Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Netizen: Monday Security Brief (10/21/2024)

    Netizen: Monday Security Brief (10/21/2024)

    Today’s Topics:

    • Microsoft Issues Urgent Warning to Apple Users: Critical Update Required to Address “HM Surf” Vulnerability
    • Chinese Nation-State Hackers APT41 Target Gambling Sector for Financial Gain
    • How can Netizen help?

    Microsoft Issues Urgent Warning to Apple Users: Critical Update Required to Address “HM Surf” Vulnerability

    In a recent announcement, Microsoft has alerted millions of Apple users about a serious security threat dubbed “HM Surf.” This vulnerability poses significant risks, particularly for those using macOS devices managed through a Mobile Device Management (MDM) setup, primarily targeting enterprise environments rather than individual home users./

    The HM Surf vulnerability exploits a bypass in the Transparency, Consent, and Control (TCC) framework within Safari. TCC is designed to protect user data, including sensitive information accessed via the device’s camera, microphone, and location services. However, the flaw allows attackers to gain unauthorized access to this data without the user’s consent, effectively circumventing the protective measures intended to safeguard user privacy.

    Microsoft discovered that this exploit could enable malicious actors to covertly:

    • Capture continuous video from the device’s camera.
    • Record audio through the microphone and transmit it to remote servers.
    • Retrieve sensitive information about the device’s location.
    • Manipulate Safari’s interface to operate discreetly without drawing attention.

    Microsoft has advised all macOS users to promptly update their devices to protect against this vulnerability. The flaw has been identified as CVE-2024-44133, and Apple has addressed it as part of its security updates for macOS Sequoia, released on September 16, 2024. Users are urged to apply these updates immediately to mitigate potential risks.

    In their statement, Microsoft emphasized the urgency: “We encourage macOS users to apply these security updates as soon as possible.” The update not only fortifies Safari against this specific vulnerability but also strengthens overall privacy controls within macOS.

    According to Microsoft, the vulnerability arises because Apple retains certain private entitlements for its applications, including Safari. These entitlements grant Safari extensive permissions that allow it to bypass standard TCC checks, unlike third-party browsers such as Google Chrome or Mozilla Firefox, which are required to request user permissions explicitly for accessing sensitive features.

    The implications of this are profound; if Safari is exploited, it can operate with elevated access that other browsers do not possess. Consequently, this creates a potential threat landscape for macOS users, particularly in enterprise settings where sensitive data is routinely handled.

    In response to this vulnerability, Apple has taken steps to harden Safari’s security, including restrictions on modifying configuration files that could enable such exploits. Microsoft has also announced its collaboration with other major browser vendors to enhance the security of their local configuration files. While efforts are underway for browsers based on Chromium and Firefox to adopt improved security measures, Safari users must prioritize applying the latest updates to their devices.

    For users who may have questions or require further assistance, it is advisable to consult the official Apple support channels or cybersecurity experts to ensure comprehensive protection against emerging threats.

    To read more about this article, click here.

    Chinese Nation-State Hackers APT41 Target Gambling Sector for Financial Gain

    A sophisticated cyber attack attributed to the Chinese nation-state actor APT41 has recently targeted the gambling and gaming industry, leading to significant concerns about data security and financial implications. The hacking campaign, which spanned approximately six months, involved stealthily gathering sensitive information such as network configurations, user passwords, and critical secrets from the LSASS (Local Security Authority Subsystem Service) process.

    Ido Naor, co-founder and CEO of Security Joes, emphasized the attackers’ adaptability during the intrusion. They continuously updated their tools based on the security team’s responses, demonstrating a high level of skill and methodical planning. The attack, which lasted nearly nine months, aligns with previous intrusions identified by cybersecurity vendor Sophos as part of Operation Crimson Palace.

    Naor noted that these attacks are often influenced by state-sponsored agendas, with a high degree of confidence that APT41 was motivated by financial gain this time. The attackers employed a multi-faceted approach, utilizing a custom toolset designed to bypass existing security measures while harvesting critical information and establishing covert channels for persistent remote access.

    The initial access vector for this attack remains unidentified, but evidence suggests it may have involved spear-phishing emails, given the lack of active vulnerabilities in publicly accessible web applications. Once inside the target’s network, the attackers executed a DCSync attack aimed at harvesting password hashes from service and admin accounts, allowing them to expand their access and maintain control over the network.

    APT41’s techniques included:

    • Phantom DLL Hijacking: A method that allows attackers to manipulate DLLs (Dynamic Link Libraries) to execute malicious payloads.
    • Use of wmic.exe: The legitimate Windows Management Instrumentation Command-line utility was abused to execute commands indirectly, facilitating the download of additional malware.

    The next stage of the attack involved retrieving a malicious DLL file named TSVIPSrv.dll over the SMB protocol, which then established contact with a hard-coded command-and-control (C2) server. If the connection failed, the implant would scrape GitHub for user information to update its C2 details, showcasing a unique technique to maintain operational flexibility.

    After being detected, the threat actors remained silent for several weeks before returning with a revised strategy. They executed heavily obfuscated JavaScript code within a modified XSL file (texttable.xsl), utilizing the wmic.exe command to load and execute malicious code. This JavaScript served as a downloader, contacting a secondary C2 server to retrieve more malware while fingerprinting the infected system.

    Security Joes observed that the malware specifically targeted machines within certain subnets, indicating a focused approach to compromise only valuable devices. This was achieved through filtering mechanisms that ensured only specific targets were affected, particularly those connected to the organization’s VPN.

