Archive for December, 2021

« Older Entries
Newer Entries »

Clearview AI Set To Get A Patent…. Which Is All Sorts Of Wrong

Posted in Commentary with tags on December 7, 2021 by itnerd

I haven’t written about notorious facial recognition company Clearview AI in some time. But they’re back in the news as it looks like that they are going to get a patent for some of their tech:

Clearview AI, the notorious facial recognition company which has partneredwith over 2,400 law enforcement agencies across the U.S, is about to receive a patent for what it describes as a first of its kind, “search engine for faces.”

Politico, which was the first to discover the patent originally filed in August 2020, determined the U.S. Patent and Trademark Office had sent Clearview a notice of allowance last week. That means Clearview essentially has the patent in the bag so long as it pays its administrative fees. And with well over $38 million raised so far in funding according to Crunchbase, paying the bill shouldn’t be a problem.

In an interview with Politico, Clearview CEO Hoan Ton-That claimed his company’s tool would represent the first of its kind to use “large-scale internet data.” That translates to, the first facial recognition service to scrape billions of photos from social media and other publicly available databases, almost always without users’ consent. That sweeping database of faces includes somewhere around 10 billion images, according to Ton-That.

This is all sorts of wrong that has privacy advocates freaking out. And rightly so.

Mark Stamford, Cyber Security Expert and Founder of OccamSec had this to say about the patent:

Well first, it’s not really AI. They collect a bunch of pics, use some machine learning, and then match faces to names.

Then he goes on to say the following:

  • From a privacy standpoint its mostly awful – their long term plan (judging by the patent application) is to give everyone the ability to scan faces and work out who people are. 
  • So we can imagine a situation where you meet someone, and can quickly get their background info and determine if you should talk to them. 
  • Seems harmless enough, but how about I work out who in the environment is worth robbing? Or kidnapping? Or I can use these to determine who someone is, find out how much they might be worth, and use the info to launch a social engineering attack against them leading to me emptying their bank account (it will save me hours of time if I can just see a face and get all its info).

He concludes, “Beyond that, its full on black mirror land.

I’ve said it before and I will say it again. Clearview AI is a clear and present danger. No company should be allowed to do what it is doing, and given that countries worldwide along with numerous companies have tried to curtail if not stop what it is doing, one can hope that it will drive them out of existence.

Leave a comment »

Guest Post: Almost 100k Americans Fell Victim To Credit Card Fraud In 2021 Q3 Says Atlas VPN

Posted in Commentary with tags on December 7, 2021 by itnerd

Credit card fraud has become one of the most popular ways for criminals to make a quick buck. Credit card identity theft is relatively easy to carry out, and it’s also significantly less risky than traditional types of crimes, which is why it’s the most common type of identity theft in the last quarter.

Data extracted and analyzed by Atlas VPN reveals that 97 thousand Americans were the victims of credit card fraud in Q3 2021. This type of identity theft most commonly victimized people ages 30-39.

The analysis is based on the complaints submitted to the Federal Trade Commission (FTC) via their official website identitytheft.gov. Here, US citizens can report identity theft and get help by receiving a personal identity theft recovery plan.

The FTC received 263 thousand identity theft reports in the third quarter of 2021. More than a third of those – 37%, were identity theft complaints concerning credit card fraud.

The majority of the victims belong to the age group of 30-39. As many as 27 thousand victims were in this age group, representing 34% of the total. 

The second most affected group was in the age brackets of 40-49 and 20-29, with 18 thousand and 17 thousand victims, respectively.

How is credit card fraud carried out?

Apart from being less risky than other crimes, credit card fraud is attractive to criminals because it is relatively easy to carry out. On top of that, profits are substantial and immediate due to the nature of the crime.

We will cover the steps the thief has to complete to carry out credit card fraud for educational purposes.

To read the full article, head over to: https://atlasvpn.com/blog/almost-100k-americans-fell-victims-to-credit-card-fraud-in-2021-q3

Leave a comment »

Trend Micro Prediction Report Forecasts Cyber Fightback In 2022

Posted in Commentary with tags on December 7, 2021 by itnerd

Trend Micro Incorporated today predicted global organizations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk.

Research, foresight, and automation are critical for organizations to manage risk and secure their workforce. Trend Micro blocked 40.9 billion email threats, malicious files and malicious URLs for customers in the first half of 2021 alone – a 47% year-over-year increase.

