Archive for July, 2022

« Older Entries
Newer Entries »

Town Of St. Mary’s Ontario Pwned By LockBit Ransomware Group

Posted in Commentary with tags on July 25, 2022 by itnerd

The Verge is reporting that the Town of St. Mary’s Ontario has apparently become the latest victim of the LockBit ransomware group:

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit’s standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online.

Small towns are now the target of groups like LockBit as it’s thought that they can’t defend themselves as well as big cities. Eddy Bobritsky, CEO, Minerva Labs had this comment:

Without the proper security software it can be very difficult to recover from a ransomware attack without paying the ransom. Ransomware attacks often lie in the network for months before activating, which means that if you’re relying on backups to recover, chances are you’ve also backed up the ransomware itself. So as soon as you restore the backup, you’ll just get reencypted straight away. Without proactive ransomware prevention software, this process becomes very tedious and ineffective.

The more positive news is that essential municipal services like transit and water systems are still up and running, and the town is attempting to unlock their systems and restore backup data. So there may be a way out for them. But this incident illustrates that everyone needs to be on guard so that they don’t get pwned.

1 Comment »

Review: Creative Live! Mic M3 Microphone

Posted in Products with tags on July 25, 2022 by itnerd

Creative has launched a microphone that’s aimed those who want to up their Zoom or Teams game and those who want to up their podcasting or live-streaming game. The microphone in question is the Creative Live! Mic M3 and it’s priced at an incredibly low $69.99 USD. But don’t let the price fool you. As I am about to explain, this is a very good microphone. Let’s have a look at it:

From a looks perspective, it looks like a typical studio microphone. What comes in the box is as follows:

  • A sturdy table stand that has a bit of weight to it
  • Mic mount
  • Magnetic pop filter
  • USB-A to Micro USB (which in the age of USB-C is a bit of a fail)
  • The screw mount supports 1/4-inch and 5/8-inch sizes which allows for a variety of mounting options

On the bottom is a headphone jack which is where I plugged in a pair of Creative Aurvana Trio LS in ear headphones that I will be posting a review on tomorrow. On the front you can see a blue light which indicates that the microphone is live. If that light is red, it means you’re muted. On the front you have a volume control knob, and a mute switch. On the back there is polar switch knob which allows you to switch between the two polar patterns on offer – cardioid (for single person recordings) and omni (for multiple person recordings). I’m going to stop here to point out why this feature matters. This option is seldom found in anything other than premium microphones because it requires additional microphone pickups to be built into the microphone. That suggests to me that Creative found a way to do this without increasing the price so that consumers have options as to how they can use the mic. Well played Creative.

Now all of that is good, but what you care about is how this microphone sounds. With that in mind, I did a test recording so that you can be a judge of what it sounds like:

This is very good sound quality. There’s no distortion, and it doesn’t alter my voice. In a quiet environment, I would have no problem recommending this microphone to record a podcast or for use with Zoom or Teams. Which is how I used it in the two weeks that I tested this microphone as according to those who were part of Zoom or Teams meetings, the audio quality was impressively good. The only things that I will point out is that first, it will pick up pretty much every noise in your environment. For example, it picked up my wife typing on her keyboard 3 feet behind me. The second is that if you accidentally bump your desk while using this microphone, it will pick it up. If you’re mindful of both of those things, this microphone is a total win. And at the price point that microphone is being offered at, I have no problem recommending this microphone to anyone who wants to start a podcast, do some live-streaming or up their Zoom or Teams game.

Leave a comment »

Rogers CEO To Canada: We’re Going Spend A Lot Of Money To Make Our Network Better

Posted in Commentary with tags on July 24, 2022 by itnerd

I’ll put the news out there first before I tell you what I think of it. Rogers CEO Tony Staffieri has put out another statement that speaks to their intentions to make their network better. Here’s what you need to know:

First, emergency calls to 911 simply have to work. Every time. We have made meaningful progress on a formal agreement between carriers to switch 911 calls to each other’s networks automatically – even in the event of an outage on any carrier’s network. I believe this is the only responsible way forward and I am personally committed to making it possible for all Canadians.

That’s a good first step seeing that Rogers failed miserably in that department. There’s also the fact that telcos like Rogers are legally required to have 911 calls work 100% of the time without fail.

Second, Rogers will set a higher standard for reliability by physically separating our wireless and internet services to create an ‘always on’ network – to help make sure our customers don’t experience an outage with both cellular and internet services again.

I will admit that splitting the networks will help to keep Canadians online if something like this happens again. Though the cynic in me says that if there’s a way for Rogers to have both networks fail, they will find it and it will happen.

Third, we will continue to focus on reliability, investing $10 billion over the next three years. This includes more oversight, more testing and greater use of Artificial Intelligence to ensure we’re able to deliver the reliable service you deserve.