    To read more about this article, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Case Study: 2023 Cyberattack on Lehigh Valley Health Network

    Case Study: 2023 Cyberattack on Lehigh Valley Health Network

    Overview

    In early February 2023, Lehigh Valley Health Network (LVHN) fell victim to a cyberattack orchestrated by the ransomware group BlackCat, which has been linked to Russian cybercriminals. The attack, which was detected on February 6, revealed a breach of sensitive data, specifically targeting the Lehigh Valley Physician Group-Delta Medix. This incident raised immediate concerns about the security of patient information and the effectiveness of the healthcare network’s cybersecurity measures.

    The breach was a sophisticated operation typical of BlackCat, which is known for its ability to exploit vulnerabilities in healthcare systems. Upon detection, LVHN initiated a multi-faceted response. This included engaging with cybersecurity experts to conduct a thorough investigation, containing the ransomware, and alerting law enforcement authorities. Despite these efforts, the incident highlighted systemic vulnerabilities within the organization, as it revealed the extent of compromised patient data.

    Ransomware attacks like this are becoming increasingly common, especially in healthcare, where patient information is critical. BlackCat employed a tactic called “triple extortion,” meaning they not only encrypted LVHN’s data but also threatened to leak sensitive information and launch denial-of-service (DoS) attacks to disrupt services. These tactics put immense pressure on organizations to consider paying the ransom. However, LVHN decided against it, which led to the release of sensitive photos online, raising serious ethical concerns and impacting the trust of their patients.

    Impact

    The breach impacted the personal information of numerous patients, with LVHN later disclosing that compromised data varied by individual. It potentially included names, addresses, phone numbers, medical record numbers, treatment details, and health insurance information. More alarmingly, the breach also involved sensitive clinical information, including current procedural terminology (CPT) codes, which can detail specific diagnoses and treatments.

    In some cases, the data theft extended to email addresses, banking information, Social Security numbers, and clinical images of patients undergoing treatment. The loss of clinical images is particularly concerning, as these records can reveal intimate details of a patient’s health status, treatment history, and personal identifiers.

    Following the breach, LVHN took immediate steps to notify affected individuals and offered a complimentary 24-month subscription to Experian’s IdentityWorks service to help monitor potential misuse of their personal information. The organization sent out notification letters that included instructions for activating this membership, acknowledging the stress and concern such an incident can cause.

    In its public statements, LVHN assured the community of its commitment to data protection. They expressed deep regret for any inconvenience caused by the incident, stating, “We are committed to data protection and deeply regret any concern or inconvenience this incident may have caused.” However, the organization faced a dual challenge: managing the technical fallout while maintaining public trust.

    Despite the cyberattack, LVHN reported that its core operations continued without disruption, indicating that its emergency response protocols were somewhat effective. However, the breach’s occurrence during a time of heightened digital health adoption highlighted the increased vulnerability of healthcare systems to cyber threats, especially as more patient data is managed electronically.

    The implications of the breach extended far beyond immediate operational concerns. LVHN faced significant financial repercussions as the incident’s fallout led to a series of lawsuits. By September 2024, LVHN reached a $65 million settlement with victims affected by the data breach, a figure that reflects not only the direct costs associated with managing the aftermath but also the long-term impacts on the organization’s reputation and trustworthiness.

    Healthcare organizations often grapple with the delicate balance between safeguarding sensitive data and maintaining operational efficiency. LVHN’s experience exemplifies how the costs associated with a cyber incident can escalate rapidly, leading to financial strain and potential losses in patient trust.

    What Can Be Learned From This?

    Several key lessons can be drawn from this incident, which may help other organizations strengthen their defenses against similar threats.

    End-user awareness remains the first line of defense against cyberattacks. As demonstrated by the tactics employed by BlackCat, human error often serves as an entry point for attackers. Regular training sessions—ideally quarterly—focused on cybersecurity best practices can empower employees to recognize phishing attempts, exercise caution with email attachments, and understand the significance of maintaining strong passwords. These proactive measures can dramatically reduce the risk of successful attacks.

    Given that attackers may obtain user credentials, deploying MFA is crucial for enhancing security. By requiring additional verification—such as a text message or a secondary authentication app—organizations can protect sensitive data even in the event of credential theft. This layer of security is relatively easy to implement and can significantly reduce the chances of unauthorized access.

    Proper network segmentation can limit the spread of malware within an organization. By isolating critical systems and restricting access based on necessity, healthcare providers can contain potential breaches more effectively. Additionally, adhering to the principle of least privilege ensures that users have only the access necessary for their roles, further reducing the potential attack surface.

    Organizations should leverage security monitoring tools, such as Wazuh, to enhance their threat detection capabilities. By continuously monitoring network traffic and system logs, these tools can identify suspicious activities in real-time, enabling swift incident response. Moreover, integrating threat intelligence feeds can provide valuable insights into emerging threats, allowing organizations to proactively adjust their defenses.

    While it is impossible to prevent all breaches, having a well-defined incident response plan can minimize the impact of an attack. This plan should outline roles and responsibilities, establish communication protocols, and include strategies for data recovery and mitigation. Regular testing and updates to the plan ensure that all personnel are prepared to act decisively in the event of a cybersecurity incident.

    Healthcare organizations must prioritize the protection of patient data by implementing robust encryption, regular audits, and compliance with relevant regulations. This commitment not only safeguards sensitive information but also helps to maintain patient trust in the organization.

    Conclusion

    As cyber threats continue to evolve, the lessons learned from LVHN’s experience can help shape future strategies for protecting sensitive patient information and ensuring the resilience of healthcare systems. By fostering a culture of cybersecurity awareness, investing in the right technologies, and implementing robust incident response plans, healthcare organizations can better safeguard against the pervasive threat of cyberattacks.

    In a landscape where patient data security is paramount, taking proactive steps is not just advisable; it is essential for maintaining the trust and safety of patients and the integrity of the healthcare system as a whole.

