Archive for May 10, 2023

A Quick Update On Google I/O 2023

Posted in Commentary with tags on May 10, 2023 by itnerd

 With this year’s Google I/O keynote wrapped up, I wanted to do a post with some helpful resources that will help you keep track of everything Google announced today. 

I’ll start with Google’s latest blog post for more details on the updates that were announced at I/O this year.  Some of the biggest announcements include:

  • Powerful new enterprise AI tools, including Duet AI for Google Cloud, a  generative AI-powered collaborator built for developers, and new foundation models and capabilities that make it easier for organizations to build with generative AI. There’s also a blog post with more info.
  • Exciting Google Workspace features that leverage generative AI to boost your productivity, including features that help you quickly generative images from text and reply to emails based on content in the thread, as well as our newest Project Starline prototype, which now has a simpler design to easily fit into more homes and offices
  • The introduction of PaLM 2 – Google’s next generation language model which will power nearly 20 new products and features
  • Google unveiled details about new members of the Pixel family: Pixel Tablet and Pixel 7a and Pixel Fold 
  • Google introduced Search Labs, a new way for you to sign up and test new products and ideas they are exploring
  • Immersive View for routes in Maps to help you visualize every segment of your journey
  • They shared details around features to be included in Android 14
  • Multiple safety updates including Safe Browsing API and upcoming unknown tracker alerts

Is there something on this list that you’re interested in? If so, leave a comment below and share your thoughts.

ESET APT Activity Report For Q4 Is Out

Posted in Commentary with tags on May 10, 2023 by itnerd

ESET has released its APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. The report is being published on a semi-annual basis. During this period, several China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations. In Israel, Iran-aligned group OilRig deployed a new custom backdoor. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers.

Malicious activities described in the ESET APT Activity Report are detected by ESET technology. “ESET products protect our customers’ systems from the malicious activities described in this report. The intelligence shared here is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers,” says Director of ESET Threat Research Jean-Ian Boutin.

China-aligned Ke3chang employed tactics such as the deployment of a new Ketrican variant, and Mustang Panda used two new backdoors. MirrorFace targeted Japan and implemented new malware delivery approaches, while Operation ChattyGoblin compromised a gambling company in the Philippines by targeting its support agents. India-aligned groups SideWinder and Donot Team continued to target governmental institutions in South Asia with the former targeting the education sector in China, and the latter continuing to develop its infamous yty framework, but also deploying the commercially available Remcos RAT. Also in South Asia, ESET Research detected a high number of Zimbra webmail phishing attempts. 

In addition to targeting the employees of a defense contractor in Poland with a fake Boeing-themed job offer, North Korea-aligned group Lazarus also shifted its focus from its usual target verticals to a data management company in India, utilizing an Accenture-themed lure. ESET also identified a piece of Linux malware being leveraged in one of their campaigns. Similarities with this newly discovered malware corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.

Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one ESET calls SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel. Finally, ESET detected that the previously mentioned Zimbra email platform was also exploited by Winter Vivern, a group particularly active in Europe, and researchers noted a significant drop in the activity of SturgeonPhisher, a group targeting government staff of Central Asian countries with spearphishing emails, leading to our belief that the group is currently retooling.

For more technical information, check the full “ESET APT Activity Report” on WeLiveSecurity. Make sure to followESET Research on Twitter for the latest news from ESET Research.

ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports. ESET researchers prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups in the form of ESET APT Reports PREMIUM to help organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. Comprehensive descriptions of activities described in this document were therefore previously provided exclusively to our premium customers. More information about ESET APT Reports PREMIUM that deliver high-quality strategic, actionable, and tactical cybersecurity threat intelligence is available at the ESET Threat Intelligence page.

