Archive for November 23, 2022

Microsoft Warns of Boa Web Server Risks

Posted in Commentary with tags on November 23, 2022 by itnerd

Bad news if you use Microsoft’s discontinued Boa web server. It’s being targeted by hackers. Microsoft put out a warning about this along with potential remediations, but Security Week has a story about this web server being used in attacks. Which effectively makes this a today problem for anyone who uses Boa.

Sharon Nachshony, Security Researcher, Silverfort had this to say:

     “The Microsoft research highlights a long-standing supply-chain risk to IoT and OT environments from legacy technology. While hard to manage, given the abundance of such technology in critical industries, a rigorous patching regime is essential.

Age-old vulnerabilities such as this provide a jumping-off point for attackers looking to move laterally to more sensitive areas by abusing the identity attack surface. With access to critical areas inside OT environments – their activities can quickly become significantly more impactful.

To stop lateral movement, MFA should be applied to resources such as Command Line interfaces, WMI, Shared Folders and Service Accounts to close down commonly used attack paths.”

If you’re a user of the Boa web server, consider this your invitation to follow Microsoft’s advice so that you don’t get pwned seeing as this is clearly being exploited by threat actors as I type this.

Metro Compactor Service acquires Compaction Plus

Posted in Commentary with tags on November 23, 2022 by itnerd

Metro Compactor Service, Canada’s leading expert in waste and recycling equipment and service for over 40 years, is transforming the waste industry once again with the acquisition of Compaction Plus, a premier provider of waste handling equipment in Ontario.

The purchase of Compaction Plus will boost Metro’s rental fleet allowing it to meet growing demand, through a wider selection of equipment. The new, larger fleet can also incorporate Metro’s iSmart technology andSuper Service™, thereby offering customers access to proactive maintenance through the entire equipment lifecycle.

Metro will continue to provide its full range of waste services (chutes, waste equipment, maintenance and IoT monitoring) to the commercial, high-rise, and multi-residential markets – allowing a one-stop-shop for waste equipment.

Metro has made a series of strategic announcements in recent years, including the launch of its iSMART technology in 2019. iSMART is a next-gen, IoT-enabled system that allows for remote troubleshooting and fullness diagnostics on customers’ waste equipment anytime. The company also announced a merger with Wilkinson Chutes in 2021.

As private and municipal hauling costs in Canada continue to grow, facility managers and multi-residential property owners across the country are feeling the strain of increasing costs in their entire waste stream and are looking for sustainable, cost-effective alternatives. 

Pre-Cyber Week: Online traffic up 4% & sales down 10% YoY for Canadian Retailers

Posted in Commentary with tags on November 23, 2022 by itnerd

As we lead up to Cyber Week 2022, Salesforce has released its latest digital commerce data and predictions for the period that you might be interested in.

Key Canadian findings include:

  • Digital traffic was up 4% in Canada YoY as consumers started their hunt for holiday gifts.
  • While consumers started their browsing early, digital commerce revenue was down 10% in Canada YoY.
  • While the digital commerce revenue is down, the average order value of Canadian shoppers is $112 – a 0.3% increase compared to last year 
  • Credit card payment remains the most popular method, but Financing and Apple Pay have shown significant YoY growth by 70% and 76% respectively

As a result, Salesforce predicts that:

  • A sluggish start could mean a bigger than expected Cyber Week
  • Discounts will deliver value to consumers and free up inventory and shelf space for retailers
  • Chatbots and automated service will skyrocket

Further information on the data and predictions is available in their newsroom post alongside Salesforce’s Holiday Hub, which will be updated daily over Cyber Week. 

Twitter Is Simply Getting Worse Under Elon Musk As These Examples Illustrate

Posted in Commentary with tags on November 23, 2022 by itnerd

We’re getting to the point where we might be in the endgame for Twitter. I say that for the following reasons.

First, bills are going unpaid on the orders of Elon:

Before Elon Musk bought Twitter last month, the company’s executives had racked up hundreds of thousands of dollars in travel invoices that the social media service planned to pay.

But once Musk took over the company, he refused to reimburse travel vendors for those bills, current and former Twitter employees said. Musk’s staff said the services were authorized by the company’s former management and not by him. His staff have since avoided the calls of the travel vendors, the people said.

And:

Musk also issued an order to slow or in some cases halt transfers of funds to Twitter’s vendors and contract services, the people said. Any expenditures for services need to be approved by [Jared] Birchall [the head of Musk’s family office], three people said. Musk has since declined to pay for the travel services incurred by the former Twitter executives, the people said.

He is also looking at the company’s leases for office space, three people said, bucking on making payments and hoping to renegotiate or opt out of some commitments entirely. Twitter leases office space across the world, but the layoffs have reduced the need for much of that real estate.

This is pretty bad. And I’m willing to bet that lawsuits will be filed shortly by some of these vendors which will add to Elon’s problems. Because one would think that it’s cheaper to pay your bills than to pay lawyers to defend you against companies who are suing you because you have not paid your bills. Clearly Musk hasn’t thought of that.

Next up is more fallout from the Donald Trump circus. Elon is actually claiming that the “activists” who are trying to get companies to not advertise on Twitter are to blame for him reinstating Trump according to The Verge:

Wow, his explanation sure is something; in a tweet on Tuesday night, he claimed the council was part of a deal he made with an unnamed “large coalition of political/social activist groups,” implying it was their fault.

