Archive for June, 2021

TikTok Releases Q1 2021 Community Guidelines Enforcement Report

Posted in Commentary with tags on June 30, 2021 by itnerd

Today, TikTok published its Q1 2021 Community Guidelines Enforcement Report to bring visibility to the critical work of moderating content in order to keep TikTok a safe and welcoming place for their community. TikTok has published their Transparency Reports since 2019, and starting with this report, insights related to the enforcement of their Community Guidelines will be published on a quarterly basis while information related to legal requests will continue to be published bi-annually.

Here are some of the key insights from the report:

  • 61,951,327 videos were removed for violating our Community Guidelines or Terms of Service, which is less than 1% of all videos uploaded on TikTok.
  • 82% of these videos were removed before they received any views, 91% before any user reports, and 93% within 24 hours of being posted. 
  • 1,921,900 ads were rejected for violating advertising policies and guidelines.
  • 11,149,514 accounts were removed for violating our Community Guidelines or Terms of Service, of which 7,263,952 were removed from the full TikTok experience for potentially belonging to a person under the age of 13. This is less than 1% of all accounts on TikTok. 
  • 71,470,161 accounts were blocked from being created through automated means.

TikTok has continued to expand the information they provide with each report to help the industry push forward when it comes to transparency and accountability around user safety. To bring more visibility to the actions they take to protect minors, in this report, they’ve added the number of accounts removed from the full TikTok experience for potentially belonging to an underage person. This builds upon their previous work to strengthen their default privacy settings for teens, offer tools to empower parents and families, and limit features like direct messaging and livestream to those age 16 and over.

In the future, TikTok will publish this data on their online transparency center which they’re working to overhaul to be a home for their transparency reporting and other information about their efforts to protect the safety and integrity of their platform.

For more, please visit TikTok’s newsroom blog posthttps://newsroom.tiktok.com/en-us/tiktoks-q-1-2021-community-guidelines-enforcement-report

GRUBBRR Partners With Samsung To Provide Top-Quality Self-Ordering Technology

Posted in Commentary with tags , on June 30, 2021 by itnerd

GRUBBRR, the emerging leader in self-ordering kiosk technology, today announced a strategic partnership with Samsung Electronics America, Inc. to provide the most advanced software solution on the market, powering the Samsung Kiosk, the company’s new all-in-one kiosk solution as it enters the self-ordering kiosk industry.

With the integrated GRUBBRR software, the Samsung Kiosk comes ready to handle every aspect of the self-ordering transaction and is fully equipped with a high-definition display, printer, credit card terminal, scanner, and NFC tap.

GRUBBRR’s solutions have been proven to immediately impact businesses by drastically reducing labor costs and maximizing workplace efficiency. Even more helpful than labor savings is the increase in revenue, predominantly through an increase in average ticket size. Samsung’s large, high-definition screen provides unrivaled visual images which are crucial to the buying experience, and GRUBBRR’s sleek user interface offers customized upsells with every transaction. The consumer experience is enhanced by eliminating the need to wait in line and providing personalization and order accuracy. 

GRUBBRR developers worked with the Tizen platform, Samsung’s open and flexible operating system, to integrate the software to meet the needs of the self-service industry. Unlike other operating systems, Tizen supports a variety of devices and is highly customizable. GRUBBRR software enables Tizen to run across verticals, creating a complete all-in-one solution for every business.

Samsung is a natural partnership because it has established itself as a global leader in the hardware electronics industry, and pairs perfectly with GRUBBRR’s innovative and affordable out-of-the-box, self-ordering solutions.

Samsung’s new kiosk technology is just the latest and greatest feature of the Samsung ecosystem powered by GRUBBRR. In addition to the self-ordering kiosk, Samsung consumers can also integrate their existing ecosystem with menu boards, order progress boards, kitchen display systems and food lockers to further revolutionize their business. 

Guest Post: Atlas VPN Study Says That US, UK, & Saudi Arabia Lead In Commitment To Cybersecurity

Posted in Commentary with tags on June 30, 2021 by itnerd

Cybersecurity practices are constantly evolving as new technologies emerge.

