Archive for June 29, 2022

Three New And Dangerous Versions Of A Norton Billing #Scam Are Making The Rounds…. Let Me Tell You About Them [UPDATED]

Posted in Commentary with tags , on June 29, 2022 by itnerd

In the last few days I have become aware of three versions of a scam involving Norton products that you need to be aware of. All of them have the same theme. You’ve renewed your subscription for some Norton product and if you need further information or you want to dispute it, it provides a number to call. It will look something like this:

Now I took out the email header to preserve my client’s privacy, but there are three things that you should be aware if. The most important thing to be aware of is if you do not have an active subscription to a Norton product, do not call the number in the email. Beyond that, if you look at who sent it, you’ll likely see that it was sent from an email account other than Norton.com. That’s a big hint that this is a scam. The third thing that you should note is if you look at the quality of the English used in the email, it’s poor. And on top of that it creates a sense of urgency to get you to call the number. Which you should not do. In short, this is likely a phishing attempt to get your credit card details at the very least. Or further to that, create the conditions to access your computer to do who knows what to it.

The second version of this scam is something that I came across over the weekend when a older couple phoned me in a panic after getting an email with a PDF attached that looked like this:

Now I suspect that the scammers behind this one have moved to using a PDF because it is less likely to be picked up by an ISP’s spam filter. But other than that, it’s the same scam. And in the case of this older couple, it almost cost them $13,000 Canadian and caused them all sorts of grief when the scammer got hostile with them. I am working on a write up about this and that will be out in the coming days. But I will say that this illustrates how dangerous these sorts of scams can be.

The final version of this scam is extremely dangerous. Let’s start with the email that you will get:

You’ll note that like the second scam, you’ll get an email with an attachment. In this case an ISO file which is a disk image file that is commonly used to burn CD, DVDs or act as a container for software. It’s the latter that the scammer is using this for because if you open the ISO file (which by the way I absolutely do not recommend that you do), you will see this:

The first file that ends in .DLL is something that should set off alarm bells. Further investigation on my part shows that this is designed to deliver a virus payload to a Windows computer. And what sort of payload is it? Well, I will get to that in a moment. But let me get to the part about what happens when you use VirusTotal which is a website that analyze suspicious files, domains, IPs and URLs to detect malware and other breaches and automatically share them with the security community:

In this case, the payload was only detected by 6 of 66 virus scanners. Which is bad as that implies that this virus payload is ether new or new and improved. I am guessing the latter, but in either case, this underlines why you should never, ever click on anything in a suspicious email.

But what is the payload? This based on this write up suggests that this is a trojan that in short is designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. But because I could not identify the exact trojan in use here, it may do other things that are even more dangerous.

The other thing that I will note is that there’s a phone number in the email. That suggest to me that the the person behind this will also act in the same manner as the first two Norton scams. Something that I briefly looked into by phoning the number and getting a supposed employee of Norton with an Indian accent.

That covers these Norton billing scams that you should be aware of. In the coming days, I will be doing a write up about the second scam in detail so that you can see what the scumbags behind these scams will do to you if you fall for these scams. And I will also be doing a more detailed investigation of the third scam to see if I can get any additional details that I will share with you in hopes of keeping you safe. So stay tuned for all of that. But in the meantime, be careful out there folks.

UPDATE: Well, investigating the third scam didn’t last long.

I phoned the number that was listed in the third scam (which for the record you should never ever do) using a phone that doesn’t allow the caller ID to be shown at their end and the phone was answered by someone with an Indian accent claiming to be working for the “Norton LifeLock Cancellation Department”. I then pretended to be someone who had gotten the email and asked the guy why I have got charged. He then proceeded to try and supposedly help me to cancel the subscription to Norton LifeLock which of course I didn’t have a subscription to said product. I guess it was at that point he noticed that I was calling from a blocked number and hung up the phone. I tried two more times and got two more people with Indian accents and got the same results. I am guessing that their playbook involves grabbing the phone number so that they can call back if they have to, or to use it to perpetrate future scams, or both. I am also guessing that if they see that the number is blocked, they see it as a threat and they hang up the phone.

So my take away is that they don’t get you with the virus, they’re going to get you if you call the number. Thus don’t fall into either of those traps by not opening any attachment that you get in any email that might be suspicious, or phoning any number that is associated with an email like this.

Go on an epic adventure with Netflix’s “The Sea Beast”

Posted in Commentary with tags on June 29, 2022 by itnerd

Craving a different type of drive this summer? Go on a high-seas adventure without stepping off land. Activate Waze’s latest driving experience, inspired by Netflix’s newest movie, “The Sea Beast.” (Check out the trailer and the film on Netflix July 8.)

