Inspiring Innovation

Standard

This week, I had the pleasure of attending the latest CompTIA Board of Directors meeting.  We were in New York City for this meeting and as a result, had the opportunity to tour the SAP Leonardo Center in the beautiful new Hudson Yards development.

SAP has four Lenoardo Centers located in Bangalore, India, New York City, Paris, France and Sao Leopolo, Brazil.  These are inspiring places.

Our tour took place on the 48th floor of the New York center and we learned from our hosts, about how SAP is driving innovation and encouraging start-ups in an open, collaborative environment.  In some cases, SAP’s venture fund may invest in some of these businesses.  In others, SAP customers may simply leverage the resources at the innovation center to help accelerate their growth.  Our hosts were Marvin, orginally from Germany and Charlotte, a native of Denmark.

You may click on each image above for a caption.  Being on the 48th floor, the innovation center has amazing views, but more importantly, a strong message.  The center stives to support the 17 United Nations Sustainable Development Goals (SDGs) to transform our world.  These goals are:

  1. No Poverty.
  2. Zero Hunger.
  3. Good Health and Well-being.
  4. Quality Education.IMG_2347
  5. Gender Equality.
  6. Clean Water and Sanitation.
  7. Afforable and Clean Energy.
  8. Decent Work and Economic Growth.
  9.  Industry, Innovation and Infrastructure.
  10. Reduced Inequalities.
  11. Sustainable Cities and Communities.
  12. Responsible Production and Consumption.
  13. Climate Action.
  14. Life Below Water.
  15. Life on Land.
  16. Peace, Justice and Strong Institutions
  17. Partnerships for the Goals.

E_SDG_logo_with_UN_Emblem_horizontal_rgb-e1531342065592

As our tour continued, we learned about projects to provide real-time data to allow airports to operate more efficiently.  Imagine security officers being able to be deployed to open more screening lanes based on a heat map of the security checkpoint.  Or how about an aircraft being redirected to a gate that has more of the needed ground services close by, instead of having to wait for vehicles to travel across the ramp.  All making the operations more efficient and the traveling experience more timely and less stressful.

We saw all sorts of examples of virtual reality and other technologies enabling wonderful innovation to improve our world.  Of course, I loved the ice hockey virtual reality example above in the lower right :).

IMG_2376.JPG

Above is a picture of most of the CompTIA Board Members and Staff, who were able to tour the Innovation Center, thanks to our fellow-Board member John Scola of SAP, 3rd in from the left.

And finally, some of the incredible views from the 52nd floor terrace.

Time Running Out on Old Versions of Windows

Standard

The following was published in the April 14, 2019 editions of Foster’s and Seacoast Sunday.

Do you run Windows 7 on your computer at the office or at home? Do your servers run Windows Server 2008? If the answer to either question is yes, you’ve got less than nine months to replace these operating systems.

Win7-Win10

Why? Because Microsoft is ending support for both Windows 7 and Windows Server 2008 on January 14, 2020, nine months from today. That is not a lot of time, not at all. Windows 7 has been the most widely installed version of the Windows operating system on desktop and laptop computers. Depending on which estimates you believe, Windows 7 is still thought to be running on approximately half of the PCs in use worldwide. This is a staggering number.

Depending on the generation of your computer, you may or may not be able to update a Windows 7 computer to Windows 10, Microsoft’s latest version of the Windows operating system. If your computer is less than five years old, you may be able to upgrade it and still have it perform well, though many computers will simply need to be replaced. As people keep their computers longer, upgrading to the latest operating system may not provide acceptable performance due to increased resource requirements and capabilities that older hardware may not be able to support.

While nine months may seem like plenty of time to get a Windows 7 computer upgraded, especially for businesses that may have several, in not dozens or hundreds of computers to upgrade, time is absolutely of the essence. We have already experienced significant shortages in critical computer components through the first quarter of 2019. Intel CPUs were severely constrained since late last year, and this pushed out delivery dates for every major computer manufacturer to the point where back orders stretched well over a month. This situation may only worsen and organizations put stress on the supply and demand cycle for computer manufacturers.

Many sources are predicting significant shortages of available computers by the third quarter of the year, based on present trends. It would not at all surprise me to see a rush on PC demand come the summer months, when many companies look to undertake significant disruptive projects during the traditional summer vacation season. Certainly, replacing large fleets of computers across departments and entire companies may be easier to manage when more people than usual are on vacation. I am concerned those individuals and organizations that wait until summer to start planning these replacements may not be able to complete them before the end of support.

