Archive for January 3, 2023

HYPER Announces HyperPack Pro with Apple Find My Compatible Location Module

Posted in Commentary with tags on January 3, 2023 by itnerd


HYPER, the creator of the world’s most crowdfunded USB-C® hubs for MacBook®, and the number one docking station brand in the USA, today announced the crowdfunding campaign launch for its CES®2023 Innovation Awards Honoree, HyperPack Pro.

The HyperPack Pro backpack enhances the mobile tech experience in four key areas: security, device protection, charging enabling, and travel convenience.

The built-in Hyper Location Module with Apple Find My network compatibility allows you to track HyperPackPro and its contents from anywhere, while a weather-resistant, ultra-durable 1260D Cordura® exterior and suspended interior laptop pocket protect your devices from scratches and drops. Strategically placed charging pass-throughs in the interior pockets allow you to use a portable battery pack to power your devices on-the-go, and numerous thoughtful design details make HyperPack Pro a seamless travel companion.

Additional security features include an RFID protective pocket, interlocking zippers, and a hidden lumbar pocket to keep your valuables and important documents safe on-the-go.

This 22L backpack easily stores a 16” laptop, tablet, phone, and additional gear with room to spare for personal items like gym clothes or extra layers. An interior 1L water bottle pocket, microfiber-lined sunglasses pouch, and exterior carry-on luggage sleeve are just a few of the design details that elevate HyperPack Pro above other tech backpacks.

Key features:

  • Apple Find My Compatible Location Module: Built-in Hyper Location Module with Find My network compatibility, sound alert, and replaceable battery.
  • Abrasion & Water-Resistant Exterior: Water-resistant 1260D Cordura, weather-resistant YKK® AquaGuard® zippers, and a suspended, felt-lined laptop pocket to keep gear safe and dry.
  • Anti-Theft Security: RFID protective pocket, interlocking zippers, and hidden back pocket, protect tech and valuables from theft.
  • Triple Padded Back & Luggage Pass-through: Three layers of breathable foam reinforce the back of HyperPack Pro for all-day carrying comfort, while a built-in luggage pass-through provides a seamless travel experience.
  • Limited Lifetime Warranty: HyperPack Pro’s Limited Lifetime Warranty protects you against manufacturing defects in materials and workmanship for the practical lifetime of the product. 2-year limited warranty for the location module.

Available December 5, 2022 via Indiegogo crowdfunding campaign: https://www.indiegogo.com/project/preview/1c46f1d5

MSRP:$199.99

Targus Introduces New Lineup Of Laptop Cases And Tech Accessories At CES 2023

Posted in Commentary with tags on January 3, 2023 by itnerd

Targus will unveil an exciting lineup of innovative solutions at CES® 2023to empower a seamless and productive life, while helping to protect our environment.They include premium, sustainable accessories made from up to 85 percent of post-consumer recycled plastic, a Zero-Waste Backpack that uses its own packaging asa functional part of the backpack to reduce waste, and a Triple Video, Keyboard/Video/Mouse (KVM)-enabled docking station that controls up to two laptops at once.

Targus is further strengthening its commitment to sustainability with the expansion of its EcoSmart® Collection of premium laptop bags and tech accessories.

Its new lineup of sustainable tech accessories includes the Energy Harvesting EcoSmart™Keyboard, named a CES® 2023 Innovation Awards Honoree, Ergonomic EcoSmart Keyboard, and Ergonomic Ambidextrous EcoSmart Mouse, featuring a unique, six-button ergonomic ambidextrous design to easily convert from a right-to left-handed mouse. Each of these products is made with up to 85 percent of post-consumer recycled (PCR) ABS plastic, comes in packaging made from recycled materials, and uses ultra-low-power Bluetooth® technology to reduce power consumption and extend battery life. As an added bonus, they also include Targus’ DefenseGuard™Antimicrobial Protection.The Energy Harvesting EcoSmart and Ergonomic EcoSmart Keyboards will be available next month for $119.99. The Ergonomic Ambidextrous EcoSmart Mouse will arrive in March, priced at $59.99. Another new addition to the EcoSmart Collection is Targus’Zero-Waste Backpack, a foldable backpack made from 20 recycled plastic bottles per bag that uses its own recycled-plastic packaging to function as an integral part of the bag by serving as the laptop protection system. Its foldable and sustainable design allows all components of the product to work together efficiently, while preventing the packaging from going to waste.The Zero Waste EcoSmart Backpack, arriving in Q2 2023, will retail for $69.99.

