24 | March | 2023 | The IT Nerd

Archive for March 24, 2023

Twitter’s Decision To Kill Legacy Verified Checkmarks On April Fools Day Is Elon Musk’s Latest Act Of Desperation

Posted in Commentary with tags Twitter on March 24, 2023 by itnerd

Normally, I would believe that this is an April fool’s joke. But given that we’re talking about Elon Musk here, it’s not a joke. It’s just his latest act of desperation. According to PC Magazine, Elon is about to do this:

No joke: On April 1, Twitter will start removing blue checkmarks from legacy verified users.

To retain the blue check, individuals must sign up for Twitter Blue, an $8-per-month subscription service ($11 on iOS) that lets folks write longer tweets, edit posts, upload 1080p video, access dedicated customer support, and more.

Twitter verification launched in 2009 to distinguish genuine, notable account holders—celebrities, organizations, etc.—from impersonators. Until November 2022, a blue checkmark indicated an account was actually owned by the entity it claimed to represent.

Since Elon Musk took over the platform, though, things have become more complicated. Musk has repeatedly said that those who received their blue checkmarks in the years before his acquisition are “totally corrupt” because some people allegedly paid for them. Going through a legit payment system from Apple or Google is more secure, he argued. But when Twitter Blue started selling access to a blue checkmark in early November, impersonators quickly seized on the opportunity. (Though it may have resulted in cheaper insulin in the US, oddly enough.)

This is a really stupid idea as I suspect that there will not be many people who presently have a checkmark are not going to pay $8 a month to Elon. And I also suspect it will drive those people from Twitter. And not having “notable” people on Twitter will make it far less appealing to advertisers. Thus you have to wonder if this is one of those things that Elon hasn’t thought through and will later do a 180 on. Or is he going to die on this hill just to try and make a few extra bucks.

Buckle up. This is going to interesting to watch.

WooCommcerce Targeted by Sophisticated Credit Card Skimmers

Posted in Commentary with tags Sucuri on March 24, 2023 by itnerd

As reported by Sucuri, a new stealthy, credit card skimming campaign is evading security scan detections by hiding their malicious code inside WooCommcerce’s Authorize.net payment gateway module making it particularly hard to find and uproot, leading to extended periods of data exfiltration. WooCommerce is used by roughly 40% of all online stores.

The previous strategy of injecting malicious JavaScript into the HTML of the checkout pages became too easy to detect by security software. Innovative threat actors are now injecting malicious scripts directly into the site’s Authorize.net payment gateway modules used to process the credit card payments. When successful, the code generates a random password, encrypts the victim’s payment details, and stores it in an image file for attackers to retrieve.

This innovative extension is harder to detect than traditional skimming methods for a few reasons:

Malicious scripts are called after a user submits their credit card details and checks out
Regular inspections that scan a website wouldn’t yield any results as code was injected in legitimate payment gateway files
Threat actors manipulate WordPress’s Heartbeat API to mimic regular traffic and blend it with the victims’ payment data during exfiltration
Instead of plaintext to transfer details, image files have stronger encryption

Baber Amin, COO, Veridium:

“Security measures offered by EMV and contactless cards are compromised when a user enters their credit card information during an online checkout. Additionally, this process exposes a user’s identity information, e.g. email addresses, shipping addresses, and possibly passwords.

To ensure a safe online shopping experience, it is crucial for website administrators to regularly update their content management systems and plugins.

For merchants and consumer both, Consider the following measures for increased security.

Use of virtual cards for online shopping
Use of services like PayPal, and amazon pay for online shopping and checkout for an additional layer of payment protection.
Adoption of payment services like Apple Pay or Google Pay, which employ tokenization to safeguard sensitive information. These services offer a more secure and convenient experience, both in-person and online. Tokens, which are generated for each transaction, cannot be reused if stolen. This approach overcomes the limitations of EMV cards, which lack chip readers for online payments.
And lastly look for embedded finance vendors that can combine biometrics with tokenized payments to eliminate both credit card and identity data from ever getting to the payment gateway.”

This is all good advice that we all need to follow when we shop online as the threats related to online shopping are increasing every single day.

