Archive for October, 2023

« Older Entries
Newer Entries »

Guest Post: Traditional methods of application monitoring expose their operations to increased risk of disruption and downtime 

Posted in Commentary with tags on October 27, 2023 by itnerd

By Joe Byrne, Executive CTO, Cisco AppDynamics

Across all industries, technologists are facing escalating levels of complexity as organizations rapidly ramp up their adoption of cloud native technologies, while also maintaining existing on-premises applications and infrastructure. 

This shift to hybrid environments means that IT teams are having to manage an increasingly extensive and fragmented IT landscape, with application components running across both cloud native and on-premises technologies. This poses significant challenges, including increased attack surfaces, limited visibility concerning application availability and performance, an inability to link innovation costs with business outcomes. 

One of the biggest problems that IT teams are facing as they move to a hybrid environment is how to manage the increased volumes of metrics, events, logs and traces (MELT) data which are spawned by cloud native technologies such as microservices and containers. Most technologists don’t have the right tools to sift through this overwhelming data noise to efficiently detect and identify the root causes of application performance issues. 

In research from Cisco AppDynamics, The Age of Application Observability, 78 per cent of technologists state that the increased volume of data from multi-cloud and hybrid environments is making manual monitoring impossible. They recognize that traditional application monitoring approaches are simply not fit for purpose in highly volatile and dynamic hybrid environments. They’re concerned about the potential consequences of this for their organizations – including application disruption and downtime, security breaches and sub-optimaldigital experiences for customers and employees. 

In response to this challenge, technologists are looking to implement new approaches and solutions to manage application availability, performance, and security. They point to application observability as a way for IT teams to cut through complexity within hybrid environments and deliver seamless digital experiences. 

The Limitations of Traditional Application Monitoring Methods 

Most IT departments are still relying on separate tools to monitor on-premises and cloud applications, and they lack visibility of the entire application path where components are running across hybrid environments. This is making effective troubleshooting within hybrid environments nearly impossible and, inevitably, key metrics such as Mean Time To Resolution (MTTR) are going in the wrong direction. 

Less than half of technologists are confident their organization has the right skills and processes in place to manage application availability, performance and security in a sustainable way. Most IT departments aren’t set up to operate effectively within a hybrid environment, where collaboration between teams is essential to optimize applications. These departments are still often characterized by siloed people, processes, and data. 

The Crucial Role of Application Observability in Ensuring Seamless Performance 

97 per cent of technologists state their organization needs to move from a monitoring approach to an observability solution to effectively manage multi-cloud and hybrid environments. 

Application observability provides unified visibility across both cloud native and on-premises environments, ingesting and combining vast volumes of telemetry data from cloud native environments and data from agent-based entities within on-premises applications. It allows IT teams to access real-time insights into application availability and performance across their hybrid environments. 

Crucially, application observability enables technologists to correlate application performance data with real-time business metrics so they can quickly pinpoint and prioritize issues with the potential to do serious damage to end user experience. This allows technologists to cut through complexity and data noise to focus their time and investments on the things that will have the greatest impact on customers and the business. 

An application observability approach is essential to break down silos in the IT department, bringing teams together around a single source of trusted data to achieve shared objectives. Ultimately, application observability leads to improved collaboration, efficiency, and productivity in the IT department, freeing up technologists from reactive firefighting to take a more proactive approach to innovation. Businesses can’t delay any longer – they must move beyond traditional application monitoring approaches to compete and thrive. 

Leave a comment »

Huawei Unveils Latest Flagship HUAWEI WATCH GT 4 

Posted in Commentary with tags on October 27, 2023 by itnerd

Huawei Consumer Business Group (CBG) today announced the Canadian launch of HUAWEI WATCH GT 4, the latest generation of the WATCH GT flagship series that introduces elevated design features with powerful health and fitness functionalities. Part of Huawei’s ‘Fashion Forward’ wearable technology, the smartwatch blends technology and fashion while empowering users to personalize their health and sports journey without compromising style. The HUAWEI WATCH GT 4 is available in a striking Octagon bezel design or the elegant Pendant design.

