Archive for May 10, 2022

BREAKING: Musk Says He Will Restore Trump’s Twitter Account If Deal For Twitter Goes Through

Posted in Commentary with tags on May 10, 2022 by itnerd

In a move that isn’t surprising, Elon Musk has stated that he will restore Donald Trump’s Twitter account if his deal to buy Twitter goes through:

Musk, speaking virtually at a Future of the Car summit hosted by the Financial Times, said Twitter’s Trump ban was a “morally bad decision” and “foolish in the extreme.” He said permanent bans of Twitter accounts should be rare and reserved for accounts that are scams or automated bots.

Twitter banned Trump’s account in January 2021 for “incitement of violence” following the Jan. 6 insurrection at the U.S. Capitol.

Musk’s view of free speech being absolute already rubs people the wrong way. This move if it goes through is sure to tick off a lot of people and maybe turn some against him. I’ll be watching Twitter to see what sort of reaction there is as it’s sure to be fast and furious.

Historic Black College Closed Due To Cyberattack And Other Reasons

Posted in Commentary with tags on May 10, 2022 by itnerd

The news is out that historic Black college Lincoln College is shutting down following financial woes amidst the pandemic which were magnified by a cyberattack attack last December:

Lincoln College has notified the Illinois Department of Higher Education and Higher Learning Commission of permanent closure, effective May 13, 2022. The Board of Trustees has voted to cease all academic programming at the end of the spring semester.

Lincoln College has survived many difficult and challenging times – the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis, and more, but this is different. Lincoln College needs help to survive.

The institution experienced record-breaking student enrollment in Fall 2019, with residence halls at maximum capacity. Unfortunately, the coronavirus pandemic dramatically impacted recruitment and fundraising efforts, sporting events, and all campus life activities. The economic burdens initiated by the pandemic required large investments in technology and campus safety measures, as well as a significant drop in enrollment with students choosing to postpone college or take a leave of absence, which impacted the institution’s financial position.

Furthermore, Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.

This illustrates the sort of damage that cyberattacks can have.

Saryu Nayyar, CEO and Founder of Gurucul had this to say about this unfortunate news:

“The impact of ransomware on relatively smaller organizations can be catastrophic. A 157-year-old institution already hampered by the impact of the pandemic having to shut down during a critical period due to ransomware is tragic. Ransomware has a much broader impact to business than simply the payment to restore services. There are plenty of other costs related to stolen and resold data, business availability and employee downtime that are virtually impossible to predict upfront but with no less impact. Organizations need to invest in the latest threat detection, investigation and response tools that can empower even smaller teams to rapidly detect attack campaigns such as ransomware early in the kill chain. This requires advanced analytics and trained machine learning (ML) with out-of-the-box detection capabilities to automate manual tasks and accelerate security analyst or engineer efforts before data is stolen and/or encrypted as a precursor to ransomware detonation.”

I hope that someone or some organization steps in to help them as it would be a shame if this historic Black college were allowed to close under these circumstances.

Telstra Boosts Connectivity Between Australia And The World with Southern Cross NEXT Subsea Cable

Posted in Commentary with tags on May 10, 2022 by itnerd

Telstra today announced that the first direct subsea cable to connect Australia with the U.S. will be ready for service in July 2022. The Southern Cross NEXT cable (SX NEXT) will enhance connectivity between Australia and New Zealand and the U.S., with branching units to Fiji, Kiribati, and Tokelau. Telstra is a 25 percent shareholder of the Southern Cross Cables Network (SCCN), the owner of SX NEXT.

SX NEXT will be the first single span express cable, and the first direct cable, to connect Australia to the U.S., making it the shortest subsea route. It is also the only cable that has landing stations in Tokelau and Kiribati in the Pacific Islands. SX NEXT has a four-fibre pair cable system capable of transporting 72Tbps, a remarkable addition to the current bandwidth and connectivity options linking Australia and the South Pacific Islands to the United States. The cable is built using up to 400G Dense Wavelength Division Multiplexing (DWDM) technology and purpose-built landing stations, which will deliver high-speed connectivity and low latency between countries, as well as a resilient network infrastructure for the Pacific region.

