Archive for November 2, 2022

iRobot’s Holiday Gift Guide For 2022

Posted in Commentary with tags on November 2, 2022 by itnerd

iRobot, the leading global consumer robot vacuum company, offers the perfect gifts that’ll check everyone off your   shopping list. Whether  it be for  tech-lovers, those with  four-legged furry friends,  or someone who can  use  the extra  free time in their busy schedule, iRobot’s innovative robot mops and vacuums are great  options to gift.  Here are three gift options for you:

  • THE  2-IN-1 VACUUM (NEWLY LAUNCHED):  Roomba Combo j7+  ($1399. 99 CAD)  is the world’s most advanced 2-in-1 vacuum and mop combo to date. It has a mop that senses carpet then fully retracts to the top of the robot — completely away from your carpet to avoid wet carpet messes. Powered by iRobot OS 5.0, the vacuum has more control over how you clean.
  • THE SMARTEST VACUUM YET:  Roomba j7+ ($999.99 CAD) is a collaborative cleaning partner that delivers superior cleaning performance. The Roomba j7+ offers unique PrecisionVision Navigation that identifies and avoids common obstacles such as cords and pet  waste (see P.O.O.P promise) and gets smarter with each use. You can also forget about vacuuming for months at a time with the Clean Base Automatic Dirt Disposal that allows the j7+ to empty itself for up to 60 days .
  • MOP WITH EASE: Braava jet m6 ($599.99 CAD)  is ideal for multiple rooms and large spaces, and helps tackle all of life’s messes on hard floors. Simply attach a mopping or sweeping pad and the robot automatically takes it from there to give you fresh, clean floors. It also learns and maps your home, so it can clean when and where you want. 

You can also look at irobot.ca for other gift options as well.

White House Declares November To Be Critical Infrastructure Security and Resilience Month

Posted in Commentary with tags on November 2, 2022 by itnerd

The White House who is very focused on cybersecurity has declared November to be Critical Infrastructure Security and Resilience Month:

This month, we recommit to improving the resilience of our Nation’s critical infrastructure so it can withstand all hazards — natural and manmade.  By building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors, we will lay the foundation for long-term security and prosperity.

The proclamation is an interesting read and I will give my thoughts in a second. First I’d like to share the thoughts of Craig Burland who is the CISO of Inversion6:

“This announcement continues a trend of active participation by the US government in cybersecurity.  Last week, CISA announced the Cross-Sector Cybersecurity Performance Goals.  The head of CISA has been working hard to build public-private partnerships to boost our collective defense.  CMMC is coming in 2023.  These are all positive steps that will help increase the mind-share cybersecurity occupies in corner offices and board rooms, especially for those that do business with the US government.  With the interdependency of the global supply chain and global economy, it’s in everyone’s best interest to do business securely.”

My thoughts go something like this. This administration is clearly focused on increasing America’s cybersecurity readiness. That’s a noble and required goal given the times that we live in. And initiatives like these will help to make sure that cybersecurity is at the forefront of every American company, and citizen.

Commvault Decreases Gap in Data Governance, Risk, and Compliance with Metallic File & Object Archive

Posted in Commentary with tags on November 2, 2022 by itnerd

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced a new approach to data protection with the launch of Metallic® File & Object Archive, a Data Management as a Service (DMaaS) solution designed to lower storage costs, while cost-effectively transforming how organizations navigate the world of Governance, Risk, and Compliance (GRC).

Global and industry GRC-related regulations are constantly changing, creating gaps in an organization’s ability to manage data across live and backup sources, resulting in a lack of visibility and insights, data sprawl, and greater opportunities for data vulnerabilities. Coupled with major shortages in IT staff and strict budget constraints, organizations are struggling, using multiple solutions to meet compliance guidelines and keep their data protected.

Announced at Commvault Connections 2022 and available next quarter, Metallic File & Object Archive directly addresses the need for deep insights into critical data with archive modeling delivered as SaaS with air gapped protection. It is a comprehensive solution for cost-effective data placement leveraging data insights, access controls, tagging, metadata search, audit trails, and reports to help manage compliance needs over a large amount of unstructured data. The result is a lower cost solution that helps reduce the risk of non-compliance. 

