Archive for October, 2021

Toronto Transit Commission Pwned By Ransomware

Posted in Commentary with tags on October 30, 2021 by itnerd

Nobody is immune from getting pwned by ransomware. And the Toronto Transit Commission illustrates this as it’s come to light that it’s the victim of a ransomware attack:

Staff from the Toronto Transit Commission, along with external cybersecurity experts, continue to investigate and troubleshoot a systemwide ransomware attack.

The TTC says the personal information of riders and employees is safe, but service is still being impacted.

Customers will have trouble planning their trips online — ‘next vehicle’ information is unavailable — but there has not been any significant service disruptions to any TTC routes.

According to the TTC, they experienced loss of their Vision system which is used to communicate with vehicle operators, forcing them to use a backup radio system. They also lost vehicle information used to update trip planning apps and Wheel-Trans bookings were unavailable. Internal email service was also affected.

Given that the Toronto Transit Commission serves up a couple million rides a day, this is not trivial. Hopefully two things happens. One: They recover from this quickly. Two: They figure out how the hackers got in and perpetrated this attack so that they are never a victim again.

UPDATE: Darktrace‘s Director of Strategic Threat, Marcus Fowler, has the following comment:

As transit systems bounce back from the massive lull in ridership during the pandemic, they become an enticing target for ransomware actors. Anytime a ransomware attack can create a real-world impact, such as long lines or service disruption, cyber-criminals will likely demand higher ransom, with the expectation that victims will pay quickly. For the Toronto Transit Commission (TTC), thankfully, they reported no significant transit service disruption. 

Interestingly, the TTC reported its security team detected unusual network activity Thursday night, and impact was minimal until midday Friday, when the attackers broadened their operations on network servers. When it comes to cyber disruptions, this is a critical point in the attack process. Identifying the intrusion is only the beginning of incident response. 

Without the ability for an organization’s digital infrastructure to autonomously defend itself and disrupt the attacker, bad actors can pivot operations and immediately launch file encryption. Security teams find themselves in a race against time; time to detection, time to meaning, and time to response dictate success or failure for these teams. Those not automating portions of this chain to augment their human workforce will find it harder and harder to prevent business disruptions. 

Mastodon Calls Out Trump’s Social Network For Improperly Using Its Code

Posted in Commentary with tags on October 30, 2021 by itnerd

You might recall that Donald Trump was trying to set up a social network, and it promptly got pwned within hours. Not only that, it was using an open source social networking platform called Mastodon improperly. And I speculated that this would become a problem for Trump.

Surprise, it’s now a problem for Trump according to The Verge:

This news comes from a blog post by Mastodon’s founder Eugen Rochko, but others have previously pointed out that the organization behind Truth, the Trump Media and Technology Group (or TMTG), was violating Mastodon’s software license by not providing the source code for the site built on top of it. Trump’s group has 30 days from when the letter was sent to comply with the license or stop using the software, or it could lose the right to do so. 

While Truth hasn’t officially launched yet, internet users discovered that a test version basically had the same interface as Mastodon, and that some of the code for the site was unchanged from the other social network’s code. By itself, that’s actually the intended use of open-source software — but as the Software Freedom Conservancy pointed out last week, apps or websites based on software that uses the AGPLv3 license have to in turn provide their own source code. According to the foundation that wrote AGPL, it’s meant to make the community’s software better: if you improve on something that someone else made, they should be able to benefit from your work like you did theirs. 

As Mastodon and Rochko reiterated on Friday, though, TMTG hasn’t done that — it even went as far as to call its software “proprietary,” and seemingly tried to hide the fact that it was based on Mastodon. Now that the Truth has been revealed, however, TMTG will either have to rebuild it without using Mastodon’s code — a tall order, as bootstrapping a social network site isn’t particularly easy — or release its source code and change the terms of service.

Now it will be interesting to see what Trump’s team does. Do the publish the code or start over scratch? And it will be interesting to see what Mastodon does if Trump’s team doesn’t comply. I am betting the word “lawsuit” will enter the conversation.

Stay tuned folks.

 ESET Launches New Consumer Offerings Aimed At Remote Workers

Posted in Commentary with tags on October 29, 2021 by itnerd

The shift to the hybrid work model has blurred the lines between home and office devices. Although the flexibility comes with many benefits, it has also opened opportunities for cybercriminals to take advantage of unsuspecting and hard-working employees. 

ESET’s 2021 Threat Report found a rise in threats targeting employees who work remotely, and as we continue to see employees blend remote work with office hours, these threats won’t go away anytime soon. In fact, with more time spent traveling and in public places, hybrid work could leave us even more vulnerable to potential risks as devices are being used outside of their intended environments.