UPDATE: Rui Ribeiro, CEO and Cofounder, Jscrambler added this comment:

“This attack highlights an often-overlooked security issue: companies must protect the client-side experience from the moment the visitor is on the site to the moment they leave. In this case, the hacker injected malicious code directly into the payment module, collecting sensitive data. This incident underscores how important it is for security teams to know about all the third-party JavaScript running on their website, what data it is accessing, and when. Not only is the customer experience tainted, but the compromised websites can face issues around data privacy, loss of revenue and reputation. New regulations under PCI DSS v4 will require companies to monitor this type of activity on payment pages. To do that, they will need visibility and control over the JavaScript that’s loaded into their web pages, whatever the source, every time. Whether it’s a hijacking attack, data skimming or a simple configuration error, we must protect each visitor interaction.”

1 Comment »

Guest Post: What the Fall of Silicon Valley Bank Means for the Future of Venture Capital

Posted in Commentary with tags SVB on March 24, 2023 by itnerd

By Wendy Jarchow, Chief Investment Officer, River SaaS Capital

Last Friday Silicon Valley Bank (SVB) collapsed, causing the second largest bank failure in U.S. history. On Sunday, New York Signature Bank’s customers began withdrawing their cash, causing the regulators to take control and shut down the bank. Fortunately, due to the rapid response from regulators, the deposit outflows from small and midsized lenders have slowed, and it looks like any other major collapse has been avoided.

How did this happen?

According to Pitchbook, venture capital deal activity sank over 30% last year and a slowdown in initial public offerings and continuing drawdown in valuations signaled trouble for 2023. However, startup spending hadn’t slowed, even with the expected decline in funding.

Silicon Valley Bank had been seeing an influx in deposit accounts and a declining need for loans with total client funds having fallen for the last five quarters. With the declining need for loans, SVB needed to offset its assets with a new revenue stream and turned to government securities while the interest rates were at zero. This left the bank open to vulnerabilities, given that the government started to raise interest rates since SVB invested.

Last Thursday, the CEO of SVB announced his intention to sell those government securities at a loss to offset its current assets. This spurred venture capitalists to turn to social media and other online platforms and recommend that their portfolio companies and borrowers immediately withdraw their money.

These social media conversations induced panic and fear while providing a sense of uncertainty for all organizations that trusted the institution with their assets. The alarm of organizations withdrawing funds publicly sparked a run on the bank that SVB could not handle. Late Friday, SVB was closed by regulators due to being insolvent.

Luckily, the U.S. government took action on Sunday night and announced that depositors will be made whole.

Over the weekend, companies who banked with SVB had to scramble to open new bank accounts and communicate with their customers and employees about the changes and potential impact. Had the regulators not acted quickly, many startups could have had to shut their doors overnight, not being able to make payroll or other recurring expenses.

In hindsight, had venture capitalists and startup founders stayed calm, this immediate collapse could have been avoided.

However, that doesn’t mean that the venture and startup community is out of the woods yet.

Where do we go from here?

Venture capital exists in order to help startup companies that a traditional bank won’t invest in grow and scale. They prioritize tech innovation and growth along with growing the bottom line. There are higher risks, but much bigger rewards.

Silicon Valley Bank was arguably the epicenter of the financial system for the startup ecosystem because it was not only the bank for these startups, but also provided loans to venture capital and private equity firms. With that said, the future is uncertain, but here are a few things to keep in mind.

Cyber startups will continue to flourish

In 2022, cybersecurity companies raised a total of $18.5 billion in venture capital funding and cyber security valuations didn’t fall as radically as other industry valuations fell indicating that the area is ripe for innovation and growth.

Cyber startups should be whole even with the fall of SVB. The government did the right thing when SVB and Signature Bank failed and that was to use the FDIC insurance fund, called the Deposit Insurance Fund, that banks pay into to pay customers at each bank back in full. Although the cap on insured deposits is $250K, to stop panic from spreading, regulators successfully made the exception to make customers whole.

However, access to capital will continue to shrink

With a projected recession on the horizon, venture capitalists were already pulling back on new investments and concentrating on solidifying their existing portfolio. With the fall of SVB, their appetite for risk will continue to dwindle. Plus, one of their main sources of loans for venture capital is now gone.

