Archive for October 5, 2023

BREAKING: Elon Musk Sued By SEC Over Twitter Purchase

Posted in Commentary with tags on October 5, 2023 by itnerd

I suspect that life is about to become a lot more difficult for Elon Musk as news is breaking that the SEC is suing him:

The regulator is seeking a court order directing Musk to comply with a subpoena to appear for testimony, it said.

According to the filing, Musk failed to appear for testimony as required, despite agreeing to it at one point.

The investigation concerns whether Musk broke federal securities law violations in connection with his 2022 purchases of Twitter stock, as well as statements and SEC filings he made in relation to the deal. 

Musk acquired Twitter last year after initially building a large minority stake in the social media platform, which he allegedly failed to disclose in a timely manner.

Well, that’s a problem because the SEC is one of those federal agencies that you’re better off co-operating with rather than fighting against because the odds are that you will lose. Elon has fought them before and clearly feels that he can fight them again. But to me, this seems different and I think it won’t end well for Elon.

Get the popcorn ready.

Leave a comment »

Microsoft’s Annual Digital Defense Report Is Out

Posted in Commentary with tags on October 5, 2023 by itnerd

Microsoft’s annual Digital Defense Report has just been released, with important new insights into the state of cybercrime, nation state threats,  critical cybersecurity challenges, innovating for security and resilience, collective defense, and best cybersecurity hygiene practices.

Microsoft’s unique vantage point is this:

  • 65 trillion signals synthesized per day. That is over 750 billion signals per second, synthesized using sophisticated data analytics and AI algorithms to understand and protect against digital threats and criminal cyberactivity.
  • More than 10,000 Microsoft security and threat intelligence experts, including engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across the globe.
  • 4,000 identity authentication threats blocked per second on average over the past year.
  • More than 300 unique threat actors tracked by Microsoft Threat Intelligence, including 160 nation-state actors, 50 ransomware groups, and hundreds of others.
  • More than 100,000 domains have been removed that were utilized by cybercriminals, including over 600 employed by nation-state threat actors. 
  • More than 15,000 partners with specialized solutions in our security ecosystem, who increase cyber resilience for our customers.
  • 135 million managed devices providing security and threat landscape insights.

Jason Keirstead, Vice President of Collective Threat Defense, Cyware had this to say:

   “I’m glad to see collective defense highlighted in Microsoft’s Digital Defense Report. In today’s constantly evolving threat landscape, no entity can stand alone. Individual defenses are critical, but as cyberthreats grow – and grow more sophisticated – taking rapid and effective action relies on the speed at which security teams can get the right intel to the right people. No organization can afford to waste time reinventing the wheel, developing defenses that have already been developed. Real-time collaboration among trusted internal and external entities expedites the ability to develop detection and response plans and to respond to threats.

Paul Valente, CEO, VISO TRUST follows with this:

   “This report underscores that third-party risk management must extend across our informational ecosystems and assess the defenses of trusted third parties well beyond our own organizational boundaries. For example, in the battle against social engineering tactics, the susceptibility of employees within these vendor organizations is often overlooked.

   “As the report highlights, many vendors are missing a critical component in their security strategy: testing the susceptibility of their employees to social engineering attacks. This omission poses a shared risk to us as their partners, as a breach within their organization can potentially provide malicious actors with an entry point into our network as well. We’ve seen recent examples such as the Reddit and Slack breaches, where highly sophisticated phishing attacks compromised employees and subsequently jeopardized the security of the organizations they served.

   “The crux of the matter is that whether a vendor has direct access to our internal systems or merely possesses contact details that are not readily available online, a successful third-party phishing attack can become a significant threat to our organization’s security.

   “So, what should we do if a vendor doesn’t implement social engineering testing? In some cases, where a vendor has minimal access to our network, we should assess the potential impact of their compromise on our organization. Questions like “Could they access sensitive data?” are crucial. If the answers lean towards affirmative, it’s incumbent upon us to look inward and explore ways to mitigate the risks that the vendor presents. If there are limited mitigation options, it may be prudent to explore alternative third-party solutions.

