Archive for October, 2023

WeChat & Kaspersky Have Been Banned On Canadian Government Devices

Posted in Commentary with tags on October 31, 2023 by itnerd

Citing security concerns, the Canadian Government has announced that WeChat and Kaspersky have both been banned on Canadian Government devices:

Effective October 30, 2023, the WeChat and Kaspersky suite of applications will be removed from government-issued mobile devices. Users of these devices will also be blocked from downloading the applications in the future.

The Chief Information Officer of Canada determined that WeChat and Kaspersky suite of applications present an unacceptable level of risk to privacy and security. On a mobile device, the WeChat and Kaspersky applications data collection methods provide considerable access to the device’s contents.

The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that Government of Canada networks and data remain secure and protected and are in line with the approach of our international partners.

While the risks of using these applications are clear, we have no evidence that government information has been compromised.

Kaspersky didn’t waste any time in responding to this:

Kaspersky is disappointed with the decision by the Treasury Board of Canada Secretariat to prohibit the use of Kaspersky applications on government-issued mobile devices. This decision comes as a surprise, was made without any warning or opportunity for engagement by Kaspersky on the Canadian government’s underlying concerns, and is not based on any technical assessment of Kaspersky products – which the company continuously advocates for – but instead seems to be made on political grounds. 

I have not seen any reaction from WeChat. But I would imagine that they aren’t happy either. And I expect that there will be additional reaction coming from Russia as Kaspersky is a Russian company, and from China as WeChat is Chinese.

Over Half Million Records of Irish National Police Exposed 

Posted in Commentary with tags on October 31, 2023 by itnerd

Cybersecurity researcher Jeremiah Fowler, discovered and reported to vpnMentor an unprotected database belonging to the Irish National Police Database of automobile seizures containing over 500K records exposing sensitive documents such as scanned identification documents revealing personally identifiable information belonging to car owners, spreadsheets and monthly reports revealing vehicle and registration information, names of vehicle owners and more. 

You can read the full report here:

 New Report From HP Wolf Security finds Malware ‘Meal Kits’ are Helping Attackers Steal Businesses’ Lunch

Posted in Commentary with tags on October 31, 2023 by itnerd

HP Wolf Security’s latest Quarterly Threat Insights Report for Q3 2023 is out now. It reveals how cybercriminals are using pre-packaged malware kits to evade detection tools and breach organizations. Key findings include:

  • A Vjw0rm campaign carrying out multi-stage attacks from a single malicious JavaScript file: This attack uses a 10-year-old Houdini worm and “living off the land tactics” to remain hidden. 
  • A Parallax RAT campaign running a “Jekyll and Hyde” attack – two threads run when a user opens a scanned invoice template. One thread opens the file, while the other runs malware behind the scenes, making it harder for users to tell an attack is in progress.
    • Parallax malware kits are available for $65 a month on hacking forums.

HP also identified attackers are going after their own, “hazing” aspiring cybercriminals by hosting fake malware building kits on code sharing platforms like GitHub. 

Other findings include:

  • Archives were the most popular malware delivery type for the sixth quarter running, used in 36% of cases analyzed by HP in Q3.
  • Macro-enabled Excel add-in threats (.xlam) rose to the 7th most popular file extension abused by attackers in Q3, up from 46th place in Q2.
  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in both Q3, and Q2.

The report can be downloaded here. 

So…. About That Apple Event Last Night…..

Posted in Commentary with tags on October 31, 2023 by itnerd

Apple decided to hold an event last night called “Scary Fast” at 8PM EST. Which in itself was weird as Apple has never done a prime time event before. Plus they did it the day before Halloween. And it was over in 30 minutes. Which is the shortest Apple event that I can remember. But despite that, there were a couple of things that stood out. And a bunch of things that the Apple rumour mill predicted would happen. Let’s dive in to both:

  • Apple Announced The M3 family of processors: As predicted by the rumour mill, Apple’s new M3 processors broke cover. Apple spent a lot of time comparing the M3 family of processors to the M1 family of processors. They also didn’t mention Intel all that often. My feeling is that they really want those of us with M1 based Apple hardware to upgrade. On top of that, I suspect they also want to get the last Intel holdouts to move to Apple Silicon. Here’s the TL:DR on this new family of chips:
    • The M3 chip has up to an 8-core CPU and up to a 10-core GPU with up to 24 GB of RAM
    • The M3 Pro chip has up to a 12-core CPU and up to a 18-core GPU with up to 36 GB of RAM
    • The M3 Max chip has up to a 16-core CPU and up to a 40-core GPU with up to 128 GB of RAM
    • All chips are on Apple’s 3 nanometer process which allow for lower power consumption and more density of the chip components.
    • The GPU supports  “Dynamic Caching” technology, meaning the GPU allocates the use of local memory in hardware in real time, ensuring only the exact amount of memory needed is used for each task. It also supports raytracing for higher quality graphics.
  • Apple Announced The New iMac: The Apple iMac which hasn’t been updated since it was released in 2021 got the new M3 processor. Besides all the features of the M3 processor, it  also features Wi-Fi 6E and Bluetooth 5.3 and still comes in the same colour selection as the M1 version.
  • Apple Kills The 13″ MacBook Pro And Introduces A 14″ MacBook Pro With The M3 Processor: This is something that the rumour mill didn’t get right. Apple finally killed off the 13″ MacBook Pro which was a computer that I have argued that had no reason to exist. Twice. In its place, there’s now a 14″ model with the M3 processor.
  • The 14″ and 16″ MacBook Pros have been refreshed with the M3 Pro and Max chips with a brand new colour called “Space Black”: I’m going to go out on a limb and say some people are going to upgrade simply for the colour alone. But you might want to hold off on doing so for reasons that I will get to in a minute.

Now with that out of the way, here’s what the rumour mill didn’t get right:

  • There was talk that Apple was going to move all its accessories such as keyboards and mice to USB-C. That did not happen.
  • There was talk that Apple was going to drop a new iPad mini on the world. That didn’t happen either.
  • There were less reliable rumours that a 32″ iMac was going to appear. That never materialized.

Next is some random stuff that the Mac media has noticed:

  • MacRumors has noted that the new MacBook Pros have 20% brighter displays. But they also note that the M3 Pro has 25% less memory bandwidth than the M1 Pro or M2 Pro version. What kind of difference the latter makes in the real world is unclear. But on the surface, that to me is a huge incentive to not upgrade if you’re going for the M3 Pro. My advice would be to stay tuned to Tech YouTube and the Mac media who will benchmark these machines to death and get all the answers for you before you spend your hard earned money.
  • 9to5Mac is reporting that the “Space Black” model is not really black. It’s more like a dark grey. Thus those who want a black MacBook Pro are still going to have to pay a visit to dBrand to get hooked up.
  • The 14″ MacBook Pro with the M3 processor only has two Thunderbolt ports according to MacRumors which is a limitation of the M3 processor. I don’t see this as a big deal as the target audience will likely not care about this.

Finally, the entire event was shot on the iPhone 15 Pro Max. And Apple has a behind the scenes video that is currently private on YouTube, but has been found and surfaced to the public:

So, what are your thoughts on the “Scary Fast” Apple event? Share your thoughts below in the comments and let’s get a discussion going.

“Citrix Bleed” Vulnerability Has The Potential To Be Another MOVEit

Posted in Commentary with tags , on October 31, 2023 by itnerd

Earlier this month, Citrix published a vulnerability discovered in hardware sold by the company and recommended customers updated versions of NetScaler ADC and NetScaler Gateway. A week following the advisory, Mandiant reported that the vulnerability had been used as a zero-day exploit in the wild as early as August 2023, observing exploitation at professional services, technology, and government organizations. The vulnerability is currently being actively exploited by threat actors with a severity rating of 9.4 out of 10, and bypassing multifactor authentication. Which makes this very bad. And it has been dubbed “Citrix Bleed”.

Avishai Avivi, CISO, SafeBreach

It is always bad news when a vulnerability comes under mass exploitation. As the Clop ransomware group’s exploitation of GoAnywhere and MoveIT showed, this will often result in millions of compromised records. This recent Citrix NetScaler vulnerability may become the next mass exploit with some notable differences.

NetScaler, unlike the software mentioned above, is specifically meant to serve as a security device. The mechanism that threat actors are exploiting, the Multi-Factor Authentication (MFA) mechanism, is itself a mechanism that boosts the overall security of the device. The other notable aspect is the timeline surrounding this particular vulnerability. More specifically, security researchers reported exploitation of this vulnerability to Citrix in late August 2023. Citrix released a patch and bulletin on October 10, 2023. Several reports show that, as of today, nearly three weeks after the bulletin, thousands of Citrix NetScaler devices remain unpatched and vulnerable.

I view Citrix’s response with mixed feelings. On the one hand, they promptly issued a patch for a critical vulnerability. On the other, they were too relaxed in communicating the urgency of this patch to their customers. This lack of urgency gets compounded when network and security administrators responsible for these devices fail to patch high and critical severity vulnerabilities. This failure indicates a flawed vulnerability management program. Critical and high-severity vulnerabilities should never remain unpatched or unmitigated for over a week, let alone three.