Trend Micro researchers predict that threat actors in 2022 will focus ransomware attacks on cloud and datacenter workloads and exposed services to take advantage of the large number of employees continuing to work from home. Vulnerabilities will be weaponized in record time and chained with privilege escalation bugs to drive successful campaigns, according to the report.

IoT systems, global supply chains, cloud environments, and DevOps functions will be in the crosshairs. More sophisticated commodity malware strains will be aimed at SMBs.

However, Trend Micro predicts that many organizations will be ready for the challenge as they build out and implement a strategy to proactively mitigate these emerging risks via:

  • Stringent server hardening and application control policies to tackle ransomware
  • Risk-based patching and a high-alert focus on spotting security gaps
  • Enhanced baseline protection among cloud-centric SMBs
  • Network monitoring for greater visibility into IoT environments
  • Zero Trust principles to secure international supply chains
  • Cloud security focused on DevOps risk and industry best practices
  • Extended detection and response (XDR) to identify attacks across entire networks

To read a full copy of Trend Micro’s 2022 predictions report, please visit:https://documents.trendmicro.com/assets/rpt/rpt-toward-a-new-momentum-trend-micro-security-predictions-for-2022.pdf

Leave a comment »

Waze Posts Their “Year in Rear View”……. And Serves Up A Santa Experience For Users

Posted in Commentary on December 7, 2021 by itnerd

Ever wondered what types of locations Canadians drove to the most in 2021 or what the soundtrack was to this year’s drive? Waze answered these questions and more in its inaugural ‘Year in Rear View’ survey, which launches today. Using first- and third-party data, Waze takes a look back at our year in travel to see the places we drove the most, the music that kept us entertained, and what quirky driving habits we all shared during 2021.

Waze asked respondents in Canada, U.S., U.K., France, Italy, Israel, Brazil and Mexico about their behind-the-wheel driver behaviours, favourite forms of entertainment, fun facts and aspirations, and what they experienced on the road this year. Following a year where most of us stayed close to home, 2021 opened up new opportunities to hit the road and get back to travelling.

2021 Year in Rear View Results Behind-the-Wheel Behaviours: What behaviours, trends or quirky habits did drivers showcase in 2021?

  • 70% of Canadians said shopping was the main reason they drove this year, with family visits (48%), visiting friends (37%) and commuting for work (36%) accounting for other top reasons for getting in the car
  • Residences and restaurants were top navigations for Canadians in 2021
  • 52% of Canadian drivers would wait patiently instead of using their horn if someone ahead of them wasn’t moving. 60% of those in the Atlantic region would wait compared to 48% from Central Canada
  • 66% of Canadian respondents are happy drivers, rating themselves an 8 or above (out of 10) compared to 60% globally
  • Older Canadians are more confident parallel parkers: while 38% of 18 to 24 year olds refused to parallel park in 2021, only 3% of those 65 and over refused\
  • Ed Sheeran’s “Bad Habits” was the 2021 song that best reflected Canadians’ year on the road (15%)

Entertainment: What kept drivers entertained this year? 

  • Canadian artists topped the charts: globally, the top five songs drivers listened to via the Spotify integration on Waze included ‘STAY’ by The Kid LAROI with Justin Bieber (#1) and ‘Blinding Lights’ by The Weeknd (#5)
  • Sweets and candy were the top snack of choice for drivers globally, except in Canada and the U.S. where drivers prefer fast food 
  • Listening to music was the top way Canadian drivers entertained themselves behind the wheel (82%), similar to the 76% of global respondents who did the same
  • When asked what they did while driving in 2021, Canadians showed regional differences: 
  • 45% said they belted the music to their favourite song, but that number was higher in the Prairies at 54% and lower in Central Canada at 40%
  • 36% said they waved at another driver, but drivers in the Prairies were the most friendly with 48% waving, while only 29% of drivers in Central Canada waved

Driving Dreams: What were drivers’ wish-lists of favourite cars, passengers or aspirations for driving?

