Archive for September, 2022

« Older Entries
Newer Entries »

Guest Post: Trojans Targeting Mobile Banking Grew By Over 110% In H1 2022

Posted in Commentary with tags on September 22, 2022 by itnerd

The majority of the population in developed countries has integrated mobile banking into their everyday lives surprisingly quickly and seamlessly. The adoption of mobile banking was successful because financial institutions and fintechs ensured that the applications were user-friendly, convenient, and extremely secure.

However, since financial gains from finding loopholes in mobile banking applications tend to be sky-high, hackers are working day and night to figure out how to break into these apps.

While the mobile banking industry is in its golden age, the amount of attention from cybercriminals is also at an all-time high. 

According to Atlas VPN investigation, the number of mobile banking trojans reached a record-breaking 109,561 detections in H1 2022, representing a 117% increase over the 50,450 detections in H2 2021.

The data for the analysis was extracted from Kaspersky’s official website, where the company shares data collected from its users. 

Nearly half (49.28%) of the detections in H1 2022 were part of the Trojan-Banker.AndroidOS.Bray family. This malware type is considered to be a severe threat to the infected system. 
 

Mobile trojans are designed to target mobile financial applications in order to commit on-device fraud and siphon cash straight from victims’ accounts.

Victims (sometimes) get their funds back

Cybercriminals tend to backward-rationalize their fraudulent acts by stating that their victims usually get their funds back, so the actual losses are incurred by the banking institutions instead. 

To read the full article, head over to: https://atlasvpn.com/blog/trojans-targeting-mobile-banking-grew-by-over-110-in-h1-2022

Leave a comment »

NexTech Batteries Earns Milestone UN/DOT Safety Certification

Posted in Commentary with tags on September 22, 2022 by itnerd

NexTech Batteries, the global leader in proprietary lithium-sulfur (LiS) battery technology, received UN/DOT 38.3.5 safety certification for its patented semi-solid-state lithium-sulfur 5.4 amp hour cell – exceeding test standards required for air transportation and other modes of transit. 

Before any lithium battery can be transported, it must pass specialized safety tests that simulate real-world transportation conditions like low pressure, impact, temperature, shock and more. UN/DOT 38.3.5 details environmental, mechanical and electrical requirements for all lithium cells and batteries. The UN/DOT 38.3.5 standard is required for transporting lithium batteries in the U.S. and is the international standard for air and sea transit across international waters and boundaries. With this certification, NexTech demonstrates compliance in the design and manufacture of its groundbreaking Lithium-Sulfur battery cells – which are being actively tested by major global automotive manufacturers, state energy commissions in the U.S. and consumer technology companies. 

NexTech’s first-to-market semi-solid-state lithium-sulfur chemistry brings real solutions to the immense demands of the world economy for reliable, powerful, safe and sustainable battery technology. Having introduced a lithium-sulfur cell approved under the UN 38.3.5 safety standard, the first of its battery cells to earn the certification, NexTech is ramping up activity with domestic and international partners and rapidly preparing additional cell capacities for UN/DOT testing. The company is accelerating the crucial battery evolution demanded by the next generation of consumer electronics and e-mobility.

NexTech Lithium-Sulfur Cells: Flying Through UN 38.3.5 Safety Tests

  • T1 Altitude – simulates how the cell behaves during air transport under low pressure conditions whereby the cell could swell in size or burst.
  • T2 Thermal – validates the cell’s perimeter vacuum seal and internal electrical connections to remain intact during rapid and extreme temperature changes.  
  • T3 Vibration – that simulates a series of vibration effects that may be apparent during transportation.
  • T4 Shock – validates the robustness of the cells against shock and extreme acceleration and deceleration that can be transportation or application related.
  • T5 External Short Circuit – simulates an external short of the terminals without going into thermal runaway or exceeding 170C and avoiding rupture.
  • T6 Crush/Impact – simulates any mechanical abuse from an impact or crushing event that may result in thermal runaway or the cell bursting.
  • T8 Forced Discharge – evaluates the ability of a primary or rechargeable cell to withstand a forced discharge condition and not result in thermal runaway.

Leave a comment »

Indonesia Passes A Really Great Data Privacy Law

Posted in Commentary with tags on September 21, 2022 by itnerd

Indonesia legislators Tuesday passed the data protection bill, making data handlers liable for up to five years in jail and a maximum fine of 5 billion rupiah ($334,000) for leaking or misusing private information. Reuters have the details:

The bill’s passage comes after a series of data leaks and probes into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo’s vaccine records.