Elon Musk Denies Having Signed A Deal With Tucker Carlson…. While Announcing Encrypted DM’s And More

Posted in Commentary with tags on May 10, 2023 by itnerd

The fun with Twitter continues. Let’s start with Tucker Carlson. News filtered out via the disgraced Fox News host that he was going to host a show on Twitter:

Besides the fact that Carlson is likely to into a fight with his ex-employer over this move, he references the kind of free speech that Elon Musk loves to talk about. Which brings me to the Elon connection. He took to Twitter to distance himself from Carlson:

In short Elon said the following:

“I also want to be clear that we have not signed a deal of any kind whatsoever. Tucker is subject to the same rules & rewards of all content creators. Rewards means subscriptions and advertising revenue share (still working on software needed for latter), which is a function of how many people subscribe and the advertising views associated with his content. I hope that many others, particularly from the left, also choose to be content creators on this platform. “

You have to wonder why Elon put that out there. After all if Carlson came to Twitter, that would bring a lot of eyeballs to the platform which I am sure that Elon needs right now. My guess is that Elon does not want to tie himself directly to this because Carlson is like Kryptonite to advertisers who only returned to advertising in his old time slot after Fox showed him the door. And Elon needs advertisers to keep the lights on at Twitter. Though the flip side to this is that if Carlson signs up for Elon’s content creator program, Elon will get a cut of the revenue while maintaining a stance that he hasn’t cut any sort of special deal with Carlson.

The other thing that Elon did was announce this:

Here’s the Tweet in full:

“With latest version of app, you can DM reply to any message in the thread (not just most recent) and use any emoji reaction. Release of encrypted DMs V1.0 should happen tomorrow. This will grow in sophistication rapidly. The acid test is that I could not see your DMs even if there was a gun to my head. Coming soon will be voice and video chat from your handle to anyone on this platform, so you can talk to people anywhere in the world without giving them your phone number.”

While Elon did say that encrypted DM’s were coming, the voice and video chat thing is new. I wonder if that’s why he was trashing WhatsApp yesterday? Seeing how he operates, that’s a distinct possibility. Let’s see if he keeps the attacks against WhatsApp going.

Fun times.

A Follow Up To My Switch To The New HomeKit Architecture…. And A Tip In Terms Of Troubleshooting Bluetooth HomeKit Devices

Posted in Commentary with tags on May 10, 2023 by itnerd

At the end of March, I dove head first into upgrading to Apple’s new HomeKit Architecture. This originally rolled out before Christmas. And when it did it, it created so many issues for users that Apple pulled it and rolled it out again in late March. When I tried it, I had zero issues with it. But I also said this:

Now some people with larger HomeKit setups are noticing that everything is much faster now. But I haven’t seen that as I don’t have a huge amount of devices in my setup. However I did notice that accessing my HomeKit setup from my Apple Watch went from practically unusable to being fairly quick and responsive. Thus validating that this architecture was a success. Though I will need to do some additional testing on some of my location based scenes to make sure. Once I do that, I will update this story accordingly. But in short, I can say that nothing went wrong in terms of upgrading to the new HomeKit architecture.

Well, it took me a while to really test this new architecture. And I even tested an extra use case as well which I will get to in a minute. But I can safely say that if you have HomeKit devices on WiFi, you can safely say that accessing them will be a touch faster than what you are used to. This is true on Apple Watch, iPhone, and Mac.

Now to push the envelope further, I pulled this Onvis HomeKit Alarm system out of retirement to see how Bluetooth performance was. I had retired and replaced the Onvis system with this Aquara alarm system it due to the fact that the former would be slow to respond sometimes. Or it would simply not work at all and give me the dreaded “unresponsive” message in the Home app. I had always assumed that the Onvis alarm system was having issues due to the fact that Bluetooth based HomeKit devices, which this is one of them, have two key weaknesses:

  • Bluetooth devices have ranges of less than 30 feet at best
  • Bluetooth devices have signal strength issues in less than ideal conditions

Now the latter is certainly an issue in my environment as frequent readers will know that I live in a condo and I have all sorts of 2.4 GHz (Which is what Bluetooth uses) and 5 GHz wireless networks that I have to deal with. Which is why when I got the Onvis alarm, I got a HomePod Mini for the living room. Then I expanded this to a stereo pair. And that’s when my issues started. At the time I really didn’t put in a lot of effort into troubleshooting this. But when I did as part of doing testing of the new HomeKit architecture, I discovered what my actual issue was with this alarm. Taking one HomePod Mini out of the mix by completely removing it from HomeKit and having the remaining one remain less than 15 feet from the Onvis alarm system resolved all issues that I was seeing.

