Archive for March 11, 2021

Khalid, CL, & Lubalin To Perform At TikTok’s Labyrinth Runway Show, Hosted By Frankie Jonas

Posted in Commentary with tags on March 11, 2021 by itnerd

TikTok is giving you front row access to one of the hottest fashion shows of the season. On March 18th at 10 PM ET/7 PM PT, TikTok LIVE will close out Fashion Month in style with the Labyrinth Runway Show hosted by Frankie Jonas.

An all-star group of TikTok creators Leenda DongKristine Thompson, Xavier Martin, Zahra Hashimee,Riley HubatkaWNBA players Te’a Cooper (Los Angeles Sparks), A’ja Wilson (Las Vegas Aces), Lexie Brown (Minnesota Lynx), and more will strut down the runway to live performances from global superstar Khalid, K-Pop and international star CL, and Montreal native Lubalin.

The runway show, which will spotlight diversity, body positivity, and promote inclusivity within the industry, will feature collections from renowned Black designers Victor Glemaud and Carrots by Anwar Carrots, and TikTok creator Joe Ando.

Throughout the LIVE stream, the TikTok community will have the opportunity to shop the plethora of looks styled by TikTok creator and stylist Tabitha Sanchez

More information about the Labyrinth Runway Show can be found in the TikTok Newsroom.

Leave a comment »

Tribe Property Technologies Announces Appointment Of Jim Defer As Chief Financial Officer

Posted in Commentary with tags on March 11, 2021 by itnerd

Tribe Property Technologies is pleased to announce the appointment of Jim Defer as Chief Financial Officer (CFO). This addition to Tribe’s senior leadership team is expected to support one of Canada’s fastest-growing residential community management companies in accelerating its expansion in the North American residential community living sector.

Mr. Defer is a seasoned financial executive with expertise in taking high-growth companies public. He has held a number of senior executive finance roles over the past 25 years, most recently as CFO at SPUD.ca, a technology-based grocery delivery company. Prior to Spud.ca, Mr. Defer worked with Food-X Technologies, Canopy Growth Corporation and SunSelect Produce. He is also the former head of investment banking at PI Financial, a Canadian independent full-service investment dealer.

In addition to strategic financial oversight, Mr. Defer will have direct responsibility for financial reporting, capital markets activities, treasury and taxation, amongst other activities of the company.

In conjunction with Mr. Defer’s appointment, John Tims has stepped down from his position as CFO, but will continue to serve as Tribe’s Corporate Secretary.

A one-stop-shop for residential community living, Tribe offers tech-enabled community management that is disrupting the traditional market. With one of the fastest growing tech-forward property management companies in Canada, Tribe’s integrated service-technology delivery model serves the needs of developers, condo/residential communities and owners/residents versus traditional property management. Tribe is empowering residential community living in cities.

Leave a comment »

ServiceNow Introduces New Version of the Now Platform

Posted in Commentary with tags on March 11, 2021 by itnerd

ServiceNow today unveiled the Now Platform® Quebec release. This latest version of the Now Platform features expanded native AI capabilities and new low-code app development tools, empowering customers to innovate quickly, realize fast time-to-value, improve productivity and deliver great experiences. With companies radically changing the way they operate and accelerating digital transformation, the Now Platform is enabling the digital speed, agility and resilience every business needs to create the future of work.

Nearly 80% of the Fortune 500 and thousands of organizations worldwide are relying on the Now Platform to help protect revenue, maintain business continuity, stay productive and safe, and deliver great experiences for their customers and employees. As organizations plan for supporting distributed workforces long-term, cross-functional workflows that create great experiences for customers and employees are critical. Digital investments are at an all-time high. According to IDC, worldwide digital transformation investments will total more than $7.8 trillion by 2024.1

Industry leaders, including Nike, Adobe, Deutsche Telekom, Logitech, Medtronic, St. Jude Children’s Research Hospital, and others are using the Now Platform to accelerate their digital transformation programs to deliver innovation, agility and productivity. 

The low-code workflow revolution

ServiceNow today introduced Creator Workflows to join its existing IT, Employee and Customer Workflow portfolios to put the power of automation in the hands of the business, enabling people at every technical skill level to build apps at speed. 

Creator Workflows feature ServiceNow’s low-code development tools, App Engine and IntegrationHub, which allow businesses to transform old, manual processes into modern, digital workflows at scale. With the Now Platform Quebec release, ServiceNow has introduced new products within Creator Workflows that let developers of every skill level build workflow apps fast:

  • App Engine Studio accelerates app development at scale with a fast, intuitive and guided low-code visual development environment that empowers people with no coding experience to collaborate and build applications.
  • App Engine Templates give teams access to pre-built workflow building blocks so that citizen developers can get a head start on building apps without having to start from scratch.

Low-code is becoming a strategic imperative for businesses to adapt to a rapidly changing environment. According to Gartner, “by 2024, low-code application development will be responsible for more than 65% of application development activity.”

