Archive for May 19, 2022

HP Announces New Spectre And Envy Laptops

Posted in Commentary with tags on May 19, 2022 by itnerd

HP Inc. today debuted its newest HP Spectre and HP Envy laptops built with the flexibility to create and live seamlessly in today’s hybrid world.

The last few years have seen the rise of the creator economy, introducing endless possibilities for people topursue their passions as a part-time or full-time opportunity. Sixty-eight percent of creators started or expanded their freelance business during the pandemic, with 98% of them monetizing their content creation part-time. These hustlers need tools that allow them to collaborate with others easily as 56% of creators feel less engaged with the speaker if their video is turned off. And performance equals productivity, which is why 60% of creators prize performance in a computer.

Create in a smooth, seamless, and collaborative way with the newest lineup of Spectre and Envy PCs. These devices are built with HP Presence and HP GlamCam to deliver amazing video and audio call experiences, with features like:

  • A 5 MP camerafor picture-perfect claritywhen collaborating with colleagues or pitching clients.
  • HP Auto Frame and HP Dynamic Voice Leveling for an interactive video and sound experience no matter where you are in the room.
  • Backlight Adjustment to autocorrect video images in any environment where you may be taking a call.
  • Appearance Filter for the 60% of us who are more self-conscious on camera than in real life. This feature allows you to easily touch up skin, teeth, and eyes.
  • Bi-directional AI noise reduction, directional beamforming mics, and quad speakers for a superbsound experience during video or audio calls.
  • Network Booster fornetwork bandwidth optimization to reduce screen freezes and dropped calls.
  • AI-based privacy alerts to collaborate and create in public spaces, blurring the screen when someone is behind you.

No matter what type of creator you are, performance is key. The newest Spectre and Envy PCs offer a wide range of options including processors, displays, and more to make sure your device fits how you want to use it. This includes:

  • Up to a 4K OLED display for a more natural viewing experience, and a 120 Hz display for a 2x faster display refresh rate for smooth, response actions.
  • A touch display to leverage multi-gestures like pinch-to-zoom, double tap, and press and hold to create and easily manipulate drawings and other creative content. Easily take notes or sketch with pen-abled PCs.
  • A variety of screen sizes and aspect ratios offer the best fit for your creative flow. Choose from a3:2 aspect ratio device for web browsing and productivity tasks; a 16:9 aspect ratio for watching videos and entertainment; and a 16:10 for video and audio editing.
  • Intel® Evo™ platforms featuring 12th Gen Intel® Core™ processors for improved multi-tasking and performance.

Not only do creators need great battery lifeto power their creations, they also need all the tools at their disposal to extend the charge on their battery. Available on devices with Intel processors, HP offers intelligent power management features:

  • Power Saver mode extends the battery life whenever there is a concern about charging accessibility.
  • In-bag detection leveraging Intel® Dynamic Tuning Technology to adjust the PC’s power to avoid overheating or battery drain when put in a bag.
  • Adaptive Battery Optimizer monitors battery temperature, battery-charging status, and usage time to preserve your battery’s health.
  • Smart Sense optimizes a device’s performance, temperature, and more based on the application being used.

Creation isn’t just limited to one device.More than 60% of creators use more than two devices to create. And 60% said that computers can go from good to awesome through great software. The new Spectre and Envy devices all come with HP Palette pre-installed, a proprietary digital workspace to help simplify the creative flow and allows you for smooth cross-device collaboration.Find any face in photographs with HP PhotoMatch. Enjoy infinite, flexible sketching with Concepts. Drop anything to any device seamlessly, wirelessly with HP QuickDrop. Expand your workspace, connect to another device for more creative options with Duet for HP.

