Archive for April, 2022

« Older Entries
Newer Entries »

Zoom To Pay Up Big Time In “Zoom-Bombing” Class Action Lawsuits

Posted in Commentary with tags , on April 24, 2022 by itnerd

For those of you who aren’t aware of this. “Zoom-Bombing” is when uninvited guests crash your Zoom meeting and do anything from just listen in to playing porn, or anything in between. It was a big deal a couple of years ago. This led to a string of class action lawsuits against Zoom claiming:

  • Zoom failed to prevent “Zoombombings”
  • Zoom unlawfully shared data with authorized third parties such as Facebook, Google and LinkedIn
  • Zoom lied about the strength of its end-to-end encryption protocols

I guess Zoom decided that it was cheaper to settle than to fight. Which has led to them settling 14 different class action lawsuits:

As part of the settlement agreement, Zoom Video Communications, the company behind the teleconference application that grew popular during the pandemic, will pay the $85m to users in cash compensation and also implement reforms to its business practices.

And here are the changes that Zoom must make:

As part of the settlement, Zoom has agreed to over a dozen changes to its business practices that are designed to “improve meeting security, bolster privacy disclosures and safeguard consumer data”, according to court documents.

As part of those changes, the company is required to develop and maintain a user-support ticket system to track reports of meeting disruptions, a documented process for communicating with law enforcement regarding disruptions that include illegal content, a suspend-meeting button and the ability to block users from certain countries.

A lawyer representing Zoom put out a comment putting some spin on this:

Mark Molumphy, a partner at Cotchett, Pitre & McCarthy, LLP said:

“Millions of Americans continue to use Zoom’s platform with the expectation that their conversations will be kept private and secure. This groundbreaking settlement will provide a substantial cash recovery to Zoom users and implement privacy practices that, going forward, will help ensure that users are safe and protected.”

But at the same time a lawyer representing the plaintiffs had this to say:

Tina Wolfson, a partner at Ahdoot Wolfson said:

“In the age of corporate surveillance, this historic settlement recognizes that data is the new oil and compensates consumers for unwittingly providing data in exchange for a free service. It also compensates those who paid for a product they did not receive and commits Zoom to changing its corporate behavior to better inform consumers about their privacy choices and provide stronger cybersecurity.”

Now, you don’t have to wait for Zoom to make changes to protect yourself from being “Zoom-Bombed”. Here’s my tips for using Zoom safely:

  • When you send out a meeting invite, ensure that the meeting has a password associated with it. This support document can help you with that.
  • Don’t share the meeting invite on social media. Send it directly to the invitees.
  • Use the waiting room function which puts users who join your meeting into a virtual waiting room that allows you to identify them and admit them to the meeting if they are supposed to be there. This support document will explain how to use that feature.
  • Don’t use your personal meeting ID for meetings if you can avoid it.
  • Keep your audio and video off by default when joining a meeting. That way when you join, you can enable what you need to or feel comfortable enabling. This support document will tell you how to do that.
  • Don’t keep Zoom running on your computer if you don’t need it.
  • Make sure you have a strong password for your Zoom account. This support document can help you with that.

The first four items will help you to mitigate “Zoom-Bombings”. The last three are more of a suggestion to protect your privacy.

Hopefully Zoom learns from this as this is not the first time that Zoom has paid up to make a lawsuit go away. And I have to imagine that cutting these cheques is starting to get expensive.

Leave a comment »

2021 Accounted For 40% Of Zero-Days In The Last Decade

Posted in Commentary with tags , on April 23, 2022 by itnerd

Researchers with Mandiant have released findings on 80 zero-days exploited “in the wild”, a surge in verified zero-day exploits over the course of the last year. Additionally, Google’s Project Zero said Tuesday that they tracked 58 cases of zero-day exploits in the wild last year. 2021 accounted for 40% of zero-day attacks undertaken in the last decade. That’s massive explosion of zero-days which means that users are less safe as a result.

I have two comments from industry experts. The first is from Saumitra Das, CTO and Cofounder, Blue Hexagon:

“Zero-day exploits and variants of malware that go after them have been on consistent rise as attackers invest in automation and research. Many of the zero-days discovered in old software like print spooler (print nightmare) are being discovered by overseas research teams. These can then be weaponized at scale and quickly by attackers using mutated malware to get in. In many cases, attacker use an existing foothold and simply try out a new POC at a victim.”

