Archive for September, 2022

Review: TP-Link Archer AXE75 Wi-Fi 6E Router

Posted in Commentary with tags on September 30, 2022 by itnerd

Last week the UPS guy knocked on my door and handed me a package. I wasn’t expecting anything but after checking my email, it turns out that I should have been expecting this:

This is the TP-Link Archer AXE75 Wi-Fi 6E Router. It promises speedy WiFi 6E support at an affordable price. Let’s take a closer look at the router.

The router has six non-removable antennas. This means that if you break one, you are sending the whole router in for repair. I should also note that you can see wires at the hinge which I am not sure how I feel about that. It is made of plastic and feels on the lightweight side of things.

The front has a bunch of LEDs that let you know what the status of the router is at a glance.

You get four gigabit ethernet ports and a gigabit WAN port.There are also buttons to turn on and off the LEDs, activate WPS, turn on and off WiFi, and a reset button. Plus there’s a on/off switch and a power connector.

Finally there’s a USB 3.0 port on the right side which can act as an FTP media server or connect to a USB-enabled printer for anyone on the network. 

Bonus points for the tiny printed QR code on the bottom that can quickly connect you to the preset Wi-Fi when the Archer is powered on, alongside the usual default passwords and networking info. More bonus points for the included quick installation guide being very clear with simple diagrams and even another QR code linked to instructional videos. That made setup insanely easy. You can either use a web page to configure things or you can use the Tether app which is available for iOS and Android.

So here’s the question. What’s the performance of this router over WiFi? Well, I will say this. I didn’t have a chance to test this with WiFi 6E devices as I could not source any. But over WiFi 6, I was pretty impressed. First, here’s a speed test while in the same room as the router:

This is pretty good. But it’s about to get better. Starting with this test from the other side of my sub 1000 foot condo:

The upload speed took a bit of a hit. But this is still a good result as a lot of routers struggle at providing decent speeds across the length of my condo. I decided to push the envelope a bit and dive into my den which introduces two concrete walls into the mix.

While there was another hit to the speed that I was getting, this is better than most routers that I have tested with the exception of mesh routers. Speaking of mesh routers, you can use this in a mesh setup if you need additional coverage. That’s a nice touch.

Finally, I went outside my condo and walked twenty paces down the hall. That introduces a concrete wall into the mix

This is pretty good actually as I was expecting it to slip into sub 100 Mbps speeds.

Based on this testing, I would say that TP-Link’s claim that this router will cover a house the size of a 2 or 3 bedroom house is confirmed. And if it doesn’t you can always leverage the mesh option to enhance things.

Now besides some decent amount of configuration, you get TP-Link’s HomeShield network management as part of the deal. Though it is locked to the Tether app and a monthly or yearly subscription. Parental controls, in particular, require signing up for the paid service. If you’re expecting to set network time limits for your children’s devices, you won’t be able to do it for free which is a bit of a #fail as some of TP-Link’s competitors allow you to do this for free. For a fee of $5.99 US, will you be also able to access security features like DDoS protection and malicious content filtering. In-depth device traffic statistics, including time spent online and visited URLs, are, among others, restricted to the paid subscription. You can see what you get for free and for a subscription here.

So, what are the cons to this router? Well the main limiting factor is that the WAN port is a gigabit port. That’s a problem in someplace like Canada where 8 Gbps Internet is suddenly a thing. But other than that, this is a pretty good deal. I found it on Amazon for $399 CDN which makes it a great price for a WiFi 6E router. And this is something that I would recommend for someone who wants a router that allows them to have great range, great speed, and the ability to expand to a mesh system. Plus you get to future proof your network with WiFi 6E support. What more could you ask for?

Anand Sahay assumes Global role as Xebia’s CEO

Posted in Commentary with tags on September 29, 2022 by itnerd

Anand Sahay has been elevated as the new Global CEO at Xebia, the leading global IT consultancy Dutch firm, now headquartered in US.

Sahay joined Xebia in 2014 as CEO to take the company beyond Netherlands and co-founded Xebia Global Services. He is the force behind extending Xebia’s business into US, UK, Middle East Africa, APAC and ANZ regions in his role as CEO, Anand will set the ground for Xebia’s next level of growth.