Today everybody is a creator, and HP has created the perfect device for you to create and collaborate that fits the way you work and play:

  • The new HP Spectre x360 13.5-inch 2-in-1 Laptop PC looks great and sounds great anywhere. The HP Spectre x360 13.5” engineered on the Intel® Evo™ platform is expected to be available for purchase on May 19at for a starting price of $1,249.99. The device will also be available at and select Best Buy retail locations.
  • The HP Spectre x360 16-inch 2-in-1 Laptop PC engineered on the Intel® Evo™ platform Is newly refreshed with the latest 12th Gen Intel® Core™ processors and up to Intel®Arc™ Graphics, bringing you the best in AI-based hands-free controls along with AI-based Privacy Alert, and screen time and distance reminders. The HP Spectre x360 16” is expected to be available for purchase on May 19 at for a starting price of $1,649.99. The device will also be available at and select Best Buy retail locations.
  • The HPEnvy x360 13.3-inch 2-in-1 Laptop PC designed on the Intel® Evo™ platform was co-engineered and optimized with Intel® to offer up to 20.5 hours of battery life for all-day creation. The HP Envy x360 13” is expected to be available be available for purchase on May 19 at for a starting price of $899.99. The device will also be available at and select Best Buy retail locations.
  • The HP Envy x360 15.6-inch 2-in-1 Laptop PCis available with the latest Intel or up to AMD Ryzen™ 7 processors. The HP Envy x360 15.6” with AMD is expected to be available be available for purchase on May 19 at for a starting price of $849.99; the Intel version is expected to be available for purchase on May 19 at for a starting price of $899.99. Both versions will also be available at (AMD Ryzen™ 5, AMD Ryzen™ 7, Intel® Core™ i5, and Intel® Core™ i7) and select Best Buy retail locations.
  • The HP Envy 16-inch Laptop PC offers up to Intel®Arc™ Graphics or NVIDIA® GeForce RTX™3060 Laptop GPU. Coupled with DDR5 memory support and a gaming grade thermal solution, this device delivers optimal performance for multitasking, rendering 3D models, or when using powerful creative tools like Adobe Photoshop. The HP Envy 16” is expected to be available for purchase on May 19 at for a starting price of $1,399.99. The device will also be available at Amazon and other NA retailers.
  • The HP Envy 17.3-inch Laptop PC gives you the power to create on a big screen. The HP Envy 17” is expected to be available for purchase on May 19 at for a starting price of $1,099.99. The device will also be available at and select Best Buy retail locations.

Sixty-six percent ofconsumers consider sustainability when they make a purchase and 81% expect to buy more environmentally friendly products over the next five years. Building on the world’s most sustainable PC portfolio, all of today’s announced PCs are crafted from recycled metal and ocean-bound plastics and are EPEAT® Gold Certified and ENERGY STAR® rated.

Approov Announces Runtime Secrets Protection 

Posted in Commentary with tags on May 19, 2022 by itnerd

Approov, creators of advanced mobile app and API shielding solutions, today introduced Approov Runtime Secrets Protection, enabling comprehensive protection of the API credentials and secrets that are typically targeted by threat actors for malicious exploitation.

Recent breaches have highlighted the risk of stolen keys and secrets being exploited by hackers. It is clear that such secrets are not being effectively protected at rest and in transit, resulting in bad actors acquiring them and exploiting them to access APIs and applications.

The wide use of third-party APIs by mobile apps adds another dimension to the problem. Mobile app developers can suffer both financial losses and brand reputation damage if they are seen to be the cause of 3rd party app breaches or service disruptions caused by Distributed Denial of Service (DDoS) attacks using stolen secrets.

Recent research from Osterman Research illustrates the extent of the issue:

“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code,” Michael Sampson, senior analyst at Osterman Research, said. “These two things together constitute a massive attack surface for bad actors to exploit. And third-party API threats against mobile apps aren’t as well understood by companies as they should be. The new functionality from Approov allows API keys to be managed and updated dynamically and ensures they are never extractable from the app. This is a major step forward in protecting APIs from abuse.”

