Archive for May, 2022

« Older Entries
Newer Entries »

Revived Soldiers Ukraine Deploy Draganfly’s Medical Response Drones To Deliver NuGen Needle-Free Injection Devices, Coupled With Insulin, To Conflict Areas Across Ukraine

Posted in Commentary with tags , on May 12, 2022 by itnerd

NuGen Medical Devices Inc. , a leader in needle-free drug delivery, is pleased to announce that the Company has selected Draganfly Inc., an award-winning, industry-leading drone company and Coldchain Delivery Systems, Inc. to provide drones and services for the delivery of NuGen’s needle-free injection system known as InsuJet, insulin, and other crucial medical supplies to affected areas in Ukraine.

Working with Revived Soldiers Ukraine, a non-profit organization dedicated to providing aid to the people of Ukraine, Draganfly’s North American-made Medical Response Drones will be used to deliver NuGen’s InsuJet needle-free injection devices, coupled with insulin, to dangerous and hard-to-reach areas across Ukraine.

You can watch a video on this here:

Leave a comment »

Indigo And TikTok Forge Partnership In Wake of #BookTok’s Phenomenal Canadian Popularity

Posted in Commentary with tags , on May 12, 2022 by itnerd

Today, Indigo, Canada’s leading book and lifestyle retailer, announces a partnership with entertainment platform TikTok Canada, to launch a new #BookTok Book Club—a virtual space for TikTok’s global community to share in their love of reading by exploring new titles together alongside celebrated authors. The book club will kick off this May with Canadian author Xiran Jay Zhao’s Iron Widow.

A new title and author will be announced each month, and will be featured in an exclusive LIVE event hosted by Indigo and the author for the #BookTok community that includes a Q&A. Fans can discover TikTok Indigo Book Club content in-app, which will include features, creator content, and more. To celebrate the partnership and the May book pick, Indigo will be hosting an in-person event at Indigo Metrotown on Thursday, May 26 with Xiran Jay Zhao, which will also be streamed LIVE on Indigo’s TikTok account

Xiran Jay Zhao is a first-generation immigrant from small-town China who was raised by the Internet. A recent graduate of Vancouver’s Simon Fraser University, they wrote science fiction and fantasy while they probably should have been studying more about biochemical pathways. Iron Widow is their first novel, a blend of Chinese history and mecha science fiction for young adult readers, published by Penguin Teen Canada.

The #BookTok community on TikTok has had a significant impact on the book business, including fueling the resurgence of reading by a younger demographic, bringing attention to backlist titles, and resulting in incredible success stories for authors. The in-app content is a fantastic way to get book recommendations from other avid readers, and offers an opportunity for people to engage with one another, virtual book club style. 

Popular #BookTok recommendations are available on Indigo’s website and through curated #BookTok displays in stores, and continue to be updated as new titles rise in popularity on TikTok. For more information, and to join the conversation, follow Indigo on TikTok

Leave a comment »

Guest Post: Yes, people share passwords: How can they do so safely? 

Posted in Commentary with tags on May 12, 2022 by itnerd

While password sharing is associated with the perks such as money-saving, in reality, having the password of a friend or a family member could be convenient in other instances. For example, when jointly managing a family bank account, accessing children’s learning platforms, or even removing the digital presence of the deceased. People share passwords for many reasons but without knowing how to do it safely, says NordPass experts.

According to NordPass research, a single person has around 80-100 passwords to remember and thus often ends up using the easiest option when creating passwords. For years, people have continued using the same insecure variations of numbers and letters — NordPass data from 2021 revealed that the world‘s most famous passwords remain “123456,” “123456789,” and “qwerty.” According to Chad Hammond, a security expert at NordPass, this password fatigue is relevant in terms of credentials creation as well as sharing. 

“People tend to go for the most convenience with their passwords wherever possible, underestimating the risks involved. To illustrate, I’ll use a likely situation: a person chooses an easy password, reuses it for another platform, then shares the password with a friend. The friend passes it to their colleague, and then voilà — the password you use for various accounts is in the hands of a third party,” says Hammond.

To avoid such situations, easy tips to follow to ensure a secure password transfer include: 

  1. Do not trust your kid

Pickiness is forgivable and encouraged when it comes to choosing whom to share personal passwords with. As Hammond says, human mistakes are among the most common causes of data breaches. Therefore, it makes sense to re-evaluate who has access to your passwords and then change those if needed.