Global CEO of Xebia, Sahay, is a leader-entrepreneur. He has a sharp eye for the latest technologies and weaves unique service offerings around them to create innovative service-line products and tap potential markets. Moreover, collaborating with business leaders, he helps them solve critical problems. In his career, he has had exposure to a diverse range of organizations, functional groups and work cultures. He says these experiences and the people have made him the person and business leader that he is today.

Xebia, under Sahay’s stewardship, developed software engineering prowess to cater to the growing demands of global customers for quality software technology. Building on the architecture, engineering and software craftsmanship learned over the years in the Netherlands, he has brought a unique and refreshing blend of quality and scale. Sahay has led Xebia to be distinctive in the world and helped it to stand out from the other software firms globally.

At present, Xebia is more than 5000 -people-strong worldwide, including 3,000+ people across five centers in India. Xebia’s software adroitness covers every critical capability required to bring successful digital transformation programs for customersacross the world.

As an electronics engineer, Sahay started his career at TCS as a software programmer. He later completed his MBA and moved on to take various leadership roles in life. An avid reader and a philanthropist, Anand is committed to giving it back to the society and enabling people and the environment. A significant association includes The Nudge foundation that exists to alleviate poverty, sustainably, collaboratively and scalability. It has three impact streams to tackle the complex issue of poverty from multiple angles – Centre for Skill Development and Entrepreneurship (CSDE), Centre for Social Innovation (CSI) & Centre for Rural Development (CRD). Anand is actively involved with The Nudge Foundation and travels across remote villages to be there for the cause. 

Hackers Continue To Leverage Facebook’s Ads Manager To Send Credential Harvesting Links: Avanan

Posted in Commentary with tags on September 29, 2022 by itnerd

A few weeks ago, researchers at Avanan observed how threat actors are using the Facebook Ad Manager to send credential harvesting links. Since then, Avanan has continued to see this campaign being used to get into the inbox and steal credentials. 

Similar to the previous attack, users of Facebook Ads get an email that they have violated the Terms of Service. In order to avoid losing permanent access to the account, users are encouraged to create an appeal by clicking on the link provided. Users are warned that if they do not complete the form within 24 hours, their account may be disabled. 

You can find the blog here which if you were interested in the original research that Avanan put out, you’ll be interested in this one as well. 

OVHcloud Completes Its Storage Solutions Giving Object Storage Offer Compatibility With S3 API

Posted in Commentary with tags on September 29, 2022 by itnerd

OVHcloud, the European cloud leader, offers a wide array of storage solutions to meet clients’ expectations and scaling needs. With the exponential growth in data volume year on year, the Cloud native architectures are essentially based on non-structured data. To meet demand, OVHcloud now offers a unique experience around different universes with its new High-Performance Object Storage and Standard Object Storage ranges.

High-Performance Object Storage: more features, more geographies

OVHcloud’s the High-Performance Object Storage solution, aimed at the most demanding apps, is based on S3 API and combines reliability and performance. Launched in early 2022 as a highly scalable solution, High-Performance Object Storage continues to evolve and now supports encryption and Object Lock. OVHcloud has also expanded its geographies with an additional French data center in Gravelines (GRA) and launch in North American markets, first with Beauharnois (BHS) in Canada, soon to be followed by two data centers in the US.

Standard Object Storage: the best price/performance ratio now S3 compatible

To address data storage needs with no specific performance constraints, the Group is launching OVHcloud Standard Object Storage. Now addressable through the S3 API, the Standard Object Storage offer is easy to implement and integrates seamlessly within the customer workflow participating in a fully reversible Cloud. At the core of OVHcloud storage strategy, Standard Object Storage stands out by its price/performance ratio with a monthly rate of 9.50 CDN per terabyte. With predictable costs in mind, the offer includes internal traffic to OVHcloud servers.

