Posted in Commentary with tags Scam on July 1, 2022 by itnerd
Frequent readers of this blog know that I spend a lot of time investigating, and telling you about the scams that I come across. Here’s some of the scams that I have been involved in addressing to show you examples of what ends up on my plate. The reason why I do this is that I know that they are very dangerous and I don’t want people to be taken advantage of. Also, by publicizing them, they become less effective as people will be aware of them. However the people behind these scams are good evolving these scams which means that your head always has to be on a swivel or bad things will happen to you.
Here’s an example of something really bad that happened to an elderly couple.
I got a phone call last week from a woman who was referred to by another client of mine. She was hysterical and in a complete panic. Once I was able to calm her down, she explained that she got an email from “Norton” about a subscription to one of their products that she was being charged for. She then called the number that was in the email to dispute the charges. That led to the person on the other end of the line getting access to not only her computer, but her bank account. And if it wasn’t for the people at her local bank branch stepping in, she would have lost $13,000. Beyond that, her computer had been “locked” by the scammer, and she needed my help to fix it.
Now my future self will step in here and tell you about the email that she got. The email that she received was clearly a Norton billing phishing email that I spoke about here. Specially it was the second variant where they attach the “hook” for the phishing attempt in a PDF so that it will evade spam filters. Unfortunately she got hooked and the scam was on from there.
When I arrived at this couple’s home, I found this:
She said that she never had a password on the computer before. But after the scammers had been on it, there was a password. It’s pretty ballsy for the scammer to leave a name as the password hint (which by the way is a fake name as the name Sam Wilson is the real name of the Marvel Comic book/movie superhero The Falcon) and a phone number. But it highlights that the scammer wants to hold the computer hostage to get paid. This is something that is becoming increasingly common where the scammer will take a computer that doesn’t have a password and change it so that in effect, they are holding the computer hostage in exchange for paying them. And it makes sense for a scammer to do because this computer had pictures of the grandkids and the like on it. That’s valuable for seniors and they would likely pay up to get that back.
Now I have come across another instance of this here, and I will copy and paste the advice from that story that will ensure that you aren’t a victim of this for your review:
While I understand that many of you out there want to be able to flip on your computer and bang out that email, you should never, ever compromise your security or it may not end well for you. You should always add a password to the user account that you set up, and you should never set it up to auto login. That way if you come across dirtbags like these, they can’t change your password because they would have to know your password to do it. Which they won’t. You can look at a tutorial like this to walk you through how best to set a password.
I ended up taking the computer to my home office to try and get past that. Fortunately I have access to the Microsoft DaRT toolkit. It contains a utility called “locksmith” which allows you to reset any local account on the computer. Now not anybody can have access to this toolkit as it is part of the Microsoft Desktop Optimization Pack (MDOP), a dynamic solution available to Software Assurance customers that helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. But one of my clients happens to be a part of Software Assurance which is how I got a copy of this toolkit. That means if you are in this situation, you may have to do some legwork to find someone who has this toolkit to assist you.
Using DaRT’s “locksmith” utility, I removed the password. Then I was able to look around the system. The next thing that I noticed was in the list of the installed programs:
The circled program is called AnyDesk which is a help desk application that many scammers use because it has remote access capabilities. That gives the scammer remote access to the computer anytime they want it. Which of course is bad. Thus I removed it. I also note that there was a compromised version of AVG antivirus on the machine. So I removed it and the AVG Secure Browser to be safe. The next thing that I did is that I used multiple antivirus apps to scan the computer for anything else that might have been lurking around. I didn’t find anything. I should note that all of this was done without the computer connected to the Internet. The reason for that was that I didn’t want to introduce the chance that anything else would pop onto the computer, or the scammer could get control again.
My next step was to reconstruct what happened. The reason for that was due to the fact that this couple’s children wanted to know what happened so that they could help their parents not get scammed again. That was made very easy due to the browser history being left intact. Here’s the play by play.
The victim opens the phishing email and reads it. Then calls the number. I know this because the email in question was the last email that was read. The victim gets the scammer on the phone and then the scammer goes to work. First he connects to the computer using a tool called SupRemo which is a zero configuration remote access tool designed for quick remote access. But I didn’t find any trace of this on the computer which makes me guess that they were not successful in installing it. That made the scammer go to AnyDesk and used that to gain control of the computer.
From there, I assume that the victim complained about the email that is telling her that she is supposedly being billed for Norton. That’s where I suspect that the scammer offers to help her to cancel this. Which led to the scammer taking her to this page:
Now this page looks official. But the reality was that it was a Google Docs Form. The big hint was that it says “Sign in to Google” in this picture. I am guessing that the scam involves walking the victim through “cancelling” their service with Norton via filling out this form. I looked at this form and it collects a ton of personal information including the date of birth. That’s makes identity theft a real possibility.