  • James Bond’s Aston Martin (40%) was the car of choice for Canadian drivers, followed by Batman’s Batmobile (24%)
  • Globally, Jennifer Lopez and Elon Musk are the top female and male celebrities who made headlines that drivers would most like to have in their passenger seat, while in Canada, Adele took top honours
  • 32% of Canadians would give up alcohol for a year in exchange for no traffic, while just 5% would give up their phones

Local Canada Navigations:

  • Between January 1 and November 2, 2021, August showed the highest increase in nationwide driving (+70%) compared to pre-COVID numbers
  • In what cities did Wazers drive the most this summer (June-September)?
  1. Toronto
  2. Montreal
  3. Mississauga, Ont.
  4. Laval, Que.
  5. Vaughan, Ont.
  6. Ottawa
  7. Brampton, Ont.
  8. Hamilton, Ont.
  9. Longueuil, Que.
  10. Québec City
  • Are you planning to travel for the holidays this year? 
  1. No (41%)
  2. Yes, to another city/outside my local area (24%)
  3. Yes, within my city/local area (16%)
  4. I don’t know yet (15%)
  5. Yes, to another country (9%)

Additional data related to travel and COVID-19 over the last year can be found at waze.com/covid19.

 **Research conducted by OnePoll between 10.27.2021 to 11.09.2021 using a sample of 11,000 adults in Canada, the UK, US, Brazil, France, Italy, Mexico and Israel. OnePoll are members of ESOMAR and employ members of the MRS.

Finally the new Santa experience is launching today and it will offer Canadian Waze users two Santas to choose from on their drives. Select the sleigh, voice, and Mood for a holly jolly Santa who brings optimism to every drive, or Mall Santa, who will bring cheer and laughs alongside a Mood and vehicle inspired by mall Santas everywhere. Either choice means a more magical ride.

Also available for this new experience: A Mall Santa playlist [in partnership with Universal Music] and a Santa playlist [in partnership with Universal Music].

Leave a comment »

Vayyar To Provide Fall Detection Powered By Touchless Technology Compatible With New Amazon Alexa Together Service

Posted in Commentary with tags on December 7, 2021 by itnerd

Vayyar Imaging, the Israeli supplier of 4D imaging radar-based solutions, has teamed up with Amazon to make Vayyar Care, Vayyar’s touchless fall detection solution, compatible with the new Alexa Together service from Amazon, launching today. 

Wall-mounted sensors use point cloud imaging technology to constantly monitor their surroundings, providing peace of mind while respecting privacy. Vayyar Care detects falls in all lighting conditions, including pitch darkness, and even dense steam, making it ideal for use in bathrooms where 80% of falls happen and where customers may not want to have cameras. 

After a fall, standard buttons and cords are often out of reach and even wearables cannot guarantee round-the-clock protection: a third of seniors forget to put on their devices, while a fifth refuse to use them, fearing loss of independence.

In fact, over 90% of seniors now prefer to continue to live independently rather than move into an assisted living community. 

When the Vayyar Care device detects a fall, it will send a signal to Alexa to ask if the customer wants to call the Alexa Together Urgent Response emergency helpline. Alexa will also send a notification to the aging loved one’s caregiver. 

Vayyar Care builds on the global success of the company’s B2B platform, which provides real-time fall detection and supports advanced activity analytics for senior living communities in the U.S., EU, China, Australia, and beyond. 

The multifunctional sensing technology relies on low-power radio frequency waves, providing a safe, robust, and reliable solution for elderly people who want 24/7 protection without compromising their privacy or independence. 

Vayyar Care is available now from amazon.com.

Leave a comment »

Globally 1 in 5 Employees Fail Global Phishing Test: Terranova Security

Posted in Commentary with tags on December 7, 2021 by itnerd

The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing TournamentTM, reveals that overall end user click rates remained high in the face of this year’s phishing simulation. It also details the rise in the number of users who would’ve compromised their devices with malware had the phishing simulation not been a safe testing environment. 

The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors. 

These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats. 

The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch. 

2021 Phishing Benchmark Global Report: Key Results 

The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year’s simulation template, download malicious file attachments when prompted.  

Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message’s phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation’s resulting webpage as unsafe and clicked on the malicious file’s download link. 

These realities mean that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year. 

Other key data highlights from the third edition of this event include: 

  • When it came to downloading the malware document, North America fared best as a region (11.8%), while Europe took the runner-up slot (14.9). The Asia Pacific region finished with the highest malware download rate. 
  • For click rates by industry, Education, Finance and Insurance, and Information Technology exhibited the highest totals, all scoring over 25%. Meanwhile, Healthcare, Transport, and Retail all kept their click rates under 10%. 
  • Information Technology had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file. 