Developers have frequently been urged not to store hard coded keys in a mobile app or device, but as the research shows this “best-practice” is not widespread, since up to now, there has been no easy way to conveniently store such secrets safely outside the app code.

Introducing Approov Runtime Secrets Protection: Just in Time Keys Secrets That Thwart Mobile API Attacks

This is why Approov is releasing new functionality in Approov 3.0 which addresses this issue by making management of API keys and other secrets easy and secure, at rest, or in transit.

Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.

All secrets are stored by the Approov cloud service and are easy to manage dynamically. If changes to these are needed, they are easily and immediately changed across all deployed apps, preventing abuse.

This approach marks a major improvement over keys that are hard coded in the app itself, because should those keys be “leaked” the app must be updated with an entirely new version – a process which is complex and time-consuming, and involves juggling new and old keys during the time it takes for the installed base to be transferred to the new version.

Upcoming Webinar

Join the live webinar from Approov on June 9th “Best Practices for Secure Access of 3rd Party APIs from Mobile Apps” which will discuss the reputational and financial risks associated with API use and how to mitigate those risks. Sign up here.

Pricing and Availability

The pricing of the Approov solution is designed to be completely aligned with your business growth, based on the number of genuine active apps in a monthly billing period. Approov 3.0 is available now.

U.S. Warns Businesses Against Inadvertently Hiring IT Staff From North Korea

Posted in Commentary with tags on May 19, 2022 by itnerd

I have to admit that reading this story from The Guardian was not on my bingo card when I woke up this morning. U.S. officials have warned businesses against inadvertently hiring IT staff from North Korea, claiming that rogue freelancers were taking advantage of remote work opportunities to hide their true identities with the intent of earning money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and east Asia.”

North Korean workers pretended to be from South Korea, Japan, or other Asian countries, the advisory said. It laid out a series of red flags that employers should watch for, including a refusal to participate in video calls and requests to receive payments in virtual currency.

Kevin Bocek, VP, Security Strategy and Threat Intelligence for Venafi had this comment:

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organisations. They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within. Our recent research shows that cybercrime has become a primary means of revenue generation in North Korea, and APT groups are helping it to work outside of international sanctions, funding political and military gains. In fact, it’s estimated that up to $2bn makes its way directly into North Korea’s weapons program each year as a result of nation state cybercrime.

“Ultimately, there’s no telling what these rogue freelancers are after. The targets that spring to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have made use of stolen code signing identities in devastating nation state attacks, so they’re likely to be on the table as well. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blind spot in software supply chain attacks.

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer. For companies looking to protect against the impact these threat actors could have if armed with stolen code signing certificates, machine identity management remains the best defense. Businesses must have visibility over their environments in order to spot changes and react fast, both from a human identity and a machine identity perspective. Without the effective management of both machines and humans, we’ll continue to see APT groups thrive, and high-profile nation-state attacks will continue to affect businesses and government. The automation of machine identity management can help to take this element of security out of already overstretched security teams hands.”

It does beg the question if other countries with dodgy reputations like Russia and China are doing something similar. I’d be interested in knowing that answer as it likely would influence how safe we all are.

Canadian SMBs Optimistic About the Future: Zoho

Posted in Commentary with tags on May 19, 2022 by itnerd

A newly released survey by Zoho Corporation – the Zoho SMB Outlook Survey – reveals that Canadian small and medium-sized business leaders are optimistic about their company’s prospects. 

The survey – which queried 750 business people across Canada – found that 66.7% of respondents are optimistic about the next six months, with 74.2% of those surveyed forecasting upwards of 20-percent growth. This positive outlook stems, in part, from productivity, as more than three-quarters of respondents expressed satisfaction with their output.

