Archive for September 1, 2022

Tallcree Tribal Government Partnering With TELUS & The CRTC To Bring Wireless Connectivity To Residents For The First Time

Posted in Commentary with tags on September 1, 2022 by itnerd

Today, Tallcree Tribal Government, TELUS and the Canadian Radio-Television and Telecommunications Commission (CRTC) are celebrating the commitment to bring wireless connectivity to Tallcree First Nation in Northern Alberta for the very first time. With a wireless connection, small businesses can thrive and compete both locally and globally, families can stay connected to loved ones who live out of town, young people can stay in their hometowns longer and participate in distance education, and perhaps most critically, a wireless connection provides a lifeline to call for help in the event of an emergency. This commitment was achieved after the CRTC approved funding for TELUS to build two new cellular sites in Tallcree First Nation through the CRTC Broadband Fund. This project is currently underway and is expected to be complete by late 2024. 

This partnership builds upon TELUS’ commitment to bring world-class connectivity to communities across the province, providing the technological backbone for economic recovery and strength well into the future. Since 2000, TELUS has invested $220 billion nationally in network infrastructure, operations and spectrum, including more than $55 billion in technology and operations in Alberta.

TELUS has a longstanding commitment to strengthening relationships with Indigenous Peoples, including First Nations, Métis, and Inuit communities, acknowledging that our work spans many Traditional Territories and Treaty areas. To learn more about TELUS’ commitment to Reconciliation visit telus.com/reconciliation.

Redacted Publish Their Findings On The BianLian Ransomware Gang

Posted in Commentary with tags on September 1, 2022 by itnerd

Researchers with Redacted have issued their findings on the BianLian ransomware gang, citing observations of the threat actor deploying custom malware written in the Go programming language. BianLian has achieved initial access via exploitation of the ProxyShell Microsoft Exchange server flaws, leveraging it to drop a web shell of an ngrok payload for follow-on activities. Additionally, the BianLian actors exhibit dwell times of up to six weeks from the point of initial access to the encryption date, well above the median dwell time of 15 days reported in 2021.

This is highly concerning and Dr. Darren Williams who is the CEO and Founder of BlackFog agrees:

     “It is no surprise that threat actors continue to find new mechanisms and practices of infiltration, as we have seen countless times. The specific cause for concern here, however, is the dwell time that this group is sitting within systems. By the time BianLian performs encryption, thus making the genuine users aware, they have already sat within the network for far too long, observing and collecting countless streams of information. The very nature of this scenario should alert organizations to take a more consistent, proactive approach to monitoring their systems and taking a preventative approach to preventing data exfiltration.” 

I would be reading the Redacted report as that will give you a guide as to how to not become the next victim of BianLian.

LinkedIn Launches New Tools/Resources On Skills & Networking For Job Seekers

Posted in Commentary with tags on September 1, 2022 by itnerd

As the job market continues to shift, it’s important for workers to adapt, keep their skills sharp and stay connected to their professional network. New data from LinkedIn shows necessary skills for today’s jobs have changed by 25% since 2015 and that number is expected to double by 2027.

With that in mind, LinkedIn identified the top 20 skills in demand today. These skills were featured in more than three-quarters of paid jobs posted globally over the last three months on the platform. To help job seekers future-proof their careers, LinkedIn Learning is offering FREE courses for the month of September in these growing areas. Here’s a preview of the top five skills on the list.

  1. Customer Service – Serving Customers in a Continuously Changing World
  2. Sales – Asking Great Sales Questions
  3. Accounting – Lean Accounting Foundations
  4. Business Development – Business Development: Strategic Planning
  5. Marketing – Marketing Foundations: The Marketing Funnel 

For job seekers, LinkedIn also recognizes the power of turning to your professional connections for help. You can also now see who’s hiring in your network when you visit the Jobs home page. And you’ll be notified of relevant jobs when people in your first- or second-degree network are hiring, plus you can also see members of the hiring team in job descriptions, making it easy for you to reach out directly. 

In addition, LinkedIn will host a series of virtual events from September 12-16 where you can engage with expert instructors and discover tactical tips on how to support your career.  

For the full list of the top 20 skills in demand today, and their corresponding LinkedIn Learning courses, visit here.

Guest Post: Cloud servers are now the most common method of entry for cyberattacks at 41%

Posted in Commentary with tags on September 1, 2022 by itnerd

Several years ago, the Covid-19 pandemic shook the world, forcing companies worldwide to adopt remote work. Many companies even made this move a permanent feature of their business models. However, changes in IT infrastructure brought about by remote work, such as a move to cloud solutions, also shifted the focus of cyberattacks.