   “In the fight against third-party social engineering vulnerabilities, we must focus on the human factor and adopt a shared responsibility approach. Acknowledging that phishing emails can occasionally slip through even the most robust defenses, both we and our vendors should prioritize employee training to resist clicking on malicious links. Regardless of the security measures our vendors have in place, closing security gaps requires teamwork and collaboration. We must work closely with our vendors, fulfill our part of the security equation, and assume a shared level of responsibility whenever feasible.

   “To enhance our ability to identify and address third-party risks, we should consider leveraging tools and solutions like those offered by VISO TRUST. These tools can help us pinpoint blind spots in our third-party risk landscape and identify common controls that are susceptible to cyberattacks. It’s crucial to proactively assess and manage third-party risks to bolster our overall cybersecurity posture.

This report from Microsoft provides all sorts of useful insights, and should be required reading if you are defending your environment from the bad guys. It’s well worth your time.

Leave a comment »

Reddit Announces Ads Manager Updates

Posted in Commentary with tags on October 5, 2023 by itnerd

There is news out from Reddit where they have introduced major updates to a set of its advertising solutions: Reddit Ads Formula, its on-demand learning hub for advertisers; and Reddit Ads Manager. 

With the rapidly evolving advertising landscape, staying ahead of the curve is essential. This is why Reddit is introducing a new “Boost 2.0 Certification program,” designed to educate advertisers on everything they need to drive maximum success on Reddit. 

To make campaign management and execution more efficient, Reddit has also introduced a suite of new tools for ad managers including improved community search, campaign lifetime budget, and inline editing, among others.

Reddit Ads Manager Updates

New updates to Reddit’s Ads Manager: taking the guesswork out of community targeting on Reddit 

Reddit is continuing to invest in making the Reddit Ads Manager a best-in-class destination, and are leaning into tools and features that optimize their industry-leading contextual and interest-based advertising advantage, for all types of clients. They’re therefore pleased to announce their latest updates that allow advertisers to be even more strategic, seamless and effective in their Reddit campaign management and execution, all while tapping what makes Reddit unique.

Live now, these new tools will benefit Reddit’s small business advertisers all the way through to their enterprise clients, and are particularly geared at those looking to drive efficiency and performance on Reddit with just a few clicks.

Making it even easier to find your audience in Reddit communities 

Throughout this year Reddit has rolled out a series of features, like Keyword Suggestions, that take the guesswork out of driving successful campaigns on Reddit. Aimed at helping advertisers tap into what makes Reddit unique – our 100,000+ interest-led, discussion-rich communities – their latest Ads Manager features allow advertisers to more easily find their audience, expand their targeting, and better understand the Reddit communities most relevant to them. They include: 

  • Improved Community Search: in addition to searching specific communities by name, Reddit’s Ads Manager now allows advertisers to also search for relevant communities by topic – particularly helpful for those finding their initial audience on Reddit.
  • Targeting Suggestions: understanding that Reddit users are passionate about a wide range of passions and interests, this new feature serves up a list of additional suggested communities based off of an advertiser’s selected community target, helping them broaden their reach even further. 
  • Community Info: They’ve also added community descriptions, topic tags, estimated audience size based on membership and engagement, as well as a link to the community, to give advertisers access to all of the key details in one easy place as they set their campaign parameters. 

In addition to these new features, They’ve also invested in new administration tools to allow for more seamless campaign optimization and oversight:

  • Campaign lifetime budget: this new option in the campaign creation process allows advertisers to cap campaign spend at a predetermined amount. Once the submitted budget has been reached, all ad groups within the campaign will stop spending to ensure easy budget management.
  • Inline editing: They’ve also made it simpler to edit campaign names, bids, and budgets directly within our Ads Manager. These changes can all be made in one place, within the Ads dashboard. 