That implies to me that they weren’t spending either enough money or any money in any of those areas. So I guess you can call this an improvement. But you have to ask yourself why haven’t they done any or all of this prior to the network crashing down around them a couple of weeks ago.

Finally, we are partnering with leading technology firms to do a full review of our network to help us learn from the outage. We will share lessons with our industry for the benefit of every Canadian.

Alternate plan: How about sharing those lessons with every Canadian so that Rogers can be held accountable for addressing their shortcomings? Right. I keep forgetting. That’s not going to happen. Rogers isn’t that sort of company to be completely transparent as proven by their CRTC filing.

Frankly, I am not impressed.

What I read from this is that Rogers is in full panic mode as I am guessing that businesses and individuals such as myself are rapidly fleeing to other telcos such as Bell and Telus. Thus they have to say something to keep their churn rates from skyrocketing massively, which in turn would cause their stock value to drop. Not to mention that they really need to do something to keep their attempt to merge with Shaw Communications from becoming a train wreck next to a dumpster fire. What I also read from this is that Rogers was likely underfunding their network, which is something that always comes back to bite you. I’ll give Staffieri points for coming out with statements like these, but I don’t think it’s going to be enough to save Rogers.

2 Comments »

Rogers Submits A Letter To The CRTC Explaining The Massive Network Outage…. But Some Details Are Redacted…. What Are You Hiding Rogers?

Posted in Commentary with tags on July 23, 2022 by itnerd

You might recall that the CRTC gave Rogers 10 days to explain what happened during its network outage from earlier this month. Now according to CBC News, they’ve done that:

The outage, which started early on July 8 and for some customers lingered for days, left millions without cellphone and internet service — prompting questions from the federal government and the Canadian Radio-television and Telecommunications Commission (CRTC).

“An update in our core IP [internet protocol] network … caused our IP routing network to malfunction,” the letter read.

And:

In its letter, Rogers said coding from the update deleted a routing filter that “allowed for all possible routes to the Internet to pass through the routers,” which flooded and overwhelmed the core network, causing it to stop processing internet traffic altogether.

“As a result, the Rogers network lost connectivity to the Internet.”

This seems to dovetail with this observation by Cloudflare where Rogers effectively deleted itself off the Internet. Here’s where it gets interesting:

The letter, posted on the CRTC website, met the regulator’s deadline for Rogers to answer questions about the outage. However it has many redactions where Rogers is believed to have offered more specific details about the problem and its plans to prevent something similar from occurring again. 

The CRTC said Rogers submitted two versions of the letter, one unabridged and the other with redactions, and that it released the latter to protect “highly sensitive information” about Rogers’ operations. 

Hmmm… I would like to believe that Rogers is protecting “highly sensitive information”. But something about this doesn’t sit right with me. Thus I have to wonder what they really have to hide. Is it perhaps that their network wasn’t really in a good place when the outage happened? If Rogers really wants to meet the mark on this:

“In order to regain the trust of Canadians, it is important that we provide open answers to the questions that they have about the outage,” the Rogers letter read. “That is why when answering the CRTC … Rogers is being as transparent as possible.”

Then their need to be transparent needs to be 100%. The fact that they have a redacted document that is available here doesn’t inspire confidence. They’ll need to do better if they want to regain the trust of Canadians.

Though to be completely fair to Rogers, they are doing some things that I believe that they need to do to regain the trust of Canadians:

It is clear that what matters most is that Rogers ensures this does not happen again. We are conducting a full review of the outage. Our engineers and technical experts have been and are continuing to work alongside our global equipment vendors to fully explore the root cause and its effects. We will also increase resiliency in our networks and systems which will include fully segregating our wireless and wireline core networks. Lastly, we have additionally hired an external review team to further assess and provide insights into the outage. This will involve a complete evaluation of all our processes, including the performance of network upgrades, disaster recovery procedures, and communication with the public. 

Additionally, Rogers will work with governmental agencies and our industry peers to further strengthen the resiliency of our network and improve communication and co-operation during events like this. Most importantly, we will explore additional measures to maintain or transfer to other networks 9-1-1 and other essential services during events like these.

All of this is good because as I said here, their communication with the public sucked during this outage. And the other items that they mentioned like having a third party come in and review how they work, and working with industry peers which they were ordered to do are all good as well. But the only thing that matters is results and transparency. Let’s see if Rogers has it within them to do both so that they regain the trust of Canadians.

3 Comments »

Guest Post: Scams Are Targeting Seniors. Here’s How to Stop Them.

Posted in Commentary with tags on July 22, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout

With digital scams on the rise, it’s growing increasingly difficult to discern if an email, text message, phone call or website is legitimate or not. More people are reporting losing time and money due to online scams, and in particular, elderly individuals report falling victim. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3). This is a whopping 74 percent increase over losses reported in 2020. The number one area of attacks were in tech support fraud, including identity theft and personal data breaches. 