Several organizations, including St. Jude Children’s Research Hospital and the City of Los Angeles,have turned to ServiceNow’s low-code App Engine to build custom end-to-end workflows that ensure these organizations can focus on delivering critical, lifesaving services to patients and citizens at scale during COVID.

With the Now Platform Quebec release, ServiceNow is helping organizations be more agile and adept at new ways of working. Leveraging one unified platform and data model, customers can continually monitor and optimize business processes to proactively identify and avoid bottlenecks and empower employees to work in an increasingly distributed fashion, as returning to the office becomes an option for some organizations. Three additional new workflow solutions include:

  • Process Optimization enables IT and customer service organizations to visually create and improve the underlying processes driving workflows and to proactively identify and avoid process bottlenecks to speed issue resolution.
  • Workforce Optimization provides a workspace for IT and customer service managers that helps organizations optimize productivity. The workspace monitors real-time agent productivity, workload and KPIs across multiple channels, resulting in improved customer experiences. 
  • Engagement Messenger extends self-service to 3rd party portals to enable AI search, Knowledge Management, Case and Virtual Agent interactions, which result in increased case deflection and improved customer satisfaction. 

Machine learning and native AI solutions for digital resiliency and business productivity

The Now Platform Quebec release allows organizations to enhance productivity with powerful, new, native AI capabilities. In addition to the need to innovate fast and deploy quickly at scale, customers need to deliver enterprise-wide, consumer grade digital tools that enhance productivity for more distributed workforces. New capabilities to enhance productivity include:

  • ITOM Predictive AIOps predicts issues before they become problems and helps organizations automate resolutions.
  • Virtual Agent enhancements accelerate time to value with guided setup and topic recommendations and speed incident resolution with end-to-end AI-powered conversational experiences.
  • AI Search delivers a consumer-grade search experience for employees and customers, giving people the personalized, relevant, and actionable information they need right from their search window in service portals, on mobile, and Virtual Agent.

These new capabilities represent the AI functionality acquired with Loom Systems and Attivio, which have been incorporated in the Quebec release. The Now Platform Quebec release keeps work flowing with advanced AIOps capabilities and gives customers deeper insights into their digital operations to minimize and fix incidents before they become issues, delivering consumer-grade AI-driven experiences that harness personalized insights to help organizations work smarter and faster.

Great employee experiences for the new world of work 

ServiceNow continues to create great employee experiences by helping employees find answers to questions and fulfilling employee requests across the enterprise – from HR and IT to legal and facilities. In addition to providing consumer-grade search experiences with AI search, ServiceNow announced new innovations to help organizations boost employee engagement across the enterprise, includingUniversal RequestUniversal Request enables agents to collaborate and transfer tickets across departments while keeping employees informed of the status of their ticket so that employees can stay focused on their work without being concerned where the request is supposed to go. 

The Now Platform Quebec release is generally available today. 

Leave a comment »

Metrolinx Announces Pilot For Contactless Payment On Greater Toronto Transit Systems

Posted in Commentary with tags on March 11, 2021 by itnerd

It seems that Metrolinx is finally hearing the voices of those who want options other than the Presto card to pay for transit. I spotted this post on the Metrolinx website this morning announcing a pilot project where people will be able to pay for transit on the UP Express transit line that runs between Pearson Airport and Union Station in Downtown Toronto:

Starting today (Mar.11), customers can use their physical credit card or the credit card in their mobile wallet to pay for their fare on UP Express as part of a pilot – some call this ‘open payment’.

For the same price as the PRESTO adult fare, UP Express customers can tap on a PRESTO device with a Visa, Mastercard or American Express credit card or their phone or watch with a mobile wallet like Apple Pay or Google Pay.  

That means more choice and convenience for customers – for those who are taking essential trips right now, and to be ready for when more customers return.

At some point in the spring, Interac Debit will be added to the mix. And when it is deemed to be a success, it will be rolled out to other Transit agencies like the Toronto Transit Commission and Mississauga Transit.

I will note that support for this appears to be rolling out as the Presto app on my phone was updated last night denoting support for this pilot project:

But given how bad transit projects are managed by Metrolinx, and the Presto card has been known to be so unreliable that my wife among many other has two or more Presto cards on her person at all times just to be able to take transit, who know if or when that will roll out to every transit agency in the Greater Toronto Area, and if it will be reliable when launched. So I am not holding my breath in terms of having this happen quickly. And I am not holding my breath about it being reliable out of the gate. But I guess it’s something to eventually look forward to.

1 Comment »

Guest Post: ESET Canada Researchers Discover Thousands Of Email Servers Under Seige

Posted in Commentary with tags on March 11, 2021 by itnerd

The number of groups exploiting the latest Microsoft Exchange vulnerabilities continues to grow, with more than 5,000 email servers in 115 countries affected

ESET researchers in Canada have discovered a potential threat to 5,000 Microsoft Exchange business and government email servers around the world.

Although the exact number of those affected by the vulnerability is unknown, ESET researchers estimate the number could reach hundreds of thousands of compromised servers globally. According to public sources, several important organizations, including the European Banking Authority, have suffered from this attack.

