Archive for May 6, 2020

Sonos Announces Sonos Arc And Other Hardware & Software

Posted in Commentary with tags on May 6, 2020 by itnerd

Today, Sonos introduces Sonos Arc, the premium smart soundbar that brings immersive, cinema-quality sound to your living room. Arc builds on Sonos’ industry-leading innovations in home theater, a design elegant for the home with software-driven audio that immerses listeners in dramatic detail, crystal clear dialogue and impressive bass, featuring support for Dolby Atmos. Equally great for music and home theater, Arc is more than just a soundbar, delivering brilliant sound for TV, movies, gaming, music, podcasts, radio, and more.  

Alongside Arc, Sonos introduces additional updates for hardware and software: 

  • The new Sonos Sub (Gen 3) brings the same great sound performance and iconic design with updated internals, enabling even more. Sub (Gen 3) can be wirelessly paired with a Sonos speaker for even more bass for home theater or music. 
  • Introducing Sonos Five, an update to Play:5 (Gen 2). Five brings updated internals and design updates to Sonos’ most powerful speaker for music. The acoustic architecture and experience of Sonos Five remains consistent with its predecessor, with a fine-tuned monochromatic design.
  • The new S2 app and operating system will be available on June 8, enabling new experiences for customers including support for higher resolution audio, updated interface, and more personalization including saved room groups. Sonos Arc, Five, and Sub (Gen 3) will run exclusively on the new S2 app.

Sonos Arc ($999 CAD), Sonos Sub ($899 CAD) and Sonos Five ($599 CAD) are available for pre-order today on Sonos.com, and available globally starting June 10.

RDP Attacks Surged By 330% In The US Amid Pandemic: Atlas VPN

Posted in Commentary with tags on May 6, 2020 by itnerd

According to data extracted and analyzed by Atlas VPN, remote desktop protocol (RDP) attacks rocketed by 330% amid the COVID-19 pandemic.

The start of the RDP attack increase correlates almost entirely with the start of lockdowns. From March 10, 2020, RDP brute-force attacks spiked in practically all selected countries.

In the US, from March 10, 2020, until April 15, 2020, hackers carried out 32,299,662 remote desktop brute-force attacks. On average, throughout this period, there were 872,964 attacks daily.

Comparing the period of February 9 – March 9, 2020, to March 10 – April 10, 2020, the attacks in the US jumped by 330%

Over 148 million RDP attacks during the pandemic

From March 10, 2020, until April 15, 2020, hackers attacked users in the US, Spain, Italy, Germany, France, Russia, and China a total of over 148 million times combined.

During this period, hackers carried out 32,299,662 remote desktop brute-force attacks on individuals and organizations in the US. Meaning, the US is the most attacked country on the list. On average, there were 872,964 attacks daily in the US.

In Spain, throughout March 10-April 15, 2020, hackers attacked workstations and corporate servers 25,510,199 times. On average, hackers attacked users in Spain 689,465 times per day.

To read the full report, head over to: https://atlasvpn.com/blog/rdp-attacks-surged-by-330-in-the-us-amid-pandemic/

ESET Provides Advice On Not Being “Sextortion” Email Victim

Posted in Commentary with tags on May 6, 2020 by itnerd

A new “sextortion” campaign has been detected making the rounds in North America and Europe.

Discovered early last month, the spam emails that were detected by ESET’s research laboratory have been trying to dupe unwitting victims by referring to old passwords that have been part of old data breaches.

The new scam borrows, or rather builds upon, the previous versions. The scammers start with an alarming message right off the bat to get the victim’s attention, usually by including one of the victim’s old passwords that was probably stolen as part of a previous data breach. Moving on, the fraudsters claim that the victim’s device was infected by some form of malware when visiting a porn website, and that allowed them to obtain both the victim’s password and access to their device. The scammers then purport to have made a video of the victim and the alleged “not safe for work” content.

Once the cybercriminals have scared their potential victims enough, they demand a sum to be paid within 24 hours or the embarrassing video will be released. They usually want the payment to be made in bitcoin.

After analyzing some of the cases stemming from this new sextortion scam campaign, ESET researchers found that it probably started sometime around the 8th or 9th of April.

To help Canadians avoid these attacks, ESET has complied the following tips for detecting and avoiding sextortion scams:

Utilize Google

By simply googling the word scam in quotes, along with a phrase used in the suspect email you can easily investigate if people have received similar (fake) emails.

