Archive for May 12, 2022

Twitter CEO Has Begun Dumping Top Execs And Freezing Hiring

Posted in Commentary with tags on May 12, 2022 by itnerd

It seems that current Twitter CEO Parag Agrawal is doing Elon Musk’s bidding even though the deal for Musk to buy Twitter isn’t done as far as I know. According to The Verge, this is happening:

The first move came as consumer product leader Kayvon Beykpour announced on Twitter that current CEO Parag Agrawal “asked me to leave after letting me know that he wants to take the team in a different direction.” 

Bruce Falck, the general manager of revenue and head of product for its business side, confirmed in a (now deleted) tweet that he was also fired by Agrawal.

Now Jay Sullivan, who we spoke to in March about Twitter’s plans to add 100 million daily users, will take over as both the head of product and interim head of revenue. These moves are occurring at the same time Elon Musk moves forward with his $44 billion purchase of Twitter, although he hasn’t taken ownership of the company yet.

Then this is also happening:

Twitter spokesperson Adrian Zamora confirmed the changes, saying in a statement to The Verge, “We can confirm that Kayvon Beykpour and Bruce Falck are leaving Twitter. Jay Sullivan is the new GM of Bluebird and interim GM of Goldbird. Effective this week, we are pausing most hiring and backfills, except for business critical roles. We are pulling back on non-labor costs to ensure we are being responsible and efficient.”

If you’re a Twitter employee, this is sure to send you running for the exits. But it should not be a surprise since Musk has said that he wants to slash jobs as part of his master plan. I fully expect that more news like this is inbound over the coming days. So stay tuned.

Revived Soldiers Ukraine Deploy Draganfly’s Medical Response Drones To Deliver NuGen Needle-Free Injection Devices, Coupled With Insulin, To Conflict Areas Across Ukraine

Posted in Commentary with tags , on May 12, 2022 by itnerd

NuGen Medical Devices Inc. , a leader in needle-free drug delivery, is pleased to announce that the Company has selected Draganfly Inc., an award-winning, industry-leading drone company and Coldchain Delivery Systems, Inc. to provide drones and services for the delivery of NuGen’s needle-free injection system known as InsuJet, insulin, and other crucial medical supplies to affected areas in Ukraine.

Working with Revived Soldiers Ukraine, a non-profit organization dedicated to providing aid to the people of Ukraine, Draganfly’s North American-made Medical Response Drones will be used to deliver NuGen’s InsuJet needle-free injection devices, coupled with insulin, to dangerous and hard-to-reach areas across Ukraine.

You can watch a video on this here:

Indigo And TikTok Forge Partnership In Wake of #BookTok’s Phenomenal Canadian Popularity

Posted in Commentary with tags , on May 12, 2022 by itnerd

Today, Indigo, Canada’s leading book and lifestyle retailer, announces a partnership with entertainment platform TikTok Canada, to launch a new #BookTok Book Club—a virtual space for TikTok’s global community to share in their love of reading by exploring new titles together alongside celebrated authors. The book club will kick off this May with Canadian author Xiran Jay Zhao’s Iron Widow.

A new title and author will be announced each month, and will be featured in an exclusive LIVE event hosted by Indigo and the author for the #BookTok community that includes a Q&A. Fans can discover TikTok Indigo Book Club content in-app, which will include features, creator content, and more. To celebrate the partnership and the May book pick, Indigo will be hosting an in-person event at Indigo Metrotown on Thursday, May 26 with Xiran Jay Zhao, which will also be streamed LIVE on Indigo’s TikTok account

Xiran Jay Zhao is a first-generation immigrant from small-town China who was raised by the Internet. A recent graduate of Vancouver’s Simon Fraser University, they wrote science fiction and fantasy while they probably should have been studying more about biochemical pathways. Iron Widow is their first novel, a blend of Chinese history and mecha science fiction for young adult readers, published by Penguin Teen Canada.

The #BookTok community on TikTok has had a significant impact on the book business, including fueling the resurgence of reading by a younger demographic, bringing attention to backlist titles, and resulting in incredible success stories for authors. The in-app content is a fantastic way to get book recommendations from other avid readers, and offers an opportunity for people to engage with one another, virtual book club style. 

Popular #BookTok recommendations are available on Indigo’s website and through curated #BookTok displays in stores, and continue to be updated as new titles rise in popularity on TikTok. For more information, and to join the conversation, follow Indigo on TikTok

Guest Post: Yes, people share passwords: How can they do so safely? 