Key Survey Findings:


  • 77.7% of respondents are satisfied with productivity
    • 83.9% of Quebec’s respondents are satisfied 
    • 73.7% of Alberta’s respondents are satisfied


  • 66.7% of businesses are moderately to very optimistic about the next 6 months
    • 14.8% very optimistic; 20.8% moderately optimistic; and 31.1% optimistic
    • 71.4% of Quebec’s respondents are optimistic
    • 64% of Ontario’s citizens are optimistic
  • 39.1% expect their business to grow by 1-10% during the next six months
    • 51.3% of Albertan respondents anticipate growth of 1-10%
    • 32.1% of respondents in Quebec anticipate growth of 1-10%
  • 22.5% expect their business to grow by 11-20% during the next six months
    • 26.8% of respondents in Quebec anticipate growth of 11-20%
    • 15.8% of Albertan respondents anticipate growth of 11-20%
  • 12.6% expect their business to grow by 20+% during the next six months
    • 15.8% of Albertan respondents anticipate growth of 20% or more
    • 14.3% of respondents in Quebec anticipate growth of 20% or more


  • 42.4% of businesses are hiring and 52.7% are neither hiring nor laying people off
    • Only 4.9% anticipate layoffs
  • 42.5% have struggled to retain employees
  • The majority of respondents have retained more flexible work options, with hybrid work accounting for 36.8% and at-home work accounting for 29.7%. Only 33.5% of respondents are working in-office.
    • 39.3% of Quebec’s respondents have a hybrid workplace model and 21.4% work from home; 39.3% work in the office
    • However, 53.9% of Albertans work in the office, while 32.9% use a hybrid workplace and 13.2% work at home

Return To Workplace / Mask Mandates     

  • 64.5% of businesses have already returned to the office, while 13.6% are planning to return in the Fall
    • In Alberta, 81.6% of respondents have returned to the office while only 58% Quebec’s respondents have gone back
  • 38.4% of all respondents will maintain a mask mandate
    • 41.4% in Ontario
    • 32.1% in Quebec
    • 17.1% in Alberta
  • 44.7% of all respondents won’t maintain a mask mandate
    • 68.4% won’t in Alberta
    • 41.1% won’t in Ontario
    • 32.1% won’t in Quebec
  • 46.3% of all respondents will require employees to be vaccinated
    • 48.2% in Quebec
    • 46.2% in Ontario
    • 34.2% in Alberta

IT Highlight

  • 76.1% of IT respondents are optimistic about the future of their business, positioning them as the most optimistic vertical

Report Methodology

Conducted in March 2021 by Zoho Survey, this study contacted 750 individuals across Canada. Participants in the study included a range of business leaders, from manager roles to the C-level, at small and large enterprises across a variety of industries.

Hackers Spoof Community And School Meetings; Tricking Users To Download Fake Zoom Invite: Avanan

Posted in Commentary with tags on May 19, 2022 by itnerd

Avanan, a Check Point Company, has revealed its latest analysis in which hackers spoof legitimate popular community and school meetings to trick users to click and download fake Zoom invitations, executing malware in the process.

In this attack, hackers gather public records to send out email reminders of upcoming community and school board invitations. These emails contain a PDF of what looks like and is expected to be a Zoom invitation. Clicking on the PDF attachment doesn’t open a Zoom invite; rather, links to a downloadable malware.

You can read the report here. It has valuable suggestions as to how to protect yourself from this attack.

New Security Research Discovers Unusual Uptick in Malicious Traffic from China: Cequence Security

Posted in Commentary with tags on May 19, 2022 by itnerd

Each month, the Cequence Security Research team shares API threat statistics and unique threat patterns that they have observed. The latest Cequence Security State of API Security Activity Monthly Bulletin is out and Cequence Security is seeing an unusual uptick in traffic from China spiking at a 200% increase.

The percentage of overall traffic from China was observed across multiple organizations in the US and EMEA. The Cequence Threat Research team tracked and tracked a sophisticated recon effort as a threat actor abused business logic to attempt to commit fraudulent purchases on stolen credit cards through automated account creation. The research also observed malicious infrastructure providers showing potentially new bulletproof proxy vendors appearing. 

You can read the report here, and it does make for some interesting reading.