Contact your computer security vendor

There is a very good chance that their tech support may know about it already, and that the company is preparing to block the next wave of such attacks if not blocking them already. And if they are not aware of this variant, they will certainly want to know so that they may protect their customer.

Contact your email provider

Whether it is Gmail, Outlook, your company’s IT department, or some other entity, it’s not good to allow scams (one of many forms of spam) in their customers’ Inboxes. So, let them know, which will assist them to tweak their spam filters.

For more tips about online safety, please visit: www.welivesecurity.com

An Adult Site Exposes User Data…. Which Is Not The Exposure That Users Wanted

Posted in Commentary with tags on May 6, 2020 by itnerd

CAM4, a popular adult platform that advertises “free live sex cams,” misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs. According to Wired, the database exposed 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts — 10.88 billions records in all

First of all, very important distinction here: There’s no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn’t mean it wasn’t, but this is not an Ashley Madison–style meltdown. It’s the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse).

The mistake CAM4 made is also not unique. ElasticSearch server goofs have been the cause of countless high-profile data leaks. What typically happens: They’re intended for internal use only, but someone makes a configuration error that leaves it online with no password protection. “It’s a really common experience for me to see a lot of exposed ElasticSearch instances,” says security consultant Bob Diachenko, who has a long history of finding exposed databases. “The only surprise that came out of this is the data that is exposed this time.”

And there’s the rub. The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

This is not trivial. If you take the adult nature of what this site does out of the equation, this is a massive leak of data that could really have long term consequences for users of this site if this data was accessed. Which there isn’t evidence that it has been accessed. At least not at present. But if we start to see things like targeted attacks and extortion phishing emails start to pop up in users inboxes, then we’ll know that this has gone from bad to worse.

LinkedIn Releases Latest Survey Findings On Canadian Workforce Confidence

Posted in Commentary with tags on May 6, 2020 by itnerd

As wide-spread closures and social distancing continue to affect business in Canada, confidence among Canadian workers remains low. But sentiment is not outright negative according to LinkedIn’s latest Workforce Confidence Index, a biweekly snapshot of how workers are feeling about their job security, financial situation and their career in both the short and long-term.

So far, the index has polled 2,000+ LinkedIn members covering the weeks of April 1 – 7 and April 13 – 19, and uses a scale from -100 to +100 to reflect the sentiment of respondents and their expectations about the labour market.

Here are some of the major findings from the second edition of Canada’s Workforce Confidence Index:

  • Those working in the energy and mining industry were the least confident, driven largely by concerns over their personal finances and broader career outlook. The sector has recently faced mass layoffs as the industry grapples with a fresh plunge in oil prices. 
  • By contrast, members working in the software & IT services, public administration, and health care industries reported the highest confidence (+30), lifted by high scores in their current job security. 
  • Workers in construction were among the most likely to expect their companies to be worse off in six months. 
  • By contrast, members of the media and communications industry had very low confidence in the present, but were more optimistic about their companies’ short and long-term futures.
  • Active job seekers continue to feel less confident (+5) than the broader workforce, but there are signs their pessimism about recruiter response and job availability is bottoming out.
  • More Canadian companies are offering support for their employees’ emotional wellbeing (44%) than in the last poll (39%), and 31% are offering online learning resources, up from 27% previously.

Workforce Confidence Index Methodology

LinkedIn’s Workforce Confidence Index is based on a quantitative online survey that is distributed to members via email every two weeks. Roughly 1,000+ Canada-based members respond each wave. Members are randomly sampled and must be opted into research to participate. Students, stay-at-home partners & retirees are excluded from analysis so we’re able to get an accurate representation of those currently active in the workforce. We analyze data in aggregate and will always respect member privacy.

Data is weighted by engagement level, to ensure fair representation of various activity levels on the platform. The results represent the world as seen through the lens of LinkedIn’s membership; variances between LinkedIn’s membership & overall market population are not accounted for. Confidence index scores are calculated by assigning each respondent a score (-100, -50, 0, 50, 100) based on how much they agree or disagree with each of three statements, and then finding the composite average score across all statements. Scores are averaged across two waves of data collection to ensure an accurate trend reading. The three statements are: [Job Security] I feel confident about my ability to get or hold onto a job right now; [Finances] I feel confident about my ability to improve my financial situation in the next 6 months; [Career] I feel confident about my ability to progress in my career in the next year.