Archive for October 2, 2023

ICBA Provides Consumer Tips to Safeguard Financial Data During Cybersecurity Awareness Month

Posted in Commentary with tags on October 2, 2023 by itnerd

In recognition of Cybersecurity Awareness Month in October, the Independent Community Bankers of America (ICBA) and the nation’s community banks are offering tips to consumers on practical measures they can take to protect their sensitive data and reduce risk.

How to Reduce Your Risk 

While there is no foolproof way to avoid online identity theft, you can minimize your risk by: 

  • Limiting disclosed information: Never respond to unsolicited requests for personal information, such as your banking ID, account number, username or password, even if they appear to originate from your bank, government agencies or companies with which you have a relationship. 
  • Using strong and unique passwords: Create strong, complex passwords for online accounts, and avoid reusing the same password across multiple platforms. Consider using a password manager to securely store and generate unique passwords.
  • Taking advantage of security features: Enable the strongest multi-factor authentication offered by your bank, and enable it through a trusted mobile device, an authenticator app, or a secure token. 
  • Using two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your mobile device, in addition to your password.
  • Guarding against phishing attempts: Be cautious of suspicious emails, messages, or calls asking for personal information. Avoid clicking on links or downloading attachments from unknown sources. Verify the legitimacy of any requests before providing sensitive information.

Learn more about how to protect your digital life during Cybersecurity Awareness Month by visiting the Stay Safe Online website. Additional resources are available through the Department of Homeland Security and the Federal Bureau of Investigation.

Leave a comment »

McLaren Healthcare Pwned By Ransomware…. 2.5 Million Affected

Posted in Commentary with tags on October 2, 2023 by itnerd

McLaren HealthCare, one of the largest healthcare systems in Michigan, confirmed that it is dealing with a ransomware attack after the Black Cat/AlphV gang claimed to have stolen 6 TB of data, including the personal information of 2.5 million people.

“McLaren your security is at an all-time low, and we’ve proven it to you. Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun. See you again…,” said Black Cat on their leak site.

McLaren operates 13 hospitals and numerous other healthcare facilities across Michigan, and, earlier this month, the company reported outages not only affecting billing and electronic health record systems but forced McLaren to shut down the computer networks at 14 different facilities; employees had to use their personal phones to communicate.

A spokesperson for McLaren said systems remain operational but did not comment as to whether billing and record systems had been restored to functionality, nor did they say whether a ransom would be paid.

“We have also taken measures to further strengthen our cybersecurity posture with a focus on securing our systems and limiting disruption to our patients and the communities we serve,” said a spokesperson for McLaren.

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “Today, no organization is immune to the threat of a successful ransomware campaign, but there is something every organization can do about managing their risk – and now is the time to do it. Organizations must immediately discover where their greatest exploitable weaknesses are and remediate them before it’s too late.

   “In most cases, the ransomware attacks making news daily are not being enabled by some recent CVE. Instead, there are easily exploitable weaknesses residing in almost every organization’s network that are making the ransomware actors “jobs” much easier. Here are the Top 20 issues that we see in organizations networks on a reoccurring basis.

  1. Credential Reuse Across Systems
  2. Unsecured Admin Credentials
  3. Insecure Active Directory Configurations
  4. Default Service Accounts
  5. Inadequate Access Control
  6. Deficient Network Segmentation
  7. Insecure Network Protocols in Use
  8. Unsafe File Sharing Practices
  9. Improperly Secured Databases
  10. Password/Credential Exposure
  11. Exposed RDP Ports
  12. Absence of Multi-factor Authentication (MFA)
  13. Misconfigured Security Controls
  14. Outdated Hardware/Software
  15. Insufficient Incident Response Processes
  16. Missing Patches and Updates
  17. Misconfigured Firewalls
  18. Insecure Wireless Networks
  19. Insecure IoT Devices
  20. Shadow IT

This isn’t a trivial amount of people who have been affected by this. It makes me wonder if companies take cybersecurity seriously.

Leave a comment »

Review: Apple Watch Series 9

Posted in Products with tags on October 2, 2023 by itnerd

Recently, my wife got an Apple Watch Series 9 to replace a Series 6 that had a battery health of 82%. Which meant she had to charge it twice a day which was far from optimal for her. There’s no big headline feature that may make you not want to upgrade from another upgrade. But there are a few features that may change your mind depending on what Apple Watch you’re upgrading from.

Let’s start with the look of the Apple Watch:

Let’s face facts. This looks like just like the last five versions of the Apple Watch. Nobody will know that you have “the new hotness”. Not even Apple Watch fans. But let’s start with the closest thing to a headline feature that the Series 9 has. Which is a brighter screen:

On the left is the Series 9. On the right is the Series 6. You can see that the Series 9 is brighter. That’s due to the fact that screen can get as bright as 2000 nits which is up from 1000 nits on previous Apple Watch models not named the Ultra. That will make the Series 9 easier to read on bright sunny days. So if you weren’t happy with your current Apple Watch in terms of screen brightness, this might be a reason to upgrade. I should also mention that the screen can dim to 1 nit which is down from 2 nits. That would be welcome in places like dark theatres, and may have a positive impact on battery life. But honestly, I don’t know if this is a feature that would entice me to upgrade from an earlier Apple Watch.