With predictable cost modeling, actionable data insights, flexible bring your own storage options, and compliance-ready operations, Metallic File & Object Archive enables organizations to lower costs, meet compliance needs, and reduce management overhead with the simplicity of SaaS.

Metallic File & Object Archive will be discussed in more detail during the Connections session, “More Data, More Risk? Introducing Our Latest SaaS-Delivered Data Service.” Register here to listen in and attend the interactive experience.

To learn more about Metallic File & Object Archive and how it can help lower costs, reduce risks, and support an organization’s GRC strategy, please visit metallic.io/file-object-archive.

BlackFog October State Of Ransomware Report Is Out

Posted in Commentary with tags on November 2, 2022 by itnerd

BlackFog’s monthly State of Ransomware Report for October is out and the key findings for the month of October from Dr. Darren Williams, CEO and Founder, BlackFog are:

  • October saw the highest number of confirmed ransomware attacks in the 3 years that BlackFog has been collecting data with a total of 44 publicized attacks. This highlights the limitations of existing traditional cybersecurity solutions and the general lack of preparedness by most organizations.
  • This month saw the largest increase in attacks on the Technology sector with an increase of over 29%. As in previous months we have also seen large increases in attacks on sectors with the lowest levels of protection in place, namely Healthcare, Education and Government with increases of 20%, 16% and 12% respectively.
  • The most dramatic changes in ransomware variants this month were BlackCat with an increase of 47% and LockBit with an increase of 39%. This reflects the effectiveness of these variants and specifically the data destruction capabilities of BlackCat that we became aware of in September.
  • While we continue to see PowerShell increase utilization to 85% we note this month that data exfiltration is now involved in 89% of all successful attacks.

Today’s full report can be found here: https://privacy.blackfog.com/wp-content/uploads/2022/11/BlackFogRansomwareReport-Oct-2022.pdf

Cradlepoint Wideband Adapter Certified To Extend 5G Wireless WAN Solutions In Canada 

Posted in Commentary with tags on November 2, 2022 by itnerd

Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network edge solutions, today announced the certification of Cradlepoint’s W1850 Series 5G Wideband Adapter for the Bell 5G network. The first enterprise-grade 5G Wireless WAN solution to be certified by Bell, the Cradlepoint W1850 will offer business and public sector customers enterprise-class speed and performance, to support bandwidth-intensive and latency-sensitive use cases, such as video, immersive and collaborative applications. 

The need for fibre-fast and cellular-simple connectivity is expanding and driving the need for 5G solutions for businesses all across Canada. With faster speeds and greater capacity, 5G can more fully support an organization’s connectivity requirements, from remote workforces to Internet of Things (IoT) applications. The Bell 5G network covers the majority of the Canadian population, is available in all 10 Canadian provinces, and will enhance the lives of Canadians with applications we can’t even imagine today, bringing generational changes to the way we work, live and play. With Cradlepoint’s newly certified adapter providing connectivity to Bell’s 5G network, business customers can accelerate their digital transformations more securely and with more agility than ever before. 

Cradlepoint is first to market with the most comprehensive 5G Wireless WAN portfolio, enabling enterprises to deploy and manage distributed Wireless WANs. With its extensive experience working with carriers around the globe ­­— and with its continued collaboration with Bell ­­— Cradlepoint is the trusted leader of 5G for Business solutions that address a broad range of fixed and mobile use cases for organizations of all sizes. 