Lawmakers overwhelmingly approved the bill, which authorises the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data.

The biggest fine is 2% of a corporation’s annual revenue and could see their assets confiscated or auctioned off. The law includes a two-year “adjustment” period, but does not specify how violations would be addressed during that phase.

The legislation stipulates individuals can be jailed for up to six years for falsifying personal data for personal gain or up to five years for gathering personal data illegally.

Users are entitled to compensation for data breaches and can withdraw consent to use their data.

Noris Ismail, Managing Director of Breakwater Solutions has this to say:

     “Indonesia experienced a rollercoaster journey and huge learning & relearning curve whilst drafting and debating the Bill. It’s not surprising given President Joko Widodo’s vision to accelerate Indonesia’s digital economy transformational journey (being the 4thpopulous nation in the world which contributed 40% of Southeast Asia’s 2021 e-commerce gross Merchandise Value (GMV), at $70 billion based on the 2021 e-Conomy Southeast Asia report) and mushrooming reported data breach cases in public and private sectors. Like other evolving data privacy legislative landscape in ASEAN Member States, some of the requirements partly mirror the GDPR (but with Indonesia gravitas, persona, and legislative identity). Global organisations that are processing Indonesian dataset (inside or outside Indonesia) have 2 years to kicking off assessment and remediation leading to ‘Business As Usual (BAU)’ implementation phase. Some organisations might accelerate the latter due to lessons learned from the GDPR experience and journey – subject to existing governance, business strategy, growth, process and data processing activities. Some organisations might require a tactical approach to assess top 5-10 risks and prioritise to remediate leading to aspired defensible compliance positions (due to resource, budget, and technology constraints). Pushing forward to 2 years, we’re very keen to learn Indonesia Personal Data Protection Act (PDPA)’s regulatory enforcement approach and their ‘global data interoperability’ guidance notes particularly in data localisation and PDPA adequacy determinations (from Indonesia’s lens, in addition to, the European Commissions’ lens). It might take more than 2 years and beyond to progress, evolve and mature”

Hopefully, this sort of sort of bill gets copied in other places as this will hopefully help to reduce the number of data leaks that we see.

Leave a comment »

Witness Blanket Goes Digital To Share Truths And Memories Of Residential School Survivors 

Posted in Commentary with tags on September 21, 2022 by itnerd

Today, the Canadian Museum for Human Rights (CMHR), Indigenous artist Carey Newman (Hayalthkin’geme), and TELUS celebrated the launch of a new online platform which invites all Canadians to bear witness to the experiences of residential school Survivors. 

Witnessblanket.ca shares stories from the Witness Blanket, a powerful work of art made from over 800 items reclaimed from residential schools, churches, government buildings and other important cultural sites across Canada. The artwork was created by master carver and Indigenous artist, Carey Newman, as a national monument to recognize the atrocities of the residential school era, honour the children, Survivors, and symbolize ongoing reconciliation. 

Users can explore 10 original stories that weave together video testimony from Survivors with information about a piece of the artwork. These stories share the significance of items that carry a deep personal and cultural connection to the residential school era and its legacy such as braided hair, a mush hole bowl, Inuvik stone, and letters. Users can also explore the full artwork, including individual pieces, where they were located and who contributed them. Digitizing the Witness Blanket has made it accessible to audiences around the world. Through witnessblanket.ca, thousands more each year will recognize the atrocities of the era, remember the children who didn’t return home, and honour Survivors. 

The digital Witness Blanket project was created through a partnership between Newman, the Canadian Museum for Human Rights, Animikii Indigenous Technology, Media One Inc., and TELUS. It was made possible by a $1 million dollar commitment from TELUS and the TELUS Friendly Future Foundation, and an additional $100,000 from the Entwistle Family Foundation. Its development was guided by a Survivors Circle brought together through the National Centre for Truth and Reconciliation (NCTR). The launch of witnessblanket.ca represents the first phase of this partnership. Moving forward, it will leverage TELUS’ technological expertise to create augmented reality, virtual reality led by Camosun Innovates, and projection mapping experiences that will further expand the reach of the Witness Blanket.

A core feature of the platform is a new resource guide for teachers, created in consultation with an advisory group of teachers across Canada. The guide includes foundational teaching strategies, guidance on how to welcome Elders, Survivors and Indigenous community members into the classroom, and detailed lesson plans for teaching about residential schools to students of all ages.

In addition to digitizing the Witness Blanket, the Canadian Museum for Human Rights has launched an initiative by the Vancouver Public Library to create stations in two branches – including a children’s branch at the Central Library – where visitors can explore the Witness Blanket digitally.

