Archive for March 4, 2023

Ford Patents System for Self-Repossessing Vehicles…. Which Is Not A Good Idea From My Perspective

Posted in Commentary with tags on March 4, 2023 by itnerd

As reported by Car and Driver & others, the Ford Motor Company has filed a patent with the USPTO for systems and methods that aid in vehicle repossession.

What could possibly go wrong?

Ford first filed for the patent in 2021 but it was formally published just last week. The idea is to allow the automaker to ease the process of repossession. The patent describes how fully autonomous self driving vehicles could repossess themselves, returning the car directly to the lender or in the case of a car that has too little value, it could drive itself directly to the junkyard! Other methods suggested in the patent involve limiting vehicle functions such as A/C, power windows, power seats, etc., or locking owners out of the vehicles.

Malicious or not, anyone gaining access to these systems of control could do anything from sending the cars on joyrides, to theft, to ransomware demands

It’s a bad novel just waiting to be written.

Morten Gammelgaard, EMEA, co-founder of BullWall had this comment: 

   “This situation is fraught and in need of immediate legislative guardrails. Given the Equifax and Experian breaches and how many people suffer because of false reporting on their credit scores how is the public to have faith in such technologies? We do not want technology to make it easier to expose consumers falsely and unfortunately recent history has proven even large enterprises cannot be trusted to guard against such abuse.”

Ted Miracco, CEO of Approov Mobile Security follows up with this:

   “After reading about Bing going rogue, I can’t help but wonder what kind of joyride a fully autonomous vehicle would take if it went rogue. Would it just endlessly circle around the city, enjoying the freedom of the open road without a driver? Or would it become a rebel and join forces with other autonomous vehicles to form a robot revolution? One thing’s for sure, if the cars do start repossessing themselves, the poor repo man might just have to find a new line of work along with the displaced tech writers whose cars he was hoping to repossess!”

I really hope that Ford is only doing this to grab headlines. Because if they actually go ahead with this, I can easily see how they would live to regret it.

Frost & Sullivan Recognizes Nuspire as Leader in Growth and Innovation

Posted in Commentary with tags on March 4, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced it has been recognized as a leader in both growth and innovation in Frost & Sullivan’s Frost RadarTM: Americas Managed and Professional Security Services, 2023. The report identifies companies that show significant growth potential, innovation and customer value within the MSS and PSS market.

When it comes to innovation, Frost & Sullivan heralds Nuspire’s breadth of managed security services, including MDR, EDR, vulnerability management and managed gateway through two 24x7x365 SOCs. The report also highlights Nuspire’s consulting business, which offers incident readiness, virtual CISO, threat modeling, and security posture assessments among other services.

Frost & Sullivan highlights Nuspire’s myNuspire platform. myNuspire integrates Nuspire’s security services into one portal view, with dashboards and actionable insights that provide clear recommendations on what Nuspire clients can do to augment their cyber risk mitigation.

From a growth perspective, the report cites Nuspire’s solid yearly growth, and that its strategy – including myNuspire and expanded partner program – continues to unlock growth opportunities in an increasingly competitive market.

To access a free copy of Frost Radar: Americas Managed and Professional Security Services, 2023, visit their website.

All-New Stylus Cara Elite Fireplace and Napoleon App Announced

Posted in Commentary with tags on March 4, 2023 by itnerd

Napoleon, a leader in home comfort, is prioritizing home functionality and accessibility, with the release of the all-new Stylus Cara Elite electric fireplace. Innovative and design-forward, the Stylus Cara Elite brings more than ambiance and comfortable temperatures to a room —it is built with Smart Technology, enabling voice control through Google Home and Alexa devices and controls that are fully customizable through the newly introduced Napoleon Home mobile application.

The Stylus Cara Elite, which will arrive in stores March 14, is a cutting-edge electric fireplace that goes beyond the basic functions. Installation is simple and inexpensive, and the wall mount design will complement any living space in the home. The heat level, flame colour and ember bed colour are fully customizable, to match any room’s style and create instant ambience. Plus, the fireplace has a display that communicates the time and date, along with the indoor and outdoor weather conditions. The display automatically updates the information of local conditions through a Wi-Fi connection. 

