Archive for August, 2020

Introducing Batman & The Riddler To Waze

Posted in Commentary with tags on August 31, 2020 by itnerd

Your city needs you!  Waze, the everyday driving platform bringing together drivers to outsmart traffic, in partnership with Warner Bros. Consumer Products (WBCP) and DC, is introducing some epic forces of good and evil to the road – Batman and The Riddler.

From today, until October 31, 2020, activate the Batman experience on Waze and choose the side of DC Super Hero or Super-Villain by selecting the iconic voice of Batman (Kevin Conroy) or The Riddler (Wally Wingert) to guide you on your own adventures. Available globally in English, Spanish and Portuguese, you can follow The Riddler’s clues or enter “stealth mode” like Batman.

You can also change Waze car icons and hop in the Batmobile or The Riddler’s racer to guide you on your way, and select the Batman or The Riddler moods to heroically or cleverly outsmart traffic. And to complete the experience, you can listen to the Waze and DC Super Hero or Super-Villain playlists on Spotify while driving via the Waze Audio Player feature.

To access the new Batman and The Riddler features, visit here.
To drive with Batman and The Riddler while listening to their character-inspired songs on Spotify, visit here for Batman’s playlist, and here for The Riddler’s playlist.

For more information, or to download the Waze app, please visit this link.

Class Action Lawsuit Filed Over CRA Hack

Posted in Commentary with tags , on August 31, 2020 by itnerd

Given how easily hackers appear to have used the personal information of Canadians to get their hands on COVID-19 benefits and how shambolic the response has been, as well as how lame the security measures that were put in place after this hack, I am not at all surprised that there’s now a class action lawsuit over this whole affair. CBC News has the details:

The lawsuit alleges that a series of “failings” by the government and the Canada Revenue Agency (CRA) allowed at least three cyberattacks between mid-March and mid-August, but the public wasn’t alerted until CBC News broke the story on Aug. 15.

The Treasury Board and the CRA held a news briefing to confirm the security breaches Aug. 17.

The proposed class proceeding claims the delayed detection of the hacks caused the number of victims to balloon to at least 14,500.

“The actions of the [CRA] are reprehensible,” states the claim, “and showed a callous disregard for the rights of [victims].” 

It alleges the agency’s conduct was “a deliberate … departure from ordinary standards of decent behaviour, and as such merits punishment.”

The CRA has blamed “a vulnerability in security software” for the online breaches, and has said it wasn’t aware of the first cyberattack until Aug. 7.

The agency and the federal government have yet to file a legal response.

And what’s really interesting is the fact that the lawsuit alleges that the government was hasty in implementing COVID-19 benefits and didn’t take the time and effort to make sure that they could be securely delivered:

The legal action alleges the CERB and CESB were “implemented hastily,” without adequate security measures.

As a result, it claims hackers were able to steal the personal information of applicants — including social insurance numbers, home addresses, bank account details and tax information — and use the stolen data to impersonate victims, change addresses and direct deposit information and file fraudulent claims under the emergency programs.

The lawsuit alleges the victims have been hit with a double whammy: their aid applications have been frozen while the breaches are investigated, causing financial strain, plus they will have to guard against identity theft for the rest of their lives.

I’ve said before that people within the government need to be held accountable for this mess. A class action lawsuit is a great way to do that because assuming that the government doesn’t settle out of court first, all the facts will come out in court under oath. That’s not going to look good for those in the government who were responsible for this fiasco. I for one hope that the government loses big as protecting the personal information of Canadians needs to be their number one priority 100% of the time.

China Changes The Rules To Try And Block A Sale Of TikTok

Posted in Commentary with tags on August 31, 2020 by itnerd

The latest plot twist in the ongoing saga of Trump vs. TikTok is that the Chinese government has changed its rules on tech exports so that could outlaw the proposed TikTok sale to a US company. The Guardian has the details:

Late on Friday, Beijing issued new restrictions or bans on tech exports, requiring companies to seek government approval – a process that can take up to 30 days. In mid-August, Trump gave the company 90 days to sell up or face a shutdown.

The rules, which hadn’t been updated since 2008, are believed to be aimed at delaying the sale of TikTok to US buyers, as ordered by the US president.

Some technologies were removed from the list of regulated exports, including vaccine technologies, but the 23 new additions included tech relating to AI interfaces, voice recognition, and content recommendation analysis.

TikTok’s recommendation algorithm relies on domestic technology that might need to be transferred to a new overseas owner.

Well, that’s pretty crafty. And Professor Cui Fan, an expert on Chinese Trade had this to say:

Cui told news agency Xinhua China was not in favour of “decoupling” from the US, but “some forefront technologies, however, might impact national security and public welfare, and need to be included in catalogue management”.