When SX NEXT launches, it will lead to a major improvement in internet quality and internet penetration across the Oceania. Allowing different data streams to be sent simultaneously over a single optical fibre network will enable a higher data transfer rate and optimise network investment. As a result, the faster connectivity, stability and resiliency provided by SX NEXT will help accelerate digital transformation for businesses across the region.

There are 12 international submarine cables connecting Australia to the rest of the world, and the SX NEXT cable will be the third cable in the SCCN ecosystem. The SX NEXT cable is among the largest single submarine cable infrastructure projects in the world which spans approximately 15,857 kilometres along the sea floor. SX NEXT complements the existing Southern Cross and Endeavor-AAG cable systems in connecting Australia and the United States. The redundancy of the Southern Cross cables with SCCN creates seamless, efficient paths from Australia into Asia-Pacific, the U.S., and beyond.

Ukrainian Consumers Targeted with 5X Increase in Digital Malware Attacks

Posted in Commentary with tags on May 10, 2022 by itnerd

The Media Trust, the preeminent leader in digital trust and safety for websites and mobile apps, confirms Ukrainian consumers are being targeted with malware. For at least 2 months prior to the physical military incursion, consumers experienced a 2X increase in malware which has continued to climb to 5X by the end of April.

“Collectively, everyone needs to take responsibility for how their websites and mobile apps can harm consumers. Only then can we establish digital trust and safety for consumers around the world.“ 

Client-side monitoring reveals a significant change in targeted digital content and advertising affecting consumers based in Ukraine.

In the course of typical online use—accessing ecommerce, media, entertainment—consumers are increasingly exposed to credential collection tactics. Each incident can affect thousands of consumers.

These attacks directly impact the digital and personal safety of consumers, including those affiliated with the military, government, and infrastructure sectors. The national security implications of unabated malware delivery are profound. Once a device is penetrated, malware collects information—device details, contacts, links to other systems—that will be used in future attacks.

Learn more: 5X Increase in Malware Targeting Ukraine Consumers

Malware, Botnets And Exploit Use Expands In Q1 Says Nuspire

Posted in Commentary with tags on May 10, 2022 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q1 2022 Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs), as well as provides data and insight into malware, exploit and botnet activity.

Nuspire’s data revealed a significant number of new vulnerabilities leading to increases in threat actor activity across all three of the threat classifications it studies: malware, botnets and exploits. Of note are several older botnets that saw a resurgence in Q1, including Mirai, STRRAT and Emotet. 

Mirai, known for co-opting IoT devices to launch DDoS attacks, showed a spike in activity in February 2022. This corresponded with the discovery of Spring4Shell, a zero-day attack on popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

STRATT botnet, which engages in information stealing, keystroke logging, and credential harvesting from browsers and email clients, also spiked in February. This data corresponds with recent announcements identifying a new STRRAT phishing campaign. 

Additional notable findings from Nuspire’s Q1 2022 Threat Report include:

  • Incidences of malware, botnet and exploit activity increased 4.76%, 12.21% and 3.87% respectively over Q4 2021. 
  • Visual Basic Applications (VBA) trojans continue to be the top malware variant, comprising nearly 30% of all malware variants. Of note is its activity spiked just prior to Microsoft’s announcement of plans to block VBA macros by default on Office products. 
  • Brute force attacks – when threat actors guess different combinations of potential passwords until the correct password is discovered – were by far the most popular exploit at 61%. 

For those interested in getting an in-depth overview of the report, Nuspire is hosting a webinar this Thursday, May 12 at 2 p.m. ET, featuring the cybersecurity experts who compiled the research. You can register here

Somm Announces Relationship With American Express

Posted in Commentary with tags on May 10, 2022 by itnerd

Somm has announced that it has entered into a new relationship with American Express Canada. Eligible Amex Cardmembers now can tap into Somm Cru or Grand Cru Memberships as an additional benefit available to them. 

