Archive for January, 2020

« Older Entries
Newer Entries »

Latest Trend Micro Report Helps Protect Industrial Environments By Trapping Malicious Attackers

Posted in Commentary with tags on January 21, 2020 by itnerd

Trend Micro today announced the results of a six-month honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits.

The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

To better understand the attacks targeting ICS environments, Trend Micro Research created a highly realistic, industrial prototyping company. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.

Trend Micro urges smart factory owners to minimize the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices. In addition, implementing cybersecurity solutions designed for factories, like those offered by Trend Micro, can help further mitigate the risk of attack.

To read more about the research, including the design and deployment of the honeypot itself, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot.

Leave a comment »

OVHcloud Launches Its New Range Of Game servers In Canada & Beyond

Posted in Commentary with tags on January 21, 2020 by itnerd

As part of the complete revamping of its bare metal offering, OVHcloud today announced the launch of a brand-new range of Game servers. Entirely based on latest-generation components, the new range is powered by the latest AMD Ryzen 3000 processors to provide the highest performance in the gaming market. It will appeal not only to gamers but also to resellers and video processing professionals looking for powerful servers.

With this new range, OVHcloud offers high-performance business-grade servers powered by AMD Ryzen processors, initially designed for desktop computers. Through a strong partnership between OVHcloud and AMD, the leading European cloud provider enables its customers to fully utilize AMD’s processors.

OVHcloud maintains unique expertise in server cooling, with a watercooling system that has been developed in-house and deployed in its own data centres since 2003. When combined with optimized air flows, this system makes it possible to remove the use of air conditioning from data centres. Thanks to this high-performing process, OVHcloud is the only cloud provider able to cool AMD Ryzen processors optimally in order to use maximum frequencies for all cores.

  • The Game 1 range is available in OVHcloud’s data centres in Canada, the United States and Europe. Powered by Ryzen 5 3600X processors, these servers are intended for consumers, students and tech-savvy users who want to host games online.
  • The Game 2 range is powered by Ryzen 7 3800X processors and available in OVHcloud’s data centres in the United States, in addition to France. Game 2 servers will also be deployed in Canadian and European-based data centres in the coming months.
  • The Game 3 range is based on Ryzen 9 processors. These servers will be available as of February 2020 in OVHcloud’s French-based data centres.

Both Game 2 and 3 servers are designed for professionals who want to host multiple online games via the same computer. These servers will be ideally suited to the needs of video publishers, community managers and professionals that handle creative workloads.

All Game servers provide benefits that are unique to OVHcloud, including ECC memory, IPMI/KVM, watercooling, up to 1 Gbps public bandwidth, unlimited traffic, industry-first built-in Game anti-DDoS protection, and the company’s own global network with 20 Tbps capacity.

 

Leave a comment »

Keyfactor Announces DevOps Integrations With Ansible, Docker, HashiCorp, Jenkins and Kubernetes

Posted in Commentary with tags on January 21, 2020 by itnerd

Keyfactor today announced DevOps integrations with automation and containerization industry leaders Ansible, Docker, HashiCorp, Jenkins and Kubernetes to offer security-first services and solutions designed to seamlessly integrate with existing enterprise tools and applications.

A rise in cryptographic-based attacks, like last year’s ASUS attack, exploit third-party software and its digital certificates, allowing attackers to connect to sensitive backend systems or push malware through updater tools. Recent research indicates a 39% likelihood that organizations will experience a similar server certificate or key misuse incident over the next two years.

According to research firm Gartner Inc., “proper secrets management, including certificate and key management, is crucial to security agile applications.”1

Digital certificates have long played an integral – if not routine – role in DevOps workflows, securing authentication across users, devices and applications. The secure identities the certificates establish reinforce key DevOps practices within infrastructure, pipeline, code and microservices integration, thereby bridging the DevSecOps gap and the ability to mitigate security risk.

Keyfactor offers cloud-hosted PKI-as-a-Service infrastructure through integrated certificate and key management, secure signing and secure IoT device design. The platform provides discovery, integration and orchestration capabilities, enabling teams to gain complete crypto-agility, extensibility and visibility.

Leave a comment »

Is LastPass Down? That Depends On Who You Ask…. [UPDATED]

Posted in Commentary with tags on January 21, 2020 by itnerd

LastPass has been suffering from a major outage as users are reporting being unable to log into their accounts and autofill passwords. What’s odd is the company insists that everything is working properly, even though there’s an unusually high number of users reporting issues:

User reports about login issues have been flooding Twitter, but also the company’s forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: “An error has occurred while contacting the LastPass server. Please try again later.” Both home and enterprise users are impacted. According to reports, LastPass’ support staff has been either non-responsive, or denying reports of any technical issue happening at all. Despite issues being reported as far back as three days, the company has not updated its status page to reflect the incident, nor do they provided any type of explanation or useful help to their userbase.