The second comment is from Chris Olson, CEO, The Media Trust:

“Not only is the number of zero-day attacks rising, but malicious actors are exploiting them faster than ever before. In December, Chinese actors were targeting the Log4Shell vulnerability only hours after its initial disclosure. With the cybersecurity landscape dominated by increasingly sophisticated threat actors, we can expect the incidence of zero days to rise in 2022, especially with heightened political tensions around the world.”

“In response, organizations should be particularly vigilant against underemphasized attack surfaces such as websites and mobile apps if they want to protect their customers. Based on our observations, we expect a rise in attacks based on polymorphic and obfuscated code, rapid URL shifting and other advanced techniques to deliver ransomware and other malicious executables.”

Zero-days are now the new normal, which means that organizations need to hunt down these threats make sure your ensure their defences are on point. Because the bad guys are out there hunting for zero-days that they can exploit. Which means that you are under threat as a result.

Leave a comment »

If You Have Apple Pay, Google Pay, and Samsung Pay The Bad Guys Are Targeting You To Go On A Spending Spree

Posted in Commentary with tags on April 22, 2022 by itnerd

I use Apple Pay a lot either via my iPhone or my Apple Watch as I feel more secure about using it versus using my physical debit or credit card. But apparently this is a great way for scammers to go to town as Vice is reporting. And this doesn’t just cover Apple Pay, but Google Pay, and Samsung Pay as well:

Recently criminals have started using bots that automatically place phone calls to victims and trick people into handing over their multi-factor authentication codes. Now, various fraudsters selling access to these underground bots are highlighting a particular money making scheme: using the bots to link stolen credit cards to contactless payment systems like Apple, Samsung, and Google Pay and then buying items at the victim’s expense. 

And:

The Telegram posts don’t explain explicitly why fraudsters may see Apple Pay as a preferred option when using multi-factor authentication bypass bots. But when a scammer adds a debit card to Apple Pay, perhaps using stolen card details they’ve purchased online, the scammer does not require the card’s PIN or the physical card itself to start spending the victim’s money. The contactless payment system, in a way, bypasses the need for the PIN or the physical card by creating another avenue to use the stolen card details. When using Apple Pay, a cashier does not see the name that would be present on the physical card and doesn’t ask for identification from the buyer.

Coincidentally, Kevin Costain got a call from someone at “Amazon” who wanted to get remote access to his phone. He decided to record it and Tweeted about it:

This makes we wonder if this is part of the same scam.

Chris Olson, CEO of The Media Trust has this comment:

“Malicious actors have a tough time using the credit card numbers they steal through Web and mobile attacks; the usual way is to sell those numbers in bulk through DarkNet markets or use them to acquire gift cards that can be redeemed for goods. Mobile bots like the ones described by Vice provide them with yet another way to use financial information, and it’s not the first-time mobile payment features have been abused – through PayLeak-3PC, hackers were also able to initiate attacks directly through Apple Wallet. Consumers and businesses alike need to be more conscientious of mobile devices as threat surfaces.”

My advice is that neither a bank or “Amazon” will call or text you for a multi factor authentication code, and it shouldn’t be shared with anyone else. Regardless, clearly this is another example as to why you have to be vigilant at all times as clearly the bad guys are out to get you.

Leave a comment »

Guest Post: April 23rd Is National Email Day! Learn How To Stay On Guard Against Email Scams

Posted in Commentary on April 22, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout

More than half of the world’s population uses email, and by 2024 there will be over 4.4 billion email users around the world. Emails are essential to our everyday life, but if unprotected, could leave your private information exposed. 

In celebration of National Email Day, Lookout shares its top tips to determine if an email is a phishing scam:

Obvious misspellings and grammatical errors: Newsletters, notifications, and other email messages go through several rounds of approvals before distribution. 

Check the “sent from” email address: Real companies will send from their own domain. One easy way to check for authenticity is to make sure a company email isn’t coming from an address ending in  “@gmail.com” or  “@yahoo.com”.

Requests to follow a link or open an attachment: Important information is shared in the body of an email. Requests to click a link for more information, or download an attachment for a message, are likely a scam.

Demanding urgency: If you receive an email requiring immediate action from you, usually involving private information like social security, birthday, bank information, or more, immediately call the company this message is supposedly from. Reputable companies will never ask for personal information to be shared over email.  

