Archive for May 17, 2022

Musk Claims That 20% Or More Of Twitter Accounts Are Bots…. WTF?

Posted in Commentary with tags on May 17, 2022 by itnerd

Yesterday an analyst suggested that Elon Musk may be looking for an off ramp from his attempt to buy Twitter by making the amount of bots on the platform an issue. Today he went further…. By Tweeting this:

Musk doesn’t say where he gets this 20% number from. But he is basically accusing Twitter’s current CEO Parag Agrawal of lying without using the word lying. That’s a very dangerous thing to say as Musk could get called on it if Twitter produces proof that backs up their claims. But the interesting point is that the deal cannot move forward until Twitter’s current CEO pony’s up proof. If he doesn’t, that’s Musk’s off ramp from the deal. Either that or is he trying to get a better deal.

This will be worth watching to see how this turns out.

CISA Adds Zyxel & Spring Cloud Gateway Vulnerabilities To Their List Of Actively Exploited Bugs

Posted in Commentary with tags on May 17, 2022 by itnerd

The CISA has added two vulnerabilities to its list of actively exploited bugs. Specifically the code injection in the Spring Cloud Gateway library and the command injection flaw in Zyxel firmware for business firewalls and VPN devices. 

Artur Kane, VP of Product for GoodAccess had this to say:

“Zero-day vulnerabilities are inevitable in SW and HW engineering. Sometimes this may be due to a flaw in the design, but often it is a goofy engineer who makes a wrong decision when under pressure to deliver on time. Attackers have loads of time to discover and access vulnerabilities. Then, such intelligence is sold on the dark web, hence it can spread rapidly in the community. Companies should look for such vendors who have a proven record of responding fast to zero-day vulnerabilities by issuing patches fast, who also have sufficient security certifications and standards. IT experts have options to mitigate the risk and impact in their hands too, by having regular vulnerability assessments and patching and updating programs in place. If the organization can’t meet such precautionary practices, they should also consider replacing their technologies with applications delivered as a SaaS, where there’s no self-hosted HW (with firmware) and/or software. Patching is done on the level of the application infrastructure and in most cases, much faster as it is in hands of the vendor. When all these processes fail, as they sometimes do, it is a good practice to implement processes that minimize breach impact (micro segmentations, zero trust access, etc.) and incident response and remedial action plans.”

I would make it part of your security process to check the CISA list of exploited bugs so that you know where to focus your efforts on so that you don’t get caught with your pants down, metaphorically speaking. Also, you should look at SaaS as this takes all the guesswork out of this.

Imply Announces $100M Investment Led By Thoma Bravo

Posted in Commentary with tags on May 17, 2022 by itnerd

Imply Data, Inc., the company founded by the original creators of Apache Druid, today announced its $100 million Series D financing, which values the company at $1.1 billion. This investment round was led by Thoma Bravo with participation from OMERS Growth Equity, both new investors. Existing investors Bessemer Venture Funds, Andreessen Horowitz and Khosla Ventures also participated in the financing. This round brings Imply’s total funding raised to date to $215 million as the company accelerates to meet the growing need for modern analytics applications. 

Demand for Imply is driven by an industry evolution in analytics led by software developers. For decades, analytics have been confined to static executive dashboards and reports powered by batch-oriented data warehouses. Increasingly, leading companies are turning to their developers to build analytics applications that deliver interactive data experiences from streaming data and deliver real-time insights to both internal and external users. And developers at 1,000s of companies have turned to Apache Druid, the leading real-time analytics database. 

This new round of funding will enable Imply to accelerate its mission to help developers become the new heroes of analytics.

This funding round is the latest milestone solidifying Imply’s position as the industry leader in this emerging category. It follows the recent product and open source innovation announced in March—specifically, the launch of Imply Polaris, the fully-managed DBaaS built from Apache Druid and the introduction of a new multi-stage query engine that makes Druid the only database to support advanced reports and complex alerts alongside interactive, real-time analytics.

As a leading contributor to Apache Druid, Imply delivers the complete developer experience for Druid as a fully-managed DBaaS (Imply Polaris), hybrid-managed software offering (Imply Enterprise Hybrid) and self-managed software offering (Imply Enterprise). The company builds on the speed and scalability of Apache Druid with committer-driven expertise, effortless operations and flexible deployment to meet developers’ application requirements with ease. Organizations trust Imply’s technology to play a key role in their internally-facing and customer-facing solutions and services.

To learn more:

AV-Comparatives Releases Factsheet for March-April Enterprise Malware And Real-World Protection Tests 

Posted in Commentary with tags on May 17, 2022 by itnerd

AV-Comparatives, the independent ISO-certified security software evaluation lab, has released the latest results from the Business Main-Test Series, which evaluated a range of anti-virus products in business environments. This report is brought in the interim of the full Performance Test and product reviews, which will be released in July.   

