WebProNews

Category: ITProNews

ITProNews

  • Ditch the Password for Your Microsoft Account

    Ditch the Password for Your Microsoft Account

    Microsoft has announced that users can ditch the password for their accounts, a move that brings a new level of convenience and security.

    Remembering passwords has always been a challenge for many, one that grows with the number of services, apps and platforms a person uses. Add in some passwords being caught in data breaches and needing to be replaced, and keeping up with one’s passwords quickly becomes a chore.

    Microsoft is trying to help ease that frustration by making passwordless login a reality. CEO Satya Nadella tweeted about it Wednesday, September 15:

    Vasu Jakkal Corporate Vice President, Security, Compliance and Identity, expanded on how the feature will work.

    For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision. In March 2021, we announced that passwordless sign in was generally available for commercial users, bringing the feature to enterprise organizations around the world.

    Beginning today, you can now completely remove the password from your Microsoft account. Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more. This feature will be rolled out over the coming weeks.

  • REvil Is Back!

    REvil Is Back!

    REvil, one of the most notorious ransomware gangs, is back after its servers went offline two months ago.

    REvil is a gang of hackers, believed to be operating from Russia, that specializes in ransomware attacks. The group was behind the Kaseya attack, the biggest ransomware in history.

    Two months ago REvil went dark, with their servers going offline. Even their “leak site” went down. While servers for ransomware gangs often go down, as we pointed out then, it’s unusual for all of them to go down at once. Some experts believed the gang may have shut down operations in response to increased pressure after the Kaseya attack.

    Despite the seeming good news, experts warned organizations not to become complacent, and that REvil’s operators would likely show up somewhere, one way or another.

    According to security researchers, it appears that’s exactly what’s happened, as the group’s servers are once again active on the Dark Web.

    The revelation is bad news for organizations around the world, and underscores the importance of continued vigilance.

  • Harvard University Hit With Ransomware Attack

    Harvard University Hit With Ransomware Attack

    Harvard University has revealed it has suffered a ransomware attack, the latest in a string of high-profile organizations that have fallen victim.

    The FBI has been warning that ransomware attacks are on the rise, and currently has more than 100 groups on its radar. JBS Foods, Colonial Pipeline and Kaseya are just a few of the organizations that have recently been attacked.

    Harvard University is the latest addition, announcing it suffered an attack on September 3.

    The situation is still being investigated, but we are writing to provide an interim update and to share as much information as we safely and possibly can at this point in time, considering that our emails are often shared within a public domain. 

    Based on the investigation and the information we have to date, we know the University has experienced a ransomware cyberattack. 

    The university is working to restore normal operations, but its WiFi network will remain down until it can safely be brought back online.

  • FBI: Cybercriminals ‘Targeting the Food and Agriculture Sector’

    FBI: Cybercriminals ‘Targeting the Food and Agriculture Sector’

    The FBI is warning that cybercriminals are targeting the US food and agriculture sector with ransomware attacks.

    US businesses and agencies have increasingly been under attack from cybercriminal groups, both state-sponsored and profit-driven. JBS FoodsT-Mobile, Colonial Pipeline, the University of Kentucky and Kaseya are just a few of the major companies and organizations that have recently been attacked.

    The worst may be yet to come, with the FBI warning that the food and agriculture sector is being specifically targeted.

    The Food and Agriculture sector is among the critical infrastructure sectors increasingly targeted by cyber attacks. As the sector moves to adopt more smart technologies and internet of things (IoT) processes the attack surface increases. Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes, according to a private industry report. 

    The FBI is asking for any information that may be of assistance.

    The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, Bitcoin wallet information, the decryptor file, and/or a benign sample of an encrypted file. 

    The FBI reiterates that it does not encourage companies to pay a ransom, but recognizes that all options are on the table when a company is crippled and unable to do business as a result of an attack. Regardless of whether an organization agrees to pay or not, the FBI encourages victims to contact it as soon as possible so it can render assistance.