According to the data presented by the Atlas VPN team, based on the Cyber Readiness Report 2022 by Hiscox, cloud servers are now the number one way in for cyberattacks, with 41% of companies reporting it as the first point of entry — a 10% increase from the year before. 

The top cyberattack vector in 2021, corporate-owned servers, now occupies the third spot on the list. According to the 2022 survey results, 37% of businesses reported them as the main cyberattack entry method. 

Meanwhile, the second spot belongs to the business emails. They were named as the main access point for attackers by 40% of businesses.

Nearly half of companies experienced cyberattacks in the last year

While the pandemic led to a shift in IT infrastructure in organizations, such as the wider adoption of cloud solutions, the security strategies of businesses fall behind the new technologies. 

In total, 48% of companies reported having experienced at least one cyberattack in the last 12 months. Even with a 60% higher cybersecurity spending, cyberattacks rose by 5% compared to the year before. 

Out of the surveyed countries, companies in the Netherlands suffered the most. There, 57% of companies reported having experienced cyberattacks in the last 12 months. Organizations in the Netherlands also saw the most significant rise in cyberattacks which increased by 16%.

The Netherlands is followed by France, where 52% of organizations had cyberattacks in the last 12 months. Cyberattacks targeting French businesses rose by 3% compared to 2021. 

Next are organizations in Spain. Spain is the only country surveyed where cyber attacks decreased compared to the year before. Cyberattacks targeting Spanish businesses dropped by 2%, from 53% in 2011 to 51% in 2022.

Meanwhile, 49% of companies in Ireland went through cyberattacks in the past 12 months, followed by the United States with 47%. Cyberattack numbers there grew by 10% and 7%, respectively.  

To read the full article, head over to: https://atlasvpn.com/blog/cloud-servers-are-now-the-most-common-method-of-entry-for-cyberattacks-at-41

Privilege Escalation issue within Azure AD Discovered By Silverfort

Posted in Commentary with tags on September 1, 2022 by itnerd

Silverfort has release findings on a privilege escalation issue located within the Microsoft Azure Active Directory. The Silverfort research team recently located a lapse in safeguards to certain user accounts within the Azure AD service, which could enable lower-level admins to become fully privileged ones.

With Azure Active Directory being a leading cloud Identity Provider, Microsoft quickly responded to this reported issue and rapidly patched the gap, mitigating the potential of future attacks using this technique. Nonetheless, in a time when privilege escalation attacks are persistent and incredibly risky, Silverfort hopes the wider security community can benefit from releasing the analysis and findings of this issue.

Overview:

  • Azure AD safeguards higher-privileged admin passwords by preventing lower-privileged admins from access to modifications of those with higher privileges.
  • Azure AD safeguard is applied when a user is set to ‘eligible’ or ‘active’.
  • Azure AD allows user accounts to be assigned as ‘future use’.
  • Silverfort found that for ‘future use’ accounts, the password safeguard did not apply.

This gap would allow for initial compromise, scanning of Azure AD to locate accounts which are schedule to become highly privileged admins in the future, allowing for password resets and privilege escalation.

You can read their findings here.

Socially Engineered Phishing Attack Impersonates American Express To Steal User Credentials: Armorblox

Posted in Commentary with tags on September 1, 2022 by itnerd

Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, has released its latest findings that reveal the intricate directives of a new phishing attack where hackers take advantage of the reputable multinational credit card service company, American Express, in an attempt to steal confidential information.

How it works: A spoofed email resembling a legitimate notification email from American Express was sent to about 16,000 recipients of a nonprofit organization. The email contained an attachment informing end-users that account verification was mandatory and, if not addressed, would result in suspension. Contained within the email attachment message, the provided link led users to a fake American Express-branded landing page where login credentials would be rendered. 

You can read their findings here.

From Emergency Contraceptives to Sex Toys – Uber Eats Reveals New Trends On Canadians’ Sexual Health For World Sexual Health Day

Posted in Commentary with tags on September 1, 2022 by itnerd

September 4th is World Sexual Health Day—an occasion for busting taboos around sexuality and promoting positive sexual health practices globally. 

To celebrate, Uber Canada is releasing new trends that shed light on Canadians’ sexual health and wellness. Over the past year, more pharmacy and convenience store merchants have joined Uber Eats. Sexual wellness products—including everything from condoms, emergency contraceptives, lubricants, sex toys and more—are finding their way into people’s online shopping carts. 