When the victim is done filling out the form, they get this:
This is where I suspect that the scammer convinces the victim to check her bank account for the refund. And that’s what happened here as here’s what happened next:
The victim is talked into logging into her bank account online.
At that point the scammer takes control and changes the password and enables two step verification which ensures that they have complete control of the bank account.
From what I understand happened next, the scammer over the next four hours tries to extract $13000 from her bank account from transferring it from the victim’s husband’s account to her account, to the scammer’s account. But clearly that failed which is why she was then directed to go the bank to make this happen. The scammer then printed the bank account numbers in Thailand to send the money to and sent her on her way. Fortunately, the bank was on the ball and put a stop to this. But she left the computer on which allowed the scammer to lock the computer when they did not get their money by changing the password so that they could hold it hostage.
The final thing that the scammers did was to trash the settings in their email program. But with the help of Rogers who truly went above and beyond here in not only sorting out what turned out to be a password issue because Rogers smartly uses app specific passwords, but also helping this couple with tips on how to not get scammed in the future which I will link to here, I was able to get their email setup and working again. And I was able to verify that their email wasn’t being redirected elsewhere. At this point the computer was back to normal. And one follow up a few days later confirmed that. As a precaution, the children set up Equifax credit monitoring due to the fact that so much personal information was shared.
Total time invested, four hours. So job done right?
No. I wanted to find out what how this scam worked. Thus, I decided to phone the number from a phone that has the caller ID blocked to get that understanding. Which by the way you should NEVER EVER DO. I got a person on the line who sounded Asian. Possibly from Thailand which would be consistent with the bank accounts that the victim was supplied with being from Thailand. The person online then asked me for some details from the supposed invoice in PDF form that I got. Here’s an image of the PDF:
He asked me for the Invoice number. And then proceeded to explain to me that I got this invoice because I had Norton 360 installed on my computer when I bought it and it is set to auto renew. He then explained that needed to get access to my computer to turn off an “auto renewal setting” and to walk me through a cancellation form. At this point I am pretty sure that if I decided to play along further, he would have tried to connect via the remote access software that I spoke of earlier and proceeded to do their evil work. But I cut it short and hung up.
Now I can see why this scam would be effective. Someone like me would know that there is no such thing as an “auto renewal setting” in antivirus software. But this person who is the victim here is 85 years old. So they, never mind the average computer user wouldn’t know that. Plus while computers from companies like HP, Dell, and Lenovo do come with antivirus software when you buy them, they are either free for life, or they are free for one year or so and then present you an offer to pay to continue to use it. They will never bill you in the manner of emailing you an invoice and saying that it will auto renew because they don’t have that info. But again, if you’re not aware of that, you might get sucked in.
So, how can you avoid being scammed. Well I have a lot of info on that here along with info on what to do if you have been scammed. But let me sum it up:
FACT: A legitimate company such as Microsoft, Apple, or Google would never call you to fix your computer. If you get one of those calls, hang up.
FACT: If you get an invoice from Norton, McAfee, Netflix or any other company that doesn’t have your name on it, it’s fake and you should delete it. And you should not click on any links or attachments. And you should not phone any number that is on the invoice.
Never, ever give anybody remote access to your computer.
These days you have to be really careful as scammers are becoming increasingly sophisticated. And the second you let your guard down, it can really cost you. In this case, it almost cost an elderly couple $13000. But luckily it didn’t. Thus hopefully this illustrates how dangerous these scams can be so that you can protect yourself accordingly.
Posted in Commentary with tags Hacked on June 30, 2022 by itnerd
Macmillan, one of the largest book publishers in the US, have been hit by a ransomware attack causing book retailers nationwide the inability to place new orders from the publisher. The company first reported the incident Monday, noting that to prevent further damages to its network, it had taken its systems offline.
Darren Williams, CEO and Founder of BlackFog offered this perspective:
“Taking systems offline post attack is a reassuring and necessary response to a ransomware attack such as this one against Macmillan, but as ever, prevention is better than cure.
Organisations need effective, modern protective security measures in place to prevent attacks. A common challenge with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organisations from these types of attacks, and often lead to a reliance on post-attack measures such as taking systems offline.
Instead of waiting for an attack to happen and then responding, organisations should be focusKevin,ed on newer technologies that prevent the exfiltration of data from the device, effectively stopping the attacker in their tracks. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and prevent a full blown incident such as the one against Macmillan.”
Hopefully they are able to get things sorted soon. Though I think it is safe to say that their long weekend is ruined.
According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure. Patchable and preventable external vulnerabilities were found to be responsible for the bulk of attacks:
In Q1 2022, the vast majority — 82% — of total incidents happened through external exposure of either a known vulnerability on the victim’s network or a Remote Desktop Protocol (RDP). Taking a deeper look into these external exposures, they are classified in two ways:
1. “External Vulnerabilities” which could have been mitigated through publicly available security patches and software updates. In these instances, a threat actor utilized a known vulnerability to gain access to the network before the internal organization was able to patch the system. In Q1 57% of total incidents were caused by the exploitation of external vulnerabilities.