  • Pokémon’s ‘Teraleak’: 25 Years of Secrets Unveiled in Massive Game Freak Hack

    Pokémon’s ‘Teraleak’: 25 Years of Secrets Unveiled in Massive Game Freak Hack

    In a major security breach, Pokémon developer Game Freak has reportedly suffered what’s being referred to as a “teraleak,” releasing more than 25 years of never-before-seen Pokémon art, assets, and confidential documents. First reported by Nintendo Life, this massive leak includes a treasure trove of concept art, internal development materials, and even plans for canceled movies. The breach, which Game Freak confirmed occurred in August 2024, has left employee names and contact information compromised, though the scope of stolen intellectual property appears to go far beyond that.

    What Was Stolen?

    According to reports circulating on social media, including the PokeLeaks subreddit and posts from Pokémon leak aggregator CentroLeaks, the stolen material includes:

    • Work-in-progress sprites from Generation 3, 4, and 5 Pokémon games
    • Concept art for the 1997 Pokémon anime
    • Detailed background lore on the Pokémon universe
    • Meeting minutes from a discussion on Ash Ketchum’s final story arc
    • Early development pitches for Detective Pikachu 2 and a mystery project titled “Game Boy”
    • Codenames for future hardware, including “Ounce,” thought to be associated with the next Nintendo console, the Switch 2

    This information flood mirrors the 2020 “gigaleak” suffered by Nintendo, which exposed significant amounts of legacy data. The volume and range of content, dubbed the “teraleak,” have sparked extensive discussion and speculation across multiple platforms.

    PII and Design Materials Compromised

    A significant amount of personally identifiable information (PII) was exposed in the Game Freak breach. According to Game Freak’s October 10th statement, the names and company email addresses of 2,606 current and former employees, as well as external contractors, were compromised. This includes personal information related to both employees and individuals working with the company, although there’s no mention of more sensitive data like social security numbers or home addresses being involved.

    Game Freak has confirmed that it is contacting those affected by the breach, and there is speculation that phishing might have played a role in enabling the attack. However, beyond this employee-related information, much of the focus of the leak has been on the stolen Pokémon design materials and internal development documents. However, the company has yet to officially confirm that any Pokémon design materials were part of the stolen data. Given the nature of the breach, some suspect that Game Freak may be refraining from acknowledging the leaked creative assets to avoid further legitimizing the stolen material.

    Was Phishing Involved?

    Online speculation has pointed to phishing as a possible method of access. Many users believe that one of Game Freak’s employees may have been tricked by a phishing scam, which granted the attacker entry into the company’s servers. This theory is gaining traction, especially given the gap between the August breach and the October leak of massive amounts of confidential data.

    What’s Next?

    While Game Freak has taken steps to rebuild its server infrastructure, the implications of the leak are still unfolding. Many speculate that the August breach may have been a precursor to the larger-scale leak now dominating headlines. The long-term effects of this “teraleak” on Game Freak’s projects, along with potential legal actions against those sharing the stolen information, remain to be seen.

    Game Freak now joins the ranks of major game companies like Nintendo and Rockstar, which have both suffered high-profile security breaches in recent years. As more data continues to surface, it’s clear that the ramifications of this breach will resonate throughout the Pokémon community (and beyond) for quite some time.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. As part of our commitment to supporting businesses in their compliance journey, we offer CMMC (Cybersecurity Maturity Model Certification) preparation services. Our team assists organizations in understanding the CMMC requirements and developing the necessary controls to meet compliance standards, ensuring they are well-prepared for CMMC assessments.

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Netizen: Monday Security Brief (10/14/2024)

    Netizen: Monday Security Brief (10/14/2024)

    Today’s Topics:

    • DoD Finalizes CMMC 2.0 Rule: What Contractors Need to Know for 2025 Compliance
    • 77,000 Customers Impacted in Fidelity Investments Data Breach
    • How can Netizen help?

    DoD Finalizes CMMC 2.0 Rule: What Contractors Need to Know for 2025 Compliance

    The Department of Defense (DoD) has taken a significant step toward rolling out its updated Cybersecurity Maturity Model Certification (CMMC) 2.0 by releasing the final rule. The rule is now available for public review on the Federal Register, with the official publication expected on October 15. This move sets the stage for full implementation of CMMC 2.0 by mid-2025, according to the DoD’s recent announcement.

    CMMC 2.0 is designed to help safeguard sensitive government information—like controlled unclassified information (CUI) or federal contract information (FCI)—on contractor systems. The model introduces tiered levels of cybersecurity compliance based on the nature of the data a contractor handles. The goal is to protect DoD data from being exploited by adversaries while streamlining the process, especially for smaller contractors. CMMC 2.0 reduces the compliance levels from five to three to make it easier for companies to meet these new standards.

    This effort is the culmination of several years of work. It began during the previous administration when the initial framework was developed. In December 2023, the DoD kickstarted the federal rulemaking process for CMMC 2.0 by publishing a proposed rule. This was followed in August 2024 by another proposal to update the Defense Federal Acquisition Regulation Supplement (DFARS), which will make cybersecurity a key factor in future Pentagon contracts.

    The plan is for these DFARS updates to be finalized and implemented by mid-2025. At that point, CMMC compliance will be a requirement in DoD contracts. Contractors that handle CUI or FCI must meet the appropriate cybersecurity level to secure contract awards.

    For companies dealing with less sensitive data, the DoD has built in flexibility, allowing them to conduct self-assessments of their cybersecurity practices. However, those handling more critical information will be required to undergo third-party assessments or assessments led by the Defense Industrial Base Cybersecurity Assessment Center to verify their compliance.

    The CMMC initiative hasn’t been without criticism. Many in the defense industry, particularly small businesses, have expressed concerns over the cost and complexity of meeting these new requirements. In response, the DoD has committed to providing resources to help contractors navigate the process.