    The FBI’s full notice is well worth a read, as it includes detailed mitigation efforts organizations should be taking.

  • COVID-19 Driving Global Government IT Spending Growth

    COVID-19 Driving Global Government IT Spending Growth

    The COVID-19 pandemic is driving governments around the world to invest more heavily in IT.

    One of the biggest lasting effects of the pandemic is an accelerated migration to the cloud and transition to digital-first workflows. The accelerated pace, however, has put a strain on IT departments across industries, including government.

    As a result, according to Gartner, 2022 will see a 6.5% increase in government IT spending, for a total of $557.3 billion.

    “Governments will continue to accelerate investments in digital technologies to respond and recover from the continuing evolution of public health uncertainties due to the COVID-19 pandemic,” said Irma Fabular, research vice president at Gartner. “The disruptions caused by the pandemic have also reinforced a key digital government tenet, which is public policy and technology are inseparable.”

    Some of the fastest growing segments include the modernization of IT infrastructure and applications; improving public services responsiveness and resilience; and adoption of citizen digital identity.

    “Digital identity is moving beyond authenticating citizens online and signing remote transactions,” said Fabular. “To raise the chances for greater adoption of digital identity, governments must treat privacy, security and user convenience as critical success factors.”

  • U.S. Digital Corps Aims to Attract Top Tech Talent to Government Roles

    U.S. Digital Corps Aims to Attract Top Tech Talent to Government Roles

    The Biden administration has unveiled the U.S. Digital Corps, with the goal of attracting the nations top tech talent to government jobs.

    The tech industry has a complicated relationship with government, with the biggest tech companies under increased scrutiny for potential antitrust violations. At the same time, the transition to remote work, the rise of cloud computing and the ever-growing cybersecurity risks means the government needs talented tech workers now more than ever.

    The Digital Corps has been launched to help meet that need.

    Begin your technology career inside the federal government and be part of something bigger. The U.S. Digital Corps is a new two‑year fellowship for early‑career technologists where you will work every day to make a difference in critical impact areas including coronavirus response, economic recovery, cybersecurity, and racial equity. More than just a job with a competitive salary and benefits, you will change the way people in America are served by their government.

  • Unpatched SSL VPN Vulnerabilities From 2019 Still Being Exploited

    Unpatched SSL VPN Vulnerabilities From 2019 Still Being Exploited

    Three SSL VPN vulnerabilities are being actively exploited, despite being disclosed in 2019 and patched by January 2020.

    SSL VPN products are critical to many organization’s security. As such, they’re a prime target for bad actors looking for a way to compromise an entire network. Unfortunately, many companies and organizations are not patching vulnerabilities as they should be.

    Data from Tenable Research shows that three critical SSL VPN vulnerabilities are still being actively exploited, including CVE-2019-19781, CVE-2019-11510 and CVE-2018-13379. CVE-2019-11510, in particular, had a Vulnerability Priority Rating (VPR) of 10.0, although the other two were not far behind at 9.9

    Although all three vulnerabilities were disclosed in 2019 and patched by January 2020, they continue to be routinely exploited more than halfway through 2021. According to a joint cybersecurity advisory from four international government agencies, these vulnerabilities were some of the most exploited in 2020. In fact, CVE-2019-19781 was named the most exploited vulnerability of 2020, according to government data.

    With the increasing rate of hacks, ransomware and data breaches, it’s disturbing that organizations are not making it a priority to apply readily available patches to such a critical part of their security.

  • Western Digital Accused of Bait-and-Switching With Slow SSDs

    Western Digital Accused of Bait-and-Switching With Slow SSDs

    Western Digital, one of the leading hard drive makers, is accused of giving customers slower SSDs than advertised.

    It’s a common practice in the tech industry to send out products for tech journalists to review. Needless to say, companies try to put their best foot forward, sending the best products they have for the review. At the same time, however, there’s a certain expectation that the individual product being reviewed will be representative of the entire line, and not vastly superior to what will actually ship.