So does that mean that the stereo pair is the issue? Well, no. I still thought range was a factor in this as the other of the two HomePod Minis was sitting on a TV stand is which is as far as you can get from the door (as in about 25+ feet away), rather than the fact that they were a stereo pair being the cause. So in the interest of science, I added it back to HomeKit and put it closer to the door and recreated the stereo pair. And as you read this, everything has continued to work just fine.

The only thing that I can conclude is that what the Onvis alarm was doing is connecting randomly between both HomePods. If the alarm was lucky enough to hit the closest one, things would be slow to respond. If it connected to the one that was the furthest away, it would be “unresponsive”. Going further down the rabbit hole on this, I bought an app called HomeScan off the App Store which helps you to diagnose Bluetooth issues related to HomeKit by figuring out what the signal strength is so that you can figure out where to place your devices and home hubs for best performance. Using that I was able to determine that from the door to about six feet into our condo, the signal strength for the Onvis alarm is great. Past that it falls off a cliff quickly. The only thing that could cause that sort of fall off is an electrical source. And roughly six feet away from the door is the kitchen. And the location of the fridge is right where the Bluetooth signal from the Onvis alarm falls off a cliff.

Thus my conclusion is as follows:

  • The fridge hammers the signal from the alarm so much that unless the HomePod Mini units are close by, there’s no way for the Onvis alarm to function properly.
  • Since I know that this alarm system can’t see either of the other two HomePod Mini units that I have in the condo because they are too far away, the Onvis alarm system will bounce between the two HomePods that it can see in the living room. Which results in either slow performance. Or not being usable.

Thus my take home message is that when using Bluetooth devices. Placement of home hubs (HomePods or Apple TVs) and your devices is crucial.And taking any potential sources of interference is equally as crucial. Though Apple could make troubleshooting these sorts of issues a lot easier by having diagnostics built into HomeKit so that you can not only see signal strength of any device in your HomeKit setup, but see what specific home hub a specific device is connecting to. That would have made life so much easier in terms of figuring this out.

A secondary take home message is that by testing this in more detail, it showed me that Apple didn’t improve on how Bluetooth devices are handed in HomeKit with the new architecture as the core behaviour is not any different than before the architecture upgrade. I suspect that’s because Apple is going all in with Thread and Matter support which is reportedly more resilient than Bluetooth due to the fact that Thread and Matter devices create their own self healing network, while Bluetooth devices are point to point connections. Though I have yet to test that myself by putting Matter devices into my HomeKit setup. But the bottom line is that users of Bluetooth devices in HomeKit won’t see any improvements due to upgrading to the new architecture.

Have you noticed any other changes since upgrading to the new architecture? If you have, I would ask you to leave a comment so that I can test them out and share the results.

Microsoft Now Requires Number Matching To Combat MFA Fatigue Attacks

Posted in Commentary with tags on May 10, 2023 by itnerd

Starting on Monday, Microsoft will start enforcing number matching for Microsoft Authenticator MFA alerts to mitigate MFA fatigue attack attempts.

“Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications,” Microsoft says.

To further defend against MFA fatigue attacks, it is suggested users also limit the number of MFA authentication requests per user or domain and if those limits are exceeded lock the accounts or alert the security team.

MFA fatigue has been seen to be very successful by various threat actors who used this attack method on high-profile organizations, such as Microsoft, Cisco, and Uber.