Cui said ByteDance should “seriously and cautiously consider whether it is necessary to suspend the [TikTok sale negotiations]”.

Well, that’s likely to scare off potential buyers as well as inflame the situation. I would expect a response from Trump via his favorite medium to speak which is Twitter at any time as he’s likely not going to accept this.

Mujjo Serves Up A 15% Discount In Time For Back To School

Posted in Commentary with tags on August 29, 2020 by itnerd

Because most people should be returning to some normality, Mujjo wants to make sure that you have the best protection for your devices in this new academic year.

To that end, Mujjo is offering a 15% sitewide discount with the code: #backtoschool

Here’s some suggestions for you in terms of what’s on offer: 

Sleeves for the 13” and 15” Macbook Pro

Sleeves for the 16″ Macbook Pro

Leather (Wallet) Cases for iPhone 11, 11 Pro, 11 Pro Max

Full Leather Cases for iPhone Xs and Xs Max

And finally, Mujjo has a great pair of double insulated touchscreen gloves that are super warm. Check out my review here. For other suggestions, check out mujjo.com.

Epic Games Apple Developer Account Is Now Terminated

Posted in Commentary with tags on August 29, 2020 by itnerd

Apple said it was going to happen. And last night, it happened. Apple has terminated the developer account of Epic Games who tried to bypass Apple by offering up their own payment system so that they would make 30% more money. But the battle is far from over. Besides the court case, there’s the battle on Twitter. Apple gave a statement to several outlets including 9to5Mac.com, and Epic Games CEO Tim Sweeney responded:

Sweeney’s response is really rich considering everything that has come out about what Epic wanted from Apple, and the fact that they were expecting to get punted and had marketing material ready to go. Frankly, Epic Games can take a flying leap as far as I am concerned. They’re really tried a power play and failed. Now Eric Sweeney and his employees need to either make nice and take the judges suggestion and make things right.

Guest Post: ESET explains the recent CRA cyberattack and how Canadians can protect themselves

Posted in Commentary with tags on August 28, 2020 by itnerd

Last week, cybercriminals set their sights on the Canadian government when several government services were disabled following a series of cyberattacks.

On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. The GCKey allows Canadians to access several Government of Canada online programs and services, including Employment Insurance services and Canada Emergency Response Benefit (CERB) payments, a support program for employees who have lost employment due to the pandemic.

On August 7, CRA noticed the first signs of credential-stuffing attacks on its website. Credential stuffingmeans criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors use previously stolen user/password combinations to access a third-party service.

The government estimates approximately 11,200 accounts have been hacked. Of these, approximately were 5,600 for the CRA and 9,000 for the KeyGC system. Of the CRA accounts affected, more than half were hacked using the GCKey access.

What can we do?

At this time, we don‘t have details about the types of data that the bad actors have accessed and whether all victims of these attacks have already been notified by the government yet.

However, since we are talking about credential-stuffing attacks, we can point out that people who usethe same credentials for multiple sites and programs are at risk of being victims of this type of attack. Various resources are available to help you find out if one of your accounts has ever been the victim of a data breach.

Even if you weren‘t a victim of cyber attackers this time around, it’s recommended to adopt better security habits now to avoid being a victim of the next attack.

First and foremost, we can never say it too much: never recycle a password. This is an easy and essential step to ensure the security of you and your data. In this case, the bad actors used previously stolen login/password combinations for their attacks.

  • Use passwords – or better yet, passphrases – that are strong and unique for each of your accounts.
  • You can use a reliable password manager to help you create and, above all, memorize strong and unique passwords.
  • Enable multi-factor authentication, whenever it’s available, to add an extra layer of security to your accounts.
  • Regularly check your personal records for anomalies, especially if you have been the victim of data theft.

For more information about cybersecurity, please visit welivesecurity.com

Microsoft Teams Up With WalMart To Buy TikTok… No, You’re Not Reading That Wrong

Posted in Commentary with tags on August 27, 2020 by itnerd

This whole saga of TikTok in the US being banned by President Trump unless they sell themselves to a US company has been weird. And it just got weirder. If you had Microsoft teams up with WalMart to buy TikTok on your apocalypse BINGO card, then consider yourself lucky. CNBC has the details of what WalMart said to them:

The way Tik Tok has integrated e-commerce and advertising capabilities in other markets is a clear benefit to creators and users in those markets,” the retailer said in a statement. “We believe a potential relationship with Tik Tok US in partnership with Microsoft could add this key functionality and provide Walmart with an important way for us to reach and serve omnichannel customers as well as grow our third-party marketplace and advertising businesses. We are confident that a Walmart and Microsoft partnership would meet both the expectations of US Tik Tok users while satisfying the concerns of US government regulators.

