Archive for August 1, 2020

Microsoft Presses Pause On TikTok US Asset Acquisition

Posted in Commentary with tags on August 1, 2020 by itnerd

Now that President Trump has announced an outright ban of the Chinese owned TikTok, which hasn’t happened yet by the way, we now have a report that Microsoft who was interested in buying TikTok’s US assets, has hit pause on that:

Microsoft is pausing negotiations over TikTok’s US operations amid hostility from President Donald Trump, The Wall Street Journal reported Saturday.

The Journal, citing people familiar with the matter, reported that Microsoft and the Chinese parent company ByteDance were in “advanced talks” over a potential sale and were “caught off guard” when Trump voiced his opposition to the deal on Friday.

I bet they were caught off guard. But there’s more:

One source told The Journal that Trump’s opposition to a sale came as a surprise, and another source told the newspaper that the White House had previously appeared to want TikTok to be “American owned.”

The deal isn’t “dead,” according to the Journal’s report, but both companies are seeking more information from the White House on the best next steps for the app.

The thing is, TikTok isn’t taking this lying down:

Tiktok’s US General Manager Vanessa Pappas appeared in a one-minute video released Saturday morning in response to Trump’s comment about banning the app.

Here’s the video:

Let’s see where this story goes next. It’s going to be a bumpy ride.

Canada’s Heart And Stroke Foundation Exposed To A Cyberattack

Posted in Commentary on August 1, 2020 by itnerd

I get a lot of my story ideas from people who read my blog, and my wife. It’s the latter that I have to thank for the news that Canadian charity Heart And Stoke Foundation have been exposed to a cyberattack via a third party. She was informed of this via an email which I have reprinted below:

Dear valued supporter, 

I am writing to inform you that Heart & Stroke has learned of a data security incident involving one of our third-party service providers that may involve your personal information. We are committed to the protection and privacy of your data and are contacting you to explain what has transpired so you can take extra precautions. 

What happened 

Heart & Stroke manages personal information related to our stakeholders for the purpose of volunteer and donor relations, communications and for historical record keeping through Blackbaud, one of the world’s largest software providers for non-profit organizations. 

On Thursday, July 16, we were notified by Blackbaud that it had discovered and stopped a ransomware attack in May. This attack impacted many of Blackbaud’s clients around the world, including Heart & Stroke. While Blackbaud has informed us that Heart & Stroke was not specifically targeted, we want to provide you with the same information that Blackbaud has provided us. 

How you may be affected 

Data from the Heart & Stroke community that may have been affected includes contact information, such as names, email addresses, telephone numbers and addresses. Blackbaud has assured us that data such as credit card numbers, usernames, and passwords were not compromised as these were encrypted. The cyber criminal’s ransom was paid and relevant data was destroyed, according to the update provided by Blackbaud. 

Blackbaud has informed us that there is no reason to conclude that the data related to the Heart & Stroke community will be misused, but we recommend that you exercise additional prudence. As the information affected is mainly contact information, the greatest risk would be from someone impersonating Heart & Stroke to solicit funds. Please let us know if you receive suspicious emails or other communications that claim to be from us. 

Blackbaud has carried out an internal investigation with the assistance of outside cybersecurity experts and law enforcement and is confident that the data was removed and has not been further used or disclosed. As an added precaution, their investigators are continuing to monitor for any usage of the data that was taken. 

Heart & Stroke’s action 

In addition to notifying you of this incident, we have reported the incident to relevant privacy commissioners and are seeking their advice on any additional safety protocols that we should consider. We are working with Blackbaud to enable multi-factor authentication to protect our records management system. Our call centre team has been updated on this matter and is available to answer your questions. 

If you unsubscribed 

We want to acknowledge that some recipients of this email may have previously unsubscribed from Heart & Stroke updates. We want to assure you that we have not re-added you to our mailing list, but felt it important to provide you with this update concerning your information that may have been affected. 

We value the trust and support of our constituents and regret the concern that this may have caused. If you have questions concerning this incident, please contact us at 1‑877‑882‑2582 or via email at donorinfo@heartandstroke.ca. 

Sincerely, 
Heart & Stroke
Doug Roth
Chief Executive Officer
Heart & Stroke Foundation

I have never heard of Blackbaud before this incident. So it was over to Wikipedia for some info on them:

Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents.

I had a look around their website and found this release on the incident. It meshes what The Heart And Stroke Foundation said. But it does have a bit of spin on it to make it sound like they stopped the attack. The fact is that if you pay the ransom, you didn’t stop anything.

I am concerned that the ransom was paid and they hope that the data was destroyed. I say that because paying the ransom only emboldens these scumbags, and you have to trust that said scumbags actually destroyed the data. If you get one of these emails, you should take it as a sign that you should keep an eye out for phishing email

Hopefully the Heart And Stroke Foundation re-evaluates its relationship with Blackbaud on a go forward basis. I get that many companies rely on third parties to run their operations. But they are only as safe as the third parties that they use. And this incident is an example of this.

Trump Says He’s Banning TikTok In The US…. And It Could Happen Today

Posted in Commentary with tags on August 1, 2020 by itnerd

Yesterday the news started to leak out US President Donald Trump was going to sign an executive order to force ByteDance to divest itself of its holdings in TikTok in the US. Then an hour or so later, news emerged that Microsoft was interested in buying those parts of TikTok. But that now seems to off the table as Trump has announced on Air Force One to the reporters on the flight that he’s going to ban TikTok outright.

Well, this is sure to really get the Chinese really mad. Plus it will likely cause the heads of TikTok users in the US to explode. But it will also likely cause a domino effect of countries banning TikTok. Seeing as this is allegedly going to happen today, keep an eye on this space for updates.