This announcement captures a natural alignment between brands that deliver access to unique value and experiences.

Based in Toronto, Somm operates at the intersection of hospitality and technology. The free to download lifestyle app puts a sommelier in your pocket and offers premium benefits from top hospitality destinations.

From excellent wine recommendations to signature experiences at premium restaurants, hotels, winery and lifestyle partners, to reservations at the very best restaurants via DINR by Somm, Somm unlocks the world of taste. With an ultimate vision to own the category of taste, Somm is for every culinary curious and lifestyle-focused consumer who seeks enriched food, wine and lifestyle experiences at their fingertips.

Released in Fall 2021, Somm Cru and Grand Cru are redefining loyalty the way it was meant to be: personalized and convenient. Both Membership levels offer benefits like bubbly on the house at top restaurants, enhanced tastings at wineries, preferred pricing from lifestyle brands, signature experiences at boutique hotels, and events with world-class sommeliers and chefs. Somm Grand Cru Members also receive monthly wine deliveries with some of the best wines in the world. The Somm and American Express offering extends all Cardmembers a 12-month complimentary Somm Cru Membership and exclusive pricing on Somm Grand Cru at $99+tax per month. Somm Memberships are available for all Amex Consumer and Small Business Cardmembers in Canada.

Further strengthening Somm’s lifestyle and experiential footprint, the news of the American Express relationship comes just after Somm announced its acquisition of DINR, the mobile app that unlocks reservations at Canada’s best restaurants.

American Express Cardmembers can join Somm Cru or Grand Cru by downloading Somm and entering their Amex Card when selecting their Membership level. Visit www.somm.io/amex for more information.

Somm can be downloaded from the App Store and Google Play Store. For more information on Somm visit www.somm.io, follow on Instagram at @somm.app or visit LinkedIn.

Guest Post: 7 out of 10 consumers would give up personal details for a discount code says Atlas VPN

Posted in Commentary with tags on May 10, 2022 by itnerd

Online privacy has come into the spotlight in recent years like never before.

According to the recent findings by the Atlas VPN team, 73% of consumers would provide at least one personal detail to an app or a website in exchange for a $20 discount code. Furthermore, 52% of people believe there is no such thing as online privacy.

Nearly two-thirds (64%) of consumers would willingly share their email address to an app or website to get a $20 coupon code. If the email address does not contain your personal information, providing it to a website might not corrupt your privacy.

About one in three (31%) customers would voluntarily submit their full name to get a discount code. If the website were to be hacked, people who entered their names would leak their sensitive information to cybercriminals.

Almost one out of four (23%) consumers would exchange their phone number for a $20 coupon code. Cybercriminals could target the person’s leaked phone number with smishing attacks and scam calls.

On the other hand, 27% would not provide any of their personal details for the $20 coupon.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on online privacy:

“While online privacy depends a lot on big tech companies’ approach to it, people can take action to control privacy in their own hands. Using a VPN and ad blockers can help reduce your digital footprint significantly. Being mindful of where you give out your personal information and its handling is essential when protecting your online privacy.”

Online privacy does not exist

Consumers believe the government should go beyond crime prevention to regulate digital advertising.

One out of five (20%) consumers believes that they have control of their digital data. At the same time, 29% of people like it when the digital ads they see are relevant to them. However, more than half, 52%, of customers think there is no such thing as online privacy.

Many people believe that other institutions should do more to protect their online privacy. For example, 43% of consumers feel that government should step up to ensure more digital privacy, while 55% wish private companies would do more for their anonymity.

Interestingly enough, 38% of customers think their mobile phone listens to their conversations and suggests buying products based on what it hears.

To read the full article, head over to: https://atlasvpn.com/blog/7-out-of-10-consumers-would-give-up-personal-details-for-a-discount-code

GuidePoint Security Launches GuidePoint Security University (GPSU) To Address the Cybersecurity Skills Gap

Posted in Commentary with tags on May 10, 2022 by itnerd

Recent numbers on the cybersecurity skills shortage shows more than 2.72 million open positions, with the global workforce needing to grow 65% to effectively defend organizations’ critical assets1GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced that it has created GuidePoint Security University (GPSU) as a training and development pipeline for developing critical cybersecurity skills and applying them to real-world solutions. 