While WalMart does have other lines of business, such as Viathon bikes which sells high end race bikes, this is a bit of a departure. And there’s the matter of Oracle looking at buying TikTok. They might be in the drivers seat as founder Larry Ellison is a friend of Trump. But given how strange this saga has been, who knows if that’s still the case? Or what other plot twists are coming next. Such as TikTok winning their lawsuit against Trump.

Waze Helps Canadian Drivers Find and Navigate to COVID-19 Testing Centres Through Partnership With Clinia

Posted in Commentary with tags on August 27, 2020 by itnerd

Waze, the platform bringing together communities on and off the road, today announced Canadians can search and find COVID-19 testing and screening locations within Waze, using data provided by Montreal-based Clinia Health Inc.

Waze and Clinia hope the data partnership will make it easier to find and navigate to testing locations.

Drawing upon information from public health departments, Clinia developed a directory of testing and screening locations across Canada. The database — with more than 340 data points — was integrated into Waze in July, with the data being refreshed a few times a week. This data contains information regarding testing and screening sites at hospitals and clinics, as well as mobile drive-through sites, ensuring Canadians are aware of options for COVID-19 testing.

Waze has seen an increase in drivers returning to the roads since March. Information on Canadian traffic patterns by city can be accessed here.

Epic Games Gives The Middle Finger To Apple By Refusing To Make Any Changes To Fortnite

Posted in Commentary with tags on August 26, 2020 by itnerd

Fresh off of losing in court to Apple earlier this week, Epic Games was given the choice by the judge overseeing the case to fix this situation by pulling out the ability to bypass Apple’s in app payment system. But it now looks like that’s not going to happen and Epic Games is giving the middle finger to the Apple ecosystem.

In an update to a “Fortnite” FAQ today, Epic Games said that the season update would not be available on iPhone, iPad or Mac on the Aug. 27 date. Oddly, they aren’t doing the same thing to Google which Epic is also suing. So in short, it seems that Apple users of all sorts are being abandoned by Epic Games. In effect, they are giving Apple and their user base the middle finger.

Up until this point, I have tried not to take sides in this as neither side is blameless here. But Epic Games has really screwed this up. They really tried to do a power play here from all the available evidence. And because they didn’t get their way, they’re picking up their marbles and going home. Thus I for one would say that Epic shouldn’t let the door hit them on the way out. You’re not going to be missed on the Apple platform.

Trend Micro Blocked 8.8 Million COVID-19 Threats in the First Half of 2020

Posted in Commentary with tags on August 26, 2020 by itnerd

Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today released its annual mid-year roundup report, which reveals COVID-19 related threats as the single largest type of threat in the first half of the year. In just six months, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.

Cybercriminals shifted their focus from January through June to take advantage of global interest in the pandemic. The risk to businesses was compounded by security gaps created by a completely remote workforce.

In total, Trend Micro blocked 27.8 billion cyber threats in the first half of 2020, 93% of which were email-borne.

Business Email Compromise (BEC) detections increased by 19% from the second half of 2019, in part due to scammers trying to capitalize on home workers being more exposed to social engineering.

Among all the threats in the first half of the year, ransomware was a constant factor. Although the number of detected ransomware threats decreased, Trend Micro saw a 45% increase in new ransomware families compared to the same time last year. 

Global organizations have also been burdened by a significant spike in newly disclosed vulnerabilities. Trend Micro’s Zero Day Initiative (ZDI) published a total of 786 advisories, representing a 74% increase from the second half of 2019. Some of these came as part of Microsoft Patch Tuesday updates, which have fixed an average of 103 CVEs per month so far in 2020 — including the largest number of patches ever issued in a single month (129) in June.

Trend Micro also observed a 16% increase in vulnerabilities disclosed in industrial control systems (ICS), compared to the first half of 2019, which could create major challenges for smart factory owners and other organizations running IIoT environments.

To effectively protect dispersed corporate networks, Gartner recommends businesses “refine security monitoring capabilities to reflect an operating environment where network traffic patterns, data and system access vectors have changed due to increased remote and mobile operations.[1]” Trend Micro XDR helps customers do exactly that by correlating security events across the entire IT environment, which is critical for holistic protection in the second half of 2020.

To learn more about the threat landscape in the first half of 2020 and how businesses can stay secure moving forward, read the full report here: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/securing-the-pandemic-disrupted-workplace-trend-micro-2020-midyear-cybersecurity-report.