Classics Evolved: Traditional Craftsmanship Meets Modern Trends 

The HUAWEI WATCH GT 4 introduces inventive design elements while retaining the modern geometric aesthetics Canadians expect from Huawei. The watch is available in two designs – the HUAWEI WATCH GT 4 46mm showcases an octagonal design, while the HUAWEI WATCH GT 4 41mm boasts a sleek pendant design.

There are six different colour options:

  • The classic 46mm comes in three options – a black fluoroelastomer strap, grey stainless steel strap, and a green composite strap
  • The sophisticated 41mm option includes the black fluoroelastomer strap, a jewelry-inspired light gold milanese strap, and a white leather strap option

Canadians can discover their preferred style, customize the watch dial to align with their lifestyle, and further explore options within the online gallery, featuring over 25,000 watch faces.

Taking Active Health Management to the Next Level

The HUAWEI WATCH GT 4 makes smart technology an integral part of healthy living. Three new major features include:

  • PPG Arrhythmia Analysis: Monitoring technology incorporating multi-channel signal enhancement algorithms providing users more accurate readings of their heart health even during dynamic activities or low temperature environments.
  • Menstrual Cycle Management 3.0: Intelligently analyzes and learns physiological indicators, such as heart rate during sleep, body temperature, breathing rate, and more, to predict menstrual periods. 
  • TruSleep™ 3.0: Gives users a better awareness of their sleep cycles.and assists them in adjusting their sleep habits, including Sleep Breathing Awareness which scans for breathing irregularities during sleep, giving users additional insight to their respiratory health during sleep. 

New Fitness Features 

Bolstered by the new TruSeenTM 5.5+ technology, the HUAWEI WATCH GT 4 revolutionizes the smartwatch fitness experience by introducing improved: 

  • Activity Rings Feature: Provides a quick overview of daily fitness statistics, including calories burned, exercise duration, and standing activity. Users can earn medals for completing all three rings and choose from over 100 sports modes for a more active lifestyle.
  • Stay Fit Caloric Management App: A caloric management app that utilizes real-time health data to offer holistic recommendations for better health management.
  • Dual-Band High-Precision GPS: An upgraded dual-band five-system high-precision GPS, increasing positioning accuracy by 30%, even in densely structured urban areas, ideal for expeditions and running challenges.

A Convenient and Intelligent Lifestyle Companion Right at Your Wrist 

The HUAWEI WATCH GT 4 enhances user convenience and lifestyle with added features, including a new launcher, quick messaging and replies, as well as support for third-party applications for music, navigation, and more. The smartwatch offers an impressive battery life of up to 2 weeks. 

The HUAWEI WATCH GT 4 seamlessly integrates with both iOS and Android devices, providing users with access to all these exciting features while ensuring the protection of privacy and data, offering peace of mind when accessing industry-leading technologies.

Availability 

The HUAWEI WATCH GT 4 is now available for purchase in Canada at Amazon.ca and Best Buy. Suggested retail price for the 46mm model is $438.99 and $328.99 for the 41mm model. For more details, please refer to Huawei’s official website

Customer Benefits on HUAWEI Official Store and My HUAWEI App
HUAWEI WATCH GT 4 series is now available at HUAWEI Official Store and My HUAWEI App with an exclusive free gift of FreeBuds 3 (free gift is subject to change due to availability). 

Leave a comment »

INKY Details How Scammers Are Impersonating Streaming Services In The Latest Fresh Phish

Posted in Commentary with tags on October 27, 2023 by itnerd

 INKY has published a new Fresh Phish that streaming subscribers should be very interested in.

According to INKY analysts, this type of phish has been impersonating streaming services such as Paramount, Netflix, and Disney+, utilizing phone scams and malicious links to harvest personal data. It’s totally worth reading as it goes into a whole lot of detail about how these scams work which means you have the means to identify these scams and protect yourself.