2. “Risky External Exposures” which are IT practices such as leaving a Remote Desktop Protocol (RDP) port open to the public internet. These behaviors are considered “risky” because the mitigation relies on an organization’s continued security vigilance and willingness to enforce consistent standards over long periods of time. In Q1, 25% of total incidents Tetra Defense handled were caused by risky external exposures.
That’s not good at all. Mark Bower, VP of Product Management of Anjuna Security had this comment:
“The report once again highlights the simple fact that in an ideal world, enterprises would patch and monitor untrusted compute and networks to keep data safe from leakage, but in truth it’s impossible to continuously down tools and close all risk gaps that affect modern business success. Vulnerabilities exist because they are discovered – but until that point, they are also exploitable holes in systems or processes. However, modern computing today is beginning to provide fresh new approaches to address risks like this, and we will start to see that at scale and in short order with compute ecosystems that shrink attack surfaces inherently for data at rest, in motion and in use.”
Hopefully enterprises of all sizes read this report and take action to secure themselves. Otherwise, they are prime targets for threat actors who are out to make them the next headline.
UPDATE: Aimei Wei, CTO and Co-founder of Stellar Cyber adds this:
“External vulnerabilities and risky external exposures accounted for 82% of the incidents responded by Tetra Defense in Q1 2022. This highlights the critical need for having a threat detection and response system that continuously detect the vulnerabilities and exposed risks (such as RDP port open to the public) and respond automatically. Patching definitely pays off for known vulnerabilities. It greatly reduces the attack surface. However, it is hard to guarantee that the patch is always immediately available for the software version you are using and can be applied in time. Organization’s continued security vigilance and enforcement of standards can dramatically reduce the chances for exploitation from exposed risks. However, the exposed risk, even for a short period of time, may still be exploited. Having a detection and response system that can continuously monitor the environment, detect the exploitation and stops the attack from progression to an incident covers the cases missed by not in-time patch or not consistent enforcement or short period of time for exposed risks.”
In the wake of the US Supreme Court overturning reproductive rights, there is now a legitimate concern that prosecutors getting access to data from period tracking apps and other apps like search engines and text messages is a real possibility. Under some state legislation, it could even be illegal to send a text message offering help or support. Via CNN:
A wave of new legislation taking aim at abortion rights across the country is raising concerns about the potential use of personal data to punish people who seek information about or access to abortion services online.
In some of the most restrictive states, digital rights experts warn that people’s search histories, location data, messages and other digital information could be used by law enforcement agencies investigating or prosecuting abortion-related cases.
Concerns about the digital privacy implications of abortion restrictions come amid a movement by Republican-controlled states, including Georgia, Texas, Mississippi and Oklahoma, in recent years to pass laws severely curtailing access to the service. And they take on additional significance following the leak Monday of the Supreme Court draft opinion that would overturn Roe v. Wade, which guarantees a person’s Constitutional right to terminate a pregnancy before viability (usually around 24 weeks). Overturning the landmark 1973 court ruling would transform the landscape of reproductive health in America, leaving abortion policy up to individual states and potentially paving the way for more than 20 states to pass new laws restricting abortions.
That story from CNN was published before The US Supreme Court struck down reproductive rights. Now in the wake of that decision, states are moving ahead with this sort of legislation. That has led Democrats to pursue legislation to provide legal protection for the privacy of this data. But in the here and now, the risk is still very real. Jake Williams, Executive Director of Threat Intelligence, SCYTHE provides this view and advice:
Search providers are required to comply with subpoenas from law enforcement when the search results themselves are evidence of a crime. Given the rapidly changing laws around access to abortion, searches for abortion and abortion related topics can be risky. While some have recommend searching using private browsing (or Incognito mode), these searches are still tied to your IP address. Ownership or use of the IP can be revealed through your ISP or mobile provider. You should ideally use a VPN when searching for legally ambiguous topics. Some past subpoenas have relied on geofencing to locate mobile phone subscribers within a particular area. It is also conceivable that this technique will be used to identify those who have traveled to a specific location where abortion or abortion related services are offered.
This is a troubling time for American women as things have moved into a place that is more akin to the Margret Atwood novel “The Handmaid’s Tale“. Thus it makes sense that anyone in this position take reasonable precautions to ensure their safety.
Posted in Commentary with tags Venafi on June 30, 2022 by itnerd
Venafi, the inventor and leading provider of machine identity management, today announced the findings of a new crawler report from security researcher and TLS expert, Scott Helme. The report, which Venafi sponsored, evaluates the use of encryption across the world’s top one million sites over the last six months and reveals the need for a control plane to automate the management of machine identities in increasingly complex cloud environments.