Central to TELUS’ Reconciliation Commitment, TELUS is leveraging their world-leading technology to support the diverse needs of Indigenous Peoples, build relationships between Indigenous and non-Indigenous businesses, help to grow the economy and enable prosperity for Indigenous Peoples. In 2021, TELUS committed $8 million to stand in solidarity with Survivors and their families by supporting Indigenous-led entrepreneurs, projects and initiatives. This commitment includes a $1 million gift to digitize, promote and distribute the Witness Blanket as well as investments from the TELUS Pollinator Fund in Indigenous-led businesses, and grants from the TELUS Community Boards and TELUS Friendly Future Foundation.

Leave a comment »

CISOs Lose Hope They Can Stop Ransomware: SpyCloud

Posted in Commentary with tags on September 21, 2022 by itnerd

Research conducted by SpyCloud shows CISOs from Canada, UK and US are beginning to lose hope that they can defend organizations against ransomware attacks. Additional findings highlight that although budgets to protect against attacks have grown by 86%, 90% of organizations surveyed had been impacted by a ransomware attack over the last year.

Dr. Darren Williams, CEO and Founder of BlackFog had this comment:

     “The findings from this research may come as a surprise to some, but ransomware isn’t something that can be fixed by simply adding more of the same when it comes to cybersecurity defenses. The number of successful attacks we see clearly validates the need for a new approach, as the saying goes ‘keep doing what you’re doing and keep getting what you’re getting.’ Fighting ransomware isn’t about throwing money at the problem, it’s about rethinking everything that IT leaders have learned about cyber defense and adopting a new approach, with disruptive technologies specifically designed to prevent ransomware. When ransomware was all about encryption, organizations might have stood a change with perimeter defense tools and backups. Those days are long past us now as bad actors favor data exfiltration and extortion. IT leaders would be wise to make the assumption that cybercriminals will get into the network if they are intent on doing so. Switching the focus to preventing them from leaving with the crown jewels – the data, with anti-data exfiltration technology will ultimately keep them one step ahead of cybercriminals. When it comes to ransomware it really is all about the data, only by focusing on preventing the exfiltration of it can we really change the narrative when it comes to ransomware.”

Leave a comment »

Commvault Enables Early Threat Detection and Zero Loss Strategy with Metallic ThreatWise

Posted in Commentary with tags on September 21, 2022 by itnerd

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced the general availability of Metallic ThreatWise an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. 

According to Enterprise Strategy Group, only 12 per cent of the IT directors surveyed indicated confidence in having the proper tools and necessary location agnostic protection to secure data equally across on-premises and cloud.

With ThreatWise, Commvault is further defining data security with an early warning that no other vendor in this space provides. It uses decoys to proactively bait bad actors into engaging fake resources, spot threats in production environments, and arm businesses with tools to keep data safe. Simultaneously, Commvault is also extending its machine learning and critical threat detection and security capabilities to its broader platform, which is available today. 

Availability and to Learn More

Metallic ThreatWise, along with Commvault’s latest platform update features are available now. To learn more, join us at Commvault Connections, to take part in live demos and engage in industry sessions. To get started today on your new data protection journey, register here.

Leave a comment »

ServiceNow Announces New Platform Tokyo Release

Posted in Commentary with tags on September 21, 2022 by itnerd

ServiceNow the leading digital workflow company making the world work better for everyone, today announced the Now Platform Tokyo release, designed to help organizations navigate complex business challenges amid an uncertain macro environment. The ServiceNow Tokyo release is purpose-built to deliver better employee and customer experiences, supercharge automation and trust in operations, and accelerate value in ways that are good for people, good for the planet, and good for profits.   

According to the 2022 IDC CEO Survey, 95% of CEOs see the need to adopt a digital-first strategy and the majority of organizations are down the path of executing their plans.  The rationale for this focus is clear: Digital companies deliver twice the revenue growth of non-digital companies, according to Valoir Research. The new digital-first, fully integrated workflow automation solutions in the Tokyo release increase the power of the Now Platform to create seamless experiences, continuously generate new value by accelerating innovation at scale, and allow people to do their best work.  

Accelerating value with purpose-built solutions 

With today’s complex compliance and risk management landscape, customers have asked ServiceNow for solutions that make them more agile and resilient across their enterprise. ServiceNow is responding with new, purpose-built features in the Tokyo release that unlock more value from tech investments for CFOs, COOs, and sustainability teams—simplifying complex supply chains, automating asset management, and delivering auditable, investor-grade sustainability data. 