    One important feature of CMMC 2.0 is the introduction of “Plans of Action and Milestones” (POA&Ms). This allows contractors who haven’t yet met all the required cybersecurity standards to receive a provisional certification for 180 days, giving them time to reach full compliance without losing out on contract opportunities.

    The DoD recognizes that meeting these new cybersecurity requirements will take time and effort, but it’s urging businesses in the defense sector to begin assessing their current security practices and start preparing for the upcoming CMMC assessments.

    To read more about this article, click here.

    77,000 Customers Impacted in Fidelity Investments Data Breach

    Fidelity Investments is alerting tens of thousands of individuals that their personal information was compromised in a recent data breach. The financial services company reported that unauthorized activity occurred between August 17 and 19, leading to the exposure of sensitive customer information.

    According to reports filed with attorney generals in various states, the attacker created two fraudulent customer accounts. These accounts were then used to access and retrieve images of documents containing personal details from an internal Fidelity database. The breach was identified and contained on August 19, after which Fidelity acted quickly to shut down the unauthorized access.

    While Fidelity has indicated that the breach impacted only a “small subset” of customers, it reported to Maine’s Attorney General that over 77,000 individuals were affected. Compromised information includes names, Social Security numbers, financial account details, and driver’s license data. However, the company assured that no customer accounts or funds were jeopardized.

    In response, Fidelity is offering those impacted two years of free credit monitoring and identity restoration services. This breach marks the second significant security incident the company has disclosed in 2024. Earlier this year, roughly 30,000 individuals were notified of a separate data breach involving a third-party service provider, Infosys McCamish System (IMS).

    Fidelity Investments, which manages $14 trillion in assets and serves over 51 million individual investors, continues to take steps to address these security challenges and safeguard customer information.

    To read more about this article, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • What Is Persistence in Cybersecurity and How Do You Stop an Advanced Persistent Threat (APT)?

    What Is Persistence in Cybersecurity and How Do You Stop an Advanced Persistent Threat (APT)?

    An advanced persistent threat (APT), also known as persistence, is a type of cyberattack where an attacker gains long-term, undetected access to a system. Unlike short-term attacks like phishing or malware campaigns, APTs are designed to remain hidden for extended periods, often months or years, allowing the attacker to maintain control without disruption, even after system reboots, credential changes, or other security measures.

    This blog will discuss the impacts of APTs, how persistence methods work, and the various ways attackers achieve and maintain access within a network.

    ATA vs. APT: What’s the Difference?

    The terms Advanced Targeted Attack (ATA) and Advanced Persistent Threat (APT) are sometimes used interchangeably, but they refer to different aspects of an attack. ATAs are specific methodologies used by APT groups—such as “Fancy Bear” or “Lazarus”—to gain Advanced Persistent Access. While the tactics may vary across different APT groups, the goal is consistent: establishing a long-term presence within a target’s environment. ATAs are the toolset, while APTs describe the sustained control attackers maintain.

    How Do APTs Remain Hidden for So Long?

    One of the most significant challenges in addressing APTs is their ability to remain undetected. Many organizations, especially SMBs, lack the monitoring and detection capabilities needed to identify APTs in their networks. According to the FBI and the IBM 2022 Data Breach Investigation Report, persistence attackers often go unnoticed for an average of 200 days. During this time, attackers can establish multiple user accounts, gain remote access to key systems, and even control servers—all without triggering security alerts.

    Additionally, threat actors may create diversionary tactics, such as launching a DDoS attack, to mislead security professionals, while their primary attack, the APT, continues undetected. Such tactics allow them to focus on higher-value targets while the organization scrambles to address the decoy attack.

    Key Risks Posed by Advanced Persistent Threats

    APTs pose a wide array of risks, as attackers can exploit their access for multiple malicious purposes. These include:

    • Infiltrating the victim’s supply chain, targeting partners, vendors, or customers.
    • Cyber espionage, often driven by nation-states looking to compromise government agencies or critical infrastructure.
    • Cybersecurity reconnaissance, allowing attackers to observe weaknesses in an organization’s defenses or identify users susceptible to phishing.
    • Initiating watering-hole attacks, in which attackers compromise websites frequently visited by their targets.
    • Exfiltrating data without detection, leveraging the long-term access to avoid raising red flags.
    • Intellectual property theft, particularly sensitive in industries like technology, defense, or pharmaceuticals.
    • Slowly leaking sensitive data, evading detection by blending in with normal network activity.

    How Does the Persistence Method Work?

    Hackers use a variety of techniques to maintain their foothold within a compromised network, including:

    • Windows Services: Manipulating legitimate services to avoid detection.
    • Misconfigurations: Exploiting improperly configured security settings.
    • Custom Malware: Developing undetectable malware or leveraging zero-day exploits to bypass security.
    • Domain-based Persistence: Attackers may compromise a domain controller or other key servers within a network, giving them persistent access to all connected systems.

    Attackers also take advantage of multi-stage operations to establish a foothold. After initial access—often through phishing, social engineering, or exploiting known vulnerabilities—they install malware like backdoors or rootkits. These tools allow them to maintain access while remaining hidden from most monitoring systems.

    They also use privilege escalation techniques, gradually gaining more control over the system by exploiting software vulnerabilities or using stolen credentials. By obtaining administrative privileges, attackers can move laterally through a network, exfiltrating data or preparing the system for larger attacks without detection.

    Case Studies: Learning from Real-World APT Incidents

    Examining real-world case studies of Advanced Persistent Threat incidents can provide invaluable insights into the tactics and strategies used by attackers. For instance, the SolarWinds breach, where attackers exploited vulnerabilities in software updates to infiltrate thousands of organizations, serves as a cautionary tale about the risks associated with third-party vendors. By studying such incidents, organizations can identify gaps in their security posture and develop targeted strategies to address them. Analyzing the timeline of an attack, the methods of exploitation, and the subsequent response can offer lessons on improving detection capabilities and refining incident response protocols, ultimately leading to a stronger defense against future APTs.

