Archive for March 31, 2022

TELUS & Vector Institute Reduce Climate Impacts & Open Source New Energy Optimization System

Posted in Commentary with tags on March 31, 2022 by itnerd

TELUS and the Vector Institute, today announced the launch of the Energy Optimization System (EOS), a timely move that will help reduce operational costs and minimize electricity use in commercial buildings, namely data centres, across Canada. This collaborative development uses model-based reinforcement learning (MBRL) to fine tune the heating, ventilation, and air conditioning (HVAC) systems across network locations, allowing for energy-efficient temperature control.

Annually, an estimated 40 per cent of energy consumed across TELUS network locations is directed towards cooling telecommunications equipment, which is critical to maintaining optimal network performance. TELUS team members collaborated with the Vector Institute to build and test a solution to reduce this number and create a more sustainable use of HVAC equipment in 24/7 data centers. 

By optimizing HVAC systems with this new AI technology, it is possible to achieve significant energy savings in data centres and other network locations, reducing the overall environmental impact. Results from a pilot test showed a decrease of almost 12 per cent in reduced annual electricity consumption in a small data centre.

The algorithm also considers the weather forecast to make a decision when to run cooling (either more expensive compressor cooling or less expensive free cooling) or heating to ensure a consistent temperature and better regulate temperatures during shoulder seasons. 

TELUS and Vector have elected to open source this new algorithm as a contribution to the energy conservation community, furthering commitments by both tech leaders to leverage AI to create better outcomes for Canadians and our environment.

As a founding sponsor of the Vector Institute, TELUS has committed to using this partnership to advance the AI ecosystem across Canada, producing an economic boost and creating meaningful impacts with technology. As an example of responsible AI, this program is a demonstration of TELUS’commitment to fostering innovation, while increasing trust with our customers by addressing privacy, security, and ethical risks.

To learn more visit: https://github.com/VectorInstitute/MBRL-HVAC-Energy-Optimization

Leave a comment »

Guest Post: Lookout Says Don’t Let Scammers Dunk On Your March Madness Bracket

Posted in Commentary with tags on March 31, 2022 by itnerd

March Madness is in full swing! For many college basketball fans, a large part of the fun comes in creating a bracket, competing against other fans for bragging rights and of course, winning a little money. Unfortunately, scammers take all the fun out of the tournament by creating false betting websites and pocketing your hard earned cash. 

Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, wants fans to stay safe from potential scams and has listed a few tips that make an impact. 

Lookout suggest all be wary when placing bets by doing the following:

Place a bet through a well established and approved services
Do research and ensure the website selected for betting is verified before adding financial information. Confirm with the local gaming commission or the ESPN website about a service that you are unfamiliar with. 

Don’t fall for ads
A fan may receive spam text messages and emails claiming to be a legitimate betting service. Don’t fall for the false advertising.

Avoid providing additional personal information when prompted
If a website asks for additional personal information when placing a bet or cashing out do not provide it. Most betting sites will not need your social security number. 

Pay attention to the fine print
Read the fine print when finding a service. Any language that presents urgency, limited spots, risk-free betting, or a 100% guarantee is a red flag. 

Lookout helps protect your digital information at every level – from the device you hold, to the apps and online services you use and the networks you connect to. Lookout also continuously monitors the internet to ensure what matters to you the most – such as social security and credit card numbers – aren’t exposed. And if anything happens, Lookout’s team of experts and a $1 million identity theft insurance policy are here to back you up.

Leave a comment »

Canadians Should Invest In Themselves & Turn Tax Season Into Trip Season: Kayak

Posted in Commentary with tags on March 31, 2022 by itnerd

According to a new survey from KAYAK, despite how eager Canadians are to file their taxes (32%) and get their refund sooner, nearly a quarter (24%) have admitted to not spending their tax season on anything fun – and this year can be the year to change that. As Canadians look for the best way to invest their tax refunds, it’s important to remember that there’s no better investment than the one you make on yourself. 

In fact, despite earlier data from KAYAK revealing the growing number of Canadians (27%) eager to take advantage of workcations this year, only 1 in 9 (11%) plan to use their tax return to take a trip or vacation.  