GPSU is designed for individuals who either want to begin a career in cybersecurity or extend their current technical skills, including students, transitioning service members, and those who have been employed in other industries. GPSU also has an internship component, which is tailored to create an individualized experience based on the learner’s background and aptitude. During an internship, learners hone both their technical and soft skills, while mastering best practices around reducing customer cyber risk. To support transitioning military members, GuidePoint is authorized to conduct DoD SkillBridge, Career Skills Program and Hiring Our Heroes internships.  

Cybersecurity disciplines that are currently covered within GPSU include: Application Delivery, Application Security, Cloud Security, Governance, Risk & Compliance (GRC), Identity & Access Management, Network Security, Penetration Testing, Security Analytics, Security Automation, Security Operations, and Project Management.

The first admissions class (from May 23-August 12) is comprised of 17 students, who are either transitioning out of the military or attending a University, with varying degrees, including Cybersecurity, Computer Science, Computer Engineering, Information Systems, and Business. All GPSU learners will be provided a laptop, access to proprietary GuidePoint Security training materials, lab space and vouchers for industry certifications. In addition to these resources, all learners will be paired with a GuidePoint Security mentor, with service members receiving a veteran mentor to help with the transition to civilian life. 

Applications for the Fall Semester will open in early August and be posted on the GuidePoint Security careers page. For more information contact GPSU@guidepointsecurity.com

Source: 2021 (ISC)² Cybersecurity Workforce Study

Zoho Unifies Marketing Operations With New Platform 

Posted in Commentary with tags on May 10, 2022 by itnerd

Zoho Corporation, a leading global technology company, today announced Zoho Marketing Plus, a new unified platform that brings together marketing activities across campaign ideation, creation, execution, management, and measurement, providing stakeholders across the entire marketing organization with a single, shared view of critical information for improved collaboration and results. The new marketing platform increases the effectiveness of digital marketing strategies by giving marketing leaders a deeper understanding of customer preferences and behaviors so they can deliver dynamic, high-value customer experiences that drive brand affinity and customer happiness.

CMOs require their teams to leverage technology solutions that capture customer insights in ways that add value both to the business and customers. Through automation and business intelligence, the platform synchronizes engagement data to help marketing teams better understand customers, make more informed decisions, and ultimately drive better results, growth, and revenue. 

The unified platform empowers marketing teams to build continuous and consistent experiences for end customers and deliver more personalized journeys through:

Improved Collaboration Across Campaigns: Marketing teams will be able to connect and collaborate on various projects in tandem and with ease, enabling users to create, manage, execute, and monitor individual activities, across different stakeholders, and accurately track the progress of each task and brand asset. The platform delivers a strong creative suite that empowers teams to develop and improve marketing assets through comments, with the ability to maintain version control with flexible sharing capabilities for both internal and external stakeholders. 

Streamlined Management of Marketing Projects: Brand Studio eliminates the need for siloed solutions by serving as the centralized workplace where marketing campaigns can be created and managed. Users strengthen the brand from a single, unified platform where they can oversee all marketing strategies and progress. Capabilities like Brand Assets, powered by Zoho Workdrive, for example, help digital marketers better manage documents and assets, serving as the repository for all project support materials. 

Unified Digital Brand Asset Creation and Repository: Documents, presentations, sheets, videos, and other files can be kept in a single shared space, making assets easy to locate, reuse, or share. Machine-learning-powered search capabilities streamline team efforts, quickly and accurately locating the correct file. 

Strong Marketing Automation Capabilities: Customer insights are surfaced through AI-powered data analysis, which activates marketers to design the journeys customer respond to best. The platform properly tracks engagement and response data of customers, giving marketing teams insights to improve their journeys over time. This clear and granular understanding of customer behaviors gives marketers the ability to collaborate with customers like never before, ultimately delivering experiences that speak to their unique wants and needs.