    Countermeasures Against APTs

    Stopping an APT requires a combination of proactive defense strategies and comprehensive detection systems. To protect against these threats, organizations should focus on the following measures:

    • Advanced Threat Detection: Implementing sophisticated detection systems like Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM) tools, and endpoint detection and response (EDR) platforms. These solutions help monitor for unusual activity, such as unauthorized access attempts or irregular data transfers.
    • Network Segmentation: Limiting access across different areas of your network can reduce the potential damage of an APT. If an attacker gains access to one segment, network segmentation ensures they cannot move freely across the entire infrastructure.
    • Regular Patching: Keeping software and systems up-to-date by applying security patches as soon as vulnerabilities are disclosed. Attackers often exploit known vulnerabilities, so staying current on updates is one of the simplest but most effective defenses.
    • User Awareness Training: Educating employees about phishing attacks and other social engineering methods can significantly reduce the chances of attackers gaining an initial foothold in the network.
    • Multi-Factor Authentication (MFA): Requiring MFA for all critical systems can make it more difficult for attackers to use stolen credentials to gain access.
    • Incident Response Planning: Having a well-defined incident response plan ensures that if an APT is detected, your organization can act quickly to contain and eliminate the threat. Regularly testing and updating this plan is crucial.
    • Continuous Monitoring: Automated tools that provide continuous system scanning and monitoring, like Netizen’s offerings, are essential for detecting APTs early. By continuously assessing the network for vulnerabilities, misconfigurations, and suspicious activity, businesses can catch attacks before they escalate.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. As part of our commitment to supporting businesses in their compliance journey, we offer CMMC (Cybersecurity Maturity Model Certification) preparation services. Our team assists organizations in understanding the CMMC requirements and developing the necessary controls to meet compliance standards, ensuring they are well-prepared for CMMC assessments.

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Strengthening Supply Chain Security: Closing the Gaps Before Attackers Find Them

    Strengthening Supply Chain Security: Closing the Gaps Before Attackers Find Them

    As organizations have reinforced their defenses against direct attacks, hackers have increasingly turned their attention to the supply chain, exploiting vulnerabilities in third-party systems to gain access to larger networks. These backdoor supply chain attacks have led to significant security breaches in recent years, putting businesses and their data at serious risk.

    A growing number of these incidents involve vulnerabilities in commonly-used IT and security tools. One recent example involves Ivanti enterprise VPNs, where attackers took advantage of a zero-day flaw to deploy a backdoor called ‘DSLog’. Similarly, a remote code execution vulnerability in TeamCity was exploited—likely by the APT29 group—using PowerShell scripts to install malicious certificates and download malware. The popular file transfer tool GoAnywhere MFT also became a target for ransomware groups like LockBit and Cl0p, who used it to execute remote code, causing major disruptions, particularly in healthcare.

    These examples make it clear that weaknesses in widely-used management tools are prime targets for both state-sponsored actors and ransomware groups. Protecting against such supply chain cyberattacks is more crucial than ever.

    Supply Chain Attacks Aren’t New

    While supply chain attacks have recently made headlines, they’ve been a favorite tactic of cybercriminals for years. Hackers have repeatedly exploited security gaps in third-party providers and vendors to compromise larger organizations. The infamous SolarWinds Orion attack and the breach involving VMware Workspace ONE are prime examples of successful supply chain intrusions.

    One of the most notorious supply chain attacks remains the RSA SecurID token breach. In that case, attackers leveraged stolen information to infiltrate RSA’s authentication system, ultimately compromising high-profile customers like Lockheed Martin.

    Addressing Supply Chain Security Risks

    Failures in third-party systems can result in not only data loss but also severe operational and reputational damage. Basic vendor management is no longer enough—companies need to actively safeguard against third-party control failures. Here are some key strategies to consider:

    1. Implement Advanced Supplier Risk Management

    Ensure that every vendor or supplier follows strict cybersecurity protocols. This includes assessing their compliance with relevant standards such as ISO 27001, NIST, or GDPR. Vendors should be evaluated based on the sensitivity of the data they handle and the criticality of their services. You may also want to require independent security testing of software applications before deployment.

    2. Secure the Software Development Pipeline

    Protect access to the tools and applications used by DevOps teams. This includes ensuring secure configuration via secrets and authenticating applications with a high degree of confidence. It’s also essential to require that software providers extend security measures to cover microservices, cloud infrastructure, and DevOps environments.

    3. Keep Systems and Software Updated

    Regularly update and patch your systems and those of your suppliers. Unsupported or outdated software introduces vulnerabilities that attackers can easily exploit. Keeping everything current is a simple yet effective way to reduce risks.

    4. Harden Your Environment

    When working in cloud environments, reject authorization requests that don’t meet accepted security norms. For on-premises systems, use Federal Information Processing Standards (FIPS)-validated Hardware Security Modules (HSMs) to protect token-signing certificates and private keys. HSMs help reduce the risk of key theft by malicious actors.

    5. Strengthen Access Controls

    Limit vendor access to only the systems and data necessary for their operations. Multi-factor authentication should be mandatory for third-party access to your systems. A Zero Trust approach can further enhance security by requiring continuous verification of all users before access is granted.

    6. Use Security Tools and Technologies

    Segment your network to prevent lateral movement if one section is breached. Tools like Endpoint Detection and Response (EDR) solutions can help identify malicious activities on devices connected via third parties. Encrypting sensitive data—both at rest and in transit—will also minimize the damage in the event of a breach.