These behaviours differ from our neighbours down south, with KAYAK revealing interesting comparisons between how Canadians and Americans plan to use their tax return*: 

  • Half of Canadians (50%) use their tax refund to pay off debt (i.e. credit cards, loans, bills) compared to 41 per cent of Americans 
  • More Americans have used their tax refund in past to take a trip (16%) compared to only 9 per cent of Canadians
  • 1 in 6 Americans who expect to get money back for their 2021 returns are enthusiastically planning to spend it on travel, compared to only 1 in 9 Canadians

Canadians on a tight budget shouldn’t rule out the possibility of investing in themselves this summer. For those looking to escape and make the most of the season (and their tax return), KAYAK has compiled a list of the most affordable roundtrip destinations for Canadians by city to help take their next trip without breaking the bank**:

Ontario
– New York, NY – $200 
– Chicago, IL – $227 
– Newark, NJ – $241
– Boston, MA – $241 
– Fort Lauderdale, FL – $267 		British Columbia
– San Francisco, CA – $229 
– Los Angeles, CA – $265 
– Las Vegas, NV – $319 
– San Diego, CA – $320
– New York, NY – $382
Alberta
– San Francisco, CA – $235 
– Seattle, WA – $303 
– Las Vegas, NV – $309
– Los Angeles, CA – $348
– New York, NY – $427		Quebec 
– New York, NY – $284 
– Fort Lauderdale, FL – $350 
– Chicago, IL – $357 
– Orlando, FL – $405 
– Tampa, FL – $419 

To help Canadians looking to splurge on their wanderlust, KAYAK also launched an interactive tax refund calculator to show the ways that Canadians can consider reinvesting in themselves this year. I’d be happy to put you in touch with a KAYAK spokesperson who can discuss these tax return trends and speak to how Canadians can best use their tax refunds to plan their next trip.

*YouGov Methodology:

This survey has been conducted using an online interview administered to members of the YouGov Plc panel of individuals who have agreed to take part in surveys. All figures, unless otherwise stated, are from YouGov Plc. Canadian survey: Total sample size was 1005 adults. Fieldwork was undertaken between 4th – 14th March 2022. The survey was carried out online. The figures have been weighted and are representative of all Canadian adults (aged 18+); U.S. survey: Total sample size was 1084 adults. Fieldwork was undertaken between 16th – 17th February 2022.  The survey was carried out online. The figures have been weighted and are representative of all US adults (aged 18+).

**Methodology: KAYAK considered searches originating in Canada for international travel from 5.27.22 through 9.5.22 (all prices listed are in USD).

Leave a comment »

Guest Post: #BeCyberSmart: Tax Season Tips From TikTok

Posted in Commentary with tags on March 31, 2022 by itnerd

At TikTok, we’re always looking for ways to uplift our global community to #BeCyberSmart. Last year, the IRS identified over $10 billion in losses from tax fraud and financial crimes. With Tax Day around the corner, cybercriminals may be primed to unleash a range of nefarious tactics — whether on a connected device or a landline — to trick people into unwittingly handing out sensitive information. 

Some TikTok creators are taking their expertise to #TaxTok to help others stay ahead of fraudsters that continually evolve their tactics. These Certified Public Accountants, lawyers, and fraud fighters are spotlighting ways to avoid falling victim to scams. Drawing from the IRS, along with leading experts like the Identity Theft Resource Center (@idtheftcenter__) and National Cybersecurity Alliance (@natlcybersecalliance), we’re spotlighting some of our favorite tips to #BeCyberSmart this tax season.