The next feature is the second generation ultra Wideband chip. Now the only feature that Apple demonstrated in their keynote was finding your iPhone 15/15 Pro like you would find an AirTag. Which is a backhanded way of saying that this feature doesn’t work with earlier iPhones. If that’s the only use case that Apple could come up with, then there’s no incentive there for me to upgrade. My guess is that Apple has some other purpose for this that they aren’t talking about now. But they will a year or two from now.

Another new feature is DoubleTap. It can be used to perform any main action on any complication you happen to have open on your watch face, from starting and stopping a timer to snoozing an alarm, to answering and ending a call. It uses the accelerometer and gyroscope to detect intention. Specifically that you have to raise your watch as if looking at the time before performing the two-pinch gesture with your watch hand. The problem is that at the time of this review, it isn’t available and is coming in a software update in October or November. I’ll do a separate article on this when the feature becomes available. But one thing that I do want to cover is that a version of this feature was available for years as an accessibility feature. Now I’ve played with this accessibility feature and it is only accurate about 80% of the time because it is a software only feature. Apple claims that the S9 system in package makes it close to 100% accurate because Apple made this a hardware feature. That seems reasonable and makes sense to me on the surface. But the cynic in me also says that Apple hardware gated a feature to push sales of the S9. Only Apple knows the truth on that front.

On-device Siri is available for the first time. That in theory means that it doesn’t have to connect to the cloud in order to process your questions. Testing this, I was able to set a timer without an Internet connection. But asking Siri 3+2 requires an Internet connection. How does that make sense? Speaking of Siri, you’ll be able to ask heath related questions to Siri for the first time. But only after a software update later this year. I honestly do not know how useful that feature will be as I personally don’t want the world to know what my weight is or what my resting heart rate is. But clearly Apple thinks it’s useful. So I guess we’ll see.

All of this is powered by the new S9 System In Package (SIP). It has a 4-core Neural Engine for processing machine-learning tasks twice as fast as the S8. Siri requests did “feel” a bit faster than my Apple Watch Ultra which has an S8 SIP in it. But the difference was so slight it was basically meaningless. And the Series 9 didn’t feel any faster otherwise because of the S9 SIP. The S9 is also more energy efficient, delivering that power, with the same 18-hour battery life as the Series 8 according to Apple. And this is where my wife did see a difference as she noted that battery drain during sleep as well as just generally was less than her Series 6 when new. For example, the Series 6 when new drained 20% to 25% when sleeping. This is now down to 10% to 15% with the Series 9. The other thing is that battery drain during the day was much less. At the end of the she would be down to 50% to 60% at the day. While that is an improvement, Apple really needs to focus on making the battery life longer as it has been 18 hours forever. Because what users really want is more battery life. As in more than one day without having to buy an Apple Watch Ultra to get it. How about it Apple?

Other notes are as follows:

  • New to my wife is fast charging. Which means that she can top off the battery in the Series 9 quickly if she needs to as long as she uses a fast charging puck to do so.
  • Also new to my wife is a temperature sensor that came out last year with the Series 8 and the Ultra. And just like last year, the watch doesn’t really use this info and present it to you in any meaningful way.
  • The new recycled Nike band is really cool. If you scroll up to the first picture, you’ll see the “Blue Flame” colour Nike band that is made up of recycled bands. It looks really cool. One thing to note is that these Nike band comes with aluminium pin-and-tuck closure rather than the stainless steel pin-and-tuck closure that previous versions had.

So, should you upgrade to the Series 9? Here’s how I see it:

  • If you have a Series 6 or less, this should be an easy call to upgrade.
  • If you have a Series 7, it’s a coin flip in terms of upgrading. I wouldn’t, but I will let you make that call.
  • If you have a Series 8, there’s no point in upgrading. Ditto for those who own a first generation Ultra.

The version of Apple Watch Series 9 that my wife got was the 41mm aluminium cellular model which goes for $679 CDN. But it starts at $549 for the GPS only model. If you want to go to the stainless steel model, you can spend $899 or higher. Is it an iterative upgrade? Yes. But keep in mind that the Apple Watch isn’t something that you would upgrade every year. So just like a car, you buy in when you need to, or like in my wife’s case you have to. Thus I suppose that what the Series 9 offers is enough to keep it at the top of the heap in the smart watch space for now. But honestly, Apple needs to do more if they want to stay there. And “more” is rumoured for next year’s Apple Watch. Let’s hope that they deliver.

1 Comment »