In business environments, it is usual for products to be configured by the system administrator in accordance with vender’s guidelines. With the Enterprise Main-Test Series, AV-Comparatives invited all vendors to configure their respective products towards an enterprise-first environment. The applied settings are then used across all Enterprise Tests over the year. AV-Comparatives has listed all relevant deviations from default settings.  

The following products (latest version available at time of testing) were tested under Windows 10 64-bit systems: Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard.  

The Real-World Protection Test examines the performance of leading antivirus solutions to assess their capabilities in conditions experienced every day by users around the world. The interim results of this the Real-World Protection Test are based on a set of 373 live test cases (malicious URLs found in the field), tested from the beginning of March until the end of April. Of the 18 vendors tested, nine received a 99% and above protection rate, with Bitdefender and G Data earning the highest protection rate score of 99.7%.  

The Malware Protection Test assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. For this test, 1,007 recent malware samples were used. Of the 18 vendors tested, 14 received a 99% or above Malware Protection Rate, with VMware, Acronis, Bitdefender and Trellix scoring the highest.  

To ensure that the tested programs do not protect the system at the expense of high false-alarm rates, a false-positives test is also run for the Malware Protection Test. False positives run on a scale of ‘Remarkably High’ to ‘Very Low’. A Low to Very-Low rate of false positives is considered anything below 15, with the highest number of false positives being greater than 125. From this year onwards, products are required to have a false-positive rate on non-business files below the ‘Remarkably High’ threshold in order to be approved. As of the March-Aril Business Test, Acronis, ESET, Kaspersky, Microsoft, Avast, Bitdefender, Cybereason, Sophos, VIPRE, VMware and WatchGuard have scored either ‘Low’ or ‘Very Low’. 

The full report, including Performance Testing and product reviews, will be released in July. To be certified in July 2022 as an ‘Approved Business Product’ by AV-Comparatives, the tested products must score at least 90% in the Malware Protection Test, with zero false alarms on common business software, a rate below ‘Remarkably High’ for false positives on non-business files and must score at least 90% in the overall Real-World Protection Test over the course of four months, with less than one hundred false alarms on clean software/websites. 

The full results of the March-April Business Test Factsheet are available here: 

Cradlepoint Extends Cellular Intelligence Capabilities To Bolster Visibility Into 5G Cell Towers

Posted in Commentary with tags on May 17, 2022 by itnerd

Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network edge solutions, today announced additional Cellular Intelligence capabilities that provide extended visibility into enterprise LTE and 5G Wireless WAN (WWAN) deployments. As part of its NetCloud Service, Cradlepoint has expanded Wireless WAN visibility to include cell tower location with service provider details for each connected router or adapter. These unique insights are now integrated into a single pane of glass to ease deployments and ongoing troubleshooting of the Wireless WAN.

Announced in February 2022, Cradlepoint’s Cellular Intelligence is a collection of software features that allow administrators with distributed Wireless WANs to visualize, optimize, and troubleshoot cellular connections, data plans, and traffic flow. Integration between NetCloud and connectivity management platforms, such as Ericsson’s IoT Accelerator, and other SIM aggregation platforms provide visibility into the SIMs and data plans, with the ability to perform SIM management functions (activations, deactivations, data plan adjustments, and more) in seconds. 

This new feature within NetCloud GeoView allows IT teams to visualize where their cell tower is located in proximity to their Cradlepoint cellular modem on a map, enabling optimal placement of the modem for enhanced performance. IT teams will also have valuable cell tower insights at their fingertips, including the supported service provider, service type, and active band(s) — all without having to use external cell mapping tools. Additionally, for routers and modems that are not GPS-enabled, or not able to acquire a GPS signal, the location of the serving cell tower can be used to provide the approximate location of any Cradlepoint router or modem, regardless of where it is located. This accelerates network troubleshooting and improves asset tracking, especially in IoT deployments.

For more on Cradlepoint’s Cellular Intelligence and added insights into 5G cell tower connections, visit here:

Guest Post: 54% Of Successful Phishing Attacks End In A Customers Data Breach Says Atlas VPN

Posted in Commentary with tags on May 17, 2022 by itnerd

While not all cyberattacks succeed, those that do usually have devastating consequences for both organizations and their clients. 

According to the data presented by the Atlas VPN team, more than half (54%) of successful phishing attacks end in a customer or client data breach, followed by credential and account compromise (48%). Overall, 83% of organizations reported they had experienced a successful phishing attack in 2021. The data is based on the Proofpoint’s 2022 State of the Phish Report . 