Targus continues to lead the industry in the docking solutions category. This year, Targus is introducing its new DOCK750: Triple Video and KVM Docking Station with Dual 100W Power. This powerful, flexible dock features a built-in Keyboard/Video/Mouse (KVM) switch to easily alternate between two separate PCs or networks at the same time, triple 4K hybrid video technology, as well as Dual simultaneous USB-C PD3.0 100W delivery. The DOCK750 is ideal for professionals working on two separate networks/systems at once, who need to collaborate quickly and easily in the office, or switch between a personal and work PC in a home office. Available this spring, DOCK750 will retail for $499.

Lastly, as a leading B2B accessories partner to Samsung®, Targus has introduced a new mPOS Solution for Samsung Tab Active tablets, designed for businesses across retail, hospitality, banking, and more, to enable frictionless and seamless point-of-sale (POS) transactions. This easy, all-in-one solution transforms Samsung Tab Active 3, Tab Active Pro, and Tab Active 4 Pro tablets into the ultimate desktop computing and POS experience. Complete with Targus Field-Ready Tablet Case, Tablet Cradle Workstation, 3-in-1 payment module, HDMI® dock, and AC adapter, the mPOS Solution isideal for all types of businesses from retail, hospitality, banking, restaurants, and more. The mPOS Solution is available now, starting at $599.

Toronto’s Sick Kids Hospital Pwned By Ransomware…. But The Ransomware Provider Apologizes And Provides Free Decryption Software

Posted in Commentary with tags on January 3, 2023 by itnerd

We do indeed live in strange times. I say that because just before the holidays The Hospital For Sick Children which is also known as Sick Kids Hospital in Toronto was pwned by ransomware:

The Hospital for Sick Children (SickKids) is currently responding to a cybersecurity incident affecting several network systems and has called a Code Grey – system failure. The code went into effect at 9:30 p.m. on Sunday, December 18, and is ongoing.

The safety and well-being of our patients and their families is our top priority. All patient care is continuing and there is currently no evidence that personal information or personal health information has been impacted.

Upon learning of this incident, we immediately activated the hospital’s incident management command centre and launched an investigation to determine the nature and scope of the incident. At this time, the incident appears to have only impacted a few internal clinical and corporate systems, as well as some hospital phone lines and webpages. Downtime procedures have been activated where needed.

Now that’s pretty bad. But there is a plot twist. The ransomware used was LockBit which is ransomware as a service. Or put another way, if you pay LockBit, you can use their ransomware to pwn your target. The thing is that that according to Bleeping Computer, LockBit has terms of service, and whomever launched this attack on Sick Kids violated those terms of service:

As first noted by threat intelligence researcher Dominic Alvieri, two days after SickKids’ latest announcement, the LockBit ransomware gang apologized for the attack on the hospital and released a decryptor for free.

“We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” stated the ransomware gang.

As for the terms of service the “partner” violated, here they are:

While the ransomware operation allows its affiliates to encrypt pharmaceutical companies, dentists, and plastic surgeons, it prohibits its affiliates from encrypting “medical institutions” where attacks could lead to death.

“It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed,” explains the ransomware operation’s policies.

The stealing of data from any medical institution is allowed per the policies.

According to the ransomware gang, as one of its affiliates encrypted the hospital’s devices, they were removed from the operation, and a decryptor was offered for free.

I have to admit that I have never heard of this sort of thing happening. But here we are. And what makes this even more puzzling is this:

However, this does not explain why LockBit did not provide a decryptor sooner, with patient care being impacted and SickKids working to restore operations since the 18th.

Furthermore, LockBit has a history of encrypting hospitals and not providing encryptors, as was seen in its attack against the Center Hospitalier Sud Francilien (CHSF) in France, where a $10 million ransom was demanded, and patient data eventually leaked.

The attack on the French hospital led to referring patients to other medical centers and postponing surgeries, which could have led to significant risk to patients.

I am going to go out on limb and suggest that the attack on the French hospital might have attracted a lot of unwanted attention on the operators of LockBit. Thus when the Sick Kids incident happened, the LockBit operators might have decided that they quickly needed to walk that back. Regardless, this is one of those rare good news stories in a space where all I tend to report on is bad news.

A Microsoft Teams Phishing Email #Scam Is Making The Rounds

Posted in Commentary with tags on January 3, 2023 by itnerd

Happy new year! And three days into the new year I have my first phishing scam that you need to be aware of. This one is the first that I have personally seen that leverages Microsoft Teams and starts with an email:

So let’s unpack this. If you look at the reply to address, it’s from a domain registered in Switzerland which is a bit different. That may be to gain your confidence if you’re paying attention to that sort of thing, which you should be. Or it could be a “throwaway domain” which the scammer is using. As from who it is sent from:

Well, that’s a bit suspect. Since this doesn’t match the reply to address, this is clearly a scam. But let’s see how far this goes.