More details on today’s Reddit Ads Formula announcement are available here

Leave a comment »

FINALLY! TD Bank Provides Google Wallet Support For Its Cards

Posted in Commentary with tags , on October 5, 2023 by itnerd

Two years ago, I wrote about TD Bank not having support for Google Wallet and only having support for Apple Wallet. This angered users and sparked a petition to encourage TD to provide this support. I guess that this worked as 9to5Google is now saying that TD now has Google Wallet support:

The last major bank in Canada that didn’t support Google Wallet, TD Bank, has this week finally launched support for NFC payments on Android phones.

And:

Last year, TD Bank announced the shutdown of its own mobile payment service. Customers were reminded of the change via email, with TD then going on to announce that it would open up support for Google Pay and, in turn, Google Wallet on Android devices starting this week.

The email reads:

In October, TD informed customers of its decision to discontinue the TD Mobile Payment service. 

We recognize that mobile payments have become a part of our everyday lives and we are committed to offering a variety of payment solutions for our customers. 

Today, we are happy to announce the launch of Google Pay; customers now have the option to add their TD Access Cards and eligible TD Credit Cards to their Android devices. To start using your mobile phone today, add your TD Access Card or eligible TD Credit Card(s) to Google Pay, if you have not done so already.

I really don’t understand why it took so long for TD to support Google Wallet. It’s almost as if they didn’t want to provide this support, and ultimately were forced to support it for whatever reason. This really reflects poorly on TD. But I am sure that Android users who are TD customers are happy about this development.

Leave a comment »

Guest Post: Microsoft, Paypal among most impersonated brands in phishing attacks in 2023

Posted in Commentary with tags on October 5, 2023 by itnerd

According to data presented by the Atlas VPN team based on a report by Abnormal Security, Microsoft was by far the most impersonated brand by cybercriminals in 2023. The global technology company’s likeness was spoofed over 650,000 times, accounting for 4.31% of all phishing attacks among 350 brands.

Some other reputable companies were present in the top three, including one of the most well-established and widely used digital payment systems, PayPal (1.05%) and social media giant Facebook (0.68%).

Cloud-based electronic signature technology provider DocuSign (0.48%) ranked fourth, while financial and business management company Intuit (0.39%) and the world’s leading logistics company DHL (0.34%) landed in fifth and sixth place, respectively.

Other brands among the top ten include computer security software company McAfee (0.32%), leading internet search engine Google (0.30%), the world’s largest online retailer Amazon(0.27%), and the largest database management company worldwide, Oracle (0.21%).

By impersonating well-known brands like the ones listed above, cybercriminals reliably leverage the victim’s trust and undermine their caution, making it easier to trick them into giving up account credentials or exposing them to malware via malicious links. 

Fraudsters usually achieve this by collecting public information through corporate websites and social media accounts, scouting targets with access to sensitive information and credentials. Imposters can then create a message that masks itself as a message from the impersonated brand to solicit information from said targets. 

To read the full article, head over to: https://atlasvpn.com/blog/microsoft-paypal-among-most-impersonated-brands-in-phishing-attacks-in-2023

Image

Leave a comment »

Guest Post: The New Requirements for Email Delivery at Gmail

Posted in Commentary with tags on October 5, 2023 by itnerd

By  Seth Blank, CTO, Valimail

Google’s announcement on October 3, 2023, is a massive change that is intended to impact email senders who send more than 5,000 emails to Gmail inboxes each day. 

In order to make Gmail inboxes trusted and safe spaces for recipients, Google will be enforcing a handful of new requirements for these types of senders. Beginning in February 2024, email senders will need to have the following requirements in place in order to get email delivered: 

For many email senders, these new requirements won’t impact their email programs, but for others, these changes will mean they’ll need to re-examine their current email authentication and sending practices. 

Below, we’ll dive into the details of each new requirement, what this means for senders and recipients, the reasoning behind making this policy change, and what we think it means for the future of email. 