Luckily, by taking a few key steps, people of all ages can reduce the risk of scams, and online fraud. In recognition of National Parents Day on Sunday, July 24, Lookout has provided the below tips that family members can take to best protect parents and elderly family members from digital risks.  

  • Check the “sent from” email address
    Real companies will send from their own domain. One easy way to check for authenticity is to make sure a company email isn’t coming from an address ending in “@gmail.com” or  “@yahoo.com”.
  • Go directly to the source
    If you receive an email requiring action from you, usually involving private information like social security, birthday, bank information, or more, immediately call the company this message is reportedly from. 
  • Beware of urgency 
    Be wary of urgent demand or emails that require immediate action and divulgence of personal information. “Emergencies” can sometimes cause people to act without fully understanding the request or the implications of them, which make them a common tool for cybercriminals.
  • Watch for obvious misspellings and grammatical errors 
    Professional newsletters, notifications, and other email messages go through several rounds of approvals before distribution, so emails that include spelling errors and odd punctuation can be a sign of a scam.
  • Set Stronger Passwords 
    Use Two-Factor Authentication. This makes it harder for hackers to access your account, and will alert you to any potential hacking attempts.  
    • Password Changes: Regularly change the password to your most important accounts. This will help prevent hackers from getting access. Make sure you use a combination of letters and numbers for the best protection. If your information has been compromised in a data breach, act immediately.
  • Install Security Software On Your Devices
    Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.

Leave a comment »

Twitter Gets Pwned…. 5.4 Million Accounts Affected

Posted in Commentary with tags on July 22, 2022 by itnerd

Bad news for Twitter users out there. The social media platform has been pwned. And the threat actor has put the data of 5.4 million people up for sale. Which is of course a bad thing. Restore Privacy is reporting that the breach was made possible by a vulnerability discovered back in January:

Back in January, a report was made on HackerOne of a vulnerability that allows an attacker to acquire the phone number and/or email address associated with Twitter accounts, even if the user has hidden these fields in the privacy settings.

The bug was specific to Twitter’s Android client and occurred with Twitter’s Authorization process.

The person who reported the bug got paid a bug bounty by Twitter when he reported the bug to them. But apparently that came too late as this happened:

Exactly as the HackerOne user zhirinovskiy described in the initial report in January, a threat actor is now selling the data allegedly acquired from this vulnerability.

Earlier today we noticed a new user selling the Twitter database on Breached Forums, the famous hacking forum that gained international attention earlier this month with a data breach exposing over 1 billion Chinese residents.

The post is still live now with the Twitter database allegedly consisting of 5.4 million users being for sale. The seller on the hacking forum goes by the username “devil” and claims that the dataset includes “Celebrities, to Companies, randoms, OGs, etc.”

There is as yet no way to check whether your account is included in the Twitter data breach. As always, it pays to be vigilant about phishing attacks as that is how I expect that this data will be used.

Stay tuned for further developments.

1 Comment »

Stolen logins selling for same price as a gallon of gas on the Dark Web: HP Wolf Security Study

Posted in Commentary with tags on July 21, 2022 by itnerd

Something that caught my attention today is a new cybercrime study from HP Wolf Security, revealing how it has never been cheaper or easier to be a cybercriminal.

Here are some key findings both in print and in graphics:  

  • Stolen remote desktop credentials – which allow an attacker to log into targets devices from anywhere – average at just $5. 
  • Malware and exploits that let cybercriminals infect and control machines are typically less than $10. 
  • ‘Noob friendly’ mentoring and hosting services are selling for a fraction of the price of IT qualifications. 

Here are some examples of advertisements on the dark web:

As the barriers to entry lower and the number of attackers get higher, the more likely Canadian businesses are at risk of becoming a target.

The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back gives an overview of how this cybercrime economy is emerging, actionable insights into what the future holds and advice on how to better defend against cybercriminals.  

Leave a comment »

New PayPal Phishing Attack: Hackers Trick Victims, Send Emails via The Invoice Expressway

Posted in Commentary with tags on July 21, 2022 by itnerd

Last month, researchers at Avanan released their findings on the QuickBooks phishing scam, where hackers send spoofed invoices from a legitimate QuickBooks account to get into user inboxes and steal credentials and money. 

Researchers at Avanan have now observed hackers using this same technique, only now using the legitimacy of PayPal to bypass email scanners and successfully deliver fake invoices. 

Like the previous attack, hackers present an invoice, encouraging victims to call with any questions. Users are asked to provide credit card details to cancel the transaction when calling the number provided.