Tom Marsland, VP of Technology, Cloud Range

This vulnerability, designated CVE-2023-4966, now nicknamed “Citrix Bleed,” demonstrates what can happen when devices go unpatched. It’s not important enough that organizations track and remediate vulnerabilities. They must prioritize them, which means having cybersecurity experts who understand the vulnerabilities and the risk their company is under with these vulnerabilities. This goes to highlight the cybersecurity shortage occurring at the mid-level across the industry.

This vulnerability has a CVSSv3 score of 9.4 – it was first observed in late August, and a patch was released on October 10th. Three weeks should be plenty of time to investigate vulnerabilities and patch them in (at least) the public-facing environment – the fact that this is not occurring on some estimated 20,000 cases, again, highlights poor vulnerability management/asset tracking programs and an understaffed cybersecurity workforce at large.  Not until we push cybersecurity education further down into our K-12 school systems and provide hands-on, competency-based training for our industry professionals, do I think we’ll truly be able to wrap our hands around this problem.

I am now just bracing myself for a new round of ransomware attacks because of this vulnerability on a similar scale of what has been seen with MOVEit. This sort of situation I used to think was the worst case scenario. But now it seems to be the norm. And that’s bad for all of us and needs to change.

TimeMachine Editor Helps To Make Apple’s Backup Tool Useful For You

Posted in Tips with tags on October 31, 2023 by itnerd

TimeMachine which is Apple’s backup utility is a great way to back up your Mac. But there are two things that annoy me about it. The first is the lack of ability to easily troubleshoot backup issues. As I type this, I am not aware of anyway to improve on that. But what I can improve upon is the configuration options for TimeMachine. By default, this is what you get:

That’s pretty limited. If you want to do something specific like back up at 8PM every day, you can’t. That’s where TimeMachineEditor comes in. It allows you to replace the TimeMachine configuration pane in macOS and give you a lot of scheduling options that the native configuration pane doesn’t offer.

This is how I have it set up for myself. Which is that I have it set to backup at 8PM every day. But here’s the option that you have:

You can set up when the Mac is inactive, at an interval like every day or week, at calendar intervals like every day or week. You can also set options to not backup at certain times, backup immediately if a backup is missed, backup if on battery power (I do not suggest that by the way) as well as creating local snap shots every hour which is a handy way to roll back to an earlier state if you’re on the road. If you click on “Show Advanced Settings”, you get two more options:

You get two options regarding not backing up when an app prevents either the Mac as a whole or the display from sleeping. There are use cases like watching a video for example where you don’t want the Mac to back up because of the potential performance hit.

Once you set everything the way you like it, you simply press apply and you’re done. TimeMachineEditor takes over and runs TimeMachine backups for you. A pro tip that I have is that you should to go into the macOS TimeMachine preference pane and set it to manual so that the two don’t conflict.

I’ve been using this for a few months now and I’ve come across no issues. Thus I can recommend it to anyone who wants to have better control over their TimeMachine backups. Because everyone should be backing up their computer. This app is free, but the developer accepts donations, thus I’d throw him a couple of bucks for his hard work.

Now if someone could make TimeMachine easier to troubleshoot.

Stanford University Pwned By Akira

Posted in Commentary with tags on October 31, 2023 by itnerd

Late last week, Stanford University issued a statement confirming a cyber incident effecting the Department of Public Safety after screenshots of the listing were shared on the web. 

The Akira ransomware gang claims to be in possession 430GBs of private information and confidential documents and is threatening to leak the information online if Stanford doesn’t pay the unspecified ransom.  

“Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies. The impacted SUDPS system has been secured,” said the statement. 

Stanford said the incident was related to another cybersecurity episode that occurred earlier this month when hackers had breached the University’s Department of Public Safety’s firewall. Also, earlier this year, the University was impacted by two other significant cybersecurity issues: one in February due to a system malfunction and another in April involving third-party software. 

Craig Harber, Security Evangelist: Open Systems had this to say:

   “This cyber incident may be related to several other events at Stanford University this year, including a reported breach of the University’s Department of Public Safety firewall and another incident involving third-party software. These prior incidents could indicate a stealthy campaign by the hacker to remain hidden while they covertly discover and collect sensitive information. This time between the attacker’s initial penetration and the point that the security team figures out the attacker is there is known as dwell time. Industry surveys have shown dwell time ranging from a best case of a couple of minutes to a worst case of hundreds of days. This is an eternity for cybercriminals. It’s putting pressure on security teams to do more to detect and respond to threats in real time.”