While a partner, best friend, or close family member might be considered trustworthy, children should be left off this list. According to research conducted by the US National Institute of Standards and Technology (NIST), kids demonstrate poor password habits — they tend to reuse credentials and share them with their friends.

  1. Never use the same password

Children are not the only people failing basic password hygiene. Having dozens of passwords to remember, password reuse is also rampant among adults. A 2019 Google security survey revealed that 52% of US citizens use the same password for multiple accounts, and 13% admit to having a single password to secure all of their accounts.

In terms of password sharing, this trend may have some serious consequences. For example, by granting a friend access to a photo editing tool, a person risks giving away the privacy of many other accounts with the same password.

  1. Use only secured networks

Based on European Union Agency for Law Enforcement Cooperation (Europol) recommendations, it is safest to assume no public Wi-Fi is secure, especially at airports. While data exchange may seem a better deal than being charged additionally for a cellular connection, the opportunity to get free Wi-Fi does not outweigh its risks.

Most public networks lack even basic network security measures, and it also requires only a little technical experience for attackers to set up a wireless hotspot themselves and get people to join it. From there, criminals look for data they can monetize. Thus, their priority targets are the passwords of online banking accounts, crypto wallets, and other sensitive data helping them commit identity fraud. Passwords shared connected to this network are likely to get into the wrong hands. 

  1. Deploy a password manager

Many password managers allow you to store passwords end-to-end encrypted as well as share them securely with a close circle in a family plan subscription. Equipped with security features, this tool also helps generate new unique passwords upon demand. This is especially handy when you are faced with a risk that data could have been compromised.

“Technologies advance, and the security of most password managers available in the market has repeatedly been validated. To date, this solution is considered one of the safest options for password sharing and works best if used following other key password-sharing recommendations, such as relying on secured networks and carefully choosing trustees,” says Hammond. 

  1. Double-check your apps

Since people continue using different communication apps for password sharing, it is essential to check how secure they are. End-to-end encryption, which many platforms lack, is among the main criteria to evaluate if channels used for credentials transfer ensure at least minimum security requirements.

NordPass also recommends downloading apps only from official sources (i.e., App Store, Play Store) and changing app permissions on devices, which may help prevent unwanted data transfer.

Leave a comment »

Roblox Hacked To Facilitate New Attack: Avanan

Posted in Commentary with tags on May 12, 2022 by itnerd

Avanan, a Check Point Company, have taken a deep dive into hackers installing a self-executing program in Windows via a legitimate scripting engine in Roblox, one of the world’s most popular game systems with millions of daily active users.

In this attack, hackers exploit Roblox’s scripting engine to insert three malicious files: a backdoor trojan to potentially break applications, corrupt or remove data, or send information back to the hacker. The report goes into a lot of detail and offers some recommendations to allow you to protect yourself.

The report can be found here and it’s very much worth a read.

Leave a comment »

Fisker + Foxconn Confirm Ohio Production For PEAR Urban Lifestyle EV

Posted in Commentary with tags on May 12, 2022 by itnerd

Fisker Inc. has confirmed that it will produce its second vehicle, the Fisker PEAR, at a factory Foxconn (Hon Hai Precision Industry Co. Ltd.) acquired in Ohio.

The Fisker PEAR will enter production in 2024. Both the Fisker and Foxconn teams are fully engaged and expect to build a minimum of 250,000 Fisker PEAR units a year at the plant after a ramp up period. 

The Fisker PEAR follows the company’s first vehicle, the Fisker Ocean, which starts production in Austria on Nov. 17, 2022. The Fisker PEAR will have an expected base price below $29,900 before incentives. Fisker has designed and engineered the vehicle to reduce parts for rapid, simplified manufacturing. The Fisker PEAR will be built on a new proprietary architecture. This new platform will underpin two additional models that Fisker will introduce at a later date.

California-based Fisker Inc. is revolutionizing the automotive industry by developing the most emotionally desirable and eco-friendly electric vehicles on Earth. Passionately driven by a vision of a clean future for all, the company is on a mission to become the No. 1 e-mobility service provider with the world’s most sustainable vehicles. To learn more, visit  www.FiskerInc.com.

Leave a comment »

The Five Eyes Issues Warning To MSPs And Their Customers

Posted in Commentary with tags on May 12, 2022 by itnerd

If you use a MSP or Managed Service Provider to assist you in managing your IT infrastructure, or you are a MSP, you should pay attention to this. Members of the Five Eyes (Canada, USA, UK, Australia, New Zealand) today warned that managed service providers (MSPs) and their customers are being increasingly targeted by supply chain attacks. Multiple cybersecurity and law enforcement agencies have shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. 