    7. Adopt Cybersecurity Frameworks and Best Practices

    Implement frameworks like the NIST cybersecurity framework to identify, protect, detect, and respond to cyber threats. Consider adopting supply chain-specific frameworks, such as ISO 28001 or the Shared Assessments Standardized Information Gathering (SIG), to better manage supply chain risks.

    8. Incorporate Cybersecurity in Contracts

    Make sure vendor contracts include clear cybersecurity requirements, including mandatory security controls, data protection measures, and breach notification procedures. For high-risk vendors, consider requiring third-party audits or independent security assessments to verify their security posture.

    Why Supply Chain Security Matters

    Supply chain attacks are not a new phenomenon, with past breaches such as the SolarWinds Orion and RSA SecurID token attacks serving as early warnings of the risks. These incidents caused substantial harm by exploiting third-party systems to gain access to high-value targets. Today, protecting against these threats is more essential than ever, requiring businesses to go beyond basic vendor management practices. Implementing advanced risk management strategies, securing development pipelines, keeping systems updated, and hardening network environments are crucial steps. Additionally, strengthening access controls, adopting cybersecurity frameworks, and incorporating security requirements into vendor contracts can significantly reduce risks.

    Netizen helps businesses stay ahead of these threats by offering comprehensive solutions like CISO-as-a-Service, vulnerability assessments, and continuous monitoring through automated assessment tools. Our services are designed to secure the entire IT infrastructure, ensuring that businesses are protected from the growing threat of supply chain cyberattacks.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Joker’s Stash Busted: Russian Hackers Indicted in Massive Financial Cybercrime Operation

    Joker’s Stash Busted: Russian Hackers Indicted in Massive Financial Cybercrime Operation

    The U.S. Department of Justice (DOJ), on September 26th, has announced significant legal actions targeting two prominent Russian cybercriminals. The individuals involved—Timur Kamilevich Shakhmametov, allegedly behind the notorious carding platform Joker’s Stash, and a top Russian cybercriminal known as “Taleon”—have both been indicted and sanctioned. These individuals are accused of facilitating some of the largest financial cybercrimes of the past decade.

    Joker’s Stash: A Billion-Dollar Carding Empire

    Shakhmametov, a 38-year-old from Novosibirsk, Russia, is charged with operating Joker’s Stash, a once-popular underground marketplace for stolen credit card data. The DOJ alleges that Shakhmametov—using the alias “Vega”—sold millions of payment cards obtained from high-profile data breaches at retailers like Saks Fifth Avenue, Hilton Hotels, Chipotle, and Sonic Drive-In, among others. Joker’s Stash was a major player in the world of carding, operating from late 2014 until its closure in 2021.

    What set Joker’s Stash apart from other carding platforms was its focus on high-volume buyers, such as street gangs in the U.S., and its innovative business model. The platform offered loyalty programs, money-back guarantees, and exclusive access to the freshest stolen cards. It also claimed to sell only cards stolen directly by its own hackers, unlike competitors who sourced from third-party criminals.

    Joker’s Stash reportedly earned revenues ranging from $280 million to over $1 billion. The broad range is attributed to variables like the fluctuating value of cryptocurrencies and the sale price of stolen goods. Despite its closure in early 2021, following a series of European law enforcement actions and the site operator contracting COVID-19, Joker’s Stash remains one of the most infamous cybercrime platforms in recent memory.

    Taleon: The Mastermind Behind Russia’s Money Laundering Network

    While Joker’s Stash was highly profitable, Taleon’s ventures may have had an even greater financial impact. Taleon, whose real name remains undisclosed, allegedly operates Cryptex, a cryptocurrency exchange that has become one of Russia’s largest money laundering hubs. Cryptex is accused of moving billions of dollars in illicit funds, providing a crucial infrastructure for cybercriminals seeking to launder money from stolen payment cards and ransomware payouts.

    Taleon is described as a key facilitator for Russian cybercriminal organizations, offering financial services that allow them to cash out their illicit earnings. By running Cryptex and other financial networks, Taleon helped convert cryptocurrency into traditional currency, enabling hackers to profit from their crimes with minimal risk of detection.

    Coordinated International Effort

    The DOJ’s indictment of Shakhmametov and Taleon is part of a broader international effort to curb cybercrime. In addition to the indictments, the U.S. has imposed sanctions on both individuals, effectively cutting them off from the global financial system. The U.S. Treasury Department has also sanctioned Cryptex, targeting the platform’s operations and preventing its use for further money laundering.

    The U.S. Secret Service, which led the investigation into Joker’s Stash, has played a critical role in both operations. This agency, originally founded to combat counterfeiting, has adapted its mission over the years to address the growing threat of financial cybercrime. The DOJ credits their expertise in tracking illicit financial activity as instrumental in bringing these cybercriminals to justice.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • October 2024 Patch Tuesday: Five Zero-Days Fixed Amid 118 Vulnerabilities

    October 2024 Patch Tuesday: Five Zero-Days Fixed Amid 118 Vulnerabilities

    Microsoft’s October 2024 Patch Tuesday addresses a total of 118 vulnerabilities, including five zero-days, two of which have been actively exploited. Three critical vulnerabilities were patched this month, all of which are remote code execution (RCE) flaws.

    The breakdown of vulnerabilities patched includes:

    • 28 Elevation of Privilege (EoP) vulnerabilities
    • 43 Remote Code Execution (RCE) vulnerabilities
    • 6 Information Disclosure vulnerabilities
    • 26 Denial of Service (DoS) vulnerabilities
    • 7 Security Feature Bypass vulnerabilities
    • 7 Spoofing vulnerabilities

    This count excludes three Edge-related vulnerabilities, which were patched earlier on October 3rd. To learn more about non-security updates, you can review the latest Windows 11 KB5044284 and KB5044285 cumulative updates, along with the Windows 10 KB5044273 update.