  • Enterprise Asset Management (EAM) automates the full lifecycle of physical business assets from planning to retirement for industries such as healthcare, financial services, retail, manufacturing, and public sector. The solution helps reduce costs, mitigate risks, and improve strategic planning with visibility into the entire enterprise asset estate. Additionally, it optimizes inventory levels for the business and operates stockrooms efficiently to better leverage existing assets and maximize asset life.  
  • Supplier Lifecycle Management (SLM) empowers organizations to transform traditionally high-effort supplier engagements that live in email and spreadsheets into modern, digital experiences, enabling teams to reduce operating costs and refocus talent on building a more resilient, diverse, and high-quality supply base. With SLM, suppliers leverage self-service experiences to get help, deflecting common inquiries into the respective teams.  
  • Environmental, Social, and Governance (ESG) Management has been enhanced to allow companies to establish and document ESG goals and KPIs, track performance, collect and validate audit-ready data, and create disclosures that align with major ESG reporting frameworks, in a single end-to-end solution. Key capabilities include carbon accounting to calculate greenhouse gas (GHG) emissions, and an innovative user experience that helps companies efficiently meet increasing requests for ESG data. ServiceNow is collaborating with DXC Technology, Emissionsbox, Fujitsu, KPMG, LTI, Mindtree, NTT DATA Corporation and RSM US LLP, to extend ESG Management’s reach and capabilities into the market.   

Boosting engagement and productivity with great experiences 

Now more than ever, employee retention is critical. Engaged, productive, and empowered employees contribute heavily to customer and business success. The Tokyo release helps organizations prioritize their most valuable resource—people—with new tools that advance talent development and retention, and therefore benefit the overall business: 

  • Manager Hub addresses managers’ greatest pain points—like burnout and intensifying pressure to keep employees happy and engaged across dispersed teams. Available through Employee Center desktop and mobile, Manager Hub provides a single destination for managers to establish and review employee journeys and respond to requests while delivering personalized resources and training to help managers grow as leaders.  
  • Admin Center—part of ServiceNow Impact—allows system administrators to easily discover, install, and configure ServiceNow solutions through a self-service experience. The new Adoption Blueprint features a guided process that gives admins application recommendations based on instance maturity, increased visibility into application entitlements, and simpler application installation and configuration—all from within their in-instance application.   
  • Issue Auto Resolution for Human Resources expands the capabilities of Issue Auto Resolution for ITSM to HR teams. The solution applies natural language understanding (NLU) to analyze requests and deliver self-service content that meets employees where they are through channels like Microsoft Teams, SMS, and email. It also identifies urgent HR cases and routes them directly to an employee care representative when a higher level of support is needed. 

Supercharging Intelligence and trust for operations and security 

According to Gartner®, software infrastructure spending in segments containing PaaS, cloud management, and security is forecast to grow at a double-digit rate, reaching a combined spend of over $120 billion by 2026. At the same time, protecting data and mission-critical applications has become more complex amid an increasingly sophisticated threat landscape. ServiceNow is raising the bar for data security and intelligence with new capabilities that strengthen security deployments across an entire organization.  

  • ServiceNow Vault protects business critical ServiceNow applications using a set of premium platform privacy and security controls. Using flexible key management and data clarification to drive data anonymization, Vault enables organizations to protect sensitive confidential data and increase regulatory compliance through native platform encryption. Vault also enables organizations to strengthen their platform security posture by simplifying the management and protection of machine credentials, as well as validating the authenticity and integrity of code being deployed to the MID Server helping to ensure no malicious insertion. Finally, Vault facilitates organizations to export their ServiceNow system and application logs at scale and in near real time as a service. 

Organizations such as Blackhawk Network, DNB Bank, First Solar, Fruit of the Loom, Orange Business Services, and University of California Irvine are already realizing the benefits of the ServiceNow platform. 

Availability 

The Now Platform Tokyo release is generally available today.  

Leave a comment »

Trilliant Implements Smart Water Metering Solution in Canada

Posted in Commentary with tags on September 21, 2022 by itnerd

Trilliant, a leading international provider of solutions for advanced metering infrastructure (AMI), smart grid, smart cities and IIOT, announced the successful implementation of a wireless water metering solution in Canada, confirming its position to support challenging metering projects where strong, reliable connectivity is required. Provident, an energy services and submetering company in the Greater Toronto Area specializing in the multi-residential market, selected Trilliant’s Smart Water solution for a project in Toronto that required a basement metering solution for a number of townhomes. 

The installation of utility meters can often be a complex process with many considerations, including supply chain challenges, wiring of equipment and other factors. 

