Aaron de Montmorency

@[email protected]
120 Followers
63 Following
314 Posts
US Army Veteran and Security Practitioner. Director of IT, Security, and Compliance at Elevate Health. Thoughts and opinions are my own.
Show threadAaron de MontmorencyMar 2, 2024
Also, I'm on linkedin now after getting bullied. Add me if you want. https://www.linkedin.com/in/aaron-de-montmorency
Aaron de MontmorencyMar 2, 2024

Something shocking to me happened today at the Seattle/Bellevue Cybersecurity Summit during one of the panel discussions. The speaker asked, by show of hands, how many in the room had an incident response plan. About half the room raised their hands. They then asked by show of hands how many people have tested that plan. About 50% lowered their hands. (Myself included, I will admit. But I have a 3rd Party IR tabletop scheduled for this year.)

What this ultimately means is that only half of large and small companies have a response plan for a security incident. And half of those don't know if their plan will work or not.

So WHEN a cyber attack happens, there is a fair to good chance that the victim organization won't be able to contain or remediate the threat, which can ultimately lead to a data brea- I mean... decentralized surprise backup.

Let that sink in...

Aaron de MontmorencyAug 21, 2023
Show threadDaniel Reich 🇺🇦Aug 21, 2023
@AaronTalksSec not just Akamai. Amazon, Google, others all behave similarly.
Aaron de MontmorencyAug 21, 2023

This morning I noticed a #passwordspray #attack coming from [50].[116].[36].[236] (tiprnet[.]net) which resolves to #godaddy and #akamai. GoDaddy was more than happy to work with me.

Akamai on the other hand only advises that I block the IP. The tech on the phone confirmed that they will NOT take action against the threat actor because we are not a customer. Are you kidding me? So, I repeated, and asked them: "so you are telling me that because I am not an akamai customer, akamai refuses to take action against a threat actor using their infrastructure?" The tech chose his words carefully but confirmed by stating that the security team is restricted on what they can do if we are not a customer.

Come on akamai... Really?!?!?

Aaron de MontmorencyJul 29, 2023
The Cavern 101.5 FM PDXJul 17, 2023

Hello world!

We're the Cavern, 101.5 FM KVRN-LP and KYQT-LP, broadcasting from Portland, Oregon! We are an all volunteer, non profit community radio station dedicated to playing underheard rock music from around the world.

We feature DJs from both Portland and around the world. If you're interested in having a show, volunteering or just having a listen, head on over to https://www.cavern.fm/

#introduction

#music #vinyl #radio #communityradio #nonprofit #rocknroll

Show threadAaron de MontmorencyJul 25, 2023
Conclusion: Nothing has happened past update 4. I am pretty sure they didn't send a single notice, and they didn't give (me at least) and licensing extensions, or NFR gear, nothing. However, when it's time for renewal, I am going to bring it up again to my territory rep. I will update the thread if something happened, but I am going to leave it at this anticlimactic ending. Sorry everyone.
Show threadAaron de MontmorencyJul 21, 2023

Update 4: (Sorry, I post updates when I can, sometimes they have to be in blocks)

I received an email from Fortinet' Director of Product Marketing.

"Hi Aaron, We’re extremely sorry for the inconvenience. We do understand your concern and we sincerely apologize for the mistake we made on the marketing campaign. Thanks for your feedback."

This was only sent to me. Not all the other customers who's account information was compromised. It is still early in the incident lifecycle, so I still have plenty of hope they will do the right thing.

I responded with the following:

"Thank you very much. I know it may be a bit early in process, but since the account information for all SMB customers has been compromised, is Fortinet going to work to change any of that information so that the compromised data cannot be used against the SMB customers? Also, is Fortinet going to notify all the SMB organizations that their account data has been compromised?"

Show threadAaron de MontmorencyJul 21, 2023

Update 3: Our account rep gave me a call. Apparently this incident has went all the way up to the VPs at Fortinet. Fortinet wanted to apologize for the incident. I have also learned that the rep who did this was an internal renewals rep, which means they never talk to customers, so this makes me wonder even more how this happened.

I'm still pressing them to do better since they compromised every SMB clients information.

Show threadAaron de MontmorencyJul 21, 2023
Update 2: They tried to recall the message, but it failed for everyone that already opened it, of course. I reached out to my sales rep, and the channel reps which are above the territory reps and work closely with the VPs. I will update you tomorrow as the situation develops.
Show threadAaron de MontmorencyJul 21, 2023

Update 1: I replied back to the email with the following:

You just exposed a bunch of organizations email accounts by sending out this message with everyone in the To line. And rather than taking the time to reach out individually, you used an internal notification email demonstrating that you were tracking users. Please look into this and update your processes to not expose companies’ information in the future.

This created an inevitable shitstorm. That salesperson's manager directly replied to me, called me Nicole, and asked if I can talk. Well, I'm not Nicole, but sure! So I sent him a meeting invite. He never showed up. Come to find out there was a Nicole from fortinet on the email chain. He wasn't wanting to talk to me, he panic replied.