    Zero-Day Vulnerabilities

    This month’s Patch Tuesday fixes five zero-days, two of which were actively exploited and all five were publicly disclosed.

    CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability

    This vulnerability affects the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, components of which are still present in Windows. Although Microsoft has not released specific exploitation details, it is suspected to involve spoofing file extensions in alerts when opening files. This vulnerability may be related to a similar spoofing flaw from the previous month, involving the use of Braille characters to spoof PDF files. It was rated as actively exploited due to its targeting of legacy Windows components used by the Internet Explorer mode in Microsoft Edge.

    CVE-2024-43572 | Microsoft Management Console Remote Code Execution (RCE) Vulnerability

    This flaw allowed malicious Microsoft Saved Console (MSC) files to execute remote code on vulnerable devices. The vulnerability was resolved by preventing untrusted MSC files from being opened. Though exploitation details have not been disclosed, this zero-day was actively exploited. Discovered by security researchers Andres and Shady, the flaw presents a significant risk to systems utilizing MSC files.

    CVE-2024-6197 | Open Source Curl Remote Code Execution (RCE) Vulnerability

    A vulnerability in libcurl could lead to remote code execution when connecting to a malicious server offering a specially crafted TLS certificate. The flaw was resolved by updating the libcurl library bundled with Windows. This vulnerability was discovered by z2_ and was publicly disclosed through a HackerOne report. Though not exploited in attacks, it poses a serious threat to systems that use the Curl executable for secure connections.

    CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability

    This vulnerability impacts Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On specific hardware, attackers may be able to bypass UEFI protections, potentially leading to the compromise of the hypervisor and secure kernel. Physical access and a system reboot are required to exploit this flaw. Discovered by Francisco Falcón and Iván Arce of Quarkslab, this issue has not been observed in attacks but was publicly disclosed.

    CVE-2024-43583 | Winlogon Elevation of Privilege (EoP) Vulnerability

    This flaw in Winlogon could allow attackers to gain SYSTEM-level privileges. Microsoft advises administrators to enable a Microsoft first-party Input Method Editor (IME) to mitigate the risk of exploitation involving third-party IMEs. While this zero-day has been publicly disclosed, no exploitation in the wild has been reported.

    Other Critical Vulnerabilities

    CVE-2024-43574 | Microsoft Office Remote Code Execution (RCE) Vulnerability

    This vulnerability affects Microsoft Office and allows remote attackers to execute code by tricking users into opening specially crafted files. Exploitation could allow an attacker to gain control over the system if the user opens a malicious document. The flaw is rated critical due to the ease with which it can be exploited via common phishing methods.

    CVE-2024-43575 | Windows TCP/IP Stack Denial of Service (DoS) Vulnerability

    This vulnerability impacts the Windows TCP/IP stack, allowing remote attackers to trigger a denial of service by sending specially crafted packets. While this vulnerability does not lead to code execution, it can cause system crashes, making it a disruptive and potentially costly issue for enterprises.

    Adobe and Other Vendor Updates

    In addition to Microsoft’s patches, Adobe has released updates addressing vulnerabilities across several products, including:

    • Adobe Acrobat and Reader: Addressing 4 vulnerabilities, two of which are critical RCE flaws that can be triggered by malicious PDFs.
    • Adobe Photoshop: Fixes include memory corruption issues that could lead to RCE, affecting multiple versions of the software.

    Best Practices for Users

    It is highly recommended that users and administrators apply these patches immediately, given the critical nature of the vulnerabilities, particularly the two actively exploited zero-days.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Netizen: Monday Security Brief (10/7/2024)

    Netizen: Monday Security Brief (10/7/2024)

    Today’s Topics:

    • DoJ and Microsoft Take Down 107 Russian Cybercrime Domains in Major Operation
    • Apple Releases Critical Security Updates for iOS and iPadOS to Address VoiceOver Password Vulnerability and iPhone 16 Audio Flaw
    • How can Netizen help?

    DoJ and Microsoft Take Down 107 Russian Cybercrime Domains in Major Operation

    The U.S. Department of Justice (DoJ) and Microsoft have teamed up to seize 107 internet domains linked to Russian state-sponsored cyber fraud, making a significant impact on the ongoing battle against cybercrime. These domains, allegedly operated by a Russian threat group known as COLDRIVER, were being used in sophisticated phishing campaigns to steal sensitive information from U.S. government entities and other high-profile targets.

    Deputy Attorney General Lisa Monaco noted that the Russian government had orchestrated this scheme, disguising fraudulent activity behind legitimate-looking emails to trick victims into giving up their credentials. The group’s activities are believed to be part of Center 18, a unit within Russia’s Federal Security Service (FSB), and have been in operation for over a decade.

    In December 2023, U.S. and U.K. officials sanctioned two individuals—Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets—who are associated with COLDRIVER. These sanctions were imposed due to their involvement in malicious spear-phishing and credential harvesting campaigns. More recently, the European Council imposed sanctions on these individuals in June 2024, signaling a coordinated international effort to disrupt their operations.

    This latest crackdown includes 41 domains seized by the DoJ, which were used in targeted attacks against U.S. government officials and other high-value individuals. In parallel, Microsoft filed a civil suit to seize an additional 66 domains that COLDRIVER used to target NGOs and think tanks—especially those aligned with NATO and providing support to Ukraine.

    According to Microsoft’s Digital Crimes Unit, COLDRIVER has been relentless in its pursuit, particularly focused on targeting former intelligence officials and Russian experts residing in the U.S. Between January 2023 and August 2024, the group ramped up its efforts, showing a clear intention to infiltrate and steal sensitive information from strategic entities. Despite the group’s consistent attacks, many victims remained unaware of the true nature of the phishing emails they received, ultimately leading to the compromise of their credentials.

    Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, emphasized how COLDRIVER’s tactics are constantly evolving. “They are meticulous in crafting personalized phishing emails, identifying high-value targets, and maintaining the infrastructure needed to steal credentials. Their victims often have no idea what’s coming.”

    Apple Releases Critical Security Updates for iOS and iPadOS to Address VoiceOver Password Vulnerability and iPhone 16 Audio Flaw

    In a security update, Apple has released iOS 18.0.1 and iPadOS 18.0.1 to patch two significant vulnerabilities, one of which posed a serious risk by exposing user passwords via the VoiceOver feature. The vulnerabilities, tracked as CVE-2024-44204 and CVE-2024-44207, affect various iPhone and iPad models, highlighting the importance of timely software updates to maintain device security.

    The first flaw, discovered by security researcher Bistrit Daha, exists within Apple’s new Passwords app. It is categorized as a logic issue that allowed the VoiceOver assistive technology to read out users’ saved passwords without adequate restrictions in place. This could expose sensitive information to individuals who were not intended to hear the content, posing a significant privacy risk.

    Apple’s advisory states, “A user’s saved passwords may be read aloud by VoiceOver.” The company acknowledged the issue and resolved it by improving the app’s validation mechanisms to ensure that VoiceOver only interacts with password fields when necessary and appropriate.

    Devices impacted by this vulnerability include:

    • iPhone XS and later models
    • iPad Pro (13-inch, 12.9-inch 3rd generation and later)
    • iPad Pro (11-inch 1st generation and later)
    • iPad Air (3rd generation and later)
    • iPad (7th generation and later)
    • iPad mini (5th generation and later)

    This vulnerability is particularly concerning for users who rely on VoiceOver for accessibility, as the feature is designed to read on-screen elements aloud to assist those with visual impairments. If exploited, attackers with physical access to a device could easily access a user’s password data.

    The second vulnerability impacts Apple’s latest iPhone 16 models and is rooted in the Media Session component of iOS. CVE-2024-44207 could potentially allow an attacker to record a few seconds of audio before the microphone indicator was triggered, enabling unauthorized audio capture without the user’s awareness.

    According to Apple, “Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.” This issue was particularly alarming as it could compromise users’ privacy, especially during sensitive conversations.

    The bug was discovered by researchers Michael Jimenez and an anonymous contributor, and Apple has now patched it by implementing additional checks that ensure the microphone indicator is activated promptly before any audio recording occurs.

    Both vulnerabilities underline the growing complexity of mobile device security, where software features designed for convenience—like VoiceOver and media session handling—can inadvertently open the door to security risks. While Apple responded quickly with fixes, these issues serve as a reminder of the critical importance of regular software updates to protect against emerging threats.

    Apple has urged all users to install iOS 18.0.1 and iPadOS 18.0.1 as soon as possible to protect their devices from these vulnerabilities. With the release of these patches, users can safeguard their information and prevent unauthorized access to their devices’ sensitive data.

    For organizations and individuals alike, these security flaws reinforce the need for a proactive approach to cybersecurity. Accessibility features such as VoiceOver are essential tools for many users, but they can also become attack vectors if not properly secured. Enterprises that manage fleets of Apple devices should prioritize mobile device management (MDM) strategies that ensure timely software updates across all devices in their network.

    Additionally, regular security audits and vulnerability assessments are essential to stay ahead of potential threats. Organizations using Apple devices, especially in high-security environments like healthcare, finance, or government, should immediately verify that their devices are running the latest software versions to prevent exploitation of these flaws.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NETIZEN JOINT VENTURE COMPANY AWARDED $12B DEFENSE LOGISTICS AGENCY JETS IT SERVICES CONTRACT

    NETIZEN JOINT VENTURE COMPANY AWARDED $12B DEFENSE LOGISTICS AGENCY JETS IT SERVICES CONTRACT

    Allentown, PA: Netizen Corporation, an ISO 27001, ISO 9001, and CMMI Level 3 certified Service Disabled Veteran Owed Small Business (SDVOSB) providing cybersecurity and related solutions for government, defense, and commercial markets was awarded the 10-year, $11.9B total value Defense Logistics Agency (DLA) J6 Enterprise Technology Services (JETS) contract through their joint venture company Novus JV, LLC. Novus is a joint venture consisting of partner companies Netizen Corporation, of Allentown Pennsylvania, and The Fila Group, of Reston Virginia, with Fila as the managing member. Novus is verified by the Small Business Administration (SBA) as both an 8(a) and HUBZone program company. The DLA JETS contract award was received by Novus on the Small Business and 8(a) set-aside tracks.

    The DLA JETS contract, now in its second iteration, was established to provide a full range of IT services, including cybersecurity and technical and management expertise to support applications, software, hardware, infrastructure, and systems across the global DLA IT Enterprise organization. The contract is expected to last 10 years with a total value of around $11.9B in task orders issued. Approximately 85 companies nationwide have been awarded a position on the DLA JETS contract vehicle.

    “As we further expand and diversify our customer base and offerings, this DLA JETS contract vehicle will become an integral part in achieving that goal. I am proud that the combined strength of our extensive defense past performance and deep technical capability resulted in this contract award. We look forward to many years supporting critical DLA missions with innovative solutions that our military forces can depend upon,” said Akhil Handa, Netizen’s Chief Operating Officer (COO) and co-owner.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity firm, fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets worldwide.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the U.S., Netizen has also been named a national “Best Workplace” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement five years in a row. Learn more at Netizen.net

    FOR IMMEDIATE RELEASE:                              POINT OF CONTACT

    October 1, 2024                                           Akhil Handa / Chief Operating Officer