The research suggests that while progress has been made in some areas, more education is needed to ensure that machine identities are used in the most effective way to protect our online world:
Use of TLSv1.2 has declined by 13% over the last six months, with v1.3 in use by almost 50% of sites — more than twice as many sites as v1.2. The adoption of v1.3 is being driven by widespread digital transformation. initiatives, cloud migration and new cloud native stacks that default to v1.3.
Even though organizations are adopting stronger TLS protocols, they are failing to couple this with a move to stronger keys for TLS machine identities.
Industry-standard ECDSA keys are now used by just 17% of websites — up from 14% six months ago. Slower, less secure RSA keys are still used by 39% of the top one million websites.
Growth in the adoption of HTTPS has plateaued at 72% — the same level as in December.
Let’s Encrypt continues to be the Certificate Authority (CA) of choice for the top one million, but Cloudflare is making up ground. This uptake seems to be the driving force behind TLS v1.3 adoption, with 50% of the websites deploying v1.3 doing so through Cloudflare. The decline in use of Extended Validation (EV) certificates has also continued, with a 16% decrease in the past six months, following changes from browser makers that dramatically reduced the value of EV certificates to website owners.
There is some good news in this analysis. The data suggests that organizations are taking more steps to manage their machine identity environments. Since December, there has also been a 13% increase in the number of sites making use of Certificate Authority authorization (CAA), which enables companies to create a list of approved CAs that can be used within their organizations. The adoption of this control is a positive sign that organizations seem aware of the importance of machine identities in overall security and are showing increased vigilance in the ways in which they manage them.
For more information on the report please visit the blog.
Followers of my Twitter account might have seen me take a few pictures of all the red tech items that my wife owns:
My wife has joined the @dbrand family by getting a red and platinum skin for her new 2021 MacBook Pro. Here it is with my MacBook Pro which also has a @dbrand skin on it for comparison. Though I didn't do the bottom of my MacBook Pro as I wanted to see the text on the bottom. pic.twitter.com/s1mUaLx24D
However she recently got a set of AirPods Pro and I wanted to give them the same red treatment. But I wanted to do something different that I wouldn’t get roasted over she would appreciate. So after some looking around, I came across an Etsy seller called MorfCraftStudio which sells a leather AirPods Pro case that you can get in many colours and even customize. I got it red (no shock there) and put my wife’s name on it:
The outside is leather and you can actually smell it. It feels like a quality product and appears to be put together well. The inside of the case is crafted from high-impact resistant plastic so that if you drop it, the AirPod Pros and the case will be safe. You can see a ring to allow you to put a carabiner or keyring on it.
The inside of the top half of the case has adhesive that allows you to stick it to your AirPods Pro Case.
The bottom half is friction fit to the AirPods Pro case. And I can say it isn’t coming off easily when you slide it off. You can also see the hole for the Lightning cable that charges the AirPods Pro.
You can also see that the indicator light for the AirPods Pro is still visible.
The bottom line is that this is a well designed product. Clearly a lot of effort went into making this. Installation took a couple of minutes at most and the net result is that you have an AirPods Pro case that feels good in the hands and looks unique. And that look will likely get even more unique as it will patina over time. I will note that the corners do not line up perfectly because it’s leather and handmade. But that is an extremely minor grip for a product that I have no issues recommending to you.
Pricing starts at $26.59 USD (though these are currently on sale for 30% off as I type this). Add engraving and the price jumps $39.86 USD (again these are currently on sale for 30%). And there’s shipping on top of that. But given the quality of this case, I think it is well worth the price.
In the last few days I have become aware of three versions of a scam involving Norton products that you need to be aware of. All of them have the same theme. You’ve renewed your subscription for some Norton product and if you need further information or you want to dispute it, it provides a number to call. It will look something like this:
Now I took out the email header to preserve my client’s privacy, but there are three things that you should be aware if. The most important thing to be aware of is if you do not have an active subscription to a Norton product, do not call the number in the email. Beyond that, if you look at who sent it, you’ll likely see that it was sent from an email account other than Norton.com. That’s a big hint that this is a scam. The third thing that you should note is if you look at the quality of the English used in the email, it’s poor. And on top of that it creates a sense of urgency to get you to call the number. Which you should not do. In short, this is likely a phishing attempt to get your credit card details at the very least. Or further to that, create the conditions to access your computer to do who knows what to it.
The second version of this scam is something that I came across over the weekend when a older couple phoned me in a panic after getting an email with a PDF attached that looked like this:
Now I suspect that the scammers behind this one have moved to using a PDF because it is less likely to be picked up by an ISP’s spam filter. But other than that, it’s the same scam. And in the case of this older couple, it almost cost them $13,000 Canadian and caused them all sorts of grief when the scammer got hostile with them. I am working on a write up about this and that will be out in the coming days. But I will say that this illustrates how dangerous these sorts of scams can be.