The venture market is not going away because of what happened in the banking industry recently; however, it will be more difficult to get access to capital, at least initially as investments are less available, and likely more expensive.

We will see a bounce back in venture investing and likely new resources to fill the gap that SVB leaves, but the timing is uncertain. Startups need to preserve cash and closely manage their burn in an effort to extend their runway. Bridging to a larger equity raise by borrowing money from an independent debt provider could be a good resource for some strong growth companies.

The future of SVB and what it means for venture capital is still up in the air

If SVB gets absorbed by a larger bank like, it’s hard to say if they will be funding startups at the same rate. Some large banks will make loans to startups if those startups meet the loan criteria, usually with strong collateral.

As we have seen in the past, most software and tech companies don’t possess the collateral needed to secure traditional bank financing. Venture banks, like SVB, tend to be more nimble than the big banks. That being said, some of the largest banks such as JPMorgan Chase, Bank of America, Citi have groups/bankers focused on small business so perhaps we could see a shift in mindset where the large banks expand their appetite for risk to support emerging companies.

What should startup founders do now?

As startups try to navigate when VC investing will return to pre-2022 levels, there are things they can do to ensure their companies keep moving forward. Entrepreneurs and existing investors will need to focus on a few things to maximize their “dry powder.”

Here are the 3 areas startups should concentrate on in the foreseeable future.

Focus your time and resources outside of VC

Understand that venture firms will be focused on the most promising companies within their existing portfolios so now is not the time to focus on raising capital from these investors.

Make the most of resources within your control.

Here are three main areas that you can control over this next period:

Focus on customer acquisition costs. Marketing spend can be mitigated by focusing on existing customers v acquiring new.
Be diligent with cash. Focus on bootstrapping, which can extend the runway.
Streamline operations, including remote working to avoid office expenses where appropriate.
Leverage existing investors / relationships or focus on independent resources

Not many banks have the startup resources or mindset to support early stage companies. With that in mind, look for financing from your current investors, your cap table or bootstrapping from friends and family.

You can also identify independent resources, such as stand-alone venture debt providers who understand the inherent risks associated with early stage companies and who can partner with you to help you achieve your goals.

Hang on

We know it’s easy to let panic set in, but strong leaders shine in a time of turmoil. Lean on your network, overcommunicate to your teams and know that this situation inevitably will shift.

The US Will Try And Ban TikTok…. Here’s Why That Will Happen, And What Might Stop It From Happening

Posted in Commentary with tags TikTok on March 24, 2023 by itnerd

Yesterday, the CEO of TikTok Shou Zi Chew took a visit to Washington to try and head off a ban of the Chinese owned social media app. And from all reports such as this one from Platformer, it didn’t go all that well for TikTok. And it now looks more likely than ever that TikTok will be banned. Here’s why that’s all but certain:

Everyone on both sides of the aisle want TikTok Banned: There’s rare agreement from Democrats and Republicans on wanting to ban TikTok. Which means any legislation that relates to a ban will likely go through the House and Senate very quickly and get signed off by The White House almost instantly.
Nobody wants to buy TikTok: The only way TikTok avoids a ban is if ByteDance who are the Chinese owners of TikTok sell it to an American company. But the thing is, I don’t know who would want to go down that road to buy TikTok. Forbes estimates that TikTok is worth $50 Billion which isn’t an insignificant amount of money. Then whoever buys TikTok would have to hop through so many hoops to avoid having the US government lower the boom on them. And that won’t be cheap. Thus this is a scenario that simply won’t happen.
China: The Chinese government created rules that gives it veto power of any sale of Chinese tech to foreign interests. Thus there is zero chance that China would sign off on any sale of TikTok to the US. Which means that a ban would be the only option for the US.

That’s all great. But here’s two reasons why a TikTok ban won’t happen:

Young people use TikTok, and they vote. Thus you have to wonder if politicians will really want to ban an app and anger a bunch of people who have the ability to sway an election that’s coming next year.
The courts are likely to weigh in and it is possible that they would stop any ban from happening.

So is a ban of TikTok inbound? I think that lawmakers will try and ban it. But it’s far from a sure thing as far as I can see.

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

The IT Nerd