Archive for June, 2023

« Older Entries

TSMC Has Been Pwned… Hackers Are Asking For A $70 Million Ransom

Posted in Commentary with tags on June 30, 2023 by itnerd

News it out that Apple chip manufacturer TSMC has been pwned by hackers. This hack has apparently pwned a third party provider according to this:

In a statement given to TechCrunch, a TSMC spokesperson — who emailed from a generic press email account and repeatedly declined to provide their name — confirmed that a “cybersecurity incident” at one of the company’s IT hardware suppliers, named as Kinmax Technology, led to the leak of “information pertinent to server initial setup and configuration.”

“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information,” the spokesperson added. “After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures.”

TSMC shared a copy of the communication it received from Kinmax Technology, an IT services and consulting organization that specializes in networking, cloud computing, storage, security and database management.

“In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked,” Kinmax said in its notice. “The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations.”

Kinmax added that it “would like to express our sincere apologies to the affected customers,” suggesting TSMC wasn’t its only partner affected by the incident.

Eric Huang, vice president of Kinmax Technology, declined to say how many of its customers had been impacted.

On its website, Kinmax claims that its partners include companies such as Nvidia — which declined to comment; HPE; Cisco; Microsoft; Citrix; and VMware. None of the remaining organizations have yet responded to TechCrunch’s questions, and it’s not known if they have been impacted by the incident.

The culprits are apparently the LockBit gang. And said gang want’s $70 million or else:

“In the case of payment refusal, also will be published points of entry into the network and passwords and logins company,” LockBit wrote. The gang didn’t provide any evidence of the data it had allegedly stolen.

This will be interesting to see how this plays out. I am pretty sure that TSMC is unlikely to pay the ransom. So we will have to see if LockBit follows through on their threats.

Get your popcorn ready.

Leave a comment »

Twitter Seems To Have Started To Block Tweets From Unregistered Users

Posted in Commentary with tags on June 30, 2023 by itnerd

The Verge is reporting that it appears that Twitter is blocking Tweets from unregistered users:

If you currently try to access Twitter without logging in to your user account, you may find you’re unable to see any of the content that was previously available to the wider public. Instead, you’ll likely be met with the Twitter window that asks you to either sign in to the platform or create a new account, effectively blocking you from viewing tweets and user profiles or browsing through threads unless you’re a registered Twitter user.

Several members of The Verge team have been able to replicate the issue, and it appears to be affecting web access on both desktop and mobile devices. Prior to this change, Twitter allowed people limited access to the platform without an account — you could view public tweets and user profiles, for example, but couldn’t like or leave comments. A window that prevented readers from viewing additional posts until they signed in also previously appeared after the viewer had scrolled past an undisclosed number of tweets, though that at least allowed some access to the platform.

Now, regardless of how you try to access the website — be that the homepage or a direct link to a tweet or profile — you’re immediately met with a sign-in prompt that completely obscures your view. It doesn’t even tease the content with a swift redirect. You simply can’t see anything.

Now this could be another dirt nap of Twitter as we’ve seen lots of that over the last few months. Or it could be Elon Musk’s latest attempt to paywall Twitter. It’s not clear which it is at the moment. But Twitter or Elon will have to say something as this isn’t going unnoticed. Which in turn creates negative press for both Twitter and Elon.

Leave a comment »

2023 CWE Top 25 Most Dangerous Software Weaknesses Released

Posted in Commentary with tags on June 30, 2023 by itnerd

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, releasing the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. Why is this important? Here’s why:

Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.

In short, you need to pay attention to this list so that if you have exposure to these weaknesses, you can take the required actions to protect yourself.

Joe Saunders, CEO, RunSafe Security had this to say:

“As the Top 25 shows, memory-based exploits remain the most devastating weaknesses in software and account die the most known exploits targeting weaknesses. We must defend against these memory-based exploits or adversaries will be able to take down our critical infrastructure. It’s imperative to prevent attackers from exploiting memory-based weaknesses in software which are the most dangerous vulnerabilities with the most numerous known exploits targeting systems today.

These results are consistent with CISA Director Jen Easterly’s call to solve memory-based weaknesses in code. The sad reality is we cannot afford any more years to go by without immunizing our critical infrastructure from such attacks. This list is no surprise: Not only do CISA and NSA know memory-based software weaknesses threaten our critical infrastructure, but so do our adversaries.  We must achieve memory-safety now or China may disrupt the services we all take for granted, such as powering our facilities or distributing water.”

This is a good initiative. Thus we should all pay attention to this list so that our exposure to these vulnerabilities is reduced.

Leave a comment »

Bell Teams Up With The Institute For Canadian Citizenship As Exclusive Telecommunications Partner

Posted in Commentary with tags on June 30, 2023 by itnerd

This weekend we’ll come together to celebrate this great nation and the many cultural communities that have made it so strong and vibrant. At Bell, they’ve been connecting Canadians and those that call Canada home for over 140 years. From coast to coast, to across the world, they make it easy for everyone to connect, especially newcomers and visitors to Canada. Recognizing how important it is to stay connected with family and friends, and the new opportunities being connected can bring, is their focus.