Starting today, you’ll meet the dynamic duo of Maisie, a precocious stowaway, and Blue, a little beast with a huge mischief streak, and revel in the unlikely comedy of their friendship as they help you navigate every turn you take on Waze. And don’t worry: Maisie will help translate Blue’s sounds for you. You’ll also get to know some other Beasts that they find on their journey when you choose between three new Moods: Blue, Red and Yellow. Don’t forget to swap your vehicle for a Lifeboat, to get into the true adventurer’s spirit.

With Sea Beast Mode activated, get ready to explore the world together, on a journey full of surprise, wonder and funny banter — because where the map ends, the adventure begins.

If you’re interested in seeing the magic in real life, Netflix is hosting a series of experiences across the U.S. at aquariums, museums and more to celebrate the launch of The Sea Beast.

For a drive that takes you to the seas, visit Waze or click “My Waze” in your Waze app and tap the “Turn on Sea Beast Mode” banner to activate. It’s available globally, in English, for a limited time.

The Nikon Z 30 And NIKKOR Z 400MM f/4.5 VR S Super-telephoto Prime Lens for the Nikon Z Mount System Announced

Posted in Commentary with tags on June 29, 2022 by itnerd

Nikon’s newest Z 30 mirrorless camera is designed specifically for video content creators, vloggers and streamers. This small, lightweight, feature-packed camera applies Nikon’s expertise in all things imaging, giving creators the ability to easily produce the kind of video content that gets noticed. 

With the Nikon Z 30, it’s simple to consistently create professional-looking 4K UHD video to get the look you want, with sharp focus, beautiful blurred backgrounds and appealing audio- all on the first take. Swivel front-facing LCD and REC lamp? Got it. Mic input? Better low light performance? Of course. Even though it’s got an affordable price and simple controls, the Z 30 is packed with more advanced features that level up with you, helping to take your content and your channel further. 

Creator-Centric Features That Make Sense:

  • Front-facing Vari-Angle touchscreen-LCD lets you see yourself in the scene as you compose your shots, confirm the frame, adjust focus and make sure you are always camera-ready. The bright 3.0 inch high-res screen will also feel familiar with the ability to swipe, pinch and zoom through playback and menus, while it also tilts to easily frame unique angles from below the hip or from above. 
  • The Nikon Z 30 and NIKKOR Z lenses help you create soft, blurred backgrounds that are a hallmark of higher quality content. The main subject remains sharp, in order to draw your viewer’s attention toward you or anything you want them to see, whether it’s a face or prominent product shot.
  • Reliably fast and sharp autofocus keeps you in focus, precisely following as you move around the scene, with the added benefit of Eye Detection AF. 
  • REC lamp acts as a tally light, illuminating on the front of the camera to confirm recording and peace of mind. 
  • Higher quality audio enhances your content thanks to a built-in stereo microphone, plus an additional input for using a more powerful external stereo or directional microphone.
  • Get it all in one take with more than two hours (125 minutes) of recording time, which is ideal for longer videos such as an extensive DIY.
  • Superior low light performance gives you the freedom to shoot indoors, when it’s cloudy or at night, for clear and sharp video, with minimal noise and fast focus. Even in low light, the full-time focus will continuously track you while walking with the screen in self-portrait mode. The ISO range goes up to 25600 for video and 51200 for photos, enabling sharp rendering of details and textures in lower light.
  • Sharp video quality at up to 4K 30P UHD with plenty of room to punch in, or Full HD up to 120P to easily create dramatic slow-motion. What you see is what you get, as the Z 30 captures 4K with no additional crop so you don’t lose any of your frame. 
  • Get the look you want with the Picture Control Auto function, which adjusts the video settings according to the scene.  There are also 20 different types of Creative Picture Controls to add creative flair to video, and eliminate the need for extra colour grading. 
  • Using Nikon’s precise colour profiling, scenes and skin tones are reproduced naturally and accurately straight out of camera, with a genuinely inviting vibe that’s never cold or clinical. 
  • Record on widely available SD cards, which come in a variety of large sizes. 
  • Keep the camera running using an external USB-C power source, a great feature that can eliminate the need to swap batteries during a shoot. The camera works with Nikon’s free Webcam Utility streaming software to integrate for streaming or web conferences.
  • Minimalist, lightweight design that is easy to carry and vlog with. This is the smallest and lightest Z series mirrorless camera ever made. The form factor and weight is made for content creation, vlogging and streaming. It’s balanced and comfortable to hold for long periods of time and small enough to pack. Simple dials give you complete control of settings like aperture and shutter speed for a desired effect. 
  • Always connected to your phone (iOS or Android) for easy automatic transfer of images using the free Nikon SnapBridge App. If your workflow is editing and posting from your phone, you can also connect to wirelessly send videos from the Z 30 to your device. Using the app, you can also use your phone as a remote control to start and stop your recording, when you are in front of the camera. 