Leave a comment »

Review: Kensington SureTrack Dual Wireless Mouse

Posted in Products with tags on April 22, 2022 by itnerd

In my quest for the perfect desk setup I’ve considered a lot of things to add to the setup. One of them however wasn’t a mouse. I have always found the trackpad that’s built into my MacBook Pro to provide me with the best way to scroll and swipe my way through macOS. But I am reconsidering that position after spending a couple of days with the Kensington SureTrack Dual Wireless Mouse.

Here’s what you get in the box:

You get a AA battery, the mouse which is made of plastic and pretty lightweight. And it should be noted that if you don’t like black, there’s four other color choices. And a 2.4 GHz USB-A receiver. The mouse feels very good in my hands. There’s no sharp edges or weird shapes that I can feel. Which means using it for long stretches of time will likely not be an issue. The buttons have great feedback along with the scroll wheel. And finally it’s also compact should I want to travel with it as it won’t take up a lot of real estate. So from those perspectives this mouse is a winner so far.

Here’s where things get interesting. You can connect this mouse using the 2.4 GHz USB-A receiver. Or you can use Bluetooth as pictured here:

As you can see here, the mouse supports Bluetooth 3.0 and 5.0. That is the first mouse that I recall that has that ability. Another thing that I noted was that Kensington says that the mouse when communicating encrypts the traffic using AES 128. Though the documentation doesn’t speak to how that is achieved. In any case, I went the Bluetooth 5.0 route as that lets me use Bluetooth LE which uses less power with no performance hit. It also exposes the battery status in the menu bar of my MacBook Pro as pictured here:

That will be handy so that I know if I have to change the battery. Which will likely be a long time from now as Bluetooth LE devices tend to have long battery life.

The really big reason that is making me reconsider using the trackpad of my MacBook Pro is how this mouse operates. It is insanely smooth and precise. And it has the ability to tweak the DPI (dots per inch) settings on the fly which is handy if you want to change the DPI for a specific task. That’s done via the button on the bottom of the mouse and it supports 1200, 2400, and 4000 DPI.

Honestly, I really love this mouse. And while it requires a couple of extra clicks to replicate what I would normally do with the trackpad, I’m willing to give this mouse a shot over the near to medium term. That tells you what a good job Kensington has done with SureTrack Dual Wireless Mouse. It has a MSRP of $39.99 and as far as I am concerned, it’s money well spent.

2 Comments »

Five Eyes Serves Up A New Warning About Russian Cyber Threats

Posted in Commentary with tags on April 21, 2022 by itnerd

USA, Canada, New Zealand, The United Kingdom and Australia who are known collectively as the “Five Eyes” have released a warning about Russian State-Sponsored actors taking aim at critical infrastructure:

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.

This means that attacks are likely inbound on any country that supports Ukraine. And it means that we all need to up our cybersecurity game. To get some color commentary on this, I reached out to Darktrace and got a pair of quotes. The first is from Darktrace’s CEO, Poppy Gustafsson:

“Since the start of the war critical infrastructure globally has been on high alert to cyber-attacks. Russia has previously displayed its ability to get into the heart of critical systems and launch attacks in cyber space that have real-world impacts – such as the attack on Ukraine’s energy grid in 2015. The attack on Colonial Pipeline last year also served as a wake-up call showing defenders of critical national infrastructure that no system is invulnerable to attack.

While we’ve seen examples in the Ukraine conflict of attacks targeting industrial systems, such as Industroyer 2.0, we have yet to see any novel cyber-attacks at scale during the crisis to date. But we can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyber-attacks in their arsenal and it is only a matter of time before these are deployed.

The warning from the Five Eyes represents another global effort to combat disinformation, and serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected. We have to think about the people on the other side of these warnings; the people that are responsible for defending critical infrastructure. These defenders can only take a ‘shields up’ approach so far – we must augment security teams with advanced technology that can spot, stop and investigate attacks on their behalf.”

Additionally, I have the following comment from Darktrace’s Canadian Director of Enterprise Security, David Masson:

“The US Government set a precedent some weeks ago by issuing warnings about Russia’s attack plans for the invasion of Ukraine. This was a Five Eyes government releasing intelligence to the public about Russia’s intentions. Our own intelligence agencies have repeatedly warned us about potential Russian cyber-attacks on Canadian critical infrastructure.