With that in mind, in the lead up to Canada Day, Bell announced a new partnership with the Institute for Canadian Citizenship (ICC) and its flagship app, Canoo, to bring unique offers to newcomers. Canoo is Canada’s largest national welcome network with nearly 200,000 members. Canoo gives newcomers free VIP access to more than 1,400 of Canada’s best cultural and outdoor experiences, along with exclusive deals from top brands.

To kick off this new partnership, Bell will soon be introducing exclusive mobility and Internet offers for Canoo members:

  • Starting in Ontario, Québec, Atlantic Canada and Manitoba, new Bell home Internet subscribers can get a $100Visa Prepaid Card with activation of an eligible home Internet plan.
  • New eligible Bell mobility subscribers can get a credit of between $20-30 per month during their first 2 years, plus 1,000 free long distance minutes per month for the first 24 months with a mobility purchase on either an Ultimate or Essential Plan. This offer is valid for in-store redemption and with bring-your-own-device (BYOD) plans only.

Bell is excited to be Canoo’s exclusive telecommunications partner – supporting this great initiative, to help unlock Canada for newcomers and assisting them in their journey to a full and active citizenship.

In addition to their partnership with ICC, here are a few other ways Bell is supporting newcomers and multicultural communities:

Leave a comment »

Elon Musk’s Mom Will Start Shilling For Oppo

Posted in Commentary with tags on June 30, 2023 by itnerd

From the “this is weird” department comes this news from phone maker Oppo:

Chinese smartphone maker Oppo whose brand is already in strife in Australia, due to falling demand and massive losses by their distributor is now fighting a global problem, with market share crashing worldwide and in China, their answer is to hire Elon Musk’s mum.
Their response is to cut a deal with supermodel Maye Musk, the mum of the world’s richest man, Elon Musk to spruik their new Oppo Find X6 Pro which is not being sold by smartphone retailers or carriers in in Australia.

The arrangement will see the supermodel will be the brand face and global ambassador position for the business.

The 75-year-old dietician will see her appearing in commercials and other events to promote the flagship.

Beyond what I have above, a video has leaked onto YouTube which you can watch below:

Now Maye Musk was on the cover of the Swimsuit Edition of Sports Illustrated in 1974. But beyond that, I seriously doubt anyone who would be in the target market of Oppo would even know who she is. At least not beyond her son is Elon Musk. And he’s incredibility polarizing at best at the moment. Thus, I’m really not sure how this helps Oppo. But I am a computer nerd and not a marketing expert. What do you think? Please leave a comment below and share your thoughts.

Leave a comment »

INKY Discusses How Threat Actors Are Using QR Codes To Harvest Credentials

Posted in Commentary with tags on June 30, 2023 by itnerd

 INKY has published a new Fresh Phish talking about a phishing trend using QR codes to harvest credentials. 

Here is an overview:

  • Origin: Hijacked account and Freemail users
  • Payload:  Malicious link in QR codes
  • Techniques: Brand impersonation, Credential harvesting, Image-based phish, QR codes
  • Target: Microsoft account holders

You can read INKY’s latest Fresh Phish here.

Leave a comment »

Petro Canada Claims That You Can Pay Via Credit And Debit Cards Again… But Other Things Are Still Down After Getting Pwned

Posted in Commentary with tags on June 30, 2023 by itnerd

Petro Canada for the last week has been dealing with what the company calls a “cybersecurity incident.” Which to the rest of us means that they have gotten pwned. It started last Friday and has been ongoing for the last week after the company confirmed that they had been pwned on Monday. I’ve been tracking this story since them and I wanted to prove an update. Apparently according to the company, debit and credit cards service is back on line:

Suncor Energy Inc. says it is making progress in resolving the customer disruptions that have occurred this week in the wake of a cyberattack against the oil and gas company.

The Calgary-based company says debit and credit transactions are once again available at most of its Petro-Canada retail sites.

Now I have not tested this personally. Thus I cannot confirm that this is the case. But browsing Twitter indicates that it may not be as people on Twitter today and yesterday are still complaining that paying at the pump is problematic at best. And Canada is heading into a long weekend as Saturday is Canada Day. Which means that if things aren’t 100% working by tomorrow, it will end badly for Petro Canada on a variety of fronts.

What is definitively still problematic is that their Petro Canada app is still not working as evidenced here:

When I tried this at just before 6AM this morning, it was still not working. That means you can’t pay for gas via the app. And if you don’t have a physical Petro Points card, which many don’t as Petro Canada did away with physical cards in favour of the app a few years ago, you can’t earn points towards things like free gas, nor can you redeem those points. Thus even if you can pay for gas using something other than cash, that’s one less incentive to get your gas At Petro Canada.