Designed for indoor use for branches that require the higher performance and lower latency of Cat 20 LTE and low-band 5G, the Cradlepoint W1850 Series is an enterprise-class, dual-connectivity 5G and LTE wireless adapter. The W1850 is managed by Cradlepoint’s cloud-delivered NetCloud Manager which provides IT teams with the visibility, security, control and management they need to build and maintain an enterprise-grade Wireless WAN. With 5G performance, best-in-class reliability, security and control – without the conventional limitations – businesses now have the freedom to build their best network wherever they need to. The W1850 adapters can be paired with a Cradlepoint router or a third-party router to address common use cases such as:

  • Primary wireless connectivity
  • Wireless failover
  • Day-1 connectivity

Cradlepoint’s W1850 5G Wideband Adapter is now available from Bell and authorized Bell dealers. For more information, please visit https://www.bell.ca/5Gnetwork. For more information about the W1850 adapter, please visit https://cradlepoint.com/product/endpoints/w1850/

HelpSystems Is Now Fortra

Posted in Commentary with tags on November 2, 2022 by itnerd

HelpSystems announced today that it has become Fortra™ a name synchronous with security and defense. This evolution reflects the company’s enhanced commitment to helping customers simplify the complexity of cybersecurity in a business environment increasingly under siege. With a stronger line of defense from a single provider, organizations of all kinds can look to Fortra to increase security maturity while reducing the burdens to everyday productivity.  

In recent years, Fortra has grown to more than 3,000 employees with offices in 18 countries and over 30,000 global customers. As part of this evolution, the company shifted its focus to cybersecurity and automation, building a best-in-class portfolio with key capabilities in data security, infrastructure protection, and managed security services. These acquisitions have included Alert Logic, Digital Guardian, Cobalt Strike, Tripwire, Digital Defense, Terranova Security, Agari, PhishLabs, Core Security, GoAnywhere, Titus, and other well-known software and services providers. 

Such a rich collection of proven solutions has built the organization’s roster of industry experts and enabled innovative integrations to help customers solve challenges in new, streamlined ways. These integrations incorporate emerging threat intelligence for more effective protection against rapidly evolving cyberthreats. In fact, Fortra’s 350-person threat research and intelligence team stays abreast of emerging threats not only to guide customers in their defense efforts, but also to infuse its software and services with critical insights. 

Find out more at Fortra.com.

TELUS To Provide Free Smartphones And Wireless Services In Ontario To Indigenous Women At Risk Of Or Surviving Violence 

Posted in Commentary with tags on November 2, 2022 by itnerd

Today, TELUS launched its Mobility for Good for Indigenous Women at Risk program in Ontario, in partnership with Native Child and Family Services of Toronto (NCFST) and Native Women’s Resource Centre of Toronto (NWRCT). While Indigenous women and girls comprise only four per cent of the total female population in Canada, they represent 24 per cent of female homicide victims and are 12 times more likely to be murdered or go missing than any other women in Canada. Developed in partnership with Indigenous-led organizations, Mobility for Good for Indigenous Women at Risk provides free smartphones and fully subsidized talk, text and data plans to Indigenous women, girls or gender diverse people, serving as a critical lifeline to Indigenous-led services, wellness resources, and their support networks.

With the support of TELUS, NCFST and NWRCT are starting to distribute smartphones and plans to support Indigenous women in Ontario who are at risk of, or surviving, violence. Since launching the program in 2021, TELUS and their partners in B.C. and Alberta have supported nearly 1,000 Indigenous women. TELUS plans to partner with additional Indigenous-led organizations across Canada to further expand the reach and impact of this program into the future.  

TELUS Mobility for Good for Indigenous Women at Risk is part of the TELUS Connecting for Good portfolio of programs that gives individuals in need in Canada access to TELUS’ world-leading technology. To date, TELUS’ Connecting for Good programs have supported more than 315,000 individuals since inception.

TELUS has a longstanding commitment to strengthening relationships with Indigenous Peoples, including First Nations, Métis, and Inuit communities, acknowledging that our work spans many Traditional Territories and Treaty areas. Last year, TELUS announced its Indigenous Reconciliation Commitment and Indigenous Reconciliation Action Plan. For more information on TELUS’ Reconciliation commitment, please visit telus.com/reconciliation

EnGenius launches a new line of small business-oriented access points and switches called EnGenius Fit

Posted in Commentary with tags on November 2, 2022 by itnerd

EnGenius Technologies Inc., a multinational networking company, known for delivering future-proof networking solutions for businesses of all sizes, announced the release of a new Wi-Fi solution designed specifically for small businesses called EnGenius Fit. 