This is one of the reasons why ESET has launched a new version of its consumer offering, including ESET Smart Security® Premium, which boasts a host of new features and improved protection for home users. The foremost among these is LiveGuard, which provides an additional proactive layer of protection against new and unknown threats cropping up in the ever-changing landscape.

Not only does LiveGuard, and its cloud sandbox, lower the risk of becoming the employee who brings malware to work, but ESET Smart Security Premium also has a number of other new features and practical benefits, including: 

  • Mobile Security – Employees use smartphones not only for personal use but also for work-related tasks. Our mobile phones are our wallets, calendars and digital filing cabinets. Housed on them can be anything from health records to travel documents to sensitive financial details. With this one  device playing such a crucial role in our lives, it is essential that modern cybersecurity solutions are mobile compatible, and that users are protected and able to manage their security on the go.
  • Banking and Payment Protection – Banking and Payment Protection recognizes and mitigates these risks, safeguarding your financial data during online transactions. Newly upgraded, this feature now offers the option of running a browser in secured mode by default, encrypting communications between the keyboard and the browser when accessing Internet banking sites or web-based cryptocurrency wallets. Banking and Payment Protection also defends against keylogging attacks from cybercriminals attempting to steal login credentials to hack into accounts. 
  • Password Manager – Having unique, complex passwords for every account is one of the central principles of good cybersecurity, but it can be a headache to manage what often feels like an endless list of logins. To make this less of a hassle, Password Manager has been completely redesigned for improved security and ease of use. Not only does this feature store and organize your passwords seamlessly, but it can also generate strong passwords for new accounts. Available as both a browser extension on Windows devices and an app on Android and iOS devices, Password Manager enables users to keep track of their account credentials however is most convenient for them.

For more information on ESET solutions and ESET Smart Security Premium, or to sign up for a 30-Day full-feature free trial, click here.

Travel America’s National Parks From Your Own Living Room

Posted in Commentary with tags on October 28, 2021 by itnerd

We can all agree that the past couple of years have had a distinct lack of travel. While you may not be ready to jump on a plane yourself just yet, you can start to explore the world from the comfort of your own home.

Today, Ubisoft launched Riders Republic, a new extreme sports experience game that takes place in iconic national parks across America.

Players can game solo, with friends or with 50+ competitors across a range sports from skiing to snowboarding, cycling to wingsuits.

The competitive and chaotic outdoor sport multimedia playground lets players soak up the fun of the adrenaline boosting competition with friends.

Riders Republic should be at the top of the must-have list for any gamer seeking adventure and competition in an extreme sports environment with the option to compete PVP, Coop, local MP and solo. 

Mindless fun and sensation is the name of the game on October 28. Riders Republic will retail for $70.99.

73% Of Canadian IT Departments Have Seen Rise In Employees Opening Malicious Links: HP

Posted in Commentary with tags on October 28, 2021 by itnerd

Today, HP released its latest HP Wolf Security report: Out of Sight & Out of Mind which highlights the rise of hybrid work changing user behavior and creating new cybersecurity challenges for IT departments. The study revealed phishing is becoming increasingly successful with 73% of Canadian IT departments seeing a rise in the number of employees opening malicious links or attachments in an email over the last year. The research exposes the risk to businesses with a growing number of employees buying unsanctioned devices in tandem with the increase in cyberattacks, making IT support more complex, time-consuming, and costly than ever.  

Key findings:  

  • 35% of Canadians have been clicking more on malicious links since working from home.
  • Only 32% of remote workers considered security when purchasing new IT equipment, compared to 52% who considered cost
  • 53% of users agree that they feel stranded working from home, and if something were to go wrong they’d be on their own
  • 42% of Canadian employees agree “Cybersecurity never enters my mind when I’m working: that’s IT’s job”
  • 66% of Canadian IT departments agree that protecting against, detecting and recovering from firmware attacks has become more difficult
  • 20% of Canadian IT decision-makers estimate the cost of support has increased by 51-60%

You can see the report here.

Hydro One Telecom Inc. rebrands as Acronym Solutions Inc.

Posted in Commentary with tags on October 28, 2021 by itnerd

Today, Hydro One Telecom Inc., a wholly-owned Hydro One Limited company, announced that it is rebranding as Acronym Solutions Inc. (Acronym), a strategic move to signal its focus on providing more value added solutions for business customers. This renewed focus will support the company’s aspiration of being the Information and Communications Technology (ICT) provider of choice for businesses in Ontario. With its roots in leveraging electrical infrastructure to provide utility-grade high-speed connectivity, Acronym has recently evolved into a company that offers a broad array of connectivity, cloud and professional services and solutions to public and private sector businesses.

