Archive for November 15, 2021

Powered By Button, CleanBC Has Won An International Award Presented By The Under2 Coalition During COP26

Posted in Commentary with tags on November 15, 2021 by itnerd

The Government of British Columbia’s CleanBC Industrial Incentive Program, powered by Button Inc., has been awarded “most creative climate solution” from the Under2 Coalition during COP26 in Glasgow. CleanBC aims to reduce climate pollution while creating jobs and economic opportunities for citizens, businesses, and communities.

Button Inc. supported CleanBC by developing innovative software that helps industry and government submit, analyze, and report on provincial industrial greenhouse gas (GHG) emissions data. The project was developed via the award-winning Sprint with Us fixed-cost procurement process, enabling Button to embed with the government team’s subject matter experts to deliver innovative, outcomes-based results.

Button builds reliable digital solutions for both industry and government that produce meaningful outcomes. From domain and UI/UX expertise, to emissions reporting and contact tracing, to organizing data, Button helps create easy-to-use systems that that maximize user and citizen impact. Button’s agile, multidisciplinary teams work in parallel with policy development to exceed the highest standards of usability and security, delivering projects on time and within budget. Learn more at https://button.is

Nuspire Security Experts Witnessed A Significant Increase In Exploit Activity With Two New Vulnerabilities in Q3

Posted in Commentary with tags on November 15, 2021 by itnerd

Nuspire today announced the release of its 2021 Q3 Quarterly Threat Landscape Report. Sourced from 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs), with additional insight from its threat intelligence partner, Recorded Future.

In Q3 2021, Nuspire security experts witnessed an 82.6% increase in exploit activity, including a spike in activity against newer vulnerabilities; ProxyShell and ProxyLogon, which are two particularly aggressive vulnerabilities affecting Microsoft Exchange Servers. 

Additional notable findings from Nuspire’s 2021 Q3 Threat Landscape Report include:

  • -71% decrease in VBA Agent Activity, likely due to threat actors re-tooling payloads in preparation for the Q4 2021/ Q1 2022 Holiday Season
  • Two previously unseen botnets have made their way into the top 5 most active in Q3. (XorDDOS and BadRabbit Botnets)
  • SMB & SSH Bruteforcing lead again in highest witnessed exploitation attempts in Q3

I spoke to Josh Smith of Nuspire about this and I got the following highlights out of our conversation:

  • Even though law enforcement is really dropping the hammer on gangs like Evil, organizations really need to step up their threat detection and response game. This report has some suggestions on that front that I really think that organizations can and should implement ASAP.
  • Ransomware is still the “low hanging fruit” because it’s so profitable and the use of botnets and VBA scripts to accomplish that simply illustrates that. It’s basically a “fire and forget” means to try and acquire victims which makes it a low effort/high reward proposition. It also means that these ransomware gangs will simply move on to the next potential target.

Clearly we still live in a universe where the threats are everywhere, and organizations need to protect themselves accordingly. Learn more about protecting your organization from increasing cyber threats by downloading Nuspire’s 2021 Q2 Threat Landscape Report.

TikTok’s Fraud Awareness Week Kick Off Today

Posted in Commentary with tags on November 15, 2021 by itnerd

Today, TikTok is kicking off Fraud Awareness Week as a continuation of their #BeCyberSmart campaign with the National Cyber Security Alliance (NCSA).

TikTok is joining with industry experts including The Knoble’s Ian Mitchell, Frank McKenna (AKA, Frank on Fraud), Identity Theft Resource Center’s Eva Velasquez, Fraudology podcast host Karisse Hendrick, and the “Original Internet Godfather” Brett Johnson. Their goal is to spotlight ways to identify scams, verify suspicious activity, and report potential bad actors to the appropriate authorities.

@tiktoktips

Did you know that “smishing” is a form of phishing? Don’t take the bait! TikTok will never contact you asking for your personal info. #BeCyberSmart

♬ original sound – TikTok Tips

Also, tonight at 5pm PT / 8pm ET, TikTok is hosting a special #LearnOnTikTok LIVE stream with comedian @Alex_Falcone in conversation with tech creator @mryeester for an insider’s perspective on how to avoid falling victim to fraud.

81% Of Canadian IT Decision Makers Believe Organizations Compromise On Cybersecurity: Trend Micro

Posted in Commentary with tags on November 15, 2021 by itnerd

Trend Micro today announced new research* revealing that 81% of Canadian IT decision makers claim their business would be willing to compromise on cybersecurity in favor of hybrid working, productivity, innovation or other goals. Additionally, 70% have felt pressured to downplay the severity of cyber risks to their board.

The Canadian research reveals that just 44% of IT leaders and 45% of business decision makers believe the C-suite completely understand cyber risks. Most think this is because the topic is complex and constantly changing. When it comes to who’s ultimately responsible for managing and mitigating risk, 32% of respondents think it’s the CEO, with IT organizational teams coming in second, at 29%. When asked if more people should be held responsible for managing/mitigating business risk, 75% of respondents agreed.

The survey also found that 50% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk. This friction is causing potentially serious issues: almost half (48%) of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month.

However, 36% of respondents believe cybersecurity is the biggest business risk today, and 64% claim it has the highest cost impact of any business risk – a seemingly conflicting opinion given the overall willingness to compromise on security.

There are three main ways respondents believe the C-suite will sit up and take notice of cyber risk:

  • 65% think it would take a high-profile breach being reported in the media
  • 61% say it would help if a competitor has a breach
  • 59% say it would make an impact if their organization is breached

To read a full copy of the global report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study

*Trend Micro commissioned Sapio Research to interview 207 IT and business decision makers from enterprises larger than 250 employees across Canada​.