When support ends, no updates will be released for these operating systems and you can be assured that hackers will be waiting in the wings to exploit unprotected systems. You do not want to be caught in that coming wave. In fact, many cyber insurance policies require that you maintain currently supported hardware and software in order for the coverage to protect you in the event of a cyber related incident. The risks of inaction are significant.

The situation for Windows Server 2008, the operating system running many servers still today is no less of a concern. Servers are naturally more complex to replace than an individual PC. Servers are the foundation of IT infrastructures and support the applications, databases and services that we all rely on every single day. Together, the end of support of each of these versions represents a growing threat and trend that we all need to be aware of. As technology advances, companies like Microsoft and others simply cannot maintain the level of support necessary to keep them all supported indefinitely. The threat landscape is simply too fluid to devote the significant resources to keep all of these versions supported.

If you have yet to focus on this, I urge you to make this your number one IT priority this year. Talk with your IT department or IT partner and be sure you have a plan to act now, not later. You will need every bit of time between now and the end of the year to plan, budget, procure and implement. As the saying goes, time is a wasting. Make yourself a note to start your plan tomorrow morning, if you have not already.

VPN Vulnerability

Standard

InsecureVPNDo you use a VPN to connect to your office network?  If you do, you should be aware of a vulnerability alert issued by CERT (Computer Emergency Response Team) yesterday.  Many major VPN’s require an update to ensure safety.

I have pasted the CERT announcement below:

Multiple VPN applications insecurely store session cookies

Vulnerability Note VU#192371

Original Release Date: 2019-04-11 | Last Revised: 2019-04-11


Overview

Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.

Description

Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.

CWE-311: Missing Encryption of Sensitive Data
The following products and versions store the cookie insecurely in log files:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

The following products and versions store the cookie insecurely in memory:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
– Cisco AnyConnect 4.7.x and prior

It is likely that this configuration is generic to additional VPN applications. If you believe that your organization is vulnerable, please contact CERT/CC at cert@cert.org with the affected products, version numbers, patch information, and self-assigned CVE.

Impact

If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.

Solution

Apply an update
Palo Alto Networks GlobalProtect version 4.1.1 patches this vulnerability.

CERT/CC is unaware of any patches at the time of publishing for Cisco AnyConnect and Pulse Secure Connect Secure.

Nasty Tax Phishing Scam

Standard

It’s that time of year again, tax time.  This is also a time for increased hacker activity, trying to trick you in to clicking links and opening attachments related to your taxes.  The activities are designed to get you to enter your credentials to what may look like a real web site, but is really one that is only designed to steal you username and password to access your real data.  Another activity is to get you to open something that will silently install malware on your computer, which is designed to quietly watch all that you do in the hopes of stealing valuable information.

I want to share a very nasty example of one such risk.  This is a classic phishing email, trying to trick me into clicking on a link that looks very legitimate.  In the image below, I have redacted any sensitive or identifying information to protect myself and my accounting firm.  They have already taken necessary steps to insure their systems are safe in the wake of this.  It points out the very serious risk that accounting firms are facing.  The nasty thing about this message is that it includes actual email messages exchanged last September, 7 months ago!  This gives the message an aire of authenticity, when it is anything but.  Check it out below and be extra vigilant and check every sender address, link and attachment before you take any action…

Accounting Phish

 

Time For A Fireside Chat On Cybersecurity

Standard

This was originally published in the March 31st editions of Foster’s and Seacoast Sunday.

This past Thursday, Onepath held a Cybersecurity Fireside Chat at the Harvard Club in downtown Boston. We were honored to bring Brian Shield, vice president for information technology for the Boston Red Sox and Eric Rosenbach, co-director of the Harvard Kennedy School’s Belfer Center for Science and Internal Affairs and former assistant secretary of defense for global security together for this intimate and informative chat.

I have participated in many events like this over my career and for those in attendance, they were witness to one of the absolute best cybersecurity talks I have ever witnessed. Despite their impressive credentials and experience, Brian and Eric were incredibly gracious, humble, down to earth and relatable. They shared their experiences throughout their careers in dealing with the evolving cybersecurity threat landscape and shared many actionable tips to help others improve.

