Archive for March 9, 2023

If You’re Having Issues With Rogers Email Right Now, Here’s The Workaround Until They Figure Out How To Fix It

Posted in Commentary with tags on March 9, 2023 by itnerd

If you’re a Rogers customer, you’re no doubt aware of the fact that they’ve had numerous issues in the last week. I’ve documented them here and here. The one that has been most upsetting to customers is the fact that anyone who uses Rogers email service (in other words they have a address) cannot get their email. And like I said earlier, this has been going on since at least Wednesday night as far as I can tell, and there seems to be no fix for this.

What the issue appears to be from as far as I can tell is that Rogers and Yahoo which is Rogers email provider have issues where email clients such as Microsoft Outlook or your smart phone can’t properly authenticate to Rogers and Yahoo. There also seems to be an issue where trying to create App Specific Passwords for Rogers email accounts in the Rogers Member Center does not work. This is leaving many users of Rogers email service dead in the water with no email.

The workaround for this is to open a web browser and go to and enter your Rogers email account details there. The password that you should use is the one for Rogers Member Center. This will at least allow you to view and reply to email on the web. And while this is a sub optimal workaround for many, it’s the only workaround that exists right now.

A secondary issue is that you might have tried to reset your email password under the belief that you were using the wrong password. If that’s you, I have some bad news for you. The only way to truly reset your email password is to dial into Rogers to do that. The good news is that once you hit a human, it doesn’t take long to do that. The bad news is that I am hearing wait times of three hours or more to actually get to a human. And I am also hearing that people are getting disconnected while waiting for a human to come onto the line. Which punts you to the back of the line.

Now I’ve spoken to my sources within Rogers and this is something akin to a 9-1-1 event for them and it is being actively being worked on. While they are trying to get everything working again as quickly as possible, they’ve told me that this is something that may not be resolved until sometime next week at the earliest. If that’s true, then that may be enough to push people over the edge and make them switch ISPs. And Rogers is very aware of that from what I have been told. I’ve also heard that Rogers CSRs have been given permission to work out deals with individual customers based on how mad the customer is. So if you’re in this boat, you might want to keep that in mind.

Now I’ve written about why you should never rely on your ISP’s email service as it’s a means to lock you into a using a your ISP. While I didn’t write about this scenario in that article, this scenario may encourage you to seek other options for your email. Thus I encourage you to read that article and take action as you see fit. In the meantime, I am keeping an eye on this as I have numerous clients who use Rogers email, and who are stuck in this scenario. Which means I will post a follow up the second that I hear this is resolved. Whenever that is as there seems to be no light at the end of this tunnel.

New BEC 3.0 Attack Utilizes Google Workspace to Send Malicious Crypto Links

Posted in Commentary with tags on March 9, 2023 by itnerd

Last week, researchers at Avanan, a Check Point Software company wrote about BEC 2.0, a variant of BEC attacks that remains a significant problem for security services and companies. This week, Avanan will discuss BEC 3.0, a variant of these scams using legitimate services to unleash an attack.

Avanan’s latest research discusses how hackers are utilizing Google’s services within comments on Google Workspace documents to redirect users to a fake cryptocurrency site. This attack, still ongoing, has been targeted at nearly 1,000 companies in the last two weeks. 

In this attack, hackers utilize the comments feature in Google Workspace (ex: Google Sheets or Google Docs) to send out legitimate Google emails, however, containing malicious redirects using a legitimate Google Scripts URL, a coding platform hosted by Google. Clicking on the provided link redirects users to a fake cryptocurrency page. 

You can read the follow up research here.

Guest Post: ESET Announces Eighth Annual Women in Cybersecurity Scholarship in North America

Posted in Commentary with tags on March 9, 2023 by itnerd

If this year’s International Women’s Day theme teaches us anything, it’s that in order to have true gender equity, it is essential for society to provide economic opportunity in spaces where women are underrepresented. 

To embrace women and support their journey, ESET, a global leader in IT security, will once again #EmbraceEquity with its eighth annual Women in Cybersecurity Scholarship, awarding the prize to four women in North America.

ESET will be providing $10,000 USD scholarships to two women in the United States and $5,000 CAD scholarships to two women in Canada. Applicants are required to be enrolled in a graduate or undergraduate program majoring in a STEM (science, technology, engineering and mathematics) field. In addition, the students will be asked to detail their career goals, and what steps they plan to take to “pay it forward” for other women pursuing careers in STEM.

Celeste Blodgett, Vice President of Human Resources at ESET is thrilled with how successful the scholarship has been over the years. “At ESET we believe in a culture of inclusion and a culture of equity – without opportunity, there can be no equity,” she said. “Year after year, we choose to support and empower women through the ESET Women in Cybersecurity Scholarship so they may pursue their passions in cybersecurity and STEM. This work is critical for us to break down barriers of entry into the field to support the next generation of female cybersecurity experts.”

Applications are now being accepted and are due by April 7, 2023, at 11:59 p.m. PT. Those who are ineligible to apply are encouraged to share this opportunity with friends and family.