Posted in Commentary with tags on May 12, 2022 by itnerd

While password sharing is associated with the perks such as money-saving, in reality, having the password of a friend or a family member could be convenient in other instances. For example, when jointly managing a family bank account, accessing children’s learning platforms, or even removing the digital presence of the deceased. People share passwords for many reasons but without knowing how to do it safely, says NordPass experts.

According to NordPass research, a single person has around 80-100 passwords to remember and thus often ends up using the easiest option when creating passwords. For years, people have continued using the same insecure variations of numbers and letters — NordPass data from 2021 revealed that the world‘s most famous passwords remain “123456,” “123456789,” and “qwerty.” According to Chad Hammond, a security expert at NordPass, this password fatigue is relevant in terms of credentials creation as well as sharing. 

“People tend to go for the most convenience with their passwords wherever possible, underestimating the risks involved. To illustrate, I’ll use a likely situation: a person chooses an easy password, reuses it for another platform, then shares the password with a friend. The friend passes it to their colleague, and then voilà — the password you use for various accounts is in the hands of a third party,” says Hammond.

To avoid such situations, easy tips to follow to ensure a secure password transfer include: 

  1. Do not trust your kid

Pickiness is forgivable and encouraged when it comes to choosing whom to share personal passwords with. As Hammond says, human mistakes are among the most common causes of data breaches. Therefore, it makes sense to re-evaluate who has access to your passwords and then change those if needed.

While a partner, best friend, or close family member might be considered trustworthy, children should be left off this list. According to research conducted by the US National Institute of Standards and Technology (NIST), kids demonstrate poor password habits — they tend to reuse credentials and share them with their friends.

  1. Never use the same password

Children are not the only people failing basic password hygiene. Having dozens of passwords to remember, password reuse is also rampant among adults. A 2019 Google security survey revealed that 52% of US citizens use the same password for multiple accounts, and 13% admit to having a single password to secure all of their accounts.

In terms of password sharing, this trend may have some serious consequences. For example, by granting a friend access to a photo editing tool, a person risks giving away the privacy of many other accounts with the same password.

  1. Use only secured networks

Based on European Union Agency for Law Enforcement Cooperation (Europol) recommendations, it is safest to assume no public Wi-Fi is secure, especially at airports. While data exchange may seem a better deal than being charged additionally for a cellular connection, the opportunity to get free Wi-Fi does not outweigh its risks.

Most public networks lack even basic network security measures, and it also requires only a little technical experience for attackers to set up a wireless hotspot themselves and get people to join it. From there, criminals look for data they can monetize. Thus, their priority targets are the passwords of online banking accounts, crypto wallets, and other sensitive data helping them commit identity fraud. Passwords shared connected to this network are likely to get into the wrong hands. 

  1. Deploy a password manager

Many password managers allow you to store passwords end-to-end encrypted as well as share them securely with a close circle in a family plan subscription. Equipped with security features, this tool also helps generate new unique passwords upon demand. This is especially handy when you are faced with a risk that data could have been compromised.

“Technologies advance, and the security of most password managers available in the market has repeatedly been validated. To date, this solution is considered one of the safest options for password sharing and works best if used following other key password-sharing recommendations, such as relying on secured networks and carefully choosing trustees,” says Hammond. 

  1. Double-check your apps

Since people continue using different communication apps for password sharing, it is essential to check how secure they are. End-to-end encryption, which many platforms lack, is among the main criteria to evaluate if channels used for credentials transfer ensure at least minimum security requirements.

NordPass also recommends downloading apps only from official sources (i.e., App Store, Play Store) and changing app permissions on devices, which may help prevent unwanted data transfer.

Roblox Hacked To Facilitate New Attack: Avanan

Posted in Commentary with tags on May 12, 2022 by itnerd

Avanan, a Check Point Company, have taken a deep dive into hackers installing a self-executing program in Windows via a legitimate scripting engine in Roblox, one of the world’s most popular game systems with millions of daily active users.

In this attack, hackers exploit Roblox’s scripting engine to insert three malicious files: a backdoor trojan to potentially break applications, corrupt or remove data, or send information back to the hacker. The report goes into a lot of detail and offers some recommendations to allow you to protect yourself.

The report can be found here and it’s very much worth a read.

Fisker + Foxconn Confirm Ohio Production For PEAR Urban Lifestyle EV

Posted in Commentary with tags on May 12, 2022 by itnerd

Fisker Inc. has confirmed that it will produce its second vehicle, the Fisker PEAR, at a factory Foxconn (Hon Hai Precision Industry Co. Ltd.) acquired in Ohio.

The Fisker PEAR will enter production in 2024. Both the Fisker and Foxconn teams are fully engaged and expect to build a minimum of 250,000 Fisker PEAR units a year at the plant after a ramp up period. 