According to multiple user on Twitter, the problems appear to impact only users with LastPass accounts dating to 2014, or prior. On DownDetector, a company spokesperson said the company was still investigating the incident, stating that there are no glaring issues with its servers — which suggests the roots of this outage might be in a software component. “We are aware of and actively investigating reports from some LastPass customers who are experiencing issues and receiving errors when attempting to log in. At this time no service issues have been identified.” Contacted by ZDNet, the company described the outage as “an isolated issue with limited impact” and said that “engineers are working to resolve the issue.”

I had a look at Twitter and there’s lots of evidence implies that whatever issue that LastPass is having is not on that has a “limited impact” which is exhibited by this Tweet:

However, there’s this that seems to imply that this is a bit overblown as per this Tweet:

So it isn’t clear if this is still an issue, or if this is overblown. I’m going to watch this, but if you have any feedback on this, please leave a comment as I am sure that lots of users of LastPass would like some clarity.

UPDATE: This article suggests that the issue is resolved. But I am also seeing Tweets like this:

That to me implies that the issue isn’t 100% solved. But I would love to hear from LastPass users to confirm if this issue is actually resolved.

Leave a comment »

Element AI announces Access Governor

Posted in Commentary with tags on January 20, 2020 by itnerd

Element AI today announced the general availability of its Access Governor product, the latest addition to the company’s growing portfolio of AI software solutions. Drawing on the end-user’s historical data, Access Governor analyzes, recommends, and manages the most appropriate information and location access rights for large groups of employees, so they can efficiently complete their jobs. The product allows the IT team to quickly authorize or revoke employee access and accounts, creating a safer, more orderly organization. Access Governor is available now through the Element AI sales group.

For years, businesses have struggled with regulating digital access control to data and facilities—especially businesses with high numbers of employees and external contractors.

Element AI has taken its applied research capabilities to create a software that will analyze and manage role-based access control for multiple ‘digital keychains’ with predictive pre-assembly and activation/revocation intelligence that can quickly facilitate access to the critical information and assets of any company.

While role-based access control systems have existed for a long time, rules and protocols had to be configured. This is a slow and inefficient process, with no intuition on the part of the access control layer. Many businesses end up having to manually configure and reconfigure rules each time there is a reorganization of employees or changes in the applications used. Access Governor brings in an additional layer of intelligence built on top of this process that looks at past patterns and current trends to empower any IT team to quickly adapt to employee additions, departures and changing contractor access rights.

For more information about Element AI Access Governor product, or to request a sales demo, contact: elementai.com/contact.

Leave a comment »

TekSavvy Tells Consumers To Pay Less To Connect

Posted in Commentary with tags on January 20, 2020 by itnerd

TekSavvy today urged Canadians to visit paylesstoconnect.ca to voice their support for a historic CRTC decision to lower Internet prices.  Canada’s Big Telcos, such as Bell and Rogers, petitioned the federal cabinet to cancel the decision and hike Internet prices instead. The Big Telcos’ price hike petitions are open for public comment until February 14.

fsdfsdfsa

The CRTC’s decision lowered the wholesale rates Big Telcos charge small ISPs, like TekSavvy. The CRTC found Big Telcos broke its rules and fabricated costs to inflate their rates for competitors, keeping prices high for Canadians. During its 4-year rate-setting process, the CRTC condemned the Big Telcos’ Internet rate-fixing as “very disturbing”, lowered their rates and ordered them to repay overbilled amounts back to March 2016 (estimated at $325 million).

The Government of Canada stood up for telecom consumers by directing the CRTC to promote competition, affordability and consumers’ interests. Following the CRTC’s decision, TekSavvy immediately began passing the benefits on to consumers, lowering Internet bills and upgrading services for hundreds of thousands of customers – until Big Telcos halted the CRTC’s decision in court.  The Big Telcos have since filed numerous appeals to overturn the decision and thwart any benefit to consumers or competition.

Visit Paylesstoconnect.ca to make your voice heard.

Leave a comment »

Opera Seems To Be In The Predatory Loan Business Besides Being A Browser Comany… WTF?

Posted in Commentary with tags on January 20, 2020 by itnerd

You might have heard of the Opera web browser. Or perhaps you might not have heard of it because its market share when compared to browsers like Chrome and Firefox is really small. I am guessing that this is affecting it’s revenue because according to Android Police, Opera has a new line of business. Predatory loans:

You may recall that Opera became a public company in mid-2017, shortly after it was purchased by a China-based investor group. Since then, Opera’s market share has continued to fall, due to the increasing dominance of Chrome. As a result, Opera decided to pivot to predatory short-term lending in Africa and Asia across four apps: OKash and OPesa in Kenya, CashBean in India, and OPay in Nigeria.

The apps have apparently remained available in the Play Store (except OPesa, which seems to be gone) by advertising different loan rates in the app description than users actually receive. For example, the listing for OKash stated its loans range from 91-365 days (the page now says 61-365 days), but an email response from the company stated it only offered loans from 15-29 days — significantly lower than the 60-day minimum enforced by Google. All of Opera’s other apps were also found to be in violation to varying extents.