As part of its customer-focused strategy, the company has expanded on its traditional strength of providing fibre-optic connectivity with recent additions of advanced services such as Secure SD-WAN, Network Operations and Field Operations as a Service and DDoS Shield.

Visit www.hydroonetelecom.com/acronym/ for more information.

Trend Micro Launches Cyber Academy to Keep Kids Safe Online

Posted in Commentary with tags on October 28, 2021 by itnerd

Trend Micro today announced that it is launching the new Trend Micro Cyber Academy  this month, giving teachers and parents a powerful tool to improve children’s safety and awareness online. As part of the Internet Safety for Kids and Families education program, the Cyber Academy will offer a series of video-based lessons and learning materials designed to improve children’s digital literacy skills in a way that’s meaningful and engaging.

According to research from early 2021, children have doubled their screen time during the pandemic, and are more likely than ever to be exposed to online threats such as exposure to adult content, phishing, and scams. Digital literacy skills are crucial to helping children avoid risks to their privacy and security and learn how to identify what is trustworthy or not online.  At the same time, the internet provides great opportunities for children and 63% of parents believe the internet has been beneficial to their children’s social and emotional well-being.  Digital literacy skills helps children realize the benefits of technology while also keeping it safe and positive for them.  

Aimed at children 7–10-years-old, the Cyber Academy will initially consist of five internet safety lessons that focus on passwords, two-factor authentication, security, privacy and healthy habits. The lessons can be delivered on-demand by a teacher in the classroom or a guardian at home in just 10–15 minutes and are offered completely free of charge. Future lessons which to be released in the coming months will cover topics such as cyberbullying, media literacy skills and managing screen time.  The lessons will be also available in additional languages over the coming months including Spanish, French, and Mandarin.

Each lesson consists of:

  • A three-minute animated video
  • A conversation guide with Questions & Answers for kids
  • A Kahoot! Quiz to reinforce learning 
  • A downloadable activity sheet as homework
  • Further resources for parents, guardians and teachers

For more than a decade, Trend Micro’s Internet Safety for Kids & Families initiative has been working to address the often-neglected cybersecurity imperative of educating kids on how to be safe and responsible in their digital lives. As the challenge has become even more urgent during the Covid-19 pandemic, the company is committed to improving child safety and awareness in cyberspace. 

Metallic Launches Security IQ For Proactive Cyber Readiness

Posted in Commentary with tags on October 28, 2021 by itnerd

Commvault today announced Metallic Security IQ. Embedded as an optional feature across the entire Metallic portfolio, Security IQ is a unified security dashboard that provides customers with quick and meaningful insights into threats impacting their data landscape and their data backup security posture in their Metallic cloud environments.

IT administrators responsible for data protection are facing cyberattacks, ransomware and new and sophisticated threats that make it challenging to meet internal security mandates. With all of the new threats that are being developed by malicious actors, no tool can guarantee protection. However, with Security IQ, Metallic customers get intuitive tools and advanced insights to bolster their data backup and recovery posture broadly across cloud applications, SaaS applications, endpoints, and hybrid cloud workloads. The Security IQ dashboard empowers IT professionals and admins to spot risks and vulnerabilities in real-time, limit their exposure to cyberthreats with zero-trust controls at scale, and make more informed data recovery decisions – from one central location.

And it’s not just ransomware. Cybercrime and threats on the whole are rapidly increasing everywhere, putting data security front-and-centre as a top concern for businesses and government agencies. Security IQ, alongside Metallic’s zero-trust, enterprise-grade security approach, provides businesses of all sizes with advanced tools to protect data, detect threats, and recover from attack – helping reduce risks and deliver business continuity across their entire data estate. 

To learn all there is to know about Metallic Security IQ Dashboard and for details on the complete technical features, visit their blog page.

Akamai State Of The Internet Report Shows That APIs Are Under Attack From Hackers

Posted in Commentary with tags on October 28, 2021 by itnerd

Akamai has published their latest findings in State of the Internet report, covering the growing attack of APIs. Key findings include:

  • 3x more web attacks in 2021 over 2020’s record year.
  • About 88.7% of web attacks use the common API vulnerabilities SQLi and LFI.
  • 86% of businesses could allow attackers to forge log data or inject malicious content into data
  • 68% incorrectly releases resources before they were made available for reuse
  • 47% had hard-coded passwords
  • Out of the 5,000 API-dependent web apps tested, 100% of apps had at least one vulnerability.