    Unfortunately, it appears Western Digital didn’t get that message. Instead, as first noticed by Chinese site Expreview and covered in more detail by ExtremeTech, Western Digital appears to be shipping SSD drives that offer a fraction of the speed as the initial review units.

    The drive in question is the WD SN550 Blue, one of the highest-reviewed budget SSDs on the market. In initial reviews and testing, as well as early models that shipped, the drive delivered 610MB/s speeds. The latest drives being shipped, however, drop to an abysmal 390MB/s once the SLC NAND cache is exhausted. As ExtremeTechhighlights, that means the new drive is only delivering 64% of the performance people are expecting.

    There is absolutely no excuse for this kind of cheap, classless tactics. ExtremeTech’s Joel Hruska puts it best:

    This is unacceptable. It is unethical for any company to sample and launch a product to strong reviews only to turn around and sell an inferior version of that hardware at a later date without changing the product SKU or telling customers that they’re buying garbage. I do not use the term “garbage” lightly, but let me be clear: If you silently change the hardware components you use in a way that makes your product lose performance, and you do not disclose that information prominently to the customer (ideally through a separate SKU), you are selling garbage. There’s nothing wrong with selling a slower SSD at a good price, and there’s nothing right about abusing the goodwill of reviewers and enthusiasts to kick bad hardware out the door.

    Western Digital owes everyone of the people who bought this drive an apology and a full refund.

  • Keystrokes and Mouse Clicks: Amazon’s Plan to Monitor Customer Service Staff

    Keystrokes and Mouse Clicks: Amazon’s Plan to Monitor Customer Service Staff

    Amazon is rolling out a sweeping monitoring program, with the goal of tracking the keystrokes and mouse clicks of its customer service staff.

    In the era of Big Data, few companies have access to as much customer data as Amazon. The company controls the largest e-commerce platform, a line of popular security devices and, of course, the most popular cloud computing platform in the world. As a result, the company is a prime target for unscrupulous individuals looking to access that data.

    According to a document seen by Motherboard, Amazon is preparing to roll out software designed to track customer service employees’ activity in an effort to prevent abuses from occurring. The company has already had instances where imposters have impersonated customer service staff and accessed information.

    The company has looked at various solutions, including those that capture all keystrokes and mouse clicks. The one the company appears to be leaning toward focuses on capturing patterns instead, building a profile of how a person interacts with their workstation, via the keyboard and mouse. If someone else tries to use it, their usage would stand out as different from the established pattern, making it easy to spot an imposter.

    “We have a security gap as we don’t have a reliable mechanism for verifying that users are who they claim they are,” reads the document.

    The lengths to which Amazon is going illustrates the ongoing struggle companies have, and the solutions that will likely become more commonplace as threats continue to grow.

  • Charlie Bell, 23-Year Veteran, Leaving AWS

    Charlie Bell, 23-Year Veteran, Leaving AWS

    AWS is making changes to its executive roster as Charlie Bell, a long-time company veteran, departs.

    Amazon has been in a state of transition following company founder and CEO Jeff Bezos stepping down in July, on the company’s 27th anniversary. Andy Jassy, the former head of AWS, took over as CEO, while Adam Selipsky took over as CEO of AWS, the company’s cloud business.

    According to an internal email send by Business Insider, Selipsky informed AWS VPs of Bell’s plans. In the meantime, AWS director Ryan Mackle, AWS support vice president Justin Brindley-Koonce and AWS managed services vice president John Brigden will report to AWS sales chief Matt Garman, who has been acting as the company’s COO.

    The email also indicated Peter DeSantis, part of Amazon’s “S-team,” will take over utility computing and Prasad Kalyanaraman will take over Infrastructure and Network Services. DeSantis and Kalyanaraman will both report directly to Selipsky.

    The reshuffle is one of the largest in recent years at AWS, and not unexpected when there’s such a major leadership change at the top.