File Storage: evolution of the NAS-HA service

To meet the high availability storage needs of structured data, OVHcloud is evolving its file storage service with redundancy NAS-HA, which is especially valuable within virtualized environments or collaborative platforms. Integrated in a transparent form to the OVHcloud ecosystem, NAS-HA is fully managed and relies on OpenZFS technology with support for NFS and CFIS protocols. With a totally revamped user interface, NAS-HA is built upon SSD disks. Storage tiers range from 3 to 144 TB with a monthly rate starting at 228.99 CDN for 3 terabytes, without any traffic limitation (in/out). The offer is available in France (RBX and SBG) as well as Canada (BHS).

Cold Archive: secure and long-term data archive

Later this year, OVHcloud will launch its new storage service, Cold Archive – a hyper-resilient solution at a very competitive price. This service, working with Standard Object Storage, will allow businesses to store over the long term, while benefiting from maximum security and reliability. The service is based on:

  • 4 mini data centers located across France with at least 200km of distance between sites. With each site interconnected, a permanent level of backup is guaranteed with redundancy mechanisms, to support every situation.
  • A resilient tape-based archives solution, developed in partnership with IBM and Atempo. This will provide customers with an ultra-secure storage solution for the very long term with two advantages: a high level of security and low power as soon as data is written on tapes that become offline.

Performance focus: Block Storage adopts NVMe Over Fabric

Block storage is ideally suited for transactional processing as well as databases as it favours speed and adapts to scaling. One possible use case is the ability for customers of OVHcloud’s Managed Kubernetes services to store data from these microservices within the offer. 

The Block Storage offer will soon include a solution supporting NVMe Over Fabric. With the use of NVMe SSD and the NVMe protocol, it will provide best possible performance. Based on EXTEN developments, Block Storage Exten will benefit from performances higher than 50K IOPS and will be able to saturate 100 Gbps network connections. A Beta version is expected by the end of this year.

Dialogue Launches Wellness, Canada’s First-Ever Integrated Virtual Preventative Health Program That Promotes Healthier Living

Posted in Commentary with tags on September 29, 2022 by itnerd

Dialogue Health Technologies Inc., Canada’s premier virtual care and wellness platform, is launching Wellness, a new program that promotes healthier living through preventive healthy habits. The program targets primarily the 70% of Canadians who do not achieve the recommended 150 minutes of physical activity per week, helping them build healthier habits and prevent illness.

Building on the acquisition of Tictrac, UK-based global digital health and well-being platform, Dialogue’s Wellness program is the first preventative virtual care model of its kind in Canada.  It promotes healthy habits, wellness challenges and clinically-vetted content and insights through 40 habits centered around the themes of better sleep, stress reduction, improving mood and moving more, and drives high engagement and participation regardless of members’ current level of fitness or activity. Built into Dialogue’s Integrated Health Platform™, Wellness expands Dialogue’s continuum of care towards prevention, with its current pillars of primary care, mental health and EAP programs, through the newly redesigned Dialogue mobile app.

While organizations are facing unique talent attraction and retention challenges in a hybrid workplace, the Dialogue Wellness program promotes an environment of well-being by empowering members to own their well-being journey, whilst also providing HR teams with key insights on member wellness. Studies show that 150 minutes of exercise per week can delay or fully prevent chronic conditions, and is recommended by the CDC to reduce the chances of developing depression or anxiety.* According to a case study conducted by Dialogue, 80% of members using the Wellness program achieved 150+ minutes of activity weekly, and otherwise sedentary users saw an increase of 75% in their daily activity.

Developed in partnership with The Center for Behaviour Change at UCL which has over 10 years of experience in this field, Wellness utilizes a multi-targeted approach for behaviour change interventions.** It is available to all organizations in Canada and can be offered as a stand-alone program or added to existing Integrated Health Platform™ benefits.

*https://www.cdc.gov/physicalactivity/basics/pa-health/index.htm
**https://pubmed.ncbi.nlm.nih.gov/21513547/

An Email Based Invoice #Scam Involving @LifeOmic And @Zoho Is Making The Rounds

Posted in Commentary with tags , , on September 28, 2022 by itnerd

For the first time in a long time, I’m writing about something other than an extortion phishing scam. This scam involves health platform LifeOmic and Zoho. In short you get an email looking like this:

It claims to have been sent from Zoho’s CRM product and claims that you have a subscription for access to LifeOmic’s heath cloud that you have to pay. What the scammers are hoping for is that you’ll call the number and presumably the scammers will want to get access to your computer to do who knows what, or extract personal information from you.