Superb Still-Camera Features

Create better thumbnails and cross-promote posts for your other channels that drive to your video content using the Z 30. The 20 megapixel APS-C /DX-format CMOS sensor captures super-sharp and high-res still images, in any kind of light. Whether you’re shooting a once in a lifetime landscape shot, a cooking close up , the Milky Way at midnight or a gorgeous portrait, users have the option to use fully automatic modes or get creative with advanced settings. The Z 30 is also incredibly fast, with the ability to capture people and pets at up to 11 fps3. What’s more, if you love what you’re seeing in the LCD, you can even snap a selfie while recording video. 

Creativity Has No Limits with NIKKOR Z Lenses

The Z 30 is an interchangeable lens mirrorless camera that opens up an exciting world of possibilities with a wide array of NIKKOR Z lenses, from super–wide lenses for interiors, small spaces and landscapes, incredibly close macro for tiny details on products, or far away action with a telephoto lens. NIKKOR Z glass is specially designed to address the needs of video creators with silent operation, and by minimizing the breathing effect during focusing, while delivering gorgeously rendered colours for a true-to-life experience. Creators can choose a growing collection of more than 30 NIKKOR Z lenses, including:

  • NIKKOR Z DX 16-50mm f/3.5-6.3 VR Lens (included in all Z 30 kits, except when body is sold separately): The Z 30 comes with this extremely small yet versatile zoom lens, that’s great for wide angles, especially when talking directly to the camera. It also features built-in VR (vibration reduction) image stabilization to help create smooth footage and sharp images, even when handheld. 
  • NIKKOR Z DX 50-250mm f/4.5-6.3 VR Lens: Lightweight long zoom lens option with built-in VR that’s great for shots that require extra reach, such as sports and animals. 
  • NIKKOR Z 40mm f/2 and 28mm f/2.8: Super-compact “walk-around” primes that are perfect for flattering portraits, casual shooting, travel and discrete street snaps.
  • NIKKOR Z MC 50mm f/2.8: A fantastic macro lens lets you get closer to the things you love to get all of the details. Great for food shots, product shots, nature images and more. 

Pricing and Availability

The new Nikon Z 30 will be available in mid-July 2022 in a variety of kit configurations: As a body only for a Manufacturer’s Suggested Retail Price (MSRP) of $879.95, or with a NIKKOR Z DX 16-50mm f/3.5-6.3 lens for $1,049.95 MSRP.  Nikon will also offer a Creators Accessory Kit for $149.95 MSRP, which will include a SmallRig Tripod Grip, the ML-L7 bluetooth remote control, plus the Rode VideoMicro Microphone.  A hot shoe-mounted Wind Muff for the built-in microphone will also be available for $14.95 MSRP. 

For more information about the latest Nikon products, including other NIKKOR Z lenses and the entire collection of Z series cameras, please visit www.nikon.ca

Guest Post: Pregnancy and period tracking apps corrupt women’s privacy, Atlas VPN study reveals

Posted in Commentary with tags on June 29, 2022 by itnerd

The Roe v. Wade overturn destroyed 50 years of progress in women’s rights to privacy and the ability to choose for themselves.

According to the data collected by the Atlas VPN team, apps dedicated to women’s health, like pregnancy or period trackers, heavily collect sensitive data and share it with third parties. After the Supreme Court in the US overturned Roe v. Wade, information gathered from these apps could be used as evidence for getting an abortion.

A few most popular women’s health apps stand out when looking at trackers. Pregnancy App & Baby Tracker (Babycenter) has 15 trackers on their Android and 20 trackers on iOS applications.

Pregnancy Tracker & baby app WTE has 7 and 22 trackers on its Android and iOS versions, respectively.

Flo Period tracker & calendar app seems to have 2 trackers, the least among Android apps. At the same time, the MeetYou Period Tracker application has 3, the least amount of trackers among women’s health apps on iOS devices.

Permissions spy on your data

Permissions help the user regulate and control which system and device functions the application can access.