  • Peraton Scores $1 Billion DOD Contract to Combat Misinformation

    Peraton Scores $1 Billion DOD Contract to Combat Misinformation

    Peraton has won a five-year, $979 million contract with the Department of Defense (DOD) to combat misinformation.

    In the digital age, misinformation has become a major problem impacting all sectors, from social media to the military. Peraton has been contracted to help the DOD combat misinformation, specifically that originating from US adversaries, according to FedScoop.

    “Since 2016, Peraton has executed campaigns to promote regional security and stability,” said Tom Afferton, president of Peraton’s cyber missions sector. “Our ability to provide the U.S. government with insight, expertise, and influence helps ensure the safety of Americans, our allies, and the more than 550 million people under U.S. Central Command’s area of responsibility, spanning three continents and 20 nations.”

    The contract underscores the evolving threats governments and militaries are now facing.

  • University of Kentucky Discloses Large Data Breach

    University of Kentucky Discloses Large Data Breach

    The University of Kentucky has sent out a letter disclosing a data breach impacting some 355,000 individuals.

    UK discovered the issue during an annual cybersecurity penetration test. The breach occurred in June 2021, impacting the College of Education database, part of the university’s Digital Driver License (DDL) platform. The DDL is used by K-12 schools and other colleges, both in and outside of Kentucky, for online training and test-taking.

    UK says the database contained usernames (usually a person’s email) and passwords for some 355,000 individuals, although the university says it contained no other personal information, minimizing potential identity theft concerns.

    “The University of Kentucky has spent more than $13 million on cybersecurity in last five years alone,” said Brian Nichols, UK’s chief information officer. “We have increased cybersecurity investments and enhanced our mitigation efforts in recent years, which enabled us to discover this incident during our annual inspection process conducted by an outside entity. Although the potential for identity theft is limited, we take this incident seriously and it is unacceptable to us. As a result, we will be taking additional measures to provide even more protection going forward. UK’s chief concern is end user privacy and protection and we are making every effort to secure end user data.”

    You can read UK’s full disclosure letter, contributed by The Recordhere.

    The DDL’s primary purpose is to provide free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. The platform is also used by the university for some of its own test-taking capabilities.

    The DDL breach was discovered in early June when the university carried out scheduled penetration tests of its platforms with the help of a third party.

    The test uncovered a vulnerability in the DDL platform, which when the university investigated further it discovered that it had been exploited earlier in the year.

  • 86% of Organizations Expect to Suffer a Successful Cyberattack

    86% of Organizations Expect to Suffer a Successful Cyberattack

    A whopping 86% of organizations expect to suffer a successful cyberattack in the next year.

    Cyberattacks have been on the rise for years, although the last year has seen some particularly devastating examples. The ransomware attacks on Colonial Pipeline, Kaseya and JBS are some of most recent ones that have had far-reaching consequences.

    Unfortunately, the outlook going forward doesn’t look much better. According to the latest research by Trend Micro, some 86% of organizations expect to be the victim of a successful cyberattack within the next 12 months.

    In asking about attacks in the past 12 months and future attacks in next 12 months, the results don’t bode well for 2H’2021. Globally, 81% had 1 or more successful attacks, and 24% had 7 or more successful attacks in the past 12 months. Additionally, 86% say it is somewhat to very likely they will have a successful attack in the next 12 months. This again appears to indicate organizations know they are not prepared enough to defend against new attacks.

    Cybersecurity has been a major focus of the Biden administration, but it looks like there’s still a long way to go before companies feel safe from threats.

  • Google Cloud Unveils Unattended Project Recommender

    Google Cloud Unveils Unattended Project Recommender

    Google Cloud is making it easier to recover resources from abandoned projects with its Unattended Project Recommender.

    Even the most organized cloud-based organization occasionally has projects and resources that fall through the cracks, or are otherwise abandoned. Google’s new Unattended Project Recommender is designed to help identify those projects and recover or deprecate them.