Musk claims he made a deal to keep those groups from trying to destroy Twitter’s ad revenue, and that those groups “broke the deal,” and so he no longer has to uphold all that stuff about the council.

Here’s the Tweet in question:

Elon is clearly trying to deflect blame from his own screw ups and shortcomings. And this reaction likely has something to do with this:

In recent weeks, 50 of the top 100 advertisers have either announced or seemingly stopped advertising on Twitter. These advertisers have accounted for nearly $2 billion in spending on the platform since 2020, and over $750 million in advertising in 2022 alone.

In addition to advertisers that have seemingly stopped all advertising on Twitter as of November 21, there are an additional seven advertisers which appear to be slowing the rate of their advertising on the platform to almost nothing. Since 2020, these seven advertisers have accounted for over $255 million in spending on Twitter, and nearly $118 million in advertising in 2022.

This is a huge problem for Elon as he needs income to keep the lights on at Twitter. Assuming that he doesn’t want to sell more Tesla stock to keep the lights on at Twitter. Though that might be a problem based on this:

Tesla’s stock has been on a slide since Elon bought Twitter. That’s ultimately going to create a couple of issues for him. One it’s going to affect his bank account. Two is that at some point, owners of Tesla stock are going to say that enough is enough and want him to do something about this stock slide. Or they may simply decide to sell and push the stock further downwards. To be fair, Twitter isn’t the only issue that Tesla stock has at the moment. But Elon’s behaviour and Twitter’s problems are likely not helping the situation.

Maybe the man child should just man up and admit that he’s really screwed this up. But I likely expect too much in terms of maturity from man child Musk.

Why Would Proctor And Gamble Post This Tweet For Tampax???

Posted in Commentary with tags on November 23, 2022 by itnerd

I have seen a lot of things on Twitter. Some of which really made me wonder what the person who posted the Tweet was thinking. But this one has got to be the one that makes my head explode. Let me get to the Tweet that made me feel this way:

What does that mean. Well if I do a rough translation, it means the following: “you are in their direct messages” on social media, means to speak to someone online romantically, followed by the phrase “I am…”, which usually ends with a self-aggrandising comparison. In basic terms, it means you have something, but I have something better.

In this case, this Tweet is insanely offensive as it seems to sexualize women to a massive degree. And it blows my mind that any major corporation like Proctor and Gamble who owns Tampax would have a social media manager who would sign off on this posting this Tweet.

If that’s not bad enough, they doubled down on this Tweet:

I have to say that this is creepy and insulting. I truly do not understand what this company is thinking and why they would ever think that this is a good idea. I have tried to look around for an explanation or a response from Proctor and Gamble, but I don’t see one. But I would very much like to see one as women around the world deserve an explanation for this, and what Proctor and Gamble is going to do to ensure that they are more sensitive to the markets that they serve.

The world is waiting.

Cyber Thieves Can Wreak Holiday Havoc: How to Avoid these Scams

Posted in Commentary with tags on November 23, 2022 by itnerd

The holiday shopping season means that consumers are opening their wallets for the busiest shopping season of the year. With consumers spending nearly $18 billion online on Black Friday alone the last two years, the holiday shopping season is one of the most lucrative times of the year for retailers.

But retailers aren’t the only ones chasing holiday spending revenue.

The shopping season is also one of the busiest times for cyber criminals, who view the holiday season as a prime opportunity to cash in on consumers who let their guard down due to expectations of lofty sales and the pure volume of online shopping. To make sure that you don’t fall for any scams this holiday season, I have some tips from Carl Kriebel who is with Schneider Downs. Carl has over 20 years of experience working as a cyber security practitioner and strategist. He has operated across numerous industries and has recently been focused on advising healthcare, life sciences and financial services clients on solving complex challenges associated with data protection and compliance concerns.  He has led a myriad of projects during his career transforming and enhancing client cyber programs toward achieving their desired state of maturity. 

Carl sees several online scams during the holiday season, three of the most common ones this year are shipping & payment scams, fraudulent charities and social media scams.

Shipping and Payment Scams

One of the fastest growing scams in recent years involves fraudulent communications regarding shipping or payment issues. Scammers simply send a text, email or pick up the phone to notify their target that a recent purchase has been declined or there is a shipping issue on a recent purchase. Scammers will offer to remediate the issue, which normally involves the target providing credit card information or clicking on a link to an imposter website loaded with malware.

In general, consumers should avoid clicking on any links or providing information to unsolicited communications. If you are concerned there is a legitimate issue with shipping or an online purchase, we recommend checking the receipt or contacting the retailer directly.

Fraudulent Charities

Scammers are increasingly trying to capitalize on the holiday spirit of giving with fraudulent charity scams. With the popularity of “Giving Tuesday”, reports of charitable fraud continue to grow during the holiday season. Whether a scammer is impersonating a legitimate charity or just making up them up, consumers need to do their research before contributing to a charity.

Some of the best ways to avoid falling victim to a fraudulent charity are to be wary of any unsolicited charitable communications that pressure them into processing payments over the phone or website, as well as avoiding clicking on any links from unknown senders.

Social Media Scams

Another popular holiday shopping trend is Small Business Saturday, which promotes supporting small businesses in local communities. With a growing number of small businesses using social media as an extension of their ecommerce ecosystem, it is no surprise that social media scams are common during the holiday season.

Remember, it is just as easy for a scammer to build a social media business page with e-commerce functions or buy social media advertisements as it is for a legitimate business. Be wary of clicking on social media advertisements or providing payment information to unverified online shops.