Uber’s latest data drop reveals the most popular sex products purchased in cities across Canada and ranks the Canadian cities that are the most prepared for sexual adventures, based on the volume of sexual health products they’re purchasing on Uber Eats. 

Pregnancy tests and condoms top the list of the most popular sexual health products ordered on Uber Eats. And Edmontonians are the most prepped for safe sex, as the biggest consumers of sexual health products and contraceptives. You can see where your city ranks and what products are trending across Canada below. 

To show our support for positive sexual health practices this World Sexual Health Day, Uber Eats is also offering limited-time discounts of up to 20% off various sexual wellness products from September 1 to 7—so stock up on your essentials while you can!

Infosec Institute Awards Security Education Scholarships To Help Close Cyber Skills And Diversity Gap

Posted in Commentary with tags on September 1, 2022 by itnerd

Infosec Institute, a leading cybersecurity education provider and part of Cengage Group, today announced fourteen recipients of the 2022 Infosec Accelerate Scholarship. Established in 2018 to draw new talent from under-represented groups to join the cybersecurity industry and close the growing skills gap, the program awards lifetime access to Infosec Skills, a $10,000 value, to help recipients launch and advance their cybersecurity careers. 

Infosec Skills, Infosec’s technical skill development platform, includes over 1,400 resources to assess teams and close skills gaps with hands-on cyber ranges, projects and courses. Scholarship recipients have unlimited access to the newly released Infosec Skills cyber range, where cyber professionals can learn to defend against MITRE ATT&CK® Matrix for Enterprise tactics and techniques, perform penetration tests and practice writing secure code in an enclosed environment. Labs inside the cyber ranges guide learners through realistic scenarios inside the operating environments they’d encounter on the job — with clear learning objectives and actionable lessons.

2022 Infosec Accelerate Scholarship winners are:

Infosec Accelerate Women Scholarship 

  • Thanyathorn Thanapattheerakull | Toronto, Canada
  • Betta Lyon-Delsordo | Missoula, Montana
  • Heidys Cabrera | Hialeah Gardens, Florida

Infosec Accelerate BIPOC Scholarship 

  • Summer Black | Oak Lawn, Illinois
  • Jade Brown | Beachwood, Ohio
  • Joanina Perez | Brockton, Massachusetts

Infosec Accelerate Military & Veteran Scholarship 

  • Shaz Baig | Brooklyn, New York
  • Brian Nordemo | Laconia, New Hampshire
  • Christopher Chisholm | Missoula, Montana

Infosec Accelerate Undergraduate Scholarship 

  • Nicholas Kenyon | Cape Coral, Florida
  • Anthony Torres | Santa Clarita, California
  • Nicholas Langenfeld | Wild Rose, Wisconsin

Infosec Accelerate LGBTQI+ Scholarship 

  • Angelica Bonus | San Diego, California
  • Kandice Kucharczyk | Cape Coral, Florida

Learn more about the Infosec Accelerate Scholarships here.

TELUS Completes $2.3 Billion Acquisition Of LifeWorks

Posted in Commentary with tags on September 1, 2022 by itnerd

TELUS Corporation today announced the completion of the previously disclosed acquisition by way of a plan of arrangement of LifeWorks Inc., a world leader in providing digital and in-person solutions that support the total wellbeing of individuals – mental, physical, financial and social, solidifying TELUS Health as one of the largest companies providing digital-first health and wellness services and solutions that empower individuals to live their healthiest lives. TELUS Health is now positioned to support corporate clients across more than 160 countries and covering more than 50 million lives and growing worldwide.

Benefits of the transaction:

  • Establishes a compelling offering for employers to provide the best wellness experience for their employees in order to enhance talent acquisition and retention, while improving their business performance 
  • Provides complementary end-to-end solutions supported by TELUS’ robust infrastructure of leading networks and best-in-class customer experience, including TELUS International’s proven expertise in digital transformation and client service excellence
  • Creates a global digital health and wellness leader, providing access to high quality, proactive healthcare and mental wellness for employees by unifying digital-first solutions across the care continuum
  • Enables continued innovation and market share growth through the solid financial backing of TELUS, along with significant cross selling synergies between our respective organizations, including TELUS International

TELUS Health’s Chief Operating Officer, Michael Dingle, will oversee the transition and lead the integration of LifeWorks into the TELUS Health family. Michael’s deep industry expertise and proven track record of creating team, client and shareholder value will ensure the smooth transition of LifeWorks team members and clients.