In the last twenty-four hours, the head of the Canadian Centre for Cyber Security, Sami Khoury, shared a joint Five Eyes advisory on social media about the “increased risk of malicious cyber activities posed by Russian state-sponsored advanced persistent threat (APT) actors, their proxies, and independent cybercriminal groups.” On American television, the US Deputy Attorney General, Lisa Monaco, said that the Russians are probing critical infrastructure, and she used the analogy of a burglar “trying to jiggle the lock to see if it’s open.” 

Now is the time for all Canadian organizations, private and public, critical infrastructure or not, to work on their resilience plans, train staff, and be ready to deploy technology to deal with cyber-attacks. We need to make sure our doors are locked, but more importantly, our jewels are locked in a safe. We need to assume that sophisticated attackers will find a back door (or window) to get in and that we are prepared to catch them once inside.”

Seeing as Russian backed threat actors are already going after critical infrastructure in Ukraine, it a certainty that those attacks are coming here. Thus now is a great time to get your defences in order so that you don’t become the next company with a really bad headline.

Leave a comment »

Rogers Announces 2.5 Gbps Symmetrical Fibre…. Which Won’t Be Coming To You Anytime Soon

Posted in Commentary with tags on April 21, 2022 by itnerd

Hot off the heels of Rogers rising from the dead after being beaten down by Bell for years because Bell has a much faster Internet offering, comes this announcement. To follow up with their announcement of 8 Gbps fibre that is coming this summer, comes the announcement of 2.5 Gbps service:

Rogers announced today that it has launched new fibre-powered Ignite Internet packages and bundles, with symmetrical download and upload speeds of up to 2.5 Gigabits per second (Gbps). Existing Rogers customers that subscribe to Ignite Internet Gigabit 1.5 will be automatically upgraded to symmetrical speeds up to 2.5 Gbps starting today at no extra cost. Building on its commitment to provide leading next-generation products and services to its customers, Rogers is offering even faster download and upload speeds in a growing number of homes and neighbourhoods across Ontario, New Brunswick and Newfoundland.

That’s great if you have their 1.5 Gbps service. Because prior to writing this story I pinged a bunch of my clients all over what is known as the Golden Horseshoe which is basically Toronto, east of Toronto, Hamilton, and Niagara Region and nobody has their 1.5 Gbps service. Most of them are stuck on Rogers uncompetitive and rather embarrassing 1 Gbps downstream/30 Mbps upstream service or tiers that are slower than that. Which means that this new service isn’t going to benefit the majority of Rogers customers anytime soon. Contrast that with Bell who served this up on Twitter this morning:

Bell continues to be hyper aggressive in terms of getting their fibre network to more places as fast as they can as evidenced by the Tweet above. As a result Bell’s fibre footprint is massive compared to what little fibre Rogers has. Which means that Bell’s lead when it comes to the speed of their Internet offerings is only going to increase, and conversely Rogers will continue to be on the back foot desperately trying to catch up. It also does it solve the issue of Rogers customers who can’t get above 1 Gbps looking at Bell and saying “Bell’s speeds destroy’s anything that Rogers has to offer. Let’s switch to them.”

So while this release from Rogers, and the one that they put out earlier this week sound good. They’re really meaningless as these moves from Rogers do nothing to help existing and loyal Rogers customers get a competitive Internet product from the telco. And that’s going to bite Rogers sooner rather than later.

2 Comments »

Guest Post: Web Threats Increase By Over 130% At The End Of 2021 Says Atlas VPN

Posted in Commentary with tags on April 21, 2022 by itnerd

Web threats affect everyone and every device that is connected to the internet. Web threats enter users’ networks without their awareness and can be activated by opening a spam email or clicking on an executable file attachment.

According to the data presented by the Atlas VPN team, web threats have increased by 133% in November and December of 2021, compared to September and October. In addition, JavaScript downloaders and crypto miners were the most active web threats at the end of 2021.

Web threats reached 59,478 unique malicious URLs in September 2021, which resulted in 319,497 total threats. In October, the number kept slightly increasing to 60,440 unique malicious URLs, accumulating 361,184 hits.

November and December months combined accumulated 133% more web threats than September and October. The 84,470 unique malicious URLs in November turned into 833,924 total web threats. Even more, unique malicious URLs were seen in December at 93,999, which aggregated 749,956 threats.