The Fisker PEAR follows the company’s first vehicle, the Fisker Ocean, which starts production in Austria on Nov. 17, 2022. The Fisker PEAR will have an expected base price below $29,900 before incentives. Fisker has designed and engineered the vehicle to reduce parts for rapid, simplified manufacturing. The Fisker PEAR will be built on a new proprietary architecture. This new platform will underpin two additional models that Fisker will introduce at a later date.

California-based Fisker Inc. is revolutionizing the automotive industry by developing the most emotionally desirable and eco-friendly electric vehicles on Earth. Passionately driven by a vision of a clean future for all, the company is on a mission to become the No. 1 e-mobility service provider with the world’s most sustainable vehicles. To learn more, visit  www.FiskerInc.com.

The Five Eyes Issues Warning To MSPs And Their Customers

Posted in Commentary with tags on May 12, 2022 by itnerd

If you use a MSP or Managed Service Provider to assist you in managing your IT infrastructure, or you are a MSP, you should pay attention to this. Members of the Five Eyes (Canada, USA, UK, Australia, New Zealand) today warned that managed service providers (MSPs) and their customers are being increasingly targeted by supply chain attacks. Multiple cybersecurity and law enforcement agencies have shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. 

Aimei Wei, CTO and Founder of Stellar Cyber had this comment:

“Attackers are more and more targeting organizations that have a cascading effect, and one compromise allows them to gain access to a large number of organizations. Sunburst supply chain attack and now the MSP targeted attacks are some of the examples.” 

“Implementing the measures and recommended by CISA and following their guidance to harden the MSP environment and increase the security posture, will greatly reduce the chances of getting compromised. It is especially critical for MSP to be able to detect the attack early and stop it before it spreads and cause more damages. MSP should consider implementing a detection and response system that:

  • Detect early signs and stop it before further progression to minimize the damage
  • Show a clear picture of how it happened to conclusively determine that the attack has been contained
  • Show how far it has gone and understand the impact to determine the customers that are impacted quickly”

Saumitra Das, CTO and Co-founder of Blue Hexagon adds this comment:

“MSPs are typically given a lot of privileges on their customer networks. They can be a portal for attackers to get into victim networks such as what happened in the Kaseya attack. Organizations that use MSPs should be vigilant about their MSPs’ security posture and assess the risk of what happens if the MSP software is compromised. Convenience often means the MSPs get a lot of privileges for remote maintenance and this convenience can increase the chance of a supply chain attack escalating into a victim network.”

Finally, Christopher Prewitt who is the Chief Technology Officer of MRK Technologies had this to say:

“Managed Service Providers are always under attack. They are often primarily focused on IT operations and service desk related services, and usually do not have a depth of knowledge or capability in cyber security practices. As an attacker, if I can breach and impact an MSP, my impact has an exponential outcome. We continue to see this IT supply chain be targeted through Kaseya and MSP’s.”

This warning is worth reading as it has a lot of recommendations to protect against attacks. Thus I would put aside time to read and implement these recommendations.

CISA Tells Everyone To Address F5 BIG-IP Vulnerability ASAP

Posted in Commentary with tags , on May 12, 2022 by itnerd

The CISA has told federal agencies to fix an actively exploited F5 BIG-IP bug. The bug in question is CVE-2022-1388 which is described as follows:

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.

F5 customers using BIG-IP solutions include governments, Fortune 500 firms, banks, service providers and consumer brands including Microsoft, Oracle and Facebook. Thus this isn’t trivial in the slightest as it affects a lot of big companies. Which is why the CISA also said that private companies should also address this and other issues that the CISA brings to light.

I managed to get multiple comments on this. Starting with Christopher Prewitt who is the Chief Technology Officer of MRK Technologies:  

“This vulnerability is critical, should be remediated as soon as possible by turning off the iControl REST service. This vulnerability is simple to exploit by an attacker and with these systems internet connected, many organizations may be at risk of breach.”

Saumitra Das, CTO and Co-founder of Blue Hexagon had this to add:

“This continues the trend of security and access devices also proving to be portals for attackers to get into target networks. We have seen similar issues in 2021 with VPN devices, firewalls, and email gateways. Having MFA on admin logins, limiting lateral movement from and public exposure of third-party security and networking appliance is a critical requirement to protect organization. Be it a supply chain related or a new vulnerability, organizations need to minimize blast radius.”

This is something that needs to be addressed ASAP. Thus I would take the CISA’s advice and address this ASAP as it’s a safe bet that threat actors are exploiting this at present.