  • Ignore imposters – Phishing and smishing are the most common tactics used to steal personal data. The IRS will not call, text, email, or visit your home. They will not accept payment in gift cards, prepaid debit cards, wire transfers, or cryptocurrency. Don’t open links or attachments from suspicious senders. Scams related to COVID-19, Economic Impact Payments, and other tax law changes are increasingly common this year. 
  • Verify what you see – Fake IRS sites are scattered all over the online world. The official site is IRS.gov, and all IRS.gov web page addresses begin with http://www.irs.gov/. Beyond tax tips, if you’re on e-commerce sites, ensure the web address begins with“https” – the “s” is for secure communications over the computer network. Also check for the “padlock” icon in the browser’s address bar meaning there’s a secure connection between the browser and the server where the website is hosted.
  • Use secure Wi-Fi, VPN, and 2-step verification – Don’t trust unsecured public Wi-Fi, especially in airplanes, airports, malls, or public transit. Use a virtual private network (VPN) whether on the go or at home, and secure home Wi-Fi networks with a strong password. This is essential as wireless printers, door locks, and refrigerators create new access points for people with bad intentions. Enable 2-step verification for an added layer of security.
  • Have a back-up plan – Use a secure cloud service or external hard drive to copy important information, like photos and files on computers and mobile devices, as a lifeline to recover financial or other tax data if lost.
  • Protect with a PIN – Taxpayers who can validate their identities can obtain an Identity Protection PIN, a six-digit code that prevents an identity thief from filing a fraudulent tax return using your Social Security number.

Reporting potential scams helps prevent future attempts and protect others. Report IRS, Treasury, or other scam attempts to the FTCIRS, Treasury Inspector General for Tax Administration, or Identity Theft Resource Center. If you encounter suspicious activity in-app, report it to TikTok’s Safety Center, and follow @TikTokTips for more ways to #BeCyberSmart.

“Whether or not you are ready for tax season, the identity criminals are, so it’s a good time to remind friends and family to stay vigilant and #BeCyberSmart,” said Eva Velasquez, CEO of the Identity Theft Resource Center (@idtheftcenter_). “File your taxes as early as possible, do your research before handing information over to a tax preparer, and use a secure internet connection to file online or mail it directly from the post office if you don’t.”

“What’s scarier than the IRS? Someone pretending to be from the IRS,” said PJ Rohall, Co-Founder of About-Fraud. “Tax scammers will milk you for more money and cause more emotional damage than a lifetime of filing tax returns or interacting with legitimate IRS agents.”

“Tax season is a haven for identity theft, so it’s critical to do your due diligence before handing over personal information,” said Gabriel Friedlander, founder of Wizer – Free Security Awareness Training (@wizersecurity). “When it comes to tax preparation services, it’s best to work with a reputable professional that comes recommended by a friend or family member.”

“Bad actors look for any chance to accomplish their agenda of nefarious schemes, and tax season can leave the most vulnerable at risk,” said Ian Mitchell(@ian.t.mitchell_), founder of The Knoble. “TikTok’s #BeCyberSmart initiative is a powerful step to fight back by raising awareness to prevent cybercriminals from targeting unsuspecting victims.”

“We know how stressful tax season can be, and we’re proud to partner with the IRS to share tips on how to stay safe when filing taxes this year,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance (@natlcybersecalliance). “It’s critical for the TikTok community and everyone online to do research, report potential scams, and secure their online accounts.” 

In partnership with our fraud awareness champions, we developed a Bingo card as another fun way for people to brush up on their cybersecurity skills. Good luck, and remember to always #BeCyberSmart! 

Leave a comment »

Guest Post: Backup your Data and Your Relationships on World Backup Day

Posted in Commentary with tags on March 31, 2022 by itnerd

By Carol Clark, Vice President, Product and Solutions Marketing, Commvault

In 2011 a digital consultant named Ismail Jadun created what has become World Backup Day after he saw a Reddit post where someone wished they had been reminded to backup their data. Eleven years later and we are still trying to remind people that their data is so valuable that they should make sure they can get it back. Enterprise data varies from email to files to images and databases and everywhere in between but it is the currency that runs today’s business landscape. Throughout the years the initial concept of World Backup Day has persevered and thrived, and it is rare to find even the smallest company that does not protect their data in some way, however the world has changed a lot since 2011.  The increase in cyberattacks is well documented and is now at the top of mind for board members, business owners and everyone throughout the corporate structure.    

Cyberattacks threaten the data being used day in and day out and often even the backups of the data. Today’s IT administrators and leaders often must think of the security implications of a change before they even get to consider the technical challenges. On World Backup Day 2022 we suggest the first thing you should do is to check those backups and your processes but the second is to reach out to your information security teams and find out what precautions they are taking and share your cyber threat specific recovery plans.