Jeremy Fuchs, Cybersecurity Research Analyst at Avanan had this to say:

“This is yet another example of hackers taking advantage of static Allow Lists. PayPal is a trusted site, so security solutions are likely to trust content coming from the site. This is an effective way for hackers to land in the users’ inbox. Plus, since the email comes from PayPal, it looks more convincing. When looking at the message, end-users should be encouraged to not call unfamiliar phone numbers and to do a Google search of any phone numbers to see if it is legitimate.”

You can read the report here.

Leave a comment »

Guest Post: Top 5 phishing statistics of 2022 According To Atlas VPN

Posted in Commentary with tags on July 21, 2022 by itnerd

While 2022 is not over, phishers have already launched various attacks. The Atlas VPN team compiled a list of the top five most notable phishing statistics and findings of 2022 so far to shine the light on the current cybercrime landscape.

#1 Almost 70% of email scammers leave the ‘subject’ line empty 

If there is a tell-tale sign that the email one received is a phishing attempt is an empty subject line. Research finds that 67% of cybercriminals leave the subject line blank when sending malicious emails. 

Other subject lines attackers use, although much less frequently, include ‘Fax Delivery Report’ (9%), ‘Business Proposal Request’ (6%), ‘Request’ (4%), ‘Meeting’ (4%), ‘You have (1*) New Voice Message’ (3.5%) , ‘Re: Request’ (2%), ‘Urgent request’ (2%), and ‘Order Confirmation’ (2%). 

#2 LinkedIn users targeted in 52% of all phishing attacks globally in Q1 2022 

Cybercriminals often utilize big brand names in their phishing attempts in hopes receivers will not notice the message is coming from an illegitimate source. In the first quarter of 2022, attackers most frequently chose LinkedIn as they go to brand. 

Linkedin was used in over half (52%) of phishing scams worldwide — a 44% upshift from 8% in the previous quarter. It was the first time a social media brand outranked tech giants like Apple, Google, and Microsoft as phishers’ favorites. 

#3 ​​Blockchain.com, Luno, and Cardano are the top-most phished crypto projects 

Even with the cryptocurrency market going through hard times, cybercriminals continue to use crypto brands in their scams. One of their tactics is to set up fraudulent websites that look like legitimate brands with hopes of stealing sensitive information. 

Cryptocurrency financial service company Blockchain.com was the most spoofed crypto brand, with 662 phishing websites in the last 90 days (till June 22, 2022). Crypto investing app Luno is the second on the list with 277 phishing pages, followed by proof-of-stake blockchain platform Cardano with 191.

If you would like to learn more about the online crime landscape, we have prepared a report that overviews 60 Worrying Cybercrime Statistics.

To read the full article, head over to: https://atlasvpn.com/blog/top-5-phishing-statistics-of-2022

Leave a comment »

A Quick Update About My Efforts To Dump Rogers For Bell

Posted in Commentary with tags , on July 20, 2022 by itnerd

This update centres around this comment I made in my last update:

The person who I got on the line tried to modify my order, but couldn’t do that. Thus he claims he was forced to create a new order. But what sucks about this is that he also couldn’t cancel the order that I put in online, and I would have to call back in tomorrow or later tonight to cancel the order. I question why Bell doesn’t have a way to nuke the order themselves and force the customer to do it. In any case, I’ll be calling them tomorrow and I will let you know how that goes.

So I called into Bell this morning, and according to the rep that I spoke to, apparently the order “isn’t being recognized by the system. So It will be automatically deleted.”

So why am I calling in precisely? And why doesn’t the rep that I spoke to yesterday know that? Assuming that what was told to me was accurate.

But it gets better. The rep that I spoke to said “When orders are entered online, there’s a high chance that they won’t go anywhere. Thus customers will wait for an install that will never happen.”

Assuming that the above statement is correct, it sounds really dumb. Why have the ability to order online if it doesn’t work a lot of the time? That to me makes no sense. To me it seems that either Bell’s systems are broken, or this is another way to get you to call in so that they can upsell you to death, or both. But the good news is that I took the opportunity to confirm that my install for next Thursday is still on. At least as I type this. My wife is expecting something to go sideways on that front because it’s Bell and she has no confidence in them. But what gives me a small amount of hope is that later in the morning, I got an automated call from Bell confirming that install was still on track.

Normally I would be holding my advice for Bell till I got through this process. But here’s one piece of advice for them in the here and now. They need to ensure that their customers can place orders via multiple channels in a friction free way. If they want to speak to a human (and get upsold till the cows come home), they should be able to do that. If they don’t want to speak to any humans at all and order online, they should be able to do that. And regardless of the channel that they choose, it has to work 100% of the time. That alone would improve how customers perceive them. Especially these days where I am guessing that they are getting customers from Rogers at a tremendous rate.

You might want to get on that Bell.

Leave a comment »

« Older Entries
Newer Entries »