MeetYou Period Tracker has 36 permissions on their Android app, 8 of which could be considered dangerous. The iOS application requires 7 permissions, giving access to data that can be used to track you.

Pregnancy Tracker & baby app WTE on Android devices has 19 permissions (3 dangerous), meanwhile, the iOS version has 9. The least amount of permissions on Android and iOS devices can be found in the Spot on period tracker, 7 and 4, respectively.

During our research, we found some apps that even ask for permissions to access your search history and contact information, like your name and email address. Later on, this data could be sold to third-party services and used against women who are considering getting an abortion.

To read the full article, head over to: https://atlasvpn.com/blog/pregnancy-and-period-tracking-apps-corrupt-womens-privacy-study-reveals

Commvault and Oracle Partner to Deliver Metallic Data Management as a Service on Oracle Cloud Infrastructure

Posted in Commentary with tags on June 29, 2022 by itnerd

Commvault, a global enterprise leader in intelligent data services across on-premises, cloud, and SaaS environments, has expanded its strategic partnership with Oracle to include Metallic DMaaS on Oracle Cloud. As part of Commvault’s multi-cloud strategy, Metallic’s industry-leading services will be offered on Oracle Cloud Infrastructure (OCI) and available in all commercial OCI regions globally. 

Metallic and OCI will deliver superior price-performance, built-in enhanced security, and simplified recovery and management for enterprise customers looking to accelerate their OCI transition. Leveraging OCI Storage for advanced air-gapped ransomware protection, Oracle customers can now protect critical data assets in the cloud or on-premises by maintaining flexibility across customer-managed storage or a SaaS-delivered data protection service, inclusive of managed cloud storage. 

In the fight against ransomware and cyberattacks, Metallic DMaaS helps protect data from corruption, unauthorized access, and other threats across vital sectors of business, including insurance, financial services, manufacturing, and defence. With Metallic DMaaS, customers can easily back up their digital footprint in any consumption model, from cloud-native to on-premises workloads, including databases, virtual machines, Kubernetes, and file and object storage. 

By adding support for protecting OCI workloads and writing to OCI Storage, Metallic’s data protection now spans OCI VMs; Oracle Databases; and Oracle Container Engine. Additionally, Oracle Linux is available to over 400,000 Oracle enterprise customers and the more than 100,000 customers who have relied on Commvault technology and are looking to leverage Oracle Cloud Infrastructure to protect their mission-critical data. As a member of the Oracle PartnerNetwork, Commvault will jointly market and sell Metallic DMaaS with Oracle in an alliance that will accelerate Metallic’s global expansion efforts. Metallic DMaaS is available in the Oracle Cloud Marketplace.

To learn more about Metallic DMaaS on Oracle Cloud, please visit backup.metallic.io/oci.

FCC To Apple And Google: Delete TikTok From Your App Stores

Posted in Commentary with tags , , , on June 29, 2022 by itnerd

Last week I posted a story about a report that data from US users of TikTok was being seen in China. This despite the fact that TikTok has always claimed that this is not the case. This has now escalated to the point where FCC commissioner Brendan Carr posted this on Twitter:

I encourage you to click on the Tweet to read the letter in full. But in short, he wants TikTok gone from Apple’s App Store and Google Play for violating the terms of service and for being a data-gathering tool for the Chinese authorities. The letter gives both Apple and Google until July 8th to respond. As I type this, neither has responded and it isn’t clear what will happen if they don’t respond or pull the app. But TikTok has responded and said this:

We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.

You’ll note that they did not directly address the accusations that were made by Carr.

My feeling is that this is about to come to a head. I’ll be keeping a close eye on this because my feeling is that this is about to blow up into something resembling the scale that we saw when Donald Trump tried to force a sale of TikTok to a US company or be banned.

AMD Apparently Pwned By RansomHouse…. And It Might Have Been Easy To Do

Posted in Commentary with tags , on June 29, 2022 by itnerd

It seems that chipmaker AMD had been pwned by the ransomware and extortion group RansomHouse:

RansomHouse, a relatively new data-extortion cybercrime group, has announced a major new victim. Today, the group published a new update on its darknet site and are claiming to have breached Advanced Micro Devices (AMD), the large chip manufacturing company.

RansomHouse is claiming to have breached AMD’s network and exfiltrated “more than 450 Gb” of data back in January 2022. The group has also published a data sample as evidence.

And assuming that this happened, it looks like AMD was pwned rather easily. Check this out:

It’s no secret that hackers can easily launch attacks against networks with commonly-used passwords to to gain access. 