The threat comes from 10 different groups that were exploiting vulnerabilities in Microsoft Exchange to allow the cyberattacker to take over any reachable Exchange server, without the need to know any valid account credentials, making Internet-connected Exchange servers especially vulnerable. Microsoft has been alerted about the compromise and has since released patches to address and correct the vulnerabilities for Exchange Server 2013, 2016 and 2019. 

“The early action of several threat actors using these vulnerabilities suggests these groups had access to the details of the vulnerabilities before the release,” says Matthieu Faou, Malware Researcher who is leading ESET’s research effort into the recent Exchange vulnerability chain. “Although it is unclear how the distribution of knowledge regarding the exploit happened, it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later.”

ESET has identified more than 10 different threat actors that likely leveraged the recent Microsoft Exchange RCE vulnerabilities in order to install malware like webshells and backdoors on victims’ email servers. In some cases, several threat actors were targeting the same organization.

The identified threat groups and behavior clusters are:

  • Tick – Compromised the web server of a company based in East Asia that provides IT services. As in the case of LuckyMouse and Calypso, the group likely had access to an exploit prior to the release of the patches.
  • LuckyMouse – Compromised the email server of a governmental entity in the Middle East. This group likely had an exploit at least one day before the patches were released, when it was still a zero day.
  • Calypso – Compromised the email servers of governmental entities in the Middle East and in South America. The group likely had access to the exploit as a zero day. In the following days, Calypso operators targeted additional servers of governmental entities and private companies in Africa, Asia and Europe.
  • Websiic – Targeted seven email servers belonging to private companies (in the domains of IT, telecommunications and engineering) in Asia and a governmental body in Eastern Europe. ESET named this new cluster of activity as Websiic.
  • Winnti Group – Compromised the email servers of an oil company and a construction equipment company in Asia. The group likely had access to an exploit prior to the release of the patches.
  • Tonto Team – Compromised the email servers of a procurement company and of a consulting company specialized in software development and cybersecurity, both based in Eastern Europe.
  • ShadowPad activity – Compromised the email servers of a software development company based in Asia and a real estate company based in the Middle East. ESET detected a variant of the ShadowPad backdoor dropped by an unknown group.
  • The “Opera” Cobalt Strike – Targeted around 650 servers, mostly in the US, Germany, the UK and other European countries just a few hours after the patches were released.
  • IIS backdoors – ESET observed IIS backdoors installed via webshells used in these compromises on four email servers located in Asia and South America. One of the backdoors is publicly known as Owlproxy. 
  • Mikroceen – Compromised the exchange server of a utility company in Central Asia, which is the region this group typically targets.
  • DLTMiner – ESET detected the deployment of PowerShell downloaders on multiple email servers that were previously targeted using the Exchange vulnerabilities. The network infrastructure used in this attack is linked to a previously reported coin-mining campaign.

With these risks identified, Faou suggests patching all Microsoft Exchange servers as soon as possible, including those not directly exposed to the Internet. In case of compromise, admins should remove the webshells, change credentials and investigate for any additional malicious activity.

“The incident is a very good reminder that complex applications such as Microsoft Exchange or SharePoint should not be open to the Internet,” advises Faou.

For more technical details about these attacks exploiting the recent Exchange vulnerabilities, read the blogpost “Exchange servers under siege from at least 10 APT groups” on ESET’s WeLiveSecurity blog.

1 Comment »

Guest Post: Over 140 Thousand US Federal Employees Exposed To Phishing Scams In 2020 Says Atlas VPN

Posted in Commentary with tags on March 11, 2021 by itnerd

Recent estimations by the Atlas VPN research team reveal that over 1 million US government employees were potentially exposed to mobile phishing scams from January 1, 2020, to December 31, 2020. 

Phishing attacks designed to steal sensitive data like login credentials can be delivered through email, messaging applications, social media platforms, or even dating applications.

The estimations are based on numbers provided by Lookout, a leading mobile security platform. Lookout is used by the US federal, state, and local government workers on both personal and government-issued mobile devices. 

Approximation reveals that as many as 140 thousand US federal employees were exposed to phishing scams in 2020. Furthermore, over 366 thousand state employees and 946 thousand local employees potentially received phishing scams at least one time in the period from January 1 to December 31, 2020.

99% of US government employees run outdated Android OS’s

Perhaps even more shocking is the fact that a staggering 99% of US government Android users run on outdated operating systems, exposing them to hundreds of vulnerabilities. 

For example, as many as 22.8% of the US government staff that have Android devices still use the Android 8 operating system. This version of OS is called Android Oreo and was released to the public on August 21, 2017. 

Currently, this operating system has 636 known vulnerabilities. We can expect countless new attack vectors to surface as time goes by.

As of March 10, 2021, the newest Android operating system is version 11. It was released on September 8, 2020, but only 0.08% of US government workers have updated their phones to this release. 

To read the full article, head over to: https://atlasvpn.com/blog/over-140-thousand-us-federal-employees-exposed-to-phishing-scams-in-2020

Leave a comment »