Omnichannel Engagement: Customers bounce between channels and devices regularly, yet marketing teams can be ill-equipped to adapt to this rapid movement. Zoho enables marketing teams to access and manage all channels, driving better connections with customers and brand engagement. Email campaigns, social media, customer surveys, webinars, events, and more can all be created and managed from one single interface within the platform.

Supported Integrations: Zoho’s new marketing platform supports strong integrations with third-party solutions, making it easy to share data and insights where needed. For example, sales teams can connect insights from Zoho CRM to existing systems like Salesforce, Microsoft, HubSpot, and more to help measure how much marketing spend is converting to sales. Other key integrations across finance, commerce, and event management strengthen the connections between apps that marketers already have in their arsenal. Platform integrations include Google Ads, Facebook Ads, Google Analytics, Google Search console, YouTube, Survey Monkey; on the finance side it integrates with QuickBooks, Xero, Stripe; on the commerce front it integrates with WooCommerce and Shopify; and on the events front, it integrates with Eventbrite. Integrations can be accessed via Zoho Marketplace from the Campaigns and Analytics sections of the platform.  

Accurate and Real-Time Measurement: Real-time data aggregation and analytics deliver business intelligence that helps marketing teams and leaders determine true marketing ROI. Integrations further support a more accurate view of customer impact, ROI, and revenue growth projections.  

The unified platform includes a vast array of integrated capabilities aimed at helping digital marketers achieve greater results through simplified processes, tighter collaboration, shared assets, and consistent data. Zoho Marketing Plus combines the capabilities of multiple Zoho applications including Campaigns, Social, Webinar, Analytics, Marketing AutomationWorkdrive, PageSenseSurvey, and Backstage. This newest iteration of Marketing Plus will continue to evolve through tighter integrations with existing Zoho tools such as Cliq, as well as new apps including LandingPage, a no-code page builder that enables marketers to create high-converting website landing pages in minutes without needing a developer-level skillset.

Pricing and Availability

Zoho Marketing Plus is available immediately with a starting price of $31/month, billed annually. For more information, please visit www.zoho.com/marketingplus/

Conti Pwns The Cost Rican Government

Posted in Commentary with tags on May 10, 2022 by itnerd

BleepingComputer is reporting that Costa Rica has declared a national emergency after Conti ransomware attacks on multiple government bodies has led to a 672GB data dump, where BleepingComputer observed that Conti’s data leak site had been updated to state that 97% of the data had been leaked:

Conti earlier demanded a $10 million ransom from the Ministry which the government declined to pay, according to Swissinfo.ch.

Conti’s leak site presently lists the following government purportedly affected by the attack, as seen by BleepingComputer:

  • The Costa Rican Finance Minsitry, Ministerio de Hacienda
  • The Ministry of Labor and Social Security, MTSS
  • The Social Development and Family Allowances Fund, FODESAF
  • The Interuniversity Headquarters of Alajuela, SIUA

BleepingComputer has not yet analyzed the leaked data but a preliminary analysis of a very small subset of the leaked data shows source code and SQL databases that appears to be from government websites.

Chris Olson, CEO and Founder of The Media Trust had this to say:

“Although Conti does not appear to have been acting on behalf of the Russian-government during its recent attack on Costa Rica, its Russian ties suggest that the country still possesses advanced cyber capabilities which could be leveraged to carry out similar strikes against NATO-aligned countries. This possibility – which experts have debated since the beginning of its attack on Ukraine – is especially worrisome given that Conti targeted more than a dozen critical organizations in the U.S only months before the attack began.”

“Either way, it’s clear that the ransomware game has changed – it’s no longer just about stealing money from large corporations. Faced with the prospect of cyberwarfare and weaponized ransomware attacks, organizations in both the public and private sector should be preparing themselves by hardening their defenses and locking down their digital ecosystem.”

Well, at least they declined to pay the ransom. That’s somewhat positive as that sends a message that you won’t play ball with these scumbags. But this leak appears to be bad. And it is likely we have not heard the last of this story.