2021 Phishing Benchmark Global Report: Methodology 

This year’s email and webpage templates were supplied by Microsoft and reflected a real-world scenario all end users may encounter in their daily lives. The template’s scenario, selected by the Terranova Security leadership team, measured several end user phishing behaviors, including clicking on a link in the body of a phishing email and delivering malware in a downloadable file through a phishing webpage. 

The email and webpage spoofed the Microsoft SharePoint interface for an authentic look and feel. The email message even included instructions on how to download the file, which further enticed the end user to complete the action once they landed on the webpage. These decisions were made to give recipients a realistic sample of the increasingly complex nature of current phishing threats affecting professionals across many different industries. 

End users who clicked on the webpage link to download the malware file were met with a feedback page that offered a powerful learning moment. It pointed out warning signs the user may have missed during the simulation and highlighted best practices to keep in mind moving forward, giving them the tools needed to detect and avoid future threats consistently. 

Download the 2021 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament. 

Leave a comment »

Test Takers Sought for CompTIA Linux+ Beta Exam

Posted in Commentary with tags on December 7, 2021 by itnerd

Information technology (IT) professionals with a year or more of on-the- job experience working with Linux servers are invited to serve as beta testers for a new version of the CompTIA Linux+ certification exam, CompTIA, the nonprofit association for the IT industry and workforce, announced today.

CompTIA Linux+ is intended for early career IT professionals who support Linux systems in a range of applications, including the cloud, cybersecurity, mobile and web administration. The beta test is a precursor to the new CompTIA Linux+ exam scheduled to debut in June 2022.

Beta testers have the opportunity to take the new CompTIA Linux+ exam before it is generally available for the discounted price of $50. Individuals who pass the beta test will earn their CompTIA Linux+ certification. Beta test results will not be revealed to test-takers until the new exam launches in June 2022. To register for the CompTIA Linux+ beta exam visit https://home.pearsonvue.com/comptia.

CompTIA recommends that beta test takers have at least 12 months of hands-on experience working with Linux servers in a junior Linux support engineer or junior cloud/DevOps support engineer job role. Certification in CompTIA A+, Network+ and Server+ or similar certifications and knowledge are also recommended.

CompTIA Linux+ is the only job-focused Linux certification that covers the current foundational skills demanded by hiring managers in concepts such as system management, security, scripting, containers and automation and general troubleshooting. The exam includes performance-based and multiple-choice questions. It covers tasks associated with all major distributions of Linux, establishing a solid baseline of knowledge.

The CompTIA Linux+ beta exam may be taken online from home, a closed-door office or any private location with an internet connection. In-person testing at any of the thousands of Pearson VUE test centers around the world is also an option. For more details on test-taking options visit https://www.comptia.org/testing/testing-options/about-testing-options.

Leave a comment »

Crewdle Hits 10,000 Monthly Active Users

Posted in Commentary with tags on December 7, 2021 by itnerd

The videoconferencing platform Crewdle has hit the 10,000-user mark, an average monthly growth rate of 76% over the last 10 months, with an international reach spanning across Europe, Africa and the Asia-Pacific region, its founders announced Tuesday. This new milestone was reached just a little over a month after the closing of a funding round of over $2 million. The Montréal-based technology start-up specializing in real-time peer-to-peer (P2P) communications is well on its way to redefining virtual communications, by offering the greenest video calls and videoconferencing alternative to server-based collaborative communication platforms.

In large part fuelled by eco-conscious users looking to make a difference, and the exponential need for remote work against the backdrop of the COVID-19 pandemic, the rapid growth in the number of users is also the result of a recently launched strategic marketing initiative, other recent partnerships and word-of-mouth. 

Founded in 2020 by Montréal entrepreneurs Vincent Lamanna and Pierre Campeau, Crewdle is also the first video communication service provider in the world to receive carbon neutral certification. By removing the use of servers that interfere between participants in a video communication, and which are known to be very energy consuming; Crewdle consumes less energy and therefore emits less carbon. Greener, safer and more affordable, the environmentally friendly platform allows saving up to 1 kg of CO2 and 12 litres of drinking water per hour per participant. It’s easy to use and there’s nothing to download.