When paired with the new Napoleon Home mobile app, the Stylus Cara Elite revolutionizes convenience and control. It allows consumers to manage the features of the fireplace — and other compatible Napoleon products, such as the Napoleon EQHub Thermostat —  from anywhere, at any time, all within one simple and user-friendly smartphone application. The Napoleon Home app is designed to embrace diversity within Napoleon products, and allows for personalized options to match the consumers’ individual style, desired atmosphere and comfort.  

For more information, please visit

Play Ransomware Gang Claims Responsibility For Pwning The City Of Oakland

Posted in Commentary with tags on March 4, 2023 by itnerd

In a Tweet last night, security researcher Dominic Alvieri posted a copy of the Play ransomware gang’s dark web posting threatening to publish the City Of Oakland’s data of 3/4/23, which is today. The posting was listed as of March 1st. So they got just three days’ notice to pay the ransom.

The city of Oakland first experienced the ransom attack in on Feb 14th and according to their latest status report on February 28th, city services remain primarily unchanged.

The gang claims to have stolen documents contain private data including financial and government papers, identity documents, passports, employee data and information regarding human rights violations. They’re attempting to use this data to get the administration to meet their demands and pay the ransom.

Ted Miracco, CEO of Approov Mobile Security had this to say:

The recent ransomware attack on the city of Oakland is a concerning issue, and we expect to see more attacks like this on Government offices, as they are quite vulnerable. The potential implications of giving in to these demands could encourage more cyberattacks on other cities and organizations, as hackers may see it as a profitable way to extort money. The fact that the gang claims to have access to sensitive information such as financial and government papers, identity documents, passports, and employee data is alarming.  However, the city of Oakland and other organizations must prioritize the security of their computer systems and data to prevent future attacks. Hopefully, the authorities can track down and bring the hackers to justice while also ensuring the safety of the stolen data.

David Mitchell, Chief Technical Officer of HYAS followed up with this comment:

   “This ransomware group likes to start by using remote code execution (RCE) attacks on Exchange servers to gain access and then deploy their ransomware. If that was the case with Oakland, not only do they need a protective DNS solution to prevent the outbound communications from the malware but they may have failed to update vulnerable software on internet facing systems, making this even easier than using email as the initial infection vector. If this was an RCE on Exchange, a protective DNS solution would have quickly identified and blocked the malicious DNS transactions and contained the problem to the initial infection vector.”

Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:  

   “The ransom attack on the City of Oakland not only disrupted city services, but as is always the case in such events, the attackers have obtained private data, including financial and government papers, identity documents, passports, employee data, and information regarding human rights violations. Data breaches and identity theft resulting from such attacks cause significant harm to individuals and organizations alike. In this case, the attackers are using the stolen data as leverage to demand a ransom payment from the city, which could result in further financial loss and reputational damage.

   “In addition to the city services being out for a week prior to IT restoring access, the potential long-term impact of the attack on the city’s infrastructure and security cannot be ignored. For some companies, a week of downtime would be significant loss of revenue or worse yet, imagine if that was a hospital that was down for 6 days!

   “This incident underscores the importance of implementing robust cybersecurity defenses, including response and containment measures to safeguard against such attacks, as there is no end in sight to these sorts of attacks.”

I for one will be interested to see if this gang gets anything out of this, and if they follow through with their threat to release the data. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages ransomware gangs to target more victims and offers an incentive for others to get involved in this type of illegal activity. So this will be interesting to watch.

UPDATE: Darren Williams, CEO and Founder, BlackFog added this comment:

     “As cyber adversaries continue to focus on making the biggest impact by affecting the most people, it’s unsurprising that the public sector and government remains a compelling target. In 2022 for example, our State of Ransomware report observed a 17% increase in reported governmental cyber-attacks.

City councils and governments need to re-prioritize their cybersecurity as clearly, this isn’t an issue that will just go away. The effect of the attack on the City of Oakland last month appears to only now be setting in, as the stolen personal data of city workers have begun to be leaked by the attackers. 

Moreover, hackers often favor weekends and holidays to launch attacks, when the majority of employees are out of office, so newer technologies that focus on automated prevention 24/7 must be added to the security stack.”