The final version of this scam is extremely dangerous. Let’s start with the email that you will get:
You’ll note that like the second scam, you’ll get an email with an attachment. In this case an ISO file which is a disk image file that is commonly used to burn CD, DVDs or act as a container for software. It’s the latter that the scammer is using this for because if you open the ISO file (which by the way I absolutely do not recommend that you do), you will see this:
The first file that ends in .DLL is something that should set off alarm bells. Further investigation on my part shows that this is designed to deliver a virus payload to a Windows computer. And what sort of payload is it? Well, I will get to that in a moment. But let me get to the part about what happens when you use VirusTotal which is a website that analyze suspicious files, domains, IPs and URLs to detect malware and other breaches and automatically share them with the security community:
In this case, the payload was only detected by 6 of 66 virus scanners. Which is bad as that implies that this virus payload is ether new or new and improved. I am guessing the latter, but in either case, this underlines why you should never, ever click on anything in a suspicious email.
But what is the payload? This based on this write up suggests that this is a trojan that in short is designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. But because I could not identify the exact trojan in use here, it may do other things that are even more dangerous.
The other thing that I will note is that there’s a phone number in the email. That suggest to me that the the person behind this will also act in the same manner as the first two Norton scams. Something that I briefly looked into by phoning the number and getting a supposed employee of Norton with an Indian accent.
That covers these Norton billing scams that you should be aware of. In the coming days, I will be doing a write up about the second scam in detail so that you can see what the scumbags behind these scams will do to you if you fall for these scams. And I will also be doing a more detailed investigation of the third scam to see if I can get any additional details that I will share with you in hopes of keeping you safe. So stay tuned for all of that. But in the meantime, be careful out there folks.
UPDATE: Well, investigating the third scam didn’t last long.
I phoned the number that was listed in the third scam (which for the record you should never ever do) using a phone that doesn’t allow the caller ID to be shown at their end and the phone was answered by someone with an Indian accent claiming to be working for the “Norton LifeLock Cancellation Department”. I then pretended to be someone who had gotten the email and asked the guy why I have got charged. He then proceeded to try and supposedly help me to cancel the subscription to Norton LifeLock which of course I didn’t have a subscription to said product. I guess it was at that point he noticed that I was calling from a blocked number and hung up the phone. I tried two more times and got two more people with Indian accents and got the same results. I am guessing that their playbook involves grabbing the phone number so that they can call back if they have to, or to use it to perpetrate future scams, or both. I am also guessing that if they see that the number is blocked, they see it as a threat and they hang up the phone.
So my take away is that they don’t get you with the virus, they’re going to get you if you call the number. Thus don’t fall into either of those traps by not opening any attachment that you get in any email that might be suspicious, or phoning any number that is associated with an email like this.
Posted in Commentary with tags Waze on June 29, 2022 by itnerd
Craving a different type of drive this summer? Go on a high-seas adventure without stepping off land. Activate Waze’s latest driving experience, inspired by Netflix’s newest movie, “The Sea Beast.” (Check out the trailer and the film on Netflix July 8.)
Starting today, you’ll meet the dynamic duo of Maisie, a precocious stowaway, and Blue, a little beast with a huge mischief streak, and revel in the unlikely comedy of their friendship as they help you navigate every turn you take on Waze. And don’t worry: Maisie will help translate Blue’s sounds for you. You’ll also get to know some other Beasts that they find on their journey when you choose between three new Moods: Blue, Red and Yellow. Don’t forget to swap your vehicle for a Lifeboat, to get into the true adventurer’s spirit.
With Sea Beast Mode activated, get ready to explore the world together, on a journey full of surprise, wonder and funny banter — because where the map ends, the adventure begins.
If you’re interested in seeing the magic in real life, Netflix is hosting a series of experiences across the U.S. at aquariums, museums and more to celebrate the launch of The Sea Beast.
For a drive that takes you to the seas, visit Waze or click “My Waze” in your Waze app and tap the “Turn on Sea Beast Mode” banner to activate. It’s available globally, in English, for a limited time.
Posted in Commentary with tags Nikon on June 29, 2022 by itnerd
Nikon’s newest Z 30 mirrorless camera is designed specifically for video content creators, vloggers and streamers. This small, lightweight, feature-packed camera applies Nikon’s expertise in all things imaging, giving creators the ability to easily produce the kind of video content that gets noticed.
With the Nikon Z 30, it’s simple to consistently create professional-looking 4K UHD video to get the look you want, with sharp focus, beautiful blurred backgrounds and appealing audio- all on the first take. Swivel front-facing LCD and REC lamp? Got it. Mic input? Better low light performance? Of course. Even though it’s got an affordable price and simple controls, the Z 30 is packed with more advanced features that level up with you, helping to take your content and your channel further.
Creator-Centric Features That Make Sense:
Front-facing Vari-Angle touchscreen-LCD lets you see yourself in the scene as you compose your shots, confirm the frame, adjust focus and make sure you are always camera-ready. The bright 3.0 inch high-res screen will also feel familiar with the ability to swipe, pinch and zoom through playback and menus, while it also tilts to easily frame unique angles from below the hip or from above.