Eric shared the three things that most concern him when it comes to the current cybersecurity threat landscape. First is ransomware, a malicious software you can be tricked into launching on your computer that will encrypt all the data that computer can access. This renders the data inaccessible. When anyone tries to access the data, they are presented with a ransom note they must pay to regain access to the data. Eric shared that one of his great disappointments with our nation is that ransomware came to be because of leaks from the NSA and Department of Defense of offensive cyber weapons that fell into the hands of bad actors and adversarial nation states. He expects ransomware to continue to evolve.

Second, he shared his belief that nation states will continue to be the lead bad actors. Cyber is an asymmetrical weapon that can level the playing field for adversarial nations that cannot compete with the West militarily. As an example, he shared that countries like North Korea use ransomware to raise funds to get around sanctions and as we now know, the Russian government launched info ops to seed dissent to create doubts about our democracy. He expects such info ops to continue and evolve. Third, Eric feels artificial intelligence will help defensively, but could also be used to increase the effectiveness of AI based info ops.

Brian talked about the importance of intellectual property within organizations like a Major League Baseball organization. From the medical information about their players to the extensive database of prospective players, these are some of the most important assets of the organization and protecting them is a priority. A compromised account of a former MLB team employee spurred the MLB to act and create a cybersecurity program for all MLB teams.

cyber_shield_knowledge1Cybersecurity requires a holistic approach. It’s not just about deploying defensive technologies. Education and a culture of awareness and prevention are critical to an organization’s success in keeping itself safe. You can deploy all the technology available and still be a victim due to an uneducated user making a poor choice.

Incident response plans are critical. The last thing you want to do is create a plan while responding to a cybersecurity incident. Brian and Eric recommended doing a table-top exercise to test your plan before you need it. This will help identify gaps, whether it is how to restore access to critical IT systems or how to inform your employees, customers and the public should you have an incident.

Cybersecurity is very interconnected. Private industry is constantly being targeted. Assume you are and recognize we are all on the front line. Eric said he feels we have an obligation to our country to confront and protect ourselves against these threats. He feels it is our patriotic duty to do so as this is a national security issue for us all. Imagine if bad actors are able to disrupt enough businesses or cause failures for iconic American brands. It could shake the confidence of our society, thus the imperative to take this more seriously than we ever have.

While daunting on the surface, we have access to more resources than ever. A simple thing everyone can do is use two factor authentication across all of your accounts. A great resource to determine how to enable two factor authentication is https://twofactorauth.org. Check it out and enable your accounts. It’s your patriotic duty.

Onepath’s Top 5 Cybersecurity Threats – April 2019

Standard

Stay informed on the latest in information security with these five handpicked articles from around the web.


GT

Georgia Tech Stung with 1.3 Million-person

Data Breach

SC Magazine

Georgia Tech reports that it suffered a data breach when a web application exposed the information of 1.3 million current and former students, student applicants, and staff members.


Norsk Hydro

Ransomware Behind Norsk Hydro Takes on

Wiper-like Capabilities 

ThreatPost

LockerGoga, the malware that recently took down Norsk Hydro, has taken the industrial world by storm as researchers race to uncover more about the mysterious ransomware. Here’s what we know.


Insurance Risks

Insurers Gear Up for Continued Rise

in Cybersecurity Attacks

Onepath

As cyber attacks rise, insurance companies collaborate on a program to help companies evaluate the effectiveness of security products and services.


Cyber Event

Why Cybersecurity Culture

Is a Leadership Responsibility  

Onepath

When it comes to cybersecurity, there’s a cultural shift taking place. Brian Shield, CIO for the Boston Red Sox, and Eric Rosenbach, former assistant Secretary of Defense for Global Security, discuss the current state of global security and what leaders can do to help defend the United States.


Dark Web Dog

What Is the Dark Web and Why Should You Care?

Alert Logic

You’ve probably heard of the term “dark web,” but what is it exactly?
And why does the dark web matter?

Onepath Career Fair

Standard

If you’re interested in a career in Information Technology Services in the Merrimack Valley or Southern New Hampshire, Onepath is hosting a Career Fair this Saturday, April 6th from 9 AM to Noon.  Bring your resume for an instant, on-site interview!  Details below.

2019 Onepath Career Fair.jpg