Black Friday and Christmas sales in November and December influenced the rapid increase in web threats. Cybercriminals are particularly active during these seasons as they target e-commerce websites to steal customer personal information.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on web threats:

“The landscape of web threats has changed dramatically in recent years. Smart devices and high-speed mobile networks have enabled an always-connected route of malware, fraud, and other compromises. The top concern that continues to pose new risks to security and privacy is the lack of caution when using the web.”

Most popular web threats

Cybercriminals can employ different types of web threats to target people’s devices.

JavaScript (JS) downloaders were observed to have 61,283 unique malicious URLs, which accumulated 726,372 total threats from October to December 2021.

From the total of 628,725 crypto miner threats, 59,550 were unique malicious URLs. Web miners that operate in internet browsers demand substantial CPU resources, causing computer use to be exceedingly slow.

Next up, 328,310 web threats were collected from 26,614 unique URLs with web skimmers. JavaScript redirectors amassed 115,497 web threats, of which 4,097 were unique malicious URLs. Finally, web scams accumulated 86,999 total threats, of which 15,130 were unique malicious URLs.

To read the full article, head over to: https://atlasvpn.com/blog/web-threats-increase-by-over-130-at-the-end-of-2021

Leave a comment »

OVHcloud Acquires ForePaaS

Posted in Commentary with tags on April 21, 2022 by itnerd

OVHcloud, the European leader in cloud computing, announces that it has acquired ForePaaS, a unified platform specializing in data analytics, machine learning, and artificial intelligence projects for businesses. The 23 employees of the ForePaaS teams as well as its founders are joining the Group’s ranks as of today, to jointly build a set of solutions that will actively contribute to the deployment of OVHcloud’s growth acceleration strategy by enriching its Platform as a Service (PaaS) offering.

Since inception in 2015, ForePaaS has distinguished itself with key accounts thanks to its integrated solution that allows to initiate, simplify, and accelerate the implementation of machine learning and data analytics projects. The ForePaaS suite addresses a very wide range of use cases to fully manage the data value-chain and create critical applications based on data for analysis, business intelligence and optimization of existing processes.

The ease of use and deployment of the ForePaaS solution has enabled the company to quickly develop an international customer base. In Europe, its expertise has been adopted by Klépierre and Gefco. In Asia, ForePaaS has notably entered a strong partnership with the Mitsubishi Research Institute (MRI), which will be further developed in the context of this operation.

This additional expertise will ultimately be integrated into the development environments that OVHcloud delivers to its 1.6 million customers worldwide. Building on a unified roadmap, developers will be provided with a complete suite of solutions to address the entire data value chain, from storage to database administration to artificial intelligence algorithms. The technical bricks of the ForePaaS analytics platform will thus be at the heart of OVHcloud’s value proposition in the Platform as a Service segment.

These new solutions will be fully integrated into OVHcloud’s value proposition, which aims at providing technologies with the best price-performance ratio in an open, reversible, predictable, and transparent environment.

In line with the recent acquisitions of OpenIO, Exten Technologies and BuyDRM, OVHcloud will pursue its strategy of targeted acquisitions to accelerate the deployment of PaaS solutions on an open and trusted infrastructure that provides unfettered sovereignty over data. To date, OVHcloud offers a catalog of more than 70 PaaS solutions and plans to expand it to 80 by the end of August 2022.

Leave a comment »

Hackers Spoof Credit Unions to Obtain User Credentials and Extract Funds: Avanan

Posted in Commentary with tags on April 21, 2022 by itnerd

In February, the National Credit Union Administration (NCUA) put out a statement noting that, due to the geopolitical climate, credit unions should “adopt a heightened state of awareness and to conduct proactive threat hunting.” Studies showed that 66% of credit unions lack proper email security to protect against phishing and 92% of credit unions don’t have strong enough email security. Avanan researchers have seen a significant uptick in spoofs of local credit unions, all with the goal of taking funds and credentials from end-users.

With that said Avanan, A Check Point Company published a new attack brief that analyzes how threat actors are impersonating local credit unions to get into inboxes. Hackers presented victims with a variation of attack strategies, ranging from wire transfer codes to incoming payment notifications to document alerts. 

I would recommend giving this report a look as it not only details the attack strategies, but it also makes suggestions as to how to mitigate these attacks.

Leave a comment »

« Older Entries
Newer Entries »