The Nikon Z 30 and NIKKOR Z lenses help you create soft, blurred backgrounds that are a hallmark of higher quality content. The main subject remains sharp, in order to draw your viewer’s attention toward you or anything you want them to see, whether it’s a face or prominent product shot.
Reliably fast and sharp autofocus keeps you in focus, precisely following as you move around the scene, with the added benefit of Eye Detection AF.
REC lamp acts as a tally light, illuminating on the front of the camera to confirm recording and peace of mind.
Higher quality audio enhances your content thanks to a built-in stereo microphone, plus an additional input for using a more powerful external stereo or directional microphone.
Get it all in one take with more than two hours (125 minutes) of recording time, which is ideal for longer videos such as an extensive DIY.
Superior low light performance gives you the freedom to shoot indoors, when it’s cloudy or at night, for clear and sharp video, with minimal noise and fast focus. Even in low light, the full-time focus will continuously track you while walking with the screen in self-portrait mode. The ISO range goes up to 25600 for video and 51200 for photos, enabling sharp rendering of details and textures in lower light.
Sharp video quality at up to 4K 30P UHD with plenty of room to punch in, or Full HD up to 120P to easily create dramatic slow-motion. What you see is what you get, as the Z 30 captures 4K with no additional crop so you don’t lose any of your frame.
Get the look you want withthe Picture Control Auto function, which adjusts the video settings according to the scene. There are also 20 different types of Creative Picture Controls to add creative flair to video, and eliminate the need for extra colour grading.
Using Nikon’s precise colour profiling, scenes and skin tones are reproduced naturally and accurately straight out of camera, with a genuinely inviting vibe that’s never cold or clinical.
Record on widely available SD cards, which come in a variety of large sizes.
Keep the camera running using an external USB-C power source, a great feature that can eliminate the need to swap batteries during a shoot. The camera works with Nikon’s free Webcam Utility streaming software to integrate for streaming or web conferences.
Minimalist, lightweight design that is easy to carry and vlog with. This is the smallest and lightest Z series mirrorless camera ever made. The form factor and weight is made for content creation, vlogging and streaming. It’s balanced and comfortable to hold for long periods of time and small enough to pack. Simple dials give you complete control of settings like aperture and shutter speed for a desired effect.
Always connected to your phone (iOS or Android) for easy automatic transfer of images using the free Nikon SnapBridge App. If your workflow is editing and posting from your phone, you can also connect to wirelessly send videos from the Z 30 to your device. Using the app, you can also use your phone as a remote control to start and stop your recording, when you are in front of the camera.
Superb Still-Camera Features
Create better thumbnails and cross-promote posts for your other channels that drive to your video content using the Z 30. The 20 megapixel APS-C /DX-format CMOS sensor captures super-sharp and high-res still images, in any kind of light. Whether you’re shooting a once in a lifetime landscape shot, a cooking close up , the Milky Way at midnight or a gorgeous portrait, users have the option to use fully automatic modes or get creative with advanced settings. The Z 30 is also incredibly fast, with the ability to capture people and pets at up to 11 fps3. What’s more, if you love what you’re seeing in the LCD, you can even snap a selfie while recording video.
Creativity Has No Limits with NIKKOR Z Lenses
The Z 30 is an interchangeable lens mirrorless camera that opens up an exciting world of possibilities with a wide array of NIKKOR Z lenses, from super–wide lenses for interiors, small spaces and landscapes, incredibly close macro for tiny details on products, or far away action with a telephoto lens. NIKKOR Z glass is specially designed to address the needs of video creators with silent operation, and by minimizing the breathing effect during focusing, while delivering gorgeously rendered colours for a true-to-life experience. Creators can choose a growing collection of more than 30 NIKKOR Z lenses, including:
NIKKOR Z DX 16-50mm f/3.5-6.3 VR Lens (included in all Z 30 kits, except when body is sold separately): The Z 30 comes with this extremely small yet versatile zoom lens, that’s great for wide angles, especially when talking directly to the camera. It also features built-in VR (vibration reduction) image stabilization to help create smooth footage and sharp images, even when handheld.
NIKKOR Z DX 50-250mm f/4.5-6.3 VR Lens: Lightweight long zoom lens option with built-in VR that’s great for shots that require extra reach, such as sports and animals.
NIKKOR Z 40mm f/2 and 28mm f/2.8: Super-compact “walk-around” primes that are perfect for flattering portraits, casual shooting, travel and discrete street snaps.
NIKKOR Z MC 50mm f/2.8: A fantastic macro lens lets you get closer to the things you love to get all of the details. Great for food shots, product shots, nature images and more.