You can read this latest Fresh Phish here: https://www.inky.com/en/blog/fresh-phish-streaming-platforms-are-targeted-by-bad-actors-amid-the-real-actors-strike

Leave a comment »

Quantum Tech Risks And Opportunities Exist For Law Enforcement Says Europol

Posted in Commentary with tags on October 27, 2023 by itnerd

This week, Europol published a new report written with the help of industry experts, The Second Quantum Revolution: The impact of quantum computing and quantum technologies on law enforcement, which encourages law enforcers to start building their knowledge and assessing the potential impact of quantum computing technologies to ensure they are prepared for both new risks and opportunities.
 
The report highlighted five things police forces should be doing today to prepare for the quantum age:

  1. Monitor developments continuously to identify potential new threats
  2. Build knowledge and start experimenting to tap these new developments
  3. Build a network of expertise with the scientific community for research and development work
  4. Assess the impact of quantum on fundamental rights to ensure police use of the technology is proportionate
  5. Review transition plans to ensure critical police systems are protected in the post-quantum era


“Quantum computing and quantum technologies hold significant potential to strongly impact law enforcement. From the analysis of large and complex data sets, to improved forensics capabilities and new ways of secure communication, the future promises significant opportunities to strengthen the fight against crime.
 
“Nevertheless, malicious actors could equally try to profit from such advancements and we have to prepare accordingly,” said Europol executive director, Catherine De Bolle.

George McGregor, VP, Approov Mobile Security:

   “It is important that law enforcement agencies are aware of the impact of quantum computing and this is a good contribution from the Europol Innovation Lab.  The recommendations could be less generic and more actionable however. For example, the document discusses the possibility of being able to decrypt currently inaccessible data in the future – it would be useful to provide guidelines on how to store data and to prepare for this eventuality. The report also encourages agencies to establish links and perform research in collaboration with industry experts – it would have been useful to highlight topics and areas of research to help drive this participation.”

All I have to say is that at least law enforcement isn’t being caught off guard. We’ve seen how most of us were caught flat footed by AI, and it’s nice to see history not repeat itself.

Leave a comment »

HYAS Examines Predator Mercenary Mobile Spyware

Posted in Commentary with tags on October 26, 2023 by itnerd

HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency. 

HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”

The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.  

Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.

HYAS Blog – Examining Predator Mercenary Spyware: https://www.hyas.com/blog/examining-predator-mercenary-spyware

Leave a comment »

Five Canadian Businesses Each Awarded $125K Prize Packages Through TELUS’ #StandWithOwners Program

Posted in Commentary with tags on October 26, 2023 by itnerd

TELUS is excited to celebrate five deserving Canadian businesses from across the country who  recently each received a $125K grand prize package as part of the fourth annual TELUS #StandWithOwners program in recognition of how their businesses are changing the game, solving the problems of today, and using technology to grow and differentiate their business.

This year’s grand prize winners include:

  • AquaVerti Farms, Montreal, QC – Led by business owners Georges Aczam and Stephen Moss, AquaVerti Farms specializes in the cultivation of hydroponic vegetables and is the first farm in Canada to completely eliminate CO2 emissions from production
  • Cedar Valley, Oldcastle, ON – Mother-son duo, Surria and Ameen Fadel, started their product line of fattoush salad dressing and authentic Lebanese-style pita chips with a $3,000 grant. Now, they’ve expanded into 1,000 stores across Canada
  • Hoot Reading, Winnipeg, MB – Founded by Carly Shuler and Maya Kotecha, Hoot Reading is a social enterprise dedicated to changing children’s lives through literacy. To-date, the organization has delivered over 250,000 free, evidence-based reading lessons by qualified teachers in hundreds of school districts across North America
  • Omy Laboratoires, Quebec City, QC – Pharmacists and cosmeticians Andrea Gomez and Rachelle Séguin are the revolutionary force behind Omy Laboratoires, a B Corp Certified custom dermocosmetics company that offers fresh and personalized products that meet the needs of those neglected by the cosmetic industry
  • VodaSafe, Vancouver, BC – Created by microelectronics engineer and former lifeguard Carlyn Loncaric, VodaSafe is a hand-held sonar device that uses AI to quickly locate people underwater, revolutionizing the way rescuers do their job. Eight hundred units have already been deployed in 46 states and eight provinces so far with global expansion on the horizon

In addition, 15 finalists received $20,000 in funding and additional prizing from this year’s program. A panel of judges selected the winners out of thousands of applicants based on the strength of their submissions and their entrepreneurial spirit. 