Petro Canada is in deep trouble here. We’re a week in and there doesn’t seem to be an end in sight. Customer’s buying habits have certainly changed and will not likely change back after this is over. Whenever that is. And if that’s not bad enough, there is no statement from Petro Canada about what happen, what data (be it their data or customer data) is at risk, and why we should ever trust them again. Let’s face it, even after this is over, whenever that is, Petro Canada and their parent company Suncor will have a very hard time in terms of assuring the Canadian public that they can be relied upon to deliver gas to a nation the size of Canada in a reliable manner.

Leave a comment »

Flashpoint Releases A Blog About How Social Media Can Help Us To Understand Events, Rumours, And Ideas

Posted in Commentary with tags on June 30, 2023 by itnerd

A new blog post is up from Flashpoint analysts that goes in depth on the role that social media and messaging platforms like Telegram continue to play and help us to understand events, rumors, and ideas as they unfold. The blog post is called Russia-Ukraine war: Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism.

You can read it here: https://flashpoint.io/blog/putin-prigozhin-osint/

Leave a comment »

Targus UV-C LED Disinfection Light Automatically Disinfects High-Touch Surfaces To Create A Cleaner Workspace

Posted in Commentary with tags on June 30, 2023 by itnerd

Targus, the number one laptop case brand in the US and Canada and a leader in laptop cases and mobile computing accessories, today announced that its CES 2021 Innovation Awards Honoree2, the UV-C LED Disinfection Light, is now available for sale. This essential no-touch solution helps reduce pathogens on device surfaces by utilizing UV-C Light technology, which breaks down the DNA of microorganisms. 

Sleek, modern, and lightweight, the Disinfection Light is designed to stand between your keyboard and monitor on the desktop to automatically disinfect the surfaces of keyboards, mice, and other items within the disinfection range3, reducing the need for manual intervention, cleaning, or touching.  

The UV-C LED Disinfection Light effectively kills or inactivates pathogenic microorganisms. Third-party laboratory testing verified efficacy against Flu Virus (H1N1 Influenza), Staph (Staphylococcus aureus) Bacteria, Pneumonia (Klebsiella pneumoniae) Bacteria, and MRSA (methicillin-resistant Staphylococcus aureus) Bacteria. The Targus UV-C LED Disinfection Light runs for 5 minutes, every hour, to clean the active disinfection area. When the disinfection cycle begins, the light emits a purple ambient hue, indicating that it is in use. 

AC-powered, the disinfecting occurs automatically, so there is no manual cleaning schedule to maintain. Manual cleaning, however, can be initiated with the press of a button, allowing 15 seconds for the individual to leave the active area. There is a built-in auto shut-off safety feature that utilizes motion sensors. Should any motion be detected within the safety zone4, outside of the active cleaning area, or if the device senses any activity within the safety zone, the UV-C LEDs will be automatically disabled. After 5 minutes of inactivity, the Light will resume its disinfection cycle. 

The UV-C LED Disinfection Light (AWV339TT) can be purchased in the US on Targus.com and through authorized resellers. 

Leave a comment »

Fisker Ocean Has Lowest Carbon Footprint of Any Electric SUV – Life Cycle Assessment Report Released

Posted in Commentary with tags on June 30, 2023 by itnerd

Fisker Inc. driven by a mission to create the world’s most emotional and sustainable electric vehicles, today released its Life Cycle Assessment (LCA) report – a cradle-to-grave analysis that details the carbon footprint of the Fisker Ocean all-electric SUV. With the lowest published carbon footprint of any electric SUV in its market segment, the “world’s most sustainable vehicle” lives up to its ambitious promise, from raw material extraction to beyond “end of use.” 

Unique in the industry, Fisker built sustainability into its strategy well before becoming a publicly traded company. Fisker prioritizes using the lowest possible amount of virgin materials, delivering the most energy-efficient vehicles possible, evaluating how to ensure the least amount of material goes to landfill at end of use, and developing methods for full vehicle and battery reuse and recycling. The company’s emphasis on supporting a “circular economy” includes prioritizing how battery materials may be pushed back into upstream sourcing. 

Fisker’s LCA is unique in the industry in that it utilizes mostly primary data rather than estimates. Tier 1 suppliers are pushed to provide accurate carbon accounting, while the company’s processes, measurement, and the impact of the earth and the atmosphere are transparent at unprecedented levels. It can be read here.

Fisker has commenced vehicle deliveries in both the United States and Europe, following a unique dual-market certification strategy as it launched simultaneously. The Fisker Ocean One is a launch edition model of the $68,999 Fisker Ocean Extreme, with a 113 kWh battery pack (106 kWh usable) and an EPA range of 360 miles on standard 20” wheels and tires, which is the longest range of any new electric SUV in its class. In Europe, the Fisker Ocean Extreme has a WLTP range of 707km/440 UK miles on standard 20” wheels and tires, which is the longest range of any electric SUV sold in Europe today. The all-electric SUV starts at $37,4992 for the Fisker Ocean Sport trim level in the US.

Leave a comment »

« Older Entries