There’s one sure way to tell that this is a scam:

The email address in use does not trace back to either Zoho or LifeOmic. So that alone should make you delete this email immediately upon receipt.

This part of the email caught my attention:

This is meant to reassure you that this isn’t a scam and that LiveOmic and Zoho are committed to preventing invoice scam. Except that this is an invoice scam. And unlike most scams that I have seen lately, the English used in this one is pretty decent. I had to hunt to find grammatical errors.

I tried calling the number, which by the way is something that you should never do, and I was greeted with cheesy hold music and a message telling me to stay on the line because all the scammers representatives were busy. I gave it five minutes and hung up. But that was enough to tell me that this was an active scam. But I was unable to get information as to their motives. But at the end of the day. it doesn’t matter as whatever their intentions are, they aren’t good. Thus if you see this email hit your inbox, delete it and move on with your day.

LinkedIn Unveils Canada’s Top Startups List For 2022

Posted in Commentary with tags on September 28, 2022 by itnerd

LinkedIn is releasing the Canadian edition of the 2022 Top Startups List featuring the companies attracting attention and top talent in 2022. 

Grounded in unique LinkedIn data, Top Startups is an annual ranking of the young, emerging companies attracting professionals who want to work there. The list reveals the companies that are forward-thinking and innovative around the future of work. These growing startups are successfully navigating through the current world of work at a time where there is economic uncertainty. 

LinkedIn’s methodology is based on growth and demand. The data to rank startups on the list is based on four pillars that are synonymous with successful startups: employment growth, engagement, job interest and attraction of top talent.  

2022 Top Startups Canada List

  1. Neo Financial 
  2. Ada 
  3. Fable 
  4. Shakepay 
  5. ApplyBoard 
  6. BenchSci 
  7. Cohere 
  8. Certn 
  9. Drop 
  10. Dapper Labs 
  11. Snapcommerce 
  12. Manifest Climate 
  13. Irwin 
  14. TealBook 
  15. Klue 

Methodology 

LinkedIn measures startups based on four pillars: employment growth, engagement, job interest and attraction of top talent. Employment growth is measured as percentage headcount increase over methodology time frame, which must be a minimum of 10%. Engagement looks at non-employee views and follows of the company’s LinkedIn page, as well as how many non-employees are viewing employees at that startup. Job interest counts rate at which people are viewing and applying to jobs at the company, including both paid and unpaid postings. Attraction of top talent measures how many employees the startup has recruited away from any global LinkedIn Top Company, as a percentage of the startup’s total workforce. Data is normalized across all eligible startups. The methodology time frame is July, 1 2021 through June 30, 2022.  

To be eligible, companies must be fully independent, privately held, have 50 or more full-time employees, be 7 years old or younger and be headquartered in the country on whose list they appear. We exclude all staffing firms, think tanks, venture capital firms, law firms, management and IT consulting firms, nonprofits and philanthropy, accelerators and government-owned entities. Startups who have laid off 20% or more of their workforce within the methodology time frame are also ineligible.  

About company insights 

*Company insights were sourced from LinkedIn Talent Insights. Data reflects aggregated public member data from active LinkedIn profiles in the relevant country and includes full-time employee profiles associated with the company on LinkedIn. All data points are measured among hires in the last year. We exclude members who identify as part-time or contractors. Headcounts are provided by the companies directly, unless otherwise noted with an asterisk. Those headcounts are based on LinkedIn data. The insights reflect data as of July 2022. Skills data was derived from measuring the most frequent skills among a company’s employees. Most common job titles represent the occupations that are most common within each company. Largest job function measures the function area most prevalent within each company.

  

Guest Post: Protect Your Elderly Loved Ones During Cyber Security Month

Posted in Commentary with tags on September 28, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout

With digital scams on the rise, it’s growing increasingly difficult to discern if an email, text message, phone call or website is legitimate or not. More people are reporting losing time and money due to online scams, and in particular, elderly individuals report falling victim. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3). This is a whopping 74 percent increase over losses reported in 2020. The number one area of attacks were in tech support fraud, including identity theft and personal data breaches. 