If you click on the words “View / Download Sent File From Email Attachment”, which by the way you should never, ever do, you get this:

Well, someone spent a lot of time and effort putting this together as it looks like Microsoft would created. I also note that this web page has your email address automatically added and all you have to do is type in your password. That’s because the link that I referred to earlier has your email address embedded in it and there’s no way to change it on the web page. Thus this implies that this could be a targeted phishing attack called “spear phishing”. But what is clear is that the attack is to get your Office 365 credentials at the very least. There’s likely more to it than that. But I can’t tell you what that “more” is as when I typed in various bogus passwords, I get this error message:

Now it could be that it has captured your Office 365 credentials and someone is going to try them right away to pwn your Office 365 account, or it could be doing something more sophisticated. For example I can see a scenario where these are checked against Office 365 in real time. I’m thinking that it’s more likely the former. But given how phishing attacks have evolved over the last year, anything is possible.

As usual, my advice is that if you get one of these emails, delete it. Don’t click on anything. Just delete it and move on with your life.

Guest Post: EU businesses fined over €830 million for GDPR violations in 2022, Meta paid over 80%

Posted in Commentary with tags on January 3, 2023 by itnerd

The latest data analyzed by Atlas VPN reveals that as of December 2022, companies paid a total of €2.83 billion in 1401 cases for violating various data protection laws.

Out of that, GDPR fines in 2022 total €832 million, which is 36% lower than the €1.3 billion paid in 2021.

However, last year stands out not in the total sum fined but in the severity of the charges imposed on a single entity — Meta.

The data for the analysis was extracted from Enforcementtracker. Note that not all cases are made public.

While the heftiest sum charged for violations was recorded in Q3 of 2021, the third quarter of 2022 was also significant, as businesses were penalized €430 million. 

Meta fined hundreds of millions repeatedly

Distinctively, the majority of the penalties in 2022 were paid by a single tech behemoth – Meta. 

The Data Protection Commission (DPC), an authority for GDPR enforcement in Ireland, imposed a €405 million fine for Meta Platforms Ireland Limited (Instagram) on September 5th, 2022. 

Two issues were found with the processing of personal data pertaining to child users of Instagram. 

The children’s email addresses and phone numbers were publicly exposed when using the Instagram business account function, and Instagram profiles of kids were public-by-default.

Another hefty sum of €265 million was penalized to the same entity on November 25th, 2022, when the DPC declared that Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.

Moreover, the DPC issued a “reprimand and an order” forcing Meta to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”. 

Meta complied and made the adjustments within the required timeframe.

To date, Meta has paid around €1 billion for GDPR violations.

To read the full article, head over to: https://atlasvpn.com/blog/eu-businesses-fined-over-%E2%82%AC830-million-for-gdpr-violations-in-2022-meta-paid-over-80

Apple AirTags Help To Catch Untied Airlines Lying About Missing Luggage

Posted in Commentary with tags on January 3, 2023 by itnerd

Airlines really need to improve how they handle passenger baggage. I say that because with the invention of the Apple AirTag, they’re going to be caught out if they are not telling the truth about how passenger baggage is handled by them. Case in point is this situation with United Airlines. Valerie Szybala thought she made the right choice when she accepted United Airlines’ offer to deliver her delayed luggage. But apparently, United lied about where her bags were. As a result she took matters into her own hands and documented the experience on Twitter.

I encourage you to read the entire thread as it really documents some really shady behaviour by United Airlines. Szybala repeatedly informs customer support that she has found the location of the luggage because of her AirTags. When support finally acknowledges this, they still repeat that she is wrong, the “bag is safe at the Delivery services distribution center.” But what is worse is the fact that there were other bags there. Which means that other United passengers have had their bags meet a similar fate. Another point is the fact that whoever was at the keyboard of the United Airlines Twitter account did a horrible job of customer relations. The thing that really gets on my nerves is the United Airlines employee saying “calm down” which is just the absolute worst thing that they could say.

United Airlines has yet to publicly comment on the case of the missing luggage, beyond Szybala’s initial interaction with United’s customer support chat. In a statement to The Independent, United Airlines said:

“We are working with our baggage delivery vendor to understand the details of this situation.”

That’s a BS response. But not surprising as United Airlines is in deep trouble here and they know it. It will be interesting to see how they do respond because the way this story has gone viral, it won’t be going away. In the meantime, I would recommend that if you’re in the Apple ecosystem, I would buy AirTags and put them into everything when you are travelling across town or around the world. Because as evidenced this example, you can’t be too careful.