Matt Mullins, Senior Security Researcher, Cybrary had this comment:

   “MFA fatigue being an attack that harasses the user allows for weaker implementations to be bypassed with enough time. The changes MSFT is offering in this instance will provide better security, ideally, but as with all things, there could be issues in implementation and reality.

   “Number matching looks to be a great improvement. With the requirement of more action required by the user, the authentication process is more robust. With a more robust authentication, there is less “ease” of exploitation due to more steps being needed by the attacker to execute their attack process further. A great example of this is adding smart screen, an enable macros button, Mark-of-the-web, etc. that prevent an easy execution of a macro. One caveat to this improvement Microsoft is offering is that they are going to require more from user and who is to say they don’t get fatigue from this and disable it if possible? What about programmatic accounts that require MFA, will this process prevent those types of accounts form getting an MFA value from the CLI?

   “The number match looks great but there are some not-so-great options included as well. The lock out after a number of fails seems like a perfect example of idealized security that will inevitably be turned off if there are issues with timing, key entry, latency, etc. By locking out accounts’ MFA, users will ultimately have to engage IT. While this might seem like a great idea, what happens when helpdesk is costing more? Controls have to be “just enough” to stop attackers but not inhibit functionality.

   “While the push MFA improvements are great, ultimately utilizing something like a Yubikey is a superior option because of easy-to-use controls and robust security (such as FIDO2). Push, like OTP (or One-Time-Pad), are weaker controls and efforts to add security to them can tend to complicate user functionality which impacts production.

David Mitchell, Chief Technical Officer, HYAS follows up with this:

   “Microsoft has taken a key step in combating techniques that have been successful for Lapsus$ and other groups in compromising organizations by increasing the friction required for MFA. Over the last decade, MFA providers worked on improving the user experience compared to legacy pin+token methods — to the point it was almost too easy to authenticate. While this may irritate some end users in the short term, this change will dramatically reduce attacker abilities to utilize MFA fatigue to gain access to enterprise networks.”

Finally, Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “MFA is an important control organizations should apply by default to all of their human identities as part of a defense in depth approach. However, as we’ve seen with the recent Uber breach, MFA fatigue, where attackers repeatedly prompt the user until the user simply allows the bypass, is all too common. Once past that initial defense,  the attackers have bypassed authentication and gained access, free to elevate privileges and move laterally across the enterprise. 

   “While advancing MFA with number matching may help, there are other ways to bypass MFA and organizations must look beyond the identity provider of initial access and implement least privilege access across the entire enterprise to identify any anomalous behavior across the complete modern identity journey from identity provider and MFA, to SaaS applications and multi-cloud infrastructure.”

(Speaking of the recent Uber breach that used “MFA Fatigue” to gain access to their network, Roy, at Rezonate, would like to offer you a demo that shows a complete replicate of the Uber breach that started with an MFA fatigue attack, if you would be interested)

MFA fatigue is a thing. And it’s too much to ask users to be more diligent in terms of what push notifications they respond to. This is going to help but it’s only a piece of the puzzle in terms of really putting a dent into MFA fatigue attacks. In short, the authentication process needs to be such that these attacks are simply not possible.

Nikon Announces The Z 8 

Posted in Commentary with tags on May 10, 2023 by itnerd

Today, Nikon Canada Inc. announced the highly anticipated Nikon Z 8, a full frame mirrorless camera made to meet the needs of imaging professionals, serious photographers, videographers and advanced creators. The Z 8 defines the concept of versatile agility, featuring the latest innovations and speed inherited from the flagship mirrorless Z 9, in a lighter, more compact form-factor that’s ready for action in the field, the studio, the street, at a ceremony or on-set.

The Z 8 packs in massive technology and user-focused features, providing impressive high-resolution images and video up to 8K 60p with overwhelming detail, sharpness, and precise colour. Engineered to be nimble, it’s approximately 30 per cent smaller than the Nikon Z 9, and 15 per cent smaller than the venerable Nikon D850 to which it is the true successor. As the final word in workflow efficiency, the Z 8 gives professionals the confidence to capture without boundaries while yielding stellar files and uncompromising Nikon colour science that can minimize time needed for post-production or editing. 

