webpronews.com/microsoft-authenticator-may-overwrite-your-saved-passwords/ Wed, 07 Aug 2024 15:27:50 +0000 https://www.webpronews.com/?p=606247 Microsoft Authenticator has a serious design flaw, one that is overwriting people’s accounts and leaving them with little recourse.

Microsoft Authenticator is the company’s multi-factor authentication (MFA) app, used by countless individuals and organziations. Unfortunately, it has a serious design flaw that leads to saved account information being wiped out.

According to CSO, when users add a new account using a QR scan, Authenticator will overwrite previous accounts that use the same username as the account being added. Unfortunately, this is a common issue. Many individuals use their email address or a common username across platforms. To make matters worse, a QR scan is the most common way to add a new account to Authenticator. As a result, it’s not a matter of if, but when, Authenticator users will find themselves locked out of important accounts.

Unfortunately, this is an issue that has been reported to Microsoft for years, but the company is inexplicably doing nothing to fix it.

CSO says it spoke with several security experts to understand the scope of the problem, and it was not encouraging.

“Users will be locked out and will need to get back in. Once you add one entry that is using the email address, the second entry will conflict,” said Tim Erlin, VP of product at Wallarm. “And once you have overwritten, you won’t know which one was overwritten.

“It’s possible that this problem occurs more often than anyone realizes because [users] don’t realize what the cause is,” he added. “If you haven’t picked an authentication app, why would you pick Microsoft?”

“I tried this to experience it myself,” said David Meltzer, chief product officer at Netography, after recreating the bug. “It is clearly a bug. It is a fairly straightforward thing [for Microsoft] to fix. Every other authenticator can handle it.”

Microsoft’s Response

In statements to CSO, Microsoft blamed users, saying the software was working as intended.

“We can confirm that our authenticator app is functioning as intended. When users scan a QR code, they will receive a message prompt that asks for confirmation before proceeding with any action that might overwrite their account settings. This ensures that users are fully aware of the changes they are making.”

Unfortunately, this statement is somewhat misleading. As CSO points out, the message that Authenticator displays is not nearly as clear as Microsoft would have one believe.

“This action will overwrite existing security information for your account. To prevent being locked out of your account, continue only if you initiated this action from a trusted source.”

As CSO points out, this message is problematic for multiple reasons.

  • As Erlin points out above, the app doesn’t clarify which account will be wiped out, leaving users to find out the hard way.
  • The dialog describes the user initiating the action, and the action coming from a trusted source, as the criteria for continuing, meaning most users will then proceed.
  • It offers no way of avoiding the overwrite, except to cancel the process.

Interestingly, Microsoft reached back out to CSO to provide a new statement, this time blaming vendors.

“When you scan a QR code, the Authenticator app uses a label given by the vendor to set up your Time-based One-Time Password (TOTP) account. However, some sites or vendors don’t include the issuer — the site name or Identity provider name — in the label. This may result in a situation where a user may already have an account with the same label and the app attempts to overwrite the existing TOTP account with the new one they are scanning. In situations where a user has an existing account with the same label, users are always presented with a message prompt to confirm overwriting an existing TOTP account in their app and can make a conscious choice to proceed or not. We are always working on enhancing our products and will take this into consideration and apply it to future improvements.”

Of course, no other major authenticator app struggles with this issue, meaning that there is a fundamental design choice of Microsoft’s that has created this situation.

Australian IT consultant Brett Randall told the outlet that there are few options to fix the issue, short of Microsoft fixing it correctly.

“It seems there are two options here to avoid end users accidentally overwriting other apps’ keys,” Randall told CSO. “We audit every application’s otpauth and go through the hassle of trying to convince every company doing it ‘wrong’ to fix it. Or Microsoft fixes this once and then we never have to worry about it again.”

In the meantime, organizations and individuals would do well to use pretty much any other authenticator, aside from Microsoft Authenticator.

]]>
606247
CrowdStrike Fires Back At Delta, Says Airline To Blame https://www.webpronews.com/crowdstrike-fires-back-at-delta-says-airline-to-blame/ Mon, 05 Aug 2024 19:05:09 +0000 https://www.webpronews.com/?p=606183 CrowdStrike has fired back in the wake of Delta Air Lines’ threat of a lawsuit, saying the airline is to blame for its lengthy recovery from the outage.

CrowdStrike pushed a faulty update to its cybersecurity software in mid-July. Because CrowdStrike’s software runs at the kernel level in Windows—the most low-level part of the operating system—the update had devastating consequences, crippling millions of Windows PCs around the world. The airline industry was hit hard, with Delta being one of the ones impacted the worst.

Delta CEO Ed Bastian said the company may take legal action against CrowdStrike in response.

“We have no choice,” Bastian said in an interview. “Over five days, between lost revenue and the tens of millions of dollars per day in compensation and hotels, we did everything we could to take care of our customers. We have to protect our shareholders, our customers, and our employees from the damage.”

According to The Wall Street Journal, CrowdStrike is accusing Delta of creating a “misleading narrative,” and points to the airline’s response to the outage as the true culprit.

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not,” wrote Michael Carlinsky, an attorney at the Quinn Emanuel Urquhart & Sullivan law firm.

The letter goes on to say that CrowdStrike tried to assist Delta in its recovery, but was ultimately told its help was not needed. Interestingly, Bastian alluded to the offer in his interview, but seemed to indicate that any such offer held very little real-world value.

“Do you really want to know what they offered us? Nothing. Free consulting advice to help us. Exactly,” he said. “We have to ensure that this doesn’t happen again and that our stakeholders are compensated for the losses.”

Delta’s long recovery has been a big question mark in the aftermath of the incident, especially since other airlines were back up and running days sooner. Bastian says the blame lies with CrowdStrike and Microsoft, painting Delta as being caught between two competing companies that don’t always work well together.

“People wonder how this could happen if we have redundancies. We built hundreds of millions of dollars in redundancies. The issue is with Microsoft and CrowdStrike, and we are heavily invested in both,” he explained. “We got hit the hardest in terms of recovery capability.”

“Microsoft and CrowdStrike are the top two competitors in cybersecurity. They don’t necessarily partner at the level we need them to,” Bastian added. “This is a call to the industry. Everyone talks about making sure big tech is responsible. Well, guys, this cost us half a billion dollars.”

There’s no doubt that CrowdStrike is ultimately to blame for the outage. The company admittedly pushed a faulty update that bricked millions of computers, in many cases requiring physical access to the machines to fix them.

Only time will tell if Delta was also negligent in their response to the incident, or if they are just caught between two companies, a victim of their heavy reliance on both.

]]>
606183