The new requirements

Implement SPF and DKIM 

SPF and DKIM are mature, robust email authentication protocols that have been in existence for over a decade each. SPF and DKIM provide two different methods not only for authorizing the use of a domain name in an email message, but also for helping to ensure that a domain owner gets proper credit for their sending practices.

Send from a domain with a DMARC policy of at least p=none

DMARC is a protocol that builds on SPF and DKIM:

  • To authorize the use of a domain in the visible From header
  • Give the domain owner insight into the authentication practices of mail streams using that domain
  • Provide the domain owner a mechanism to request handling of messages that fail authentication checks (referred to as a policy preference)

A DMARC DNS record with a policy preference of p=none is the lowest bar for participating in DMARC, as it requests no special handling for messages that fail authentication, but at the same time, gives the domain owner full visibility into its mail streams. The data collected at this step allows the domain owner to make any adjustments to authentication practices necessary before moving on to stronger policy preferences.

Send with an aligned From domain 

With this requirement, Google is asking for each message to have a visible From domain that aligns with either the SPF or DKIM domain, with a preference for alignment with the DKIM domain

For those unfamiliar with the concept, the term “alignment” here comes straight from the DMARC protocol, and per that protocol, two domains are in alignment if they’re identical or at least share an organizational domain (i.e., the domain that is registered when an organization wishes to establish a presence on the public Internet). 

For example, “valimail.com” is our organizational domain, and the domains “sales.valimail.com” and “auth.valimail.com” are in alignment with each other because they share the same organizational domain. 

Valid forward and reverse DNS

Among other records in the DNS, there are two types that are specifically keyed around IP addresses. The DNS “A” record is used to map hostnames to IP addresses (sometimes called “forward DNS”), and the DNS “PTR” record is used to map IP addresses to hostnames (sometimes called “reverse DNS”). 

It has long been a best practice for inbound mail servers to require that sending servers connect from IP addresses that have existing PTR records, but Google is going one step further here and requiring not only that the connecting IP address have a PTR record, but also that the PTR record resolves to a hostname that then resolves back to that same IP address.

The reason for this requirement is that anyone with control over DNS can publish PTR records resolving to any name they choose, so it’s very easy to attempt to spoof ownership. 

As an example, if there were an IP address 12.34.56.78 which had its PTR resolve to mailServer.knownbrand.com, Google would require the A record for mailServer.knownbrand.com also resolves to the IP address 12.34.56.78, a technique sometimes called Forward Confirmed reverse DNS or just “FCrDNS.”

One-click unsubscribe

As defined in RFC 8058, when a sender inserts specially crafted headers in a message, it signals to the mail client that the recipient can unsubscribe from that sender’s messages with just one click if the mail client supports the functionality. Gmail supports this functionality, which can be seen in any number of messages you might see in the Promotions tab or elsewhere from B2C emails: 

The image above is a notification from Lattice. The “Unsubscribe” link next to the sender’s email address in this example is the One-Click Unsubscribe that Google is requiring here.

Low spam rate 

When Gmail users report unwanted messages as spam, its filters use those reports and other heuristics to identify mail that is likely to be unwanted.

This “Low Spam Rate” requirement doesn’t come with any numbers publicly attached to it, but their intention seems pretty clear; domain owners must send wanted mail to people who demonstrate that it’s wanted (through engaging with those messages) or else the domain owners will lose the privilege of sending mail to Gmail.

What this means for senders and recipients

It’s important to note here that this policy change from Google is meant to benefit the end recipient. Google wants to ensure that Gmail users can trust the mail they receive, and by making SPF, DKIM, and DMARC requirements, they’re taking an excellent first step. 

These requirements are a pretty low bar for most email senders, but they’re things that bad actors usually fail to implement. With this requirement, Gmail users can be a bit more confident that the messages they’re receiving are at least getting past basic email authentication. 

“While it’s easy to think this policy change will only impact marketing and other commercial emails, the fact is there are many other types of email that organizations send. These changes impact all email coming from a domain, and while that might include mail being sent through Mailchimp or SendGrid, there are many other emails flowing through the organization’s ecosystem.”