Aimei Wei, CTO and Founder of Stellar Cyber had this comment:

“Attackers are more and more targeting organizations that have a cascading effect, and one compromise allows them to gain access to a large number of organizations. Sunburst supply chain attack and now the MSP targeted attacks are some of the examples.” 

“Implementing the measures and recommended by CISA and following their guidance to harden the MSP environment and increase the security posture, will greatly reduce the chances of getting compromised. It is especially critical for MSP to be able to detect the attack early and stop it before it spreads and cause more damages. MSP should consider implementing a detection and response system that:

  • Detect early signs and stop it before further progression to minimize the damage
  • Show a clear picture of how it happened to conclusively determine that the attack has been contained
  • Show how far it has gone and understand the impact to determine the customers that are impacted quickly”

Saumitra Das, CTO and Co-founder of Blue Hexagon adds this comment:

“MSPs are typically given a lot of privileges on their customer networks. They can be a portal for attackers to get into victim networks such as what happened in the Kaseya attack. Organizations that use MSPs should be vigilant about their MSPs’ security posture and assess the risk of what happens if the MSP software is compromised. Convenience often means the MSPs get a lot of privileges for remote maintenance and this convenience can increase the chance of a supply chain attack escalating into a victim network.”

Finally, Christopher Prewitt who is the Chief Technology Officer of MRK Technologies had this to say:

“Managed Service Providers are always under attack. They are often primarily focused on IT operations and service desk related services, and usually do not have a depth of knowledge or capability in cyber security practices. As an attacker, if I can breach and impact an MSP, my impact has an exponential outcome. We continue to see this IT supply chain be targeted through Kaseya and MSP’s.”

This warning is worth reading as it has a lot of recommendations to protect against attacks. Thus I would put aside time to read and implement these recommendations.

Leave a comment »

CISA Tells Everyone To Address F5 BIG-IP Vulnerability ASAP

Posted in Commentary with tags , on May 12, 2022 by itnerd

The CISA has told federal agencies to fix an actively exploited F5 BIG-IP bug. The bug in question is CVE-2022-1388 which is described as follows:

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.

F5 customers using BIG-IP solutions include governments, Fortune 500 firms, banks, service providers and consumer brands including Microsoft, Oracle and Facebook. Thus this isn’t trivial in the slightest as it affects a lot of big companies. Which is why the CISA also said that private companies should also address this and other issues that the CISA brings to light.

I managed to get multiple comments on this. Starting with Christopher Prewitt who is the Chief Technology Officer of MRK Technologies:  

“This vulnerability is critical, should be remediated as soon as possible by turning off the iControl REST service. This vulnerability is simple to exploit by an attacker and with these systems internet connected, many organizations may be at risk of breach.”

Saumitra Das, CTO and Co-founder of Blue Hexagon had this to add:

“This continues the trend of security and access devices also proving to be portals for attackers to get into target networks. We have seen similar issues in 2021 with VPN devices, firewalls, and email gateways. Having MFA on admin logins, limiting lateral movement from and public exposure of third-party security and networking appliance is a critical requirement to protect organization. Be it a supply chain related or a new vulnerability, organizations need to minimize blast radius.”

This is something that needs to be addressed ASAP. Thus I would take the CISA’s advice and address this ASAP as it’s a safe bet that threat actors are exploiting this at present.

Leave a comment »

Sonos Announces New Sonos Ray, New Colours For The Sonos Roam, And A New Voice Assistant

Posted in Commentary with tags on May 11, 2022 by itnerd

Today, Sonos is announcing new speakers that expand its home theater and portable line-ups, offering listeners more ways to easily connect with the content they love. As with all Sonos products, the brand’s newest speakers deliver great sound that helps you play more, hear more and feel more, whether at home or on-the-go. 

  • The Sonos Ray is a compact soundbar with impressive sound for its size that brings your entertainment to life. Ray makes it easy to build your first home theater setup or enhance TV sound in more rooms. It will be available globally on June 7 for $279 USD and $349 CAD.
  • Sonos also introduced Sonos Voice Control, the first voice experience created purely for listening on Sonos. Sonos Voice Control will be available in the US via a free software update on June 1, with additional regions to follow. After a careful search, Sonos chose award-winning actor Giancarlo Esposito – best known for his roles in Breaking Bad, Better Call Saul and The Mandalorian – to deliver a familiar voice for US customers.
  • Finally, Sonos Roam, the ultra-portable Bluetooth speaker, is now available in three fresh new colors – Olive, Wave and Sunset – which are available today, for $179 each.