According to RansomHouse, this was the case with AMD, which the group claims was using “simple passwords” to protect its network.

An era of high-end technology, progress and top security…there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords like ‘password’ [others passwords redacted] … to protect their networks from intrusion. It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our our hands on – all thanks to these passwords.

– RansomHouse group

If that’s true, that’s really embarrsing for AMD.

AMD had this to say when they were asked about this:

On June 27th, we reached out to AMD for comment. AMD provided us with the following statement on June 28th:

AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.  

-AMD Communications Director

RestorePrivacy is in contact with both AMD and RansomHouse and will update this article with any new information provided to us from either party.

That sounds like to me that this has actually happened. But we may want to wait for a more fulsome confirmation.

Saryu Nayyar, CEO and Founder, Gurucul:

     “In an ironic twist of fate, AMD survived the global chip supply chain crisis during the COVID-19 pandemic only to be victimized by ransomware from a new data extortion group. Doubling down on irony is that AMD staff used “password” as the password for critical network access. How does this still happen in companies with security savvy engineers? It’s beyond comprehension quite frankly. Time to spin all the passwords and clean up security controls. Seriously, it’s time.”

I can’t wait for the full details to come out. Because if these details are fact, a lot of people at AMD have some explaining to do.

UPDATE: Darren Williams, CEO and Founder of BlackFog added this comment:

     “We haven’t yet seen evidence of the attack on AMD, but RansomHouses’ recent attack on the Shoprite Group in South Africa would indicate that they are focused on large organizations with weak security. As with all cyberattacks it really doesn’t matter how the bad actors found their way in, weak passwords or otherwise, if they want to find a way in, they will be successful! What really matters is what data they were able to leave with. Extortion is the focus for cybercriminal gangs and organizations should look to newer technologies like anti data exfiltration to stop them in their tracks and prevent any unauthorized data from being exfiltrated.”

Retailers Will Face More Pressure This Holiday Season: Salesforce

Posted in Commentary on June 29, 2022 by itnerd

Salesforce has announced initial predictions of the key trends that will emerge this upcoming holiday season. In the midst of rising inflation and low consumer sentiment, insight into predicted consumer behaviour will be more important than ever for retailers of all sizes.

Salesforce 2022 Holiday Predictions:

  1. Retailers will test NFT drops
    • 46% of shoppers said they would consider purchasing non-fungible tokens (NFTs), a digital asset that represents something unique or scarce stored on a blockchain. This could be a virtual version of a real item or a digital collectible.
    • Younger shoppers particularly are drawn to “digital twins” — a digital version of a physical good. Gen Z is four times more likely than Gen X to buy a physical good if it is paired with a digital twin this holiday.
  2. Physical stores will drive growth across all channels
    • Last year, stores had a significant impact on digital sales, with store associates expanding their roles to become fulfillment experts, service agents, social influencers, and digital stylists.
    • 60% of digital orders are now influenced by the store – whether demand is generated or fulfilled. This year, with stores fully operational once again, we’ll see consumers gravitate to the physical store in even greater numbers.
  3. Shoppers will gravitate toward sustainable options
    • Over the last two years, new expectations have increased in importance to consumers – trust and impact. Salesforce has found that 88% percent of consumers now expect brands and retailers to clearly state their values. And shockingly, 64% will stop doing business with a company if corporate values don’t align with their own.
    • This is especially true when it comes to the environment. According to Salesforce research, 83% of shoppers will seek out sustainable brands and products this holiday.
  4. Loyalty shifts to value
    • As inflation rises, consumer loyalty is shifting, this time to experience and value. In fact, according to Salesforce research, half of all shoppers will switch brands this holiday due to pricing.
    • This means that 2.5 billion shoppers worldwide could ditch their brand for a lower-priced competitor. Some product categories – luxury brands, grocery, and department stores – are more susceptible to waning loyalty due to price sensitivity (either high prices or significant increases in prices).
  5. Shoppers will buy even earlier to avoid future price hikes
    • This year, the main motivating factor driving early purchases will be inflation. According to Salesforce research, 42% more shoppers worldwide and 37% more in the U.S. plan to start buying gifts earlier – the No. 1 behavioral change this holiday due to inflation.
    • While Salesforce predicts that the ASP (average selling price) will increase monthly between 8% and 12% for the remainder of 2022, there is a silver lining for holiday shoppers – the return of discounting.

You can see Salesforce’s 2022 Holiday Predictions and explore more details in the holiday predictions blog here