The Provident project uses Trilliant technology to enable the connection of water meters to a water meter interface unit (MIU), which can be programmed to interface with any available meter across a multitude of brands. The access point reads the MIUs wirelessly, eliminating the need to run wires through floors and walls. 

The solution for Provident was deployed on Trilliant’s AMI platform, ideally suited for hard-to-reach and battery-sensitive devices. Trilliant’s Smart Water solution is a key part of Trilliant’s smart building initiative and is revolutionizing connectivity in buildings while empowering building owners to better manage infrastructure without intrusive wired installations. Unlike other solutions, the individual MIUs don’t need to be in proximity to each other, just within reach of the access point.

Basements in particular present challenges for most wired and wireless applications, especially when attempting to install the solutions later in the construction process. There is generally poor line of sight, which can require more nodes, and weak signals overall. Trilliant’s solution offers extreme coverage and capacity while providing customers with the stringent security they need and expect. 

The deployment in Toronto demonstrates the technology’s ease and speed of installation, performance and scalability – and that it’s designed to work with virtually any system to provide a secure, powerful source of data. Trilliant has successfully implemented similar solutions in Chile, Dominican Republic, Peru, Japan and the United Kingdom. 

Leave a comment »

Review: ESR iPhone 14 Pro Metal Kickstand Case

Posted in Products with tags on September 21, 2022 by itnerd

It’s iPhone season and as is typically the case, I’ve got a few cases to review. The first one is the ESR iPhone 14 Pro Metal Kickstand Case. Let’s dive in so that I can show you what this case offers.

From the front, the case has a lip to make sure that the phone’s screen doesn’t touch any hard surface. At this point, there’s nothing remarkable here. So let’s look at the back.

There’s a significant amount of protection for the camera module at the top. But at the bottom, there’s a metal kickstand. I’ll get to that in a second, but let’s look a the protection for the camera module:

This feature is called Camera Guard and it gives you some space between the lenses and any surface so that you don’t scratch the lenses.

Here the kickstand in landscape and I have to admit that this is a really cool feature. It really feels premium and locks into place, or you can adjust it to the exact angle that you need. It works in portrait or landscape and at no point did I feel that the phone was about to fall over. One added plus is that this kickstand combined with the camera module protection allow the iPhone 14 Pro to lay flat which fixes the main problem with the iPhone 14 models is that they won’t lay flat because of the camera module.

The case is made of shock-absorbing polymer. I haven’t dropped my iPhone 14 Pro yet so I cannot speak to how shock absorbing it is. But I can say that ESR has tried to make this case something that will take a few hits.

These raised sections on the corners are designed to take a hit on the corners.

The buttons are built into the case and they don’t feel any different than the actual buttons on the phone.

The case is really easy to hold. While the sides are mostly smooth, the back has ridges. I wish that the sides did have ridges to ensure that the phone would stay in your hands if they’re sweaty or have hand cream. But having said that, I didn’t have any concerns about the phone slipping out of my hands. The case is thin and doesn’t make your iPhone 14 feel bulky which is a win.

ESR advertises this as “wireless charging ready”. I tested this case with a couple wireless chargers and there were no issues. I also tested it with MagSafe and that worked as well. But it failed my “hang by a MagSafe charger” test as there are no MagSafe magnets that I can see.

The only con that I have is that the case picks up fingerprints. Lots of fingerprints. Thus you might want to opt for a colour other than black if that matters to you.

The ESR iPhone 14 Pro Metal Kickstand Case is $40.59 CAD and is available now. I really like this case and I would take a look at if you want a good quality case on your iPhone that gives you some cool option in terms of how it can be used.

Leave a comment »

Researchers Discover Netflix Spoof As Bad Actors Target Streaming Service Viewers to Steal PII: INKY

Posted in Commentary with tags on September 21, 2022 by itnerd

INKY has released the latest report in its phishing attack series, “Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist.” The research reveals that INKY’s researchers have detected Netflix impersonated in a PII data harvesting campaign using malicious HTML attachments compressed in zip files to exploit end-users of the streaming service.

Bukar Alibe, a cybersecurity analyst at INKY, explores answers to the following questions in the new research:

  • How can just one click unzip a disastrous credential harvesting scheme?
  • Why does this phishing threat evade most email security services?
  • What techniques gave hackers a strategic advantage to trick victims?

You can read the report here and I would suggest that you set aside some time to have a look at the report as I got an advanced copy of it over the weekend and it makes for some interesting reading.

Leave a comment »

« Older Entries
Newer Entries »