A 2022 (ISC) Women in Cybersecurity Report found that women accounted for 30% of global cybersecurity workers who are under the age of 30; additionally, they accounted for just 14% of those 60 or older. Slowly and through every generation, there is progress being made but there is still so much more to do.

“Shifts are happening within the industry and while at first glance, they might seem dramatic, it is more of a trickle-down effect and there needs to be resources in place to speed up the culture of equity in the workplace,” said Blodgett. “I’ve been lucky enough to hear the stories of the inspiring women who have applied for the scholarship, showing both their passion in the technology field and desire to do good in the world. I look forward to awarding the ESET scholarships to another round of strong, inspiring candidates this year.” 


ESET will award scholarship to a woman who is currently enrolled as a graduate/undergraduate student in North America, majoring in a STEM field of study.

How do I qualify for the scholarship?

You must be enrolled in or accepted to an accredited college or university within North America. (The graduate/undergraduate program does not have to be a cybersecurity program; however, in your application, you should make clear that you aspire to have a career in the cybersecurity industry.)

New this year: ESET has decided to forego minimum GPA requirements so anyone interested and passionate in science, technology and cybersecurity can apply.

What is the deadline for submission?

Submissions will be accepted from March 8, 2023 – April 7, 2023 at 11:59 p.m. EST.

ESET will announce the winner in May 2023.

What do I submit / How do I submit my application?

Applicants can apply and learn more about the scholarships by visiting our application pages. If you’re a US student, you can apply here; if you’re a Canadian student, apply here.

Additional details

  • Essays may be submitted in English or Spanish for US students.
  • Essays may be submitted in English or French for Canadian students. 
  • Finalists may be required to supply additional personal or professional references.
  • Judging is conducted by a panel of ESET staff, including cybersecurity experts.
  • Winners will be asked to provide a photo of themselves, which may be used for promotional purposes.
  • If the application or essays are incomplete, they will not be considered.
  • Immediate family members or dependents of ESET employees are not eligible to participate.

Questions? Email us at [US-only inquiries] or [Canada-only inquiries] with any questions, and we’ll get back to you as soon as possible.

Acer Gets Pwned…. But The Company Downplays Extent Of The Hack

Posted in Commentary with tags , on March 9, 2023 by itnerd

This is not a good look for computer maker Acer. The company has confirmed that they have been pwned by hackers:

Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what’s claimed to be the Taiwanese PC maker’s confidential information.

“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” an Acer spokesperson told The Register on Tuesday. “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”

According to a Monday post on cyber crime hangout BreachForums by a rapscallion going by the name Kernelware, the “various confidential stuff” allegedly stolen from Acer totals 160GB, including 655 directories and 2,869 files.

Kernelware claimed the stolen goods included confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.

“Honestly, there’s so much shit that it’ll take me days to go through the list of what was breached lol,” Kernelware bragged. 

This data is now up for sale. But the thing is, I am not a believer that customer data is not part of that. Because LastPass said something similar when they got pwned, and we all know how that ended.

Tim Schultz, VP of Research & Engineering at  SCYTHE:

   “As companies shift away from paying ransoms, threat actors are adapting by increasing their focus on IP data theft to increase the potential business impact of each compromise. In the near term, we’ll see the same playbook similar threat actors have taken upon stealing IP and attempting to monetize it.

   “A longer-term challenge for Acer is that the internal information stolen included data on tools and infrastructure that can aid future threat actors. Asset inventory is a challenge for most organizations, and policies around technology business operations can be very difficult to change quickly in the event a threat actor is able to identify a vulnerability.”

Hopefully Acer is transparent about what was and wasn’t stolen during this hack. Because until they are transparent about this, I am really thinking that they are downplaying how serious this hack is.

Rogers Continues To Have Issues That Are Making Customers Irate

Posted in Commentary with tags on March 9, 2023 by itnerd

When my phone started to ring an hour ago, I knew I was going to have a busy day. I say that because I woke up this morning to Rogers continuing to have issues with various parts of their network. I have clients who have no email. I also have clients with no Internet. And Down Detector seems to confirm this:

I suspect that as the day goes on, user reports of problems will increase seeing as it’s 8AM as I type this. So, given that I documented that Rogers was having issues earlier this week, I think it’s safe to say that they haven’t fully recovered from those issues. In fact it may be getting worse. And it’s testing the patience of their customers:

Rogers really has some serious explaining to do as on the surface, they have the reliability of Twitter at the moment. And that’s not good company to be in. If Rogers were smart, they would communicate with their customers about what is going on, what steps they are taking to restore service, and when that is going to happen. But from what I see on Twitter and what my clients are reporting to me, that’s not happening. And that really reflects poorly on Rogers. And it’s now to the point where my clients are asking me what they should do, and I have no choice but to respond that they should consider moving to Bell if they can. That won’t help my clients with email issues, but it will help the ones with Internet issues.

Rogers needs to do better. And they need to do better now.

UPDATE: I’ve posted a workaround for those who have issues with sending or receiving Rogers email here.