Ready for Action

Like the flagship Nikon Z 9, the Z 8 is at the industry apex of speed and versatility. Nikon’s powerful EXPEED 7 image processing engine is at the core, combined with the proven full-frame (FX-format) 45.7-megapixel BSI stacked sensor, featuring a scan rate so fast that no mechanical shutter is needed. This configuration can be completely silent, has virtually no rolling shutter distortion, while the removal of moving parts reduces wear and tear. Other favourite flagship features include the truly blackout-free Real-live viewfinder, internal 12-bit RAW video recording in a variety of formats and frame rates, while adding more new features for portrait photographers. 

The Z 8 brings together speed and precision like no other, embracing the extremes to create a camera that can focus in candlelight during a first dance, yet fast enough to freeze a falcon in flight. Like the Z 9, the camera uses Nikon’s most powerful and precise AF system, which has been developed with deep learning technology. The focus is immediately responsive and reliable, offering a range of functions from fully Auto-Area AF, Nikon’s acclaimed 3D tracking and a fully customizable Wide Area AF. These modes take advantage of the enhanced Subject Detection capability for photo and video that recognizes humans, pets, birds, trains, cars, motorbikes and bicycles, and now various types of airplanes. 

Ready for Production
The Z 8 is an extremely capable video camera for a diverse mix of productions, enhancing the process from capture to post by providing cleaner files from a variety of frame rates and resolutions.  Because of its reduced body size and internal recording, it’s ideal for gimbal use, but also suitable as an A-cam for extended events and weddings, corporate clients, documentaries or even independent cinema. Benefits don’t stop at image quality, as users will appreciate the Nikon colours and consideration for the modern multimedia professional’s workflow. 

  • Experience the intense resolution and freedom provided by 8K60p (N-RAW) and 8K30p, and the ability that this massive resolution gives in post to crop and pan. Expansive 4K UHD video options for when the look you’re going for is anywhere from cinematic to slow motion, ranging from oversampled 24p/30p, all the way to 120p with sound. 
  • The Z 8 can record up to approximately 125 min. in 4K UHD/60p1 and up to approximately 90 min. in 8K UHD/30p
  • Internal 12-bit RAW footage can be captured as ProRes RAW 4K60p, or up to 8K60p in N-RAW, Nikon’s RAW video format that is approximately a 50 per cent smaller file size. N-RAW also creates a 1080p proxy file for easier editing. Capturing RAW footage allows for the most image data and highest bit rate for maximum range and flexibility.
  • For more latitude with colour, footage can be captured internally in 10-bit ProRes 422 HQ, while other profile options are available in-camera, including an enhanced N-Log, HLG as well as the easily gradable Flat colour profile.
  • The camera features two USB-C ports which are dedicated to charging (PD) and communication for accessories, further opening options for a truly modular configuration to fit any production. It also utilizes a full-size HDMI, minimizing the use of adaptors.
  • The camera focuses on videographer centric features, including those added to the Z 9 in subsequent firmware updates. These include: Hi-res zoom function for 4K, highly visible red REC Frame Indicator, focus peaking, zebras, waveform, linear focus capability on many NIKKOR Z lenses, fine ISO control, Customizable AF speed tracking, timecode sync, 24-bit stereo audio and more.

Ready to Capture the Impossible
The Z 8 enables users with a powerful combination of the latest hardware and curated features implemented to help make the most challenging creative vision a reality. 