Other common consequences of phishing attacks include ransomware infections (46%), loss of data and intellectual property (44%), and infections with malware other than ransomware (27%).

Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on the situation:

Social engineering attacks like phishing heavily rely on human factors, such as an employee clicking a malicious link in order to be successful. Therefore, the most effective way to safeguard against such attacks is to invest in employee training where employees would be educated on recognizing cyberattack attempts and how to act when they do.

Bulk phishing attacks were most frequently faced by organizations 

While cybercriminals tried various phishing methods to lure in the victims, some attack types were more common than others. Out of all, bulk phishing was the most frequently used attack. In total, 86% of companies experienced bulk phishing attacks last year.

In bulk phishing attacks, cybercriminals send out generic phishing emails to a vast number of targets in hopes that at least some will fall for the attack. 

The second most common type of phishing attacks organizations faced was spear phishing and whaling. Such targeted attacks hit 79% of companies worldwide. 

In contrast to bulk phishing, spear phishing is a targeted attack where cybercriminals have researched their victim beforehand and use personal information they have found to make their message more believable. Meanwhile, whaling phishing attacks are particularly targeted at high-profile people to maximize gain.

Email-based ransomware attacks occupy the third spot on the list.  They affected 78% of organizations. In the meantime, business email compromise (BEC) attacks were encountered by 77% of companies. 

However, email was not the only medium where criminals tried to phish victims. Other types of phishing attacks that plagued organizations last year include smishing (74%), social media attacks (74%), vishing (69%), and malicious USB drops (64%). 

To read the full article, head over to:

Google Canada Announces Applications For The 2022 Google For Startups Accelerator Canada Cohort

Posted in Commentary with tags on May 17, 2022 by itnerd

Today, Google Canada has announced that applications are open for the 2022 cohort of the Google for Startups Accelerator Canada. The intensive ten-week bootcamp is designed to bring the best of Google’s programs, products, people and technology to Canadian startups that leverage machine learning and AI in their company today or plan to in the future. Up to twelve Canadian technology startups will be selected to participate.

The pandemic has prompted a shift in the ways in which Canada’s talent collaborate, scale and grow – making mentorship opportunities integral. With startups greatly contributing to Canada’s growing tech ecosystem, the program seeks to foster Canada’s growing tech talent through detailed technical training and strategic counsel through one-to-on mentorship opportunities with Google experts.

Past graduates have included Neurescence, a leading optical imaging company for understanding short and long-range brain circuits, ArkAngel AI, a team focused on using AI to quickly detect diseases in order to improve the patient experience. And AccessNow, a mobile and web-based app that allows users to discover accessible locations based on a variety of types of access criteria. The program is open to startups across all sectors, and will kick off the week of July 25th.

TELUS Investing $17 Billion Across Alberta And Generating 8,500 New Jobs

Posted in Commentary with tags on May 17, 2022 by itnerd

TELUS announced today the investment of $17 billion in network infrastructure, operations, and spectrum across Alberta over the next four years and has committed to investing $70 billion overall across Canada by 2026. 

These significant investments include:

  • Generating new jobs to support Alberta’s growing economy
    Generating jobs for 8,500 Albertans at TELUS and through its vast partner ecosystem now through 2026, with a focus on construction, engineering, emerging technologies and other supporting industries.
  • Connecting nearly 1 million homes in Alberta
    TELUS will connect hundreds of thousands more homes and businesses across Alberta including in Airdrie, Calgary, Edmonton, Leduc, Lloydminster, Spruce Grove, and St. Albert. PureFibre is Alberta’s only 100 per cent pure fibre-to-the-home network and currently reaches nearly 1 million homes and businesses across the province. The symmetrical upload and download Internet speeds and nearly infinite bandwidth enabled only by PureFibre means everyone can work, stream, game, or make video calls at the same time. 
  • Delivering 5G to Remote Communities
    With the rollout of 3.5 GHz spectrum additions later this year, Albertans will have access to TELUS’ 5G network delivering an ultrafast and reliable wireless connection. Albertans living in some rural and remote communities are also some of the first in the country to access home Internet speeds of 100 Mbps through TELUS’ 5G fixed wireless network, using the capabilities of 5G to provide a powerful alternative to a wired Internet connection.
    • TELUS’ global-leading wireless network was rated the fastest mobile network for the eighth consecutive time by UK-based Opensignal, while also earning the title of North America’s Fastest Mobile Network and being named Canada’s Fastest Mobile Network by Seattle-based Ookla® for the ninth consecutive time.
  • 5G Core and Multi-Access Edge Computing
    TELUS will introduce its 5G standalone network this year and bring multi-access edge computing (MEC) capabilities that will further advance IoT and industry solutions that will enable important innovations for businesses and sectors, including health, agriculture, energy, transportation, and manufacturing.
    • Our network and crucial investments will support the digitization of the economy, and our transition to a sustainable future, including through optimisation of energy consumption at home, reduction of food waste or intelligent transport systems that result in fewer emissions.
  • Contributing to a greener Alberta and planet

As a global leader in sustainability, TELUS’ network infrastructure and investments are helping us transition to a sustainable future through the digitization of the economy, including optimizing energy consumption at home and reducing food waste through its TELUS Agriculture solutions. 