The Akira ransomware group has been busy. I have written about them here, here, here, and here. And I fully expect to be writing about them in the future as they are starting to rival the usual ransomware suspects. And that’s bad for all of us.

TELUS Wise Expands With New Responsible AI Online Workshop For Teens

Posted in Commentary on October 31, 2023 by itnerd

TELUS has announced the expansion of TELUS Wise, launching its TELUS Wise Responsible AI online workshop. Coinciding with the celebration of the 10-year anniversary of TELUS Wise, the Responsible AI workshop underscores the program’s decade-long leadership in providing digital literacy education. According to a recent survey by KPMG, more than half of Canadian students over 18 regularly use AI and 81 per cent believe it will be a critical skill for the future, making it an opportune time to introduce education resources on the topic to support Canadian youth. Offered free of charge, the new, online workshop was created in partnership with the Canadian Institute for Advanced Research (CIFAR), helping teens better understand the AI landscape, including what it is, what it’s capable of – and importantly, what it’s not. The uniquely tailored AI workshop for teens is available online in English and French and can be completed individually at home in about 60 minutes. Teachers can also share the workshop with students as a group in a classroom setting.

Since 2013, TELUS Wise has delivered various interactive, and innovative, youth-focused workshops including TELUS Wise footprint, TELUS Wise impact, TELUS Wise in control and TELUS Wise happiness. The program also offers workshops for adults, parents and seniors, further helping people of all ages have a positive experience online. Topics include protecting your online security, privacy and reputation, identity theft, rising above cyberbullying, digital well-being, artificial intelligence and more. In addition, much of the content has been gamified using the Kahoot! platform, making learning about digital literacy and citizenship more engaging and fun. The program has also driven national campaigns to help end cyberbullying, supporting the Amanda Todd Legacy Society and the advocacy efforts of Amanda’s mother Carol. With a commitment to leveraging technology, resources and compassion to help drive positive social change, since 2013, over 660,000 people have participated in the TELUS Wise program, with 92 per cent of participants saying the initiative left them more empowered to stay safe online.

This newest workshop builds upon TELUS’ commitment to responsible AI; in addition to this latest TELUS Wise initiative, TELUS is the first telecom company in Canada to sign ISED’s new voluntary code of conduct for generative AI, which seeks to ensure the transparent, equitable and responsible development of GenAI technology.

To learn more or access the free TELUS Wise workshops and resources, visit Publishes A POC & Deep Dive About Cisco IOS XE CVE-2023-20198 and CVE-2023-20273

Posted in Commentary with tags on October 30, 2023 by itnerd’s Exploit Developer James Horseman has just published Cisco IOS XE CVE-2023-20198: Deep Dive and POC Exploit Developer James Horseman said: “Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities.”

Horseman also notes: “An attack would use CVE-2023-20273 to elevate to root and write an implant to disk. However, even without CVE-2023-20273, this POC essentially gives full control over the device. Cisco’s method for fixing this vulnerability seems a bit unconventional. We would have expected them to fix the path parsing vulnerability instead of adding a new header. This makes us wonder if there are other hidden endpoints that can be reached with this method.”

Today’s post is a follow up to’s October 25, 2023 theory crafting post on CVE -2023-20198.

Meta Gives The EU An Ad Free Option For Facebook And Instagram… For A Price

Posted in Commentary with tags on October 30, 2023 by itnerd

Meta who owns Facebook and Instagram put up a blog post saying that it will introduce an ad-free subscription option in the European Union, European Economic Area, and Switzerland in November:

To comply with evolving European regulations, we are introducing a new subscription option in the EU, EEA and Switzerland. In November, we will be offering people who use Facebook or Instagram and reside in these regions the choice to continue using these personalised services for free with ads, or subscribe to stop seeing ads. While people are subscribed, their information will not be used for ads. 

People in these countries will be able to subscribe for a fee to use our products without ads. Depending on where you purchase it will cost €9.99/month on the web or €12.99/month on iOS and Android. Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user’s Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies. Until March 1, 2024, the initial subscription covers all linked accounts in a user’s Accounts Center. However, beginning March 1, 2024, an additional fee of €6/month on the web and €8/month on iOS and Android will apply for each additional account listed in a user’s Account Center.

Of course the only reason why Meta is doing this is to end years of litigation related to the fact that Meta tracked and profiled users for targeted ads in the EU. Something that it can no longer legally do. Now this isn’t available to users of Meta products anywhere else. And perhaps that’s a good thing because Meta’s essentially arguing that if you don’t want to be the product, you have to pay to use the product. Effectively, you have to pay for your privacy. I don’t know about you, but there’s something wrong about that.