Luckily, by taking a few key steps, people of all ages can reduce the risk of scams, and online fraud. In honor of Cyber Security MonthLookout has provided the below tips that family members can take to best protect parents and elderly family members from digital risks.  

  • Check the “sent from” email address: Real companies will send from their own domain. One easy way to check for authenticity is to make sure a company email isn’t coming from an address ending in “@gmail.com” or  “@yahoo.com”.
  • Go directly to the source: If you receive an email requiring action from you, usually involving private information like social security, birthday, bank information, or more, immediately call the company this message is reportedly from. 
  • Beware of urgency: Be wary of urgent demand or emails that require immediate action and divulgence of personal information. “Emergencies” can sometimes cause people to act without fully understanding the request or the implications of them, which make them a common tool for cybercriminals.
  • Watch for obvious misspellings and grammatical errors: Professional newsletters, notifications, and other email messages go through several rounds of approvals before distribution, so emails that include spelling errors and odd punctuation can be a sign of a scam.
  • Set Stronger Passwords 
  • Use  Two-Factor Authentication: This makes it harder for hackers to access your account, and will alert you to any potential hacking attempts.  
  • Password Changes
    Regularly change the password to your most important accounts. This will help prevent hackers from getting access. Make sure you use a combination of letters and numbers for the best protection. If your information has been compromised in a data breach, act immediately.
  • Install Security Software On Your Devices
    Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.

Threat Analyst Finds Wholesale Access Markets Skyrocket As Uber Breach Points To Trends Tn Easy Credential Acquisitions On The Dark Web

Posted in Commentary on September 28, 2022 by itnerd

The recent Uber breach is the perfect example of how easy it is for anyone to purchase credentials and access on the Dark Web. 

According to a new report from Cybersixgill, “Wholesale Access Markets (WAM) & Ransomware – A $10 Investment for Millions in Return,” 19% of ransomware incidents—access to a system logged in to the organization’s domain had been offered for sale on a WAM within 180 days before the attack. Which is quite scary.

You can find the report here and it is eye opening reading to say the least.

Guest Post: Almost 40% Of Businesses Lose Over $100,000 Per Cyberattack

Posted in Commentary with tags on September 28, 2022 by itnerd

Successful cyberattacks can cause significant financial losses and harm to businesses. According to the recent findings by the Atlas VPN team, 37% of companies lose over $100,000 per cyberattack on average. Besides the financial damages, businesses also ruin their reputation, lose corporate information, and experience disruption of partner operations.

After a successful cyberattack, less than $5,000 were lost in 14% of businesses. Between $5,000 and $9,999 were stolen from 8% of companies. Cybercriminals got away with up to $49,999 after cyberattacks on 16% of businesses. Overall, 24% of businesses lost between $50,000 and $99,999.

Furthermore, 22% of companies suffered significant losses starting from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11% of businesses. Lastly, 4% of companies claimed to have lost over $1 million after a successful cyberattack. Just 2% of businesses did not know the actual losses.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on cyberattacks on businesses:

“Even though many businesses have invested more into cybersecurity lately, the most critical challenge is transparency. Companies are afraid to report incidents for fear of losing customer trust. However, that makes cyberattacks more dangerous and prevalent, causing significant damage to businesses.”

Consequences of cyberattacks

Besides the already mentioned financial losses, businesses often suffer additional damages after a successful cyberattack.

Nearly one-third (31%) of businesses experienced disruption of partner and customer operations and theft of financial information. Furthermore, more than one-quarter (28%) of companies suffered reputational damage and theft of financial information after a successful cyberattack.

About one-fourth (24%) of businesses had to deal with supply chain disruption. At the same time, another 23% of companies experienced obstruction of trading or business operations. Less than one-fifth (19%) of businesses suffered from the loss of business or contract, while money theft was present in 18% of companies after a successful cyberattack.

To read the full article, head over to: https://atlasvpn.com/blog/almost-40-of-businesses-lose-over-100-000-per-cyberattack