Giora Engel, CEO and Cofounder, Neosec had this commentary:

“This report is focused on vulnerabilities and not on API behavior which is where abuse occurs. It’s correct that application security history is repeating itself and ignoring vulnerable APIs is the iceberg in front of every security team. However, vulnerabilities are only one side of the API security equation. How do you know if behavior is good or bad on all APIs? Discovery of all your APIs is of course the first step but understanding the behavior and being able to hunt for threats in the API data is where real control and security are found.”:

Clearly attacks on API’s is “the new hotness” for hackers. So to avoid being pwned by hackers, security teams and developers need to take preventive action.

Nikon Canada Announces The Nikon Z 9

Posted in Commentary with tags on October 28, 2021 by itnerd

Today, Nikon Canada Inc. announced the Z 9, the most advanced Z series mirrorless camera to date. Powered by a completely new, Nikon developed 45.7 megapixel stacked CMOS sensor and the next generation EXPEED 7 image processing engine, the full-frame Z 9 renders ultra-high resolution images and offers unparalleled AF performance using a revolutionary new scene detection system built on deep learning technology. Additionally, it is capable of sustained fast continuous shooting bursts, in-camera 8K video recordings for extended periods, truly blackout-free Real-Live visibility in the viewfinder and a sensor scan rate so fast that it completely eliminates the need for a traditional mechanical shutter.

A New Kind of Pro Mirrorless

At the core of the Z 9 is the Nikon developed 45.7MP BSI stacked CMOS sensor, coupled with the new EXPEED 7, Nikon’s most powerful engine yet, which is approximately 10x faster than the Z 7II. This combination brings significant increases in AF speed, burst rate, buffer capacity, video resolution and so much more. The Z 9 is the camera that can be trusted on the sidelines, in the field or in the studio, with the high-speed capture capability needed for the fastest action and the immense resolution to reveal the most subtle details. 

  • With the world’s fastest image scan rate, the Z 9 achieves the world’s smallest rolling shutter distortion, equaling that of a mechanical shutter. This means actions like a fast-moving golf swing that would typically distort the club can be captured confidently with the electronic shutter, even at 1/32,000 second. It also allows users to shoot massive quantities of silent frames without worrying about shutter wear or breakdown.
  • The Z 9 achieves fast and accurate AF calculations at up to 120 cycles per second, even between frames during continuous shooting.
  • Beyond the benefits of high-speed performance, the high resolution 45.7-megapixel sensor delivers immense resolution with exquisite colors, broad dynamic range and stellar low light performance, with a native ISO Range from 64-25,600 (Expandable from 32 to 102,400 ISO).

Rely on the Fastest, Most Intelligent AF System Yet 

The Z 9 features Nikon’s fastest, most sophisticated and reliable AF tracking performance ever, utilizing a new Subject Detection algorithm developed with deep learning technology, as well as 3D-tracking. 

  • The camera’s Subject Detection capability detects the world’s largest range of nine subject types including humans, pets, birds, airplanes, trains, cars, motorbikes and bicycles. When in Auto-Area AF, any of these subjects will automatically be detected and focused on, without the need to change settings.
  • With Eye-Detection AF, the camera can detect and focus on a subject’s eye more effectively than ever, even when eyes are smaller or further away. Additionally, a custom function will now also let users change the colourof the focus point to green to confirm focus.
  • The highly praised 3D-tracking mode from Nikon DSLRs debuts for the first time in a mirrorless camera. It is now coupled with subject detection to track fast and erratically moving subjects such as a racing car that approaches close and then moves away quickly, or a swiftly moving athlete.
  • The Z 9 also brings more flexibility by offering three Dynamic-area AF modes with a new range of focus-area sizes (S/M/L) for capturing a wider variety of moving subjects throughout the frame.
  • The AF system is faster than ever, taking advantage of the Z mount’s high speed communication capabilities with frame by frame sharing of distance information.

Unstoppable Performance and Speed

This is the fastest, most powerful Nikon flagship ever. Users can capture amazing images at unbelievably fast burst speeds, all with full AF/AE performance. Whether shooting full-resolution fashion or delivering a sports sequence when a split-second matters, the Z 9 is the versatile solution.