Pricing and Availability
The new Nikon Z 30 will be available in mid-July 2022 in a variety of kit configurations: As a body only for a Manufacturer’s Suggested Retail Price (MSRP) of $879.95, or with a NIKKOR Z DX 16-50mm f/3.5-6.3 lens for $1,049.95 MSRP. Nikon will also offer a Creators Accessory Kit for $149.95 MSRP, which will include a SmallRig Tripod Grip, the ML-L7 bluetooth remote control, plus the Rode VideoMicro Microphone. A hot shoe-mounted Wind Muff for the built-in microphone will also be available for $14.95 MSRP.
For more information about the latest Nikon products, including other NIKKOR Z lenses and the entire collection of Z series cameras, please visit www.nikon.ca.
The Roe v. Wade overturn destroyed 50 years of progress in women’s rights to privacy and the ability to choose for themselves.
According to the data collected by the Atlas VPN team, apps dedicated to women’s health, like pregnancy or period trackers, heavily collect sensitive data and share it with third parties. After the Supreme Court in the US overturned Roe v. Wade, information gathered from these apps could be used as evidence for getting an abortion.
A few most popular women’s health apps stand out when looking at trackers. Pregnancy App & Baby Tracker (Babycenter) has 15 trackers on their Android and 20 trackers on iOS applications.
Pregnancy Tracker & baby app WTE has 7 and 22 trackers on its Android and iOS versions, respectively.
Flo Period tracker & calendar app seems to have 2 trackers, the least among Android apps. At the same time, the MeetYou Period Tracker application has 3, the least amount of trackers among women’s health apps on iOS devices.
Permissions spy on your data
Permissions help the user regulate and control which system and device functions the application can access.
MeetYou Period Tracker has 36 permissions on their Android app, 8 of which could be considered dangerous. The iOS application requires 7 permissions, giving access to data that can be used to track you.
Pregnancy Tracker & baby app WTE on Android devices has 19 permissions (3 dangerous), meanwhile, the iOS version has 9. The least amount of permissions on Android and iOS devices can be found in the Spot on period tracker, 7 and 4, respectively.
During our research, we found some apps that even ask for permissions to access your search history and contact information, like your name and email address. Later on, this data could be sold to third-party services and used against women who are considering getting an abortion.
Here’s An Example As To Why Scams Are So Dangerous
Posted in Commentary with tags Scam on July 1, 2022 by itnerdFrequent readers of this blog know that I spend a lot of time investigating, and telling you about the scams that I come across. Here’s some of the scams that I have been involved in addressing to show you examples of what ends up on my plate. The reason why I do this is that I know that they are very dangerous and I don’t want people to be taken advantage of. Also, by publicizing them, they become less effective as people will be aware of them. However the people behind these scams are good evolving these scams which means that your head always has to be on a swivel or bad things will happen to you.
Here’s an example of something really bad that happened to an elderly couple.
I got a phone call last week from a woman who was referred to by another client of mine. She was hysterical and in a complete panic. Once I was able to calm her down, she explained that she got an email from “Norton” about a subscription to one of their products that she was being charged for. She then called the number that was in the email to dispute the charges. That led to the person on the other end of the line getting access to not only her computer, but her bank account. And if it wasn’t for the people at her local bank branch stepping in, she would have lost $13,000. Beyond that, her computer had been “locked” by the scammer, and she needed my help to fix it.
Now my future self will step in here and tell you about the email that she got. The email that she received was clearly a Norton billing phishing email that I spoke about here. Specially it was the second variant where they attach the “hook” for the phishing attempt in a PDF so that it will evade spam filters. Unfortunately she got hooked and the scam was on from there.
When I arrived at this couple’s home, I found this:
She said that she never had a password on the computer before. But after the scammers had been on it, there was a password. It’s pretty ballsy for the scammer to leave a name as the password hint (which by the way is a fake name as the name Sam Wilson is the real name of the Marvel Comic book/movie superhero The Falcon) and a phone number. But it highlights that the scammer wants to hold the computer hostage to get paid. This is something that is becoming increasingly common where the scammer will take a computer that doesn’t have a password and change it so that in effect, they are holding the computer hostage in exchange for paying them. And it makes sense for a scammer to do because this computer had pictures of the grandkids and the like on it. That’s valuable for seniors and they would likely pay up to get that back.
Now I have come across another instance of this here, and I will copy and paste the advice from that story that will ensure that you aren’t a victim of this for your review:
While I understand that many of you out there want to be able to flip on your computer and bang out that email, you should never, ever compromise your security or it may not end well for you. You should always add a password to the user account that you set up, and you should never set it up to auto login. That way if you come across dirtbags like these, they can’t change your password because they would have to know your password to do it. Which they won’t. You can look at a tutorial like this to walk you through how best to set a password.
I ended up taking the computer to my home office to try and get past that. Fortunately I have access to the Microsoft DaRT toolkit. It contains a utility called “locksmith” which allows you to reset any local account on the computer. Now not anybody can have access to this toolkit as it is part of the Microsoft Desktop Optimization Pack (MDOP), a dynamic solution available to Software Assurance customers that helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. But one of my clients happens to be a part of Software Assurance which is how I got a copy of this toolkit. That means if you are in this situation, you may have to do some legwork to find someone who has this toolkit to assist you.