Without ensuring all email coming from your domain is following these requirements, your HR team might not be able to get payroll emails delivered, or the sales team sending outreach messages to prospects might get email blocked. 

For senders of legitimate email, these requirements shouldn’t be revolutionary, but organizations should at least double-check that they have their bases covered. If you’re curious about the email coming from your domain, sign up for Monitor for free today to get visibility into your SPF, DKIM, and DMARC records.  

Why make this policy change?

The benefit of requiring authentication is increased trust and safety throughout the entire ecosystem, at every mailbox provider that validates email authentication (hint: it’s all of them). For businesses sending email, this means protecting their employees, their customers, their executives, and their brand.

At Valimail, we believe that authentication is foundational, and doing it the right way is critical. Email is rife with abuse, and we must do better as an ecosystem to protect everyone. You should be able to trust your email– the email in your inbox should be from who it says it’s from, not a malicious actor pretending to be someone else. When a sender properly authenticates their email, it ensures that no one else can send fake email using their authenticated domains.

“Google’s policy is a great first start; requiring aligned SPF or DKIM with a DMARC policy of at least p=none is a phenomenal low bar, and more is needed. Until all senders utilize the strongest authentication — DMARC at enforcement — their domains are spoofable, and bad actors can continue to defraud users at an accelerating rate.

DMARC at enforcement is not well deployed enough in the market for this to be a realistic requirement today. We hope Google can get aggressive at raising the bar, so strong authentication becomes the norm for everyone in the near future. This is where the real protection for everyone kicks in.

This policy update from Google is a huge step towards a safer world in email for everyone.”

  • Seth Blank, CTO of Valimail

At its core, this announcement is Google’s way of telling legitimate senders that if they don’t follow these well-established best practices, their email is not going to be delivered.

“Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst. To help fix that, we’ve focused on a crucial aspect of email security: the validation that a sender is who they claim to be.”

Google’s Announcement

This announcement is huge as it will impact nearly every Gmail mailbox holder. This policy is the first time any email inbox provider has placed requirements for widely adopted email sending and email authentication best practices.

What does this update mean for the future?

This policy update is a great first step in the right direction, and it’s just the beginning. Google is likely going to evolve from here, and at some point in the future, we expect Google to require DMARC enforcement in order for email to get delivered correctly. 

Over the past few years, we’ve seen an incredible increase in businesses and other organizations adopting DMARC. Unfortunately, the vast majority of those senders aren’t enforcing DMARC with policies of p=quarantine or p=reject. We believe this means the ecosystem isn’t quite ready for Gmail, or any other inbox provider, to implement a strict DMARC requirement. 

The writing is on the wall though. 

This update from Goole is a sign that SPF, DKIM, DMARC, and all the other sending best practices are making the shift from recommendations to requirements. Once Gmail requires any sort of DMARC record, it’s likely only time before their recommendation that senders set their policy at p=quarantine or p=reject becomes another requirement. 

If you’re reading this, it means you’re already ahead of the curve when it comes to running a successful email ecosystem. No matter what tool you use, it’s important that you take the steps to ensure your email gets delivered as intended. 

Leave a comment »

Elon Musk Stops Showing Headlines On Twitter Because He Thinks It Looks Better…. WTF?

Posted in Commentary with tags on October 5, 2023 by itnerd

I seriously think that Elon Musk lives in his own alternate reality where stuff makes sense only to him. I say that because his latest brainwave is to stop showing the headlines in articles that are in Tweets. From The Verge:

X, formerly Twitter, is no longer showing headlines on articles shared on the platform. Instead, X is only showing the article’s lead image and the domain it will link you to. The change is present on the iOS app for myself and another Verge staffer.