    Google announced the new service in a blog post:

    To help you prune your idle cloud resources, we’re excited to introduce Unattended Project Recommender. It’s a new feature of Active Assist that provides you with a one-stop shop for discovering, reclaiming, and shutting down unattended projects. With actionable and automatic recommendations, you no longer have to worry about wasting money or mitigating security risks presented by your idle resources. Unattended Project Recommender uses machine learning to identify, with a high degree of confidence, projects that are likely abandoned based on API and networking activity, billing, usage of cloud services, and other signals. This feature is available via the Recommender API today, making it easy for you to integrate with your company’s existing workflow management and communication tools, or export results to a BigQuery table for custom analysis.

    Unattended Project Recommender should be a major help to companies looking to more closely monitor and manage their cloud resources.

  • Google Cloud Unveils New Tools to Unify Data

    Google Cloud Unveils New Tools to Unify Data

    Google Cloud has unveiled its latest innovations, aimed at helping companies unify database, analytics and AI.

    Google Cloud is the third leading cloud provider, behind AWS and Microsoft Azure. The company is particularly viewed as a good option for machine learning development, and has strong support for open source software.

    The company’s latest tools will go a long way toward improving its stand even further, with Dataplex, Datastream and Analytics Hub.

    Dataplex is designed to “centrally manage, monitor and govern your data across data lakes, data warehouses and data marts, and make this data securely accessible to a variety of analytics and data science tools.”

    Datastream, currently available in preview, helps “move and synchronize data between heterogeneous databases, storage and applications reliably to support real-time analytics, database replication and event-driven architectures with Datastream, our serverless change data capture (CDC) and replication service.”

    Analytics Hub is designed to make it easy to “access and share valuable datasets and analytics assets (think BigQuery ML models, Looker Blocks, data quality recipes, etc.) across any organizational boundary.” Those interested will need to sign up for preview access.

    The company’s latest tools should go a long way toward helping its customers make the most of their data, as well as AI applications.

  • FBI Has More Than 100 Ransomware Groups on its Radar

    FBI Has More Than 100 Ransomware Groups on its Radar

    The FBI is currently keeping tabs on more than 100 ransomware groups in the wake of multiple, high-profile attacks.

    Bryan Vorndran, assistant director of the FBI’s cyber division, was testifying before a Senate Judiciary Committee hearing when he divulged the statistic, according to NBC News. Ransomware gangs have already cost untold damage in recent times. Hackers targeted managed software provider Kaseya; shut down JBS, one of the world’s largest meat processors; and crippled fuel supplies on the US East Coast by attacking Colonial Pipeline.

    Some ransomware gangs have gone dark, most notably REvil, the gang behind the Kaseya attack. Similarly, the gang behind the Colonial Pipeline attack have disbanded their Ransomware as a Service (SaaS) operations.

    Assistant Director Vorndran’s revelation echoes what other experts have said, warning that organizations should not get complacent just because some gangs have shut down.

  • Cisco May Need to Open the Coffers to Remain Competitive

    Cisco May Need to Open the Coffers to Remain Competitive

    Analysts believe Cisco may have to spend big on acquisitions if it wants to remain competitive in a changing tech landscape.

    Cisco built its business on networking equipment for the enterprise, the kind of equipment companies need to run data centers and on-premise networks. As Business Insider’s Aaron Holmes argues, however, Cisco is facing an existential crisis: the cloud.

    Cloud computing is on the rise now more than ever. While the transition was already well underway, the pandemic and rise of the remote workforce sent the transition into overdrive. As more and more companies rely on cloud computing to handle their basic operations, the need for expensive, enterprise-grade equipment to support on-premise networks and data centers drops precipitously.

    As a result, many analysts believe Cisco will need to make additional acquisitions to remain competitive and adapt to the changing industry. Such an acquisition could be of an up-and-coming startup that offers a product or service complimentary to Cisco’s ambitions, or it could be a larger acquisition of an established rival.