  • The 45.7-megapixel stacked CMOS sensor combined with the EXPEED 7 Imaging engine can render incredible image quality, stellar colours, fantastic dynamic range and high-speed calculations up to 120 cycles, even in low light with minimal noise. 
  • Users now have the option to shoot in a 10-bit HEIF image file, a superior file format to JPEG that is approximately equal in size yet offers approximately one billion more colours. 
  • 14-bit RAW image file formats include the proven high-efficiency RAW format, plus a new HLG RAW option for use on compatible devices. 
  • The Z 8 includes features specifically for portrait photographers, including the Portrait Impression Balance function for precise control of skin tone accuracy, in addition to a new Skin Softening function and improved white balance.
  • Burst speeds range from 20 fps full res RAW+JPEG, 30 fps full-res JPEG, 60 fps DX-format JPEG, or up to 120 fps as 11 mp JPEG with High-speed frame capture +.  Pre-Release Capture is also available to capture the moment in the camera’s buffer before the shutter is even depressed fully. 
  • Get a wide and bright view with the truly blackout free Quad-VGA viewfinder, which provides a clear picture, especially when shooting at 120 fps. The same 3.2” horizontal and vertical tilting four-axis touchscreen LCD from the Z 9 is also used, which enables creative composition from any angle.  
  • Vibration Reduction image stabilization has been enhanced with Synchro VR to achieve up to 6.0 stops of compensation with compatible lenses.6
  • Upcoming features will be added in planned firmware, including an Auto Capture function, which will allow a photographer to automatically trigger a remote camera on user-set parameters. An update will also allow for the base ISO to be extended down to 200 when shooting video footage with N-Log enabled.

Ready to Impress

Like all pro-calibre Nikon cameras, the Z 8 has a robust build quality, further reinforcing the company’s ethos of usability and reliability as a paramount consideration. When asking professionals why they choose Nikon, ergonomics and reliability are always top answers.

  • The Z 8 is fully sealed and gasketed, exceeding the durability of the D850 and built with maximum consideration for dust and drip resistance, while it can also be operated down to -10°C/14°F. Materials including a new pro-grade carbon fibre composite and magnesium alloy are used in the construction to reduce weight and enhance durability. 
  • Exceptional handling with thoughtfully laid out functions and buttons that are customizable.
  • To resist dust, the optical filter includes a dual coating to repel dust in front of the sensor, in addition to a sensor shield that protects the sensor when the camera is turned off.
  • The Z 8 makes it easier to capture in low light environments, with illuminated buttons, warm display colour option, low viewfinder brightness adjustments, and Starlight View which enables focusing down to -9 EV. 
  •  Dual card slots with one CF Express Type B / XQD and SD balancing speed and widespread availability.  
  • The MB-N12 battery grip will be an optional accessory that provides approximately 1.8x more battery life while adding a vertical grip and vertical shutter button /controls. The grip is also weather resistant to the same level as the camera, and allows for hot-swapping batteries.   

Price and Availability
The new Nikon Z 8 will be available in late May 2023 for a Manufacturer’s Suggested Retail Price (MSRP) of $5,399.95. The MB-N12 battery grip will be available in May for an MSRP of $479.95. For more information about the latest Nikon products, including the vast collection of NIKKOR Z lenses and the entire collection of Z series cameras, please visit

Elon Musk Has Decided To Pick A Fight With Meta….Why?

Posted in Commentary with tags on May 10, 2023 by itnerd

I swear. Elon Musk really just can’t keep himself out of trouble. His latest self inflicted gunshot wound to the foot came with this Tweet:

Okay. So Elon has just picked a fight with Meta over WhatsApp. Which is only the most popular messaging app on the planet. Yeah. And he didn’t stop there:

If he’s just saying stuff and not offering up proof of what he’s saying, it will get him in trouble. As in lawsuit kind of trouble. Meanwhile WhatsApp responded to this:

As for Google, they haven’t responded to this as far as I can tell. Which I expect that they are going to respond at some point seeing as Meta just threw them under the bus. But really, why does Elon do this sort of thing again and again? Does Elon not have better things to do than to needlessly stir the pot the way he does. Like, I don’t know, make Twitter less of a train wreck next to a dumpster fire? Just asking.