According to recent Atlas VPN team findings, the United States, United Kingdom, and Saudi Arabia lead in commitment to cybersecurity. However, many countries still lack training and education programs for many professionals. 

The United States earned a perfect score of 100, getting all 20 points in each GCI indicator. However, while the US has the most cybersecurity resources, the latest cyberattacks on Americans have shown room for improvement.  

The United Kingdom follows behind, scoring 99.54 points in GCI. The score indicates that the UK has to employ more computer incident response teams, enabling a country to respond to incidents at the national level using a centralized contact point and promote quick and systematic action.

Saudi Arabia shares second place, getting the same score of 99.54 as the UK. While being one of the fastest developing countries, Saudi Arabia has placed great importance on cybersecurity.

Estonia takes the fourth slot as they scored 99.48, losing just half a point in the capacity development indicator. Estonia has become one of the heavyweights in cybersecurity with a high-functioning central system for monitoring, reporting, and resolving incidents.

The Republic of KoreaSingapore, and Spain all share fifth place, scoring 98.52 points.

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the current cybersecurity landscape:

“Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. For example, creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.”

Lack of cybersecurity training

One of the reasons why cyberattacks continue to increase is a lack of cybersecurity education and training.

Just 46% of countries provided specific cybersecurity training for the public sector and government officials. Employees in these fields usually work with a lot of sensitive or confidential information, which is why education on cybersecurity is essential.

Meanwhile, 41% of countries provided cybersecurity training to small and medium enterprises or private companies. Businesses often become targets for hackers as the latter can easily profit off of stolen data or ransomware attacks.

Law enforcement agents received educational cybersecurity programs in 37% of countries

To read the full article, head over to: https://atlasvpn.com/blog/study-us-uk-and-saudi-arabia-lead-in-commitment-to-cybersecurity

New LinkedIn Data Shows Where Canadians Are Moving & Which Industries Are Hiring

Posted in Commentary with tags on June 29, 2021 by itnerd

After a year of working remotely, more Canadians are moving to Vancouver and Halifax for jobs in popular industries and a change in post-pandemic lifestyle, according to LinkedIn’s first-ever Workforce Report for Canada

The report measured internal migration trends of major Canadian cities and the growth or decline of hiring in different industries.

  • The National Hiring Rate in Canada last month was up 124% from where it sat in May 2020 at the height of the pandemic
  • Health care, software, and real estate industries were among the biggest gainers, with hiring in the health care space rising 123% from May 2020, and hiring in the entertainment, energy and mining, and recreation and travel industries trending down.
  • The inflow-outflow ratio of residents in Vancouver has seen a 10.5% rise since April 2020, with Halifax seeing a 39% growth surge over the same period.

The full report findings can be found here.

Methodology

An internal migration instance is defined as a member changing their location within the same country on their LinkedIn profile. The index of internal migration is calculated as the share of LinkedIn members who moved within the country divided by its average for 2019. For each city, we also calculate the inflow-outflow ratio (number of inflows to a city for every outflow). Cities are then ranked by the change in their inflow-outflow ratio between April 2019 and March 2020 (before Covid) and between April 2020 and May 2021 (after Covid). 

The hiring rate is the percentage of LinkedIn members who added a new employer to their profile in the same month the new job began, divided by the total number of LinkedIn members in Canada. This number is indexed to the average month in 2016; for instance, an index of 1.05 indicates a hiring rate that is 5% higher than the average month in 2016.

Guest Post: Atlas VPN Reveals The Top Cybercrime Statistics For 2021 H1

Posted in Commentary with tags on June 29, 2021 by itnerd

The Atlas VPN research team compiled the most significant 2021 H1 cybercrime statistics to provide a precise view of the current cyber-threat landscape.

Based on the statistics, it is evident that both the volume and the sophistication of attacks grew substantially during the period under review.

The shift to remote work is largely to blame, as it provided a considerably larger attack surface for hackers to exploit. Also, unpatched personal devices, unprotected home networks, and reduced visibility for the in-house security team are some of the leading security issues.