  • Share and collaborate on your procedures – Learn if there are tests you can work together on to validate your recovery.
  • Highlight security capabilities in your data protection solutions so security teams can factor in that intelligence into their overall telemetry. Capabilities such as security dashboards anomaly detection, air gapped backup copies can be essential components of an overall corporate preparedness plan – and speed your time to recovery.
  • Review access control systems and who has access to critical back ups to better control the attach surface
  • Investigate the use of public clouds that allow for secure airgap driving better redundancy and peace of mind (Our Metallic™  Cloud Storage Service (MCSS) is a GREAT place to start….)
  • Collaborate on network connectivity to determine if you can speed up the recovery
  • Understand if there are compliance regulations they need to adhere to and how your team can better help prove compliance.

Reaching out to the infosec teams is not only best practice but is also a way for you to proactively expand your team’s effectiveness in the event … of well, an event. The day-to-day world of back up is no longer about files and applications. As an administrator there are concerns over encrypted files due to ransomware, data that is exfiltrated and sold and probably one of the most worrying to others is the risk of your customer data being leaked. 

The collision of data owners that is the result of modern cyberthreats adds another level of complication or recovery and by extension to the core backup strategy. Security teams are only the start for the collaboration for today’s IT infrastructure teams. New groups have arisen that will also need to be consulted from the Chief Data Officer to data analytics groups. All of these teams can provide insight into the right data to protect and when. The Chief Data Office can help drive the conversation around what data is more mission critical with the analytics to back up the conversation. These cross functional conversations will continue to add efficiencies into your data protection strategy.

Data recovery can no longer be a siloed activity. World Backup Day is a day that reminds us to backup our data but remember that the key to any data management strategy is not the backup but the recoverability and for that you need to test, test again and then when you think you have completed all your testing, do it one more time, with your new info sec friends.

Sponsor a join table top exercise, bring in lunch and learn from each other as you refine your practices and build better defenses to protect your business. World Backup Day is not the day to relax assuming your backups are good but instead take the time to be ever more diligent and backup your data along with your relationships.

Help us celebrate our customers on World Backup Day by meeting them here https://www.commvault.com/customers

Leave a comment »

Researchers Discover A Novel Email Phishing Attack Involving Calendly

Posted in Commentary with tags on March 31, 2022 by itnerd

INKY has published research that analyzes a novel email phishing attack delivered via hijacked accounts luring victims to the modern scheduling platform Calendly where the threat actors crafted a clever sequence leading to a credential-harvesting payload that impersonates Microsoft 365. INKY’s cybersecurity researchers detected this credential harvesting operation exploiting the free online appointment scheduling software by hackers inserting malicious links on Calendly’s event invitations. 

Calendly displays confirmation pages for invitees after scheduling, which are customizable. In this attack, phishers uncovered this and created a fraudulent SharePoint notification with fax attributes including several pages/file sizes using the “Add Custom Link” feature to insert a malicious link on the event confirmation page

As part of the company’s investigation, an INKY engineer entered a fake username and password to test the phishing site and got a fake invalid-password error. Behind the scenes, the attackers harvested the fake credentials. Another attempt to log in led to a second harvesting event, whereupon the victim was redirected to their own (supposed) domain.

I had a look at this report yesterday ahead of its publication and I have to admit that this is crafty. Many people are so used to doing whatever a site telling them to do that I can see how this would be effective. It underlines that everyone needs to be vigilant 100% of the time.

You can read the full report here.

UPDATE: A Calendly spokesperson reached out to me with this statement:

“Security is a top priority at Calendly. Similar to other major technology providers, we have an extensive network of tools and systems in place, such as a next-generation web application firewall, fraudulent IP tracking, and anomalous traffic pattern alerts. We also recommend customers add an additional layer of protection with a password manager and two-factor authentication. 

In this instance, a malicious link was inserted into a customized booking page. Phishing attacks violate our Terms of Service and accounts are immediately terminated when found or reported. We have a dedicated team that constantly enhances our security techniques, and we will continue to refine and stay vigilant to protect our users and combat such attacks.”

1 Comment »