  • The 2021 Sustainability Report outlines TELUS’ environmental, social, and governance strategy and priorities which includes the ambitious goal to use 100 per cent renewable energy by 2025. Moreover, TELUS’ world-leading wireless and wireline networks enable significant carbon avoidance by providing the networks required for TELUS team members and millions of Albertans to work remotely and avoid commuting; access education, healthcare, and social connections virtually; and enable other businesses to take their workforce virtual leading to less energy consumption in office buildings and fewer commuters on the road. 
  • To date, TELUS has planted more than 800,000 trees and by the time its millionth tree is planted later this year, it will have planted the equivalent of 20,000 acres of forest, which is nearly the size of Red Deer. 
  • Supporting Alberta’s Agriculture Industry

TELUS Agriculture is investing in integrated data management software, helping to scale animal health technology to deliver valuable insights and enable a more sustainable, responsive food supply chain. With a comprehensive portfolio of grower and advisor solutions, TELUS Agriculture is helping to improve both productivity and profitability for farmers in Alberta, notably with field-specific nutrient management programs aimed at increasing fertilizer efficiency and maximizing yield potential.

Since 2000 through 2021, TELUS has invested $220 billion nationally in network infrastructure, operations and spectrum, including more than $55 billion in technology and operations in Alberta. The investments announced in this media release are consistent with TELUS’ capital expenditure guidance for 2022, released in the fourth quarter of 2021 earnings release dated February 10, 2022.

These investments are critical to provide Canadians with access to superior technology that connects us to the people, resources and information that make our lives better. TELUS is steadfast in its commitment to using technology, team member-led innovation, and human compassion to address the most important societal challenges of our generation and bringing real solutions to the residents of Alberta.

TELUS also embraces tax morality as a means of further investing in our communities. Since 2000, TELUS has paid approximately $51 billion in total tax and spectrum remittances to our federal, provincial and municipal governments across Canada, including more than $2.2 billion in taxes in 2021 alone. These funds support public works projects, education, healthcare, cultural pursuits and other initiatives that improve the social and economic well-being of our communities.

TELUS’ innovative approach to leveraging technology in healthcare has supported 22 million Canadians to receive care where and when they need it with virtual visits since March 2020 through the MyCare by TELUS Health App, giving Canadians the tools they need to see a doctor or therapist from the safety and comfort of home, directly from their smartphone.   

Since 2000, TELUS, its team members and retirees have provided over $198 million in cash, in-kind contributions, time and programs and volunteered 3.2 million hours to charities and community organizations located in Alberta.

Google Changes Course And Lets Lets Personal Users Stay On ‘No-Cost Legacy G Suite’ With Custom Gmail Domain

Posted in Commentary with tags on May 17, 2022 by itnerd

Earlier this year, Google announced that they were going to shut down G Suite Legacy Free Edition and that prompted outrage and had lawyers sniffing around for a big payday. That led to Google flip flopping on that to a degree and announcing that Legacy G Suite Users would be able to migrate to free accounts. But that didn’t calm the waters. Here’s a comment that was left on that story:

The new change offered by Google doesn’t help many… Families that had a family domain still lose that and, importantly, non-profit / volunteer organisations, like Scout Groups etc., who may have been running their organisation’s email on this platform for 15 years will lose all of that functionality. The fact is that for those signing up prior to 2012 or whenever the change was, were all promised that they could have Google for your Domain free FOREVER… Google needs to keep its promises – if they were possibly every going to say years down the track that the situation has changed, then they should not have promised in the first place… once they’ve made the promise they need to stick to it.

Well, it took a few months, but it looks like Google has again reconsidered. You can keep your custom domain, and:

Besides the custom Gmail domain, you will “retain access to no-cost Google services” and “keep your purchases and data.”

  • You will retain access to the no-cost version of Google Workspace services such as Google Drive and Google Meet, and additional Google services such as Google Search, Google Maps, and YouTube
  • You will retain access to paid content such as movie purchases at Google Play and data stored on Google Workspace

However, you must confirm to Google that your usage is “for non-commercial personal use.”

I am once again interested in hearing from people who are affected by this to get their thoughts. This seems like Google is listening and doing what is right. But maybe I am reading this wrong. Please leave a comment below and share your thoughts.