The latest version of Crewdle is available now free of charge with some restrictions; subscription-based packages are also offered to SMBs and individual users. It is also free for small- and medium-sized non-for-profit organizations (NPO); significant discounts are also offered for larger NPOs. It is also available via the AppDirect Network Catalog and through its vast network of AppSmart professional advisors. Crewdle works in popular desktop browsers and is optimized for Safari (iOS), and for Chrome (Android), and can be integrated with Google Calendar, Microsoft 365 Outlook Calendar, and Slack.

To discover all the features and benefits of using Crewdle, or to join the Partner Program, visit crewdle.com today!

Leave a comment »

The Markup Details How Much Life360 Relies On Selling Data…. And What Might Be In Store For Tile Users Now That They Own Tile

Posted in Commentary with tags on December 6, 2021 by itnerd

Last week I wrote about Life360 and their purchase of Tile. In that writeup, I mentioned this:

But I suspect that Tile users may want to be ready for Life360’s rather craptastic privacy policy. Life360 data harvests and sells your data (including location data). My sense is that this will mean that Tile users will likely defect to other solutions. 

Well, there are more details about the way they handle data. And the details don’t paint Life360 in a positive light:

Through interviews with two former employees of the company, along with two individuals who formerly worked at location data brokers Cuebiq and X-Mode, The Markup discovered that the app acts as a firehose of data for a controversial industry that has operated in the shadows with few safeguards to prevent the misuse of this sensitive information. The former employees spoke with The Markup on the condition that we not use their names, as they are all still employed in the data industry. They said they agreed to talk because of concerns with the location data industry’s security and privacy and a desire to shed more light on the opaque location data economy. All of them described Life360 as one of the largest sources of data for the industry. 

And this doesn’t help Life360’s cause either:

Meanwhile, selling location data has become more and more central to the company’s health as it’s struggled to achieve profitability. In 2016, the company made $693,000 from selling data it collected. In 2020, the company made $16 million—nearly 20 percent of its revenue that year—from selling location data, plus an additional $6 million from its partnership with Arity. 

So Tile users, this is who has purchased your location tracking service. They don’t sound like the best people, and I for one would interested to see how Life360 responds to this so that their purchase of Tile doesn’t go down the tubes.

3 Comments »

Russian Hackers Make The Rounds With Ceeloader Malware

Posted in Commentary with tags on December 6, 2021 by itnerd

Russian hacking group is using new stealthy type of malware called Ceeloader. The Nobelium hacking group has continued to breach gov’t and enterprise networks worldwide by targeting their cloud and managed service providers:

Ceeloader communicates via HTTP, while the C2 response is decrypted using AES-256 in CBC mode.

The custom Ceeloader downloader is installed and executed by a Cobalt Strike beacon as needed and does not include persistence to allow it to automatically run when Window is started.

Nobelium has used numerous custom malware strains in the past, specifically during the Solarwinds attacks and in a phishing attack against the United States Agency for International Development (USAID).

And:

To hamper attempts at tracing the attacks, Nobelium uses residential IP addresses (proxies), TOR, VPS (Virtual Private Services), and VPN (Virtual Private Networks) to access the victim’s environment.

In some cases, Mandiant identified compromised WordPress sites used to host second-stage payloads that are fetched and launched into memory by Ceeloader.

Finally, the actors used legitimate Microsoft Azure-hosted systems with IP addresses that had proximity to the victim’s network. 

This approach helps blend external activity and internal traffic, making detecting the malicious activity unlikely and the analysis harder.

Eddy Bobritsky, CEO, Minerva Labs (www.minerva-labs.com) had this commentary:

“The Ceeloader looks to be another evolution step in the ever increasing malware sophistication, using more improved evasion techniques and very specific low level attack methods such as file-less downloading and memory injection.

Most traditional antiviruses and protection services base their detection on known signatures and threat actor behaviors. This makes attacks like these very difficult to mitigate for zero-day and unknown malware variants, especially those designed to evade detection, and require specialized approaches like implementation of Hostile Environment Simulation Models along with other anti-evasion protection techniques.”

This seems pretty scary for admins and those who are charged with protecting networks from being hacked and pwned. I guess it’s time for everyone to bring their “A” game to keep this threat at bay.

Leave a comment »

« Older Entries
Newer Entries »