If you think that’s bad, then buckle in! According to Play Store reviews, the OKash and OPesa apps sent text messages or calls to people in the user’s contacts when payments were late, threatening to take legal action or place the borrower on a credit blacklist. A former employee told Hindenburg Research that this practice ended last year “because it was said it was illegal.” That’s probably a good reason to stop doing something, right?

Opera is really scraping the bottom of the barrel here. I haven’t used Opera in years, and when it first appeared, it was a viable browser option for many. Now it is clear that the company who now owns them is pretty shady. Thus if I were you, I’d dump the Opera browser if you’re still running it because if this company does this sort of stuff, who knows what they are doing with the Opera browser. In the meantime, if you want an alternative to the browsers that are out there, try the Vivaldi browser as the team behind it is made up of Ex-Opera team members who left after the buyout. Or you can simply bite the bullet and try one of the usual suspects meaning Chrome, Firefox, or the new Edge browser. Because anything is better than what Opera is offering up to users.

Leave a comment »

Univar Solutions EMEA Leverages OpenText

Posted in Commentary with tags on January 20, 2020 by itnerd

OpenText today announced Univar Solutions EMEA, a leading distributor of chemical ingredients and services in Europe, is working with OpenText Professional Services to upgrade their deployment of OpenText Vendor Invoice Management for SAP Solutions to further transform its accounts payable operations with new AI, intelligent capture and automation capabilities.

OpenText Vendor Invoice Management for SAP routes invoices automatically to the right person for resolution, approval and payment. New enhancements to the solution will boost Univar Solutions EMEA’s operations by giving the company access to OCR line item recognition, improving invoice training and automating previous manual freight processing and costing.

Powerful optical character recognition combined with machine learning and intelligent automation enables content to be matched against supplier delivery notes. This helps Univar Solutions EMEA continuously identify and remove bottlenecks and automatically correct errors or inefficiencies before they impact customer satisfaction. Advanced analytics and reporting tools give Univar Solutions EMEA greater visibility over its accounts payable processes, helping ensure governance, compliance and clarity.

OpenText is SAP’s largest solution extension partner with more than 20 years of experience helping SAP customers with intelligent integrations for content-intensive business processes and models.

Leave a comment »

Seeing As The FBI Has Unlocked An iPhone 11, Why Do They Need Apple’s Help To Unlock An iPhone 5 & 7?

Posted in Commentary with tags , , on January 16, 2020 by itnerd

Following up on the latest Apple v. FBI fight where the FBI wants Apple to unlock an iPhone 5 and 7 that belongs to a suspect in a terror incident, despite they fact that the FBI has the ability to do this on their own without Apple’s involvement, comes news that the FBI has apparently got the capability to unlock an iPhone 11 which has far higher levels of security than the iPhone 5 and 7 that they want Apple to unlock:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone. 

So given the facts above, why precisely does the FBI need Apple’s help to unlock an iPhone 5 and 7 given that they’ve unlocked something way more sophisticated from a security standpoint?

They don’t need Apple’s help. This is simply a stunt to get Congress to force companies like Apple to weaken the encryption on smartphones, computers, or anything else so that they can have access to them at any time for any reason. Or put another way, the FBI wants a backdoor into your device. As I have mentioned before, this is a bad idea. And as reports like these come out that show that this is an incredibly cynical attempt to push a political agenda, I would hope that the blowback that results makes those who are pushing this political agenda think twice.

Leave a comment »

hayu launches on Telus Optik TV

Posted in Commentary with tags on January 15, 2020 by itnerd

Now, Canadians’ favourite reality TV shows are more accessible than ever: NBCUniversal International (NBCUI) and TELUS announce today that hayu – the all-reality subscription video- on-demand (SVOD) service – is available to all TELUS Optik TV customers in Western Canada. Canadians in B.C. and Alberta can access hayu directly within TELUS Optik TV, via either channel 336 or from the app home page. TELUS is the only carrier in Canada to offer customers a dedicated hayu app directly within the TV interface.

The addition of hayu to Optik TV’s theme pack options makes it even easier for reality TV fans to stream to their hearts’ content. In May 2019, TELUS launched a new, streamlined packaging structure for Optik TV which, for the first time in Canada, featured streaming services bundled directly within traditional TV packages. When Optik TV customers include hayu as part of their TV package, their hayu subscription fees will appear directly on their TELUS bill. Best of all, customers will pay less in total than with separate bills.

hayu delivers thousands of hours of top reality content, curated in one place, with more than 7,000 episodes from over 250 reality shows, including Keeping Up With the Kardashians, The Real Housewives and Million Dollar Listing franchises. The platform offers extensive choice, with a wide variety of unscripted sub genres including: Home and Design, Dating, Cooking, Crime, and Fashion – as well as nostalgic favourites like The Simple Life and exclusive content, such as Love Island (UK and Australia). Subscribers to the service don’t have to worry about spoilers as the majority of shows are available on hayu the same day they premiere on TV.

For more details, please visit telus.com/hayu.

Leave a comment »

« Older Entries
Newer Entries »