Methodology: 

The statistics are based on data from strictly reputable sources, such as the Federal Bureau of Investigation, Federal Trade Commission, Kaspersky, Malwarebytes, and many others. You can click on the source of each statistic to explore the full report that includes extended analysis, references, and additional data. 

Some of the main highlights include:

  • Blockchain hackers netted over $100 million in Q1 2021.
  • Ransomware accounted for 81% of all financially driven intrusions in 2020. The average cost of a ransomware breach was $4.44 million.
  • Phishing assaults affected 83%t of UK firms in the last year. 
  • Google discovered a record-high number of phishing websites last year, with over 2.11 million, representing a 25% increase over 2019.
  • Over 5 billion records have already been leaked in 2021.
  • RDP attacks skyrocketed 241% in 2020. In 2019, the number of RDP attacks was 969 million, but in 2020, threat actors carried out an incredible 3.3 billion attacks.
  • macOS malware development surged by over 1,000% in 2020.

To see the full report, head over to: https://atlasvpn.com/blog/2021-h1-cybercrime-statistics

LinkedIn Suffers ANOTHER Massive Data Breach… Pretty Much All Their Users Are Affected [UPDATED]

Posted in Commentary with tags , on June 29, 2021 by itnerd

I have some very bad news if you’re a LinkedIn user. Which is pretty much everyone. A data breach involving 700 million users, which is more than 92% of the total 756 million users has occurred. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. No passwords are included, but this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites.

Yikes!

The way the hacker got in is similar to a breach back in April that had the data of 500 million users stolen. Clearly LinkedIn doesn’t learn from its mistakes. Thus I would urge the relevant authorities to take a look at these incidents and punish LinkedIn (and their owners Microsoft) severely as this is not acceptable. In the meantime, LinkedIn users should be on the lookout for attacks and identity theft attempts, because you know that they are inbound.

UPDATE: Privacy Shark has additional details on this along with a statement from LinkedIn:

We reached out to LinkedIn for verification and received this official statement from Leonna Spilman:

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”

I’m sorry…. BUT HOW THE HELL ISN’T THIS A DATA BREACH?

Microsoft Tries To Clarify Windows 11 System Requirements

Posted in Commentary with tags on June 28, 2021 by itnerd

On Saturday, I posted a story on the rather hefty system requirements for Windows 11. There must have been one hell of a blowback from that because Microsoft has now posted a blog post to clarify this situation:

The intention of today’s post is to acknowledge and clarify the confusion caused by our PC Health Check tool, share more details as to why we updated the system requirements for Windows 11 and set the path for how we will learn and adjust. Below you will find changes we are making based on that feedback, including ensuring we have the ability for Windows Insiders to install Windows 11 on 7th generation processors to give us more data about performance and security, updating our PC Health check app to provide more clarity, and committing to more technical detail on the principles behind our decisions. With Windows 11, we are focused on increasing security, improving reliability, and ensuring compatibility. This is what drives our decisions.

Reading the rest of the blog post, they try to clear this up. But I don’t think this is going away anytime soon. But I guess that Windows Insiders will find out what the truth is as the first Insider build is available today. The results will be all over Twitter shortly after people try that build out.

Facebook Escapes Antitrust Action…. For Now

Posted in Commentary on June 28, 2021 by itnerd

Facebook shares posted their biggest intraday gain in two months after it won a dismissal of two antitrust cases, pushing its market value above $1 trillion for the first time. The social-media giant jumped as much as 4.4%, the most since April 29 after a judge granted Facebook’s request to dismiss the complaints filed last year by the U.S. Federal Trade Commission and state attorneys general.

A federal court on Monday dismissed the Federal Trade Commission’s antitrust complaint against Facebook, dealing a major setback for the agency’s complaint that could have resulted in Facebook divesting Instagram and WhatsApp.