  • For the ultimate combination of speed and intense image quality, photographers can shoot 20-fps RAW images with an unprecedented 1000+ image buffer.
  • When a balance of quality and burst rate is needed, never miss a vital moment with 30 fps full resolution JPEG capture.
  • For extreme speed, High Speed Frame Capture+ enables up to 120 fps with full AF/AE at a very manageable file size of 11 megapixels, freezing a moment that cannot even be seen with the naked eye (higher resolution than 4K video).
  • Truly blackout-free shooting is possible thanks to Dual-Stream technology which simultaneously feeds information to the Real-Live viewfinder/LCD and memory card, resulting in reliable confirmation of a subject’s movement without skipping or repeating frames in the viewfinder.
  • The Z 9 introduces High Efficiency RAW which retains the same level of high image quality as the conventional uncompressed RAW in an approximately 1/3 smaller file size, making RAW files easier to handle than ever. 
  • Speeds of up to 1/32,000 are possible with the electronic shutter, expanding the opportunities to use fast lenses, letting photographers shoot wide open in brighter light, even at f/0.95.

Nikon’s Most Capable 8K UHD Video Camera

The Z 9 offers an extensive suite of advanced video features to elevate any kind of production. Combined with the astonishing resolving power of NIKKOR Z S-Line lenses, video is rendered with absolute clarity and sharpness from edge to edge.

  • Supports a variety of frame rates and resolutions, including in-camera recording at 8K UHD 24p/30p and 4K UHD 24p/30p/60p/120p (FX-format).
  • The world’s longest record time at 8K UHD 30p for more than two hours consecutively (up to approximately 125 minutes)
  • For more latitude when colour grading in post, tone mode profile options are available in-camera, including 10-bit N-Log and HLG (Hybrid Log-Gamma), as well as the Flat color profile.
  • Supports multiple codecs including H.265 (HEVC), ProRes 422 HQ, H.264/MPEG-4 AVC for a variety of production workflows.
  • Users can create 33MP/8MP frame grabs in camera from 8K /4K videos.
  • Full-size HDMI connection, with output latency significantly reduced.
  • High resolution 24-bit linear PCM audio allows for cleaner sound quality with greater range.
  • A free firmware upgrade in 2022 will enable internal 8K 60p capture in the new 12-bit N-RAW high efficiency video format, 12-bit ProRes RAW and other pro level video features. 

Built for the Toughest Assignments

The rugged body of the Z 9 is optimized for a professional workflow, thoughtfully engineered for a superb balance of reliability and usability. The body features an integrated vertical grip and controls, while the durable magnesium alloy chassis has drip and dust-resistance equivalent to the D6, yet is 20 per cent smaller than its DSLR counterpart.

  • The new four-axis 3.2” touchscreen LCD frees the monitor to tilt both horizontally and vertically for shooting at any angle in any orientation. The interface will also adjust automatically to the appropriate orientation while shooting stills.
  • For better visibility through the viewfinder in bright sunlight, the Z 9 is equipped with the world’s brightest Quad-VGA panel adjustable to 3000cd/m2 (nits), revealing the most subtle details in the shadows.
  • Vibration Reduction image stabilization has been enhanced with new Synchro VR to achieve up to six stops of compensation with compatible lenses. 
  • For powerful dust prevention, the Z 9 includes the world’s first dual coating on the optical filter with an electro-conductive coating and fluorine coating to repel dust in front of the sensor, in addition to a sensor shield that protects the sensor when changing lenses.
  • VR safety lock protects the sensor from the risk of damage caused by unintentional movement when the camera’s power is off, for example while in a bag or during bumpy off-road travel.
  • For work in low light, the new “starlight” mode enhances the camera’s ability to focus down to a faint-8.5 EV, while illuminated buttons help astrophotographers and event or concert photographers change settings in the dark.
  • Adjustable shutter release volume, which can be totally silent in sensitive situations or serve as an audible cue for a subject. ·  New network options are organized under a new menu tab for fast access and include; In-camera Bluetooth and WiFi (2.4/5Ghz), 1000BASE-T wired LAN connection, direct transfer to FTP without the need for a wireless accessory, multiple camera sync and built in GNSS GPS for precise location data.

New Nikon Software

The Ecosystem for the Nikon Z series continues to expand. Nikon has also released a new software for professional image capture and workflow.

NX Tether

Nikon NX Tether is free software to enable tethering of Nikon cameras to instantly display captured content on a computer monitor. This software is an easy way for commercial, food or studio photographers to visualize their output for client review in real time. The software will work via USB or wirelessly, and will collaborate seamlessly with the current suite of Nikon software including NX Studio. For more information, please visit https://downloadcenter.nikonimglib.com/en/index.html.

Pricing and Availability

The new Nikon Z 9 full-frame mirrorless camera will be available within this year (CAN) for a manufacturer suggested retail price (MSRP) of $6999.95. For more information about the latest Nikon products, including the new Z 9, NIKKOR Z lenses and the entire collection of Nikon Z series cameras, please visit www.nikon.ca