You can see more at Sonos.com

2 Comments »

ServiceNow Launches New Solutions To Advance Digital Business And Drive Innovation At Scale

Posted in Commentary with tags on May 11, 2022 by itnerd

 At Knowledge ’22 today, ServiceNow, the leading digital workflow company making the world work better for everyone, introduced three new solutions built on the Now Platform to help enterprises advance their digital transformation efforts. Service Operations WorkspaceApp Engine Management Center and Public Sector Digital Services work across organizations and within the public sector to digitize complex processes and accelerate productivity.

  • Service Operations Workspace gives service desk agents and operations teams a single place to manage work, collaborate, and have shared visibility into issues. It includes a unified user experience for agents and operations teams to work on the same problem at the same time and solve issues faster. This helps reduce downtime, improve customer satisfaction, and increase productivity across multiple groups.
  • App Engine Management Center (AEMC) unleashes co‑innovation between business and IT with low‑code app development governance.As the number of citizen developers creating low‑code solutions grows, the role of IT must evolve to empower co‑innovation at scale while maintaining governance protocols. AEMC is a turnkey low‑code governance solution to successfully scale and safeguard app development across an organization with App Engine. Platform admins can set guardrails, apply standards, enable co‑innovation between business and IT, and check for compliance in a single place without any friction.

Additionally, AEMC helps centrally manage all aspects of low‑code app dev, from app intake to collaboration requests, to pipeline monitoring and deployment tasks. ServiceNow has also published a new Citizen Development Center of Excellence (CoE) website, making it easy for customers and prospects to find the content they need to build a successful citizen development program with App Engine.

  • Public Sector Digital Services provides governments with a digital foundation to deliver consumer‑grade experiences from request to resolution. For many people, requesting standard government services often requires visiting a local office, filling out paper forms, and submitting additional documentation, with poor visibility into the status of these requests. Within governments, fulfilling these requests can be slow and require personnel to navigate multiple aging systems and manual processes. Public Sector Digital Services provides out‑of‑the‑box public sector data models and workflows to help governments speed innovation, deliver better experiences, and resolve requests faster. Constituents benefit from increased convenience­­, transparency, and responsiveness.

The three new innovations were announced in tandem with Knowledge 2022, ServiceNow’s annual event providing networking, roundtable discussions, demos and more centered around the latest power, predictability and flexibility of the Now Platform.

Availability and Additional Information

  • App Engine Management Center and Public Sector Digital Services are now available on the ServiceNow Store for current ServiceNow customers using the prior family release platform (San Diego or Rome).
  • Service Operations Workspace (with ITOM) is expected to be GA in June 2022 on the ServiceNow Store.

Leave a comment »

Guest Post: LinkedIn Users Targeted In 52% Of All Phishing Attacks Globally In Q1 2022 Says Atlas VPN

Posted in Commentary on May 11, 2022 by itnerd

Data presented by Atlas VPN reveals that LinkedIn was related to over 52% of all phishing scams globally in the first quarter of 2022. Interestingly, it’s the first time that social media network was leveraged much more often than any tech giant brand name like Apple, Google, and Microsoft.

Criminals reach out to the victims via email, instant messages, or telephone, pretending to be from reputable companies, in this case – LinkedIn, to lure out sensitive information. Many people tend to re-use their passwords, which means that losing your LinkedIn credentials can also lead to a break-in to your primary email account, which is often a gold mine for hackers. 

The primary data for this report was courtesy of Check Point, a leading provider of cyber security solutions.

LinkedIn only appeared in 8% of all phishing attempts globally in the previous quarter. The LinkedIn brand name saw a 44% upshift in phishing scams in a relatively short period.

DHL dropped down from the first position to the second, with 14% of phishing attempts impersonating the well-known shipping company. There is one other shipping corporation on the list – FedEx. FedEx brand name was used in 6% of phishing attacks in Q1. 

The usual cybercriminal favorites – Google and Microsoft were used in 7% and 6% of attacks, respectively. 

WhatsApp (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%), and Apple (0.8%) close out the top 10 list of brands that appear in phishing threats most often. 

To read the full article, head over to: https://atlasvpn.com/blog/linkedin-users-targeted-in-52-of-all-phishing-attacks-globally-in-q1-2022

Leave a comment »

« Older Entries
Newer Entries »