There’s a side by side shot in The Verge article that illustrates what this change looks like. And it illustrates how stupid this change is. Because if I am a news outlet, I am simply going to say to hell with Twitter as I can’t post my content there as people can’t engage with it easily. My guess is that Elon wants to drive any sort of news media off the platform by making this move. How that makes sense I have no idea as many people used Twitter to get the news. But this move will likely make people use Twitter less or they will not use Twitter at all. Which logic would suggest is bad for Elon. Even if he doesn’t see it that way.

I do have one question. I wonder is his puppet CEO Linda Yaccarino had any say in this decision? I’m guessing not because she doesn’t actually run Twitter. She’s just there to try and get advertisers back onto the platform. And this move will not help with that goal.

Leave a comment »

Canadian small business credit card spending up 18% amidst inflation and funding challenges: QuickBooks

Posted in Commentary with tags on October 5, 2023 by itnerd

Today Intuit QuickBooks launched the 2023 Intuit QuickBooks Small Business Annual Report developed in collaboration with Professor Ufuk Akcigit, Arnold C. Harberger Professor of Economics at the University of Chicago. The annual report reveals how macroeconomic policies like inflation and higher interest rates are affecting small businesses’ ability to create jobs and get the funding they need to grow. The findings are based on anonymized data from more than 3.4 million Intuit QuickBooks customers and surveys of more than 5,000 small businesses in the US, Canada, and the UK. 

Top Canadian findings:

  • Inflation and interest rates are creating unique challenges for small businesses
    • Monthly small business credit card expenditure is currently 18% higher, on average, than before the pandemic, equivalent to $2,652 CAD per business while monthly repayments against credit card account balances are up by 22% on average, again equivalent to $2,652 CAD per business.
  • Funding is a persistent challenge for small businesses, limiting growth
    • While 51% of small business owners surveyed have used their own savings to fund their business, only 27% report ever getting funding from a commercial lender. New small businesses (0-5 years old) are more than twice as likely to say “getting funding” is their number one challenge compared to older small businesses (21+ years).
  • Higher use of digital tools and technology correlates with higher growth
    • Among small businesses using digital tools to manage 8 or more different areas of their business, 63% report revenue growth and 22% report workforce growth, but among those only managing 1 or 2 areas, this drops to 31% and 6%.

Intuit has also drafted robust recommendations based on these insights for policymakersentrepreneurs, and accountants to help key stakeholders strive towards creating an environment that is conducive to small business success. 

For a more in-depth look at the insights from the inaugural report, check out the Intuit QuickBooks Small Business Index Annual Report here. You can also stay up to date on the latest monthly Index releases, by visiting the Intuit QuickBooks Small Business Index interactive hub.

METHODOLOGY

The report’s findings are based on a new analysis by Ufuk Akcigit, Raman Singh Chhina, Seyit M. Cilasun, Javier Miranda, Eren Ocakverdi, and Nicolas Serrano-Velarde of four data sources, in partnership with Intuit QuickBooks data analysts: 

  1. Intuit QuickBooks Small Business Index: recent employment and hiring trends among small businesses in the US, Canada, and the UK. Methodology details available here.
  2. Intuit QuickBooks customer data: anonymized, aggregated and reweighted/adjusted to reflect the wider population of small businesses in the US, Canada, and UK, not Intuit’s business, to provide new insight into small business access to credit, credit card expenditure, and payments against credit card balances during the recent inflationary period. Sample: 3.4 million small businesses; 2,795,000 in US; 305,000 in Canada; 313,000 in UK.
  3. Intuit QuickBooks Small Business Insights: regular online surveys of small businesses with up to 100 employees, commissioned by Intuit QuickBooks in the US, Canada, and UK every three to four months. Total sample size for April 2023 wave of surveys: 5,175 (comprising 2,805 small businesses in the US; 1,210 small businesses in the UK; and 1,160 small businesses in the UK).
  4. Official statistics and other external sources, including publicly available data from: the U.S. Census Bureau; Federal Financial Institutions Examination Council, Bank Holding Company (US); National Federation of Independent Businesses (US); Statistics Canada; Office for National Statistics (UK), Department for Business, Energy & Industrial Strategy (UK); 

Leave a comment »