“Although the Court does not agree with all of Facebook’s contentions here, it ultimately concurs that the agency’s complaint is legally insufficient and must therefore be dismissed,” reads the filing from U.S. District Court for the District of Columbia. “The FTC has failed to plead enough facts to plausibly establish a necessary element of all of its Section 2 claims — namely, that Facebook has monopoly power in the market for Personal Social Networking (PSN) Services.” The court dismissed the complaint, not the case, meaning the FTC could file its complaint once again.

This is really a blow to for anyone who wants Facebook to be held accountable for their bad behavior. Hopefully the FTC refiles the complaint as something has to be done about Facebook.

Half of Enterprise 5G Operators Lack the Knowledge or Tools to Find and Fix Security Vulnerabilities: Trend Micro

Posted in Commentary with tags on June 28, 2021 by itnerd

Trend Micro today released new research that reveals a major gap in security capability among mobile operators, which in many cases is not yet being filled by industry partnerships.

In the 5G era, and a rapidly changing digital landscape, operators could broaden their security credentials with partners as they look to deliver on their desire to secure private networks.

Learn more about the research during Mobile World Congress with Trend Micro’s Ed Cabrera: https://www.mwcbarcelona.com/agenda/session/enabling-digital-transformation-of-industries-in-the-5g-era.

According to the study, 68% of operators sell private wireless networks to enterprise customers with the rest planning to do so by 2025. Nearly half (45%) of operators consider it extremely important to invest in security to achieve long-term enterprise revenue goals. To this end, 77% of operators are planning to offer security as part of their private network solutions.

In addition, the report found that:

  • 51% of operators see edge computing (Multi-Access Edge Computing, or MEC) is a key part of their near future enterprise strategy. Only 18% of operators currently secure their endpoints or edge.
  • 48% of operators cite a lack of adequate knowledge or tools to discover vulnerabilities as a top 5G security challenge.
  • 39% have a limited pool of security experts.
  • 41% struggle with network virtualization vulnerabilities.

The role operators can play in securing the private network ecosystem is particularly important in the 5G Era. New threat vectors will materialize as enterprises look to embrace new communications technologies (5G, edge computing, cloud computing, private wireless, IoT) to digitally transform their business. Operators are in a prime position to address these and profit in supporting their enterprise customers. To take on this role, operators will want to broaden their credentials or partner with security, cloud or IT vendors capable of filling any gaps in their security portfolios and expertise.

As a security platformer with 5G service providers for Enterprise, Trend Micro understand the needs of its corporate customers and partners with these organizations to best meet those needs.

To read a full copy of the report, Securing 5G Era Private networks, please visit: https://data.gsmaintelligence.com/research/research/research-2021/securing-private-networks-in-the-5G-era.

The report is based on two GSMA Intelligence surveys:

  • GSMA Intelligence Operators in Focus 2021 survey spans 100 decision-makers from operators around the world to understand their views on the enterprise opportunity.
  • The GSMA Intelligence Enterprise in Focus 2020 survey spans 2,873 companies in eight industry verticals and 18 countries.

Western Digital Says Remotely-Installed Trojans Responsible For Wiping ‘My Book’ Storage Devices

Posted in Commentary with tags , on June 28, 2021 by itnerd

Last week I brought you the story of people who have Western Digital My Book Internet connected hard getting them remotely erased by unknown threat actors. Well, Western Digital have put to a statement. And here’s what they had to say:

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

We are reviewing log files which we have received from affected customers to further characterize the attack and the mechanism of access. The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.

Additionally, the log files show that on some devices, the attackers installed a trojan with a file named “.nttpd,1-ppc-be-t1-z”, which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo. A sample of this trojan has been captured for further analysis and it has been uploaded to VirusTotal.

Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.

But what’s interesting is that this statement references this CVE number: CVE-2018-18472. This was something that I mentioned in my original report on this issue as I speculated that this could be the cause of this incident. Western Digital has seemingly confirmed that. Which means that by not patching this issue when it was first disclosed, Western Digital has in effect created this problem for themselves. That’s something to keep in mind when users who were affected by this issue start suing Western Digital. Because you know that the lawsuit is coming.