Using DaRT’s “locksmith” utility, I removed the password. Then I was able to look around the system. The next thing that I noticed was in the list of the installed programs:
The circled program is called AnyDesk which is a help desk application that many scammers use because it has remote access capabilities. That gives the scammer remote access to the computer anytime they want it. Which of course is bad. Thus I removed it. I also note that there was a compromised version of AVG antivirus on the machine. So I removed it and the AVG Secure Browser to be safe. The next thing that I did is that I used multiple antivirus apps to scan the computer for anything else that might have been lurking around. I didn’t find anything. I should note that all of this was done without the computer connected to the Internet. The reason for that was that I didn’t want to introduce the chance that anything else would pop onto the computer, or the scammer could get control again.
My next step was to reconstruct what happened. The reason for that was due to the fact that this couple’s children wanted to know what happened so that they could help their parents not get scammed again. That was made very easy due to the browser history being left intact. Here’s the play by play.
The victim opens the phishing email and reads it. Then calls the number. I know this because the email in question was the last email that was read. The victim gets the scammer on the phone and then the scammer goes to work. First he connects to the computer using a tool called SupRemo which is a zero configuration remote access tool designed for quick remote access. But I didn’t find any trace of this on the computer which makes me guess that they were not successful in installing it. That made the scammer go to AnyDesk and used that to gain control of the computer.
From there, I assume that the victim complained about the email that is telling her that she is supposedly being billed for Norton. That’s where I suspect that the scammer offers to help her to cancel this. Which led to the scammer taking her to this page:
Now this page looks official. But the reality was that it was a Google Docs Form. The big hint was that it says “Sign in to Google” in this picture. I am guessing that the scam involves walking the victim through “cancelling” their service with Norton via filling out this form. I looked at this form and it collects a ton of personal information including the date of birth. That’s makes identity theft a real possibility.
When the victim is done filling out the form, they get this:
This is where I suspect that the scammer convinces the victim to check her bank account for the refund. And that’s what happened here as here’s what happened next:
From what I understand happened next, the scammer over the next four hours tries to extract $13000 from her bank account from transferring it from the victim’s husband’s account to her account, to the scammer’s account. But clearly that failed which is why she was then directed to go the bank to make this happen. The scammer then printed the bank account numbers in Thailand to send the money to and sent her on her way. Fortunately, the bank was on the ball and put a stop to this. But she left the computer on which allowed the scammer to lock the computer when they did not get their money by changing the password so that they could hold it hostage.
The final thing that the scammers did was to trash the settings in their email program. But with the help of Rogers who truly went above and beyond here in not only sorting out what turned out to be a password issue because Rogers smartly uses app specific passwords, but also helping this couple with tips on how to not get scammed in the future which I will link to here, I was able to get their email setup and working again. And I was able to verify that their email wasn’t being redirected elsewhere. At this point the computer was back to normal. And one follow up a few days later confirmed that. As a precaution, the children set up Equifax credit monitoring due to the fact that so much personal information was shared.
Total time invested, four hours. So job done right?
No. I wanted to find out what how this scam worked. Thus, I decided to phone the number from a phone that has the caller ID blocked to get that understanding. Which by the way you should NEVER EVER DO. I got a person on the line who sounded Asian. Possibly from Thailand which would be consistent with the bank accounts that the victim was supplied with being from Thailand. The person online then asked me for some details from the supposed invoice in PDF form that I got. Here’s an image of the PDF:
He asked me for the Invoice number. And then proceeded to explain to me that I got this invoice because I had Norton 360 installed on my computer when I bought it and it is set to auto renew. He then explained that needed to get access to my computer to turn off an “auto renewal setting” and to walk me through a cancellation form. At this point I am pretty sure that if I decided to play along further, he would have tried to connect via the remote access software that I spoke of earlier and proceeded to do their evil work. But I cut it short and hung up.
Now I can see why this scam would be effective. Someone like me would know that there is no such thing as an “auto renewal setting” in antivirus software. But this person who is the victim here is 85 years old. So they, never mind the average computer user wouldn’t know that. Plus while computers from companies like HP, Dell, and Lenovo do come with antivirus software when you buy them, they are either free for life, or they are free for one year or so and then present you an offer to pay to continue to use it. They will never bill you in the manner of emailing you an invoice and saying that it will auto renew because they don’t have that info. But again, if you’re not aware of that, you might get sucked in.
So, how can you avoid being scammed. Well I have a lot of info on that here along with info on what to do if you have been scammed. But let me sum it up:
These days you have to be really careful as scammers are becoming increasingly sophisticated. And the second you let your guard down, it can really cost you. In this case, it almost cost an elderly couple $13000. But luckily it didn’t. Thus hopefully this illustrates how dangerous these scams can be so that you can protect yourself accordingly.
Leave a comment »