    Fortunately, as Holmes points out, this is nothing new for Cisco. The company has a long history of making acquisitions and isn’t shy about ponying up when the need arises. Hopefully, company leadership realizes the current cloud transitions represents one of those times.

  • Google Cloud Promises Product Stability With Enterprise APIs

    Google Cloud Promises Product Stability With Enterprise APIs

    Google is working to convince its cloud customers they can count on it for product and feature stability with Google Enterprise APIs.

    Google has a long history of killing off its own products suddenly. App Maker, Loon, Google Hangouts, Google Play Music, Game Builder, Google Jump, Google+ and Chromebook Pixel are just a few of the projects and products Google has killed. 

    Unfortunately for the company, having a reputation for killing off its own products is not conducive to gaining cloud market share, a core goal of Google Cloud CEO Thomas Kurian. The company is now taking steps to address its reputation, with its new Enterprise APIs.

    At Google Cloud, we’ve been implementing programs to enhance your trust in our platform; for example, we introduced Mission Critical Services, a consultative offering for customers with top-tier Premium Support, and simplified launch stages, for greater predictability of our product roadmap. 

    Today, we’re taking it one step further by introducing designated Google Enterprise APIs, a label applied to the vast majority of APIs across Google Cloud, Google Workspace, and Google Maps Platform (not inclusive of our consumer APIs). Built for higher stability, Google Enterprise APIs are governed by new tenets, a stringent set of requirements about how and when we make changes to them. 

    Given Kurian’s goal of becoming the number two cloud provider in five years, in terms of market share, Enterprise APIs are a step in the right direction. In fact, it makes one wonder why the company didn’t take such a step sooner.

    Of course, if Google wasn’t so kill-happy with its own products, it wouldn’t need to do anything to convince customers it won’t kill its own products.

  • Kaseya Has Obtained Ransomware Unlock Key

    Kaseya Has Obtained Ransomware Unlock Key

    The target of the largest ransomware attack in history has obtained the key to unlock impacted systems.

    Kaseya makes IT management software used by companies around the world. As a result, it’s a tempting target for hackers, since compromising its software can potentially compromise thousands of its clients and their clients. This most recent attack compromised as many as 1,500 customers around the world.

    REvil, the gang believed to be behind the ransomware, went dark in the aftermath of the attack. According to The Washington Post, Kaseya has now received the unlock key from a “trusted third party.” The company has verified the universal decryptor key works, and is rolling it out to customers.

    The news is a welcome relief to the victims of the attack, and should speed up their recovery.

  • Akamai Service Disruption Takes Down Major Websites

    Akamai Service Disruption Takes Down Major Websites

    Some of the biggest websites on the internet were down, thanks to a service disruption at Akamai Technologies.

    Users (including yours truly) started getting DNS errors when visiting common websites. The list of impacted sites include Airbnb, Delta, FedEx, McDonald’s, UPS and many more.

    Akamai has said the issue was the result of a service disruption, and has already taken steps to fix the it.

    The company also confirmed the issue was not due to a cyberattack.

  • US Offers $10 Million Reward for Information on ‘Foreign Malicious Cyber Activity’

    US Offers $10 Million Reward for Information on ‘Foreign Malicious Cyber Activity’

    The US is ramping up its fight against cybercriminals, especially those who are state-sponsored, offering a $10 million reward for information.

    Cybersecurity has become the new battleground of the 21st century. To make matters worse, many hacking groups are state-sponsored, as a successful cyberattack carries far less risk for a hostile government than open confrontation.

    The US has been rocked by multiple ransomware attacks, including against critical infrastructure. The Colonial Pipeline attack had a devastating impact on the East Cost fuel supply, the attack against JBS threatened the food chain and the Kaseya attack is believed to have up to 1,500 victims. 

    The State Department is fighting back, using its Rewards for Justiceprogram to offer “a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

    To protect anyone having information, Rewards for Justice has set up a Dark Web, Tor-based method for reporting tips.

    For more information, visit www.rewardsforjustice.net.