With this launch, the global network equipment manufacturer is bringing hassle-free, enterprise-grade quality products to small and medium-sized businesses. With fast deployment and simplified cloud-based management, small business owners without IT staff will have more time to run their business instead of putting out fires. Small business owners work hard to provide the best service to customers while growing their business. The last thing they need is sub-standard Wi-Fi. Yet many business owners struggle constantly with dropped connections, slow speeds, and data breaches—all the while wondering if there’s a solution built just for them. 

Now there is.

EnGenius Fit is unlike any solution that has appeared on the Wi-Fi networking landscape. It’s the smartest, most affordable Wi-Fi solution yet for small businesses. Simple and secure, this new family of access points and switches is supported by new, subscription-free EnGenius Fit cloud-based management options built to thoroughly streamline deployment while providing enterprise-grade security and reliability. 

Anyone can do it. There is no complexity at all—just the visibility, control, and insights that allow customers to make solid business decisions confidently. EnGenius Fit is easy and fast as all network components can be managed effortlessly through a mobile app or web interface no matter the level of network knowledge.

For slightly larger companies with an IT staff, EnGenius offers more management options: a local portal ideal for examining deep-level analytics on any device, or a plug-n-play network controller with pre-installed network management software, which allows even junior IT pros to set up a cloud-based or on-premises network management infrastructure. Small business owners will finally have all the tools they need to run an affordable, reliable, secure network. It all comes subscription-free, a feature that EnGenius expects dental offices, law firms, and other small businesses will appreciate. 

The interface of the cloud component of EnGenius Fit is flexible and user-friendly, while providing comprehensive, information-rich business insights. Business owners can select any combination of two (2) access points and one (1) switch to complete a budget-conscious Fit solution:

L2 PoE Switches

EWS2910P-FIT

EWS7928P-FIT

EWS7928P-FIT

EWS7928FP-FIT

EWS7952P-FITEWS7952FP-FIT

Indoor Access Points

EWS357-FIT

EWS377-FIT

Outdoor Access Point

EWS850-FIT

Every time small business owners invest in an upgrade, they expect greater efficiency, more reliability, and all the increased revenues that are bound to pour in from a smoothly functioning network. EnGenius Fit delivers. 

Dropbox Pwned Via A Phishing Attack

Posted in Commentary with tags on November 2, 2022 by itnerd

Dropbox has disclosed a security breach after a threat actor stole 130 code repositories after gaining access to a GitHub account using employee credentials stolen via a phishing attack. 

At Dropbox, we use GitHub to host our public repositories as well as some of our private repositories. We also use CircleCI for select internal deployments. In early October, multiple Dropboxers received phishing emails impersonating CircleCI, with the intent of targeting our GitHub accounts (a person can use their GitHub credentials to login to CircleCI).

While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes. These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site. This eventually succeeded, giving the threat actor access to one of our GitHub organizations where they proceeded to copy 130 of our code repositories. 

These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled.

On the same day we were informed of the suspicious activity, the threat actor’s access to GitHub was disabled. Our security teams took immediate action to coordinate the rotation of all exposed developer credentials, and determine what customer data—if any—was accessed or stolen. We also reviewed our logs, and found no evidence of successful abuse. To be sure, we hired outside forensic experts to verify our findings, and reported this event to the appropriate regulators and law enforcement.

Mike Fleck, Senior Director of Sales Engineering at Cyren had this to say:

     “This is another reminder that phishing is an unsolved problem. Attackers are continuously updating their credential harvesting tactics, now with the ability to defeat common forms of MFA. By having the employee enter their username, password, and one-time token, the attacker easily had access to any privileges that employee had. Employees will always receive convincing but fraudulent emails. Submitting users to security awareness training with the expectation they will spot all of these attacks is unrealistic. Businesses need to use additional layers of email security to automate the hunting and removal of these social engineering attacks.”

I would add that this is why a move to something like passwordless authentication might be worth considering as it cuts off this attack vector. I say that because based on what Dropbox has said in its disclosure, the threat actor used the law of averages in their favour to break in. And what companies need to do is to cut off as many attack vectors as possible to avoid being pwned by hackers.