Since 2020, TELUS has committed $3.5 million to the #StandWithOwners, providing funding, technology and recognition to help businesses from coast-to-coast thrive in a digital world. 

Leave a comment »

District of Columbia Board of Elections Has Apparently Been Pwned…. PII Has Been Swiped

Posted in Commentary with tags on October 26, 2023 by itnerd

The District of Columbia Board of Elections (DCBOE) is saying that a threat actor may have obtained access to the personal information of all registered voters:

On Friday, October 20, during a daily morning check-in call with DataNet Systems, DCBOE learned that:

  • DataNet Systems’ breached database server did contain a copy of the DCBOE’s voter roll.
  • DataNet Systems confirmed that bad actors MAY have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver’s license numbers, dates of birth, and contact information such as phone numbers and email addresses.
  • DataNet Systems could not pinpoint if or when this file may have been accessed or how many, if any, voter records were accessed.

Out of an abundance of caution, DCBOE will reach out to all registered voters. In addition, DCBOE will be engaging with Mandiant, a cybersecurity consulting firm, to assist with next steps.

This remains an ongoing and active investigation.

Ken Westin, Field CISO, Panther Labs had this comment:

There are many troubling aspects to the breach of DataNet Systems’ voter registration data. First is the amount of PII that was harvested from license numbers, SSN, addresses, and contact details. Given this is data of DC residents and the ransomware group responsible are out of Russia, there is a likely chance this information can end up in the hands of Russian intelligence. The fact that DataNet Systems can’t say with any certainty when the data was accessed or for how long is also worrisome and makes me wonder if they were missing key security controls to protect such sensitive data.

I for one would like to see DataNet Systems fully explain this. Maybe the solution is to haul them in front of a Congressional committee and compel them to answer the hard questions? I say that because it seems very odd to me that they can’t provide details as to how this happened.

Leave a comment »

Horizon3.ai NodeZero Users Saved $325K+ A Year Independent Study Shows

Posted in Commentary with tags on October 26, 2023 by itnerd

Horizon3.ai today announced the findings from a commissioned study, “The Total Economic Impact of the NodeZero Platform, October 2023,” performed by Forrester Consulting. It shows how the composite organization studied received vulnerability and risk intelligence that exceeds traditional approaches through use of the NodeZero platform and achieved a three-year 63% return on investment (ROI). In addition, operations time savings freed up the equivalent of one member of their four-member security team to focus on other security initiatives.

The study released today is based on six Horizon3.ai customers from four organizations who were interviewed by Forrester Consulting. These users span the entertainment, manufacturing, healthcare, and construction industries and the quantified benefits they experienced formed the framework for Forrester’s Total Economic Impact (TEI). By aggregating the customers’ characteristics, Forrester created a composite company with 2,000 employees and $500 million in annual revenue for its analysis. Forrester’s multistep approach included an evaluation of the costs, benefits, flexibility, and risk factors yielded from the investment in NodeZero for this profile, while also comparing NodeZero to those customers’ earlier penetration testing and vulnerability scanning approaches.

Key findings for the benefits and cost savings over a three-year period were improvement in security operations productivity by 30% worth $348,000, avoided costs of $255,000 by eliminating third-party penetration tests, and savings of $206,000 from reduced vulnerability scanner expenses. This resulted in a financial benefit of $809,000 for this composite organization, and a total value of $1.63 for each dollar spent. The study also highlights many additional security and business benefits that provided significant value but were not quantified in the study.

Direct quotes from the interviewed organizations reveal a common thread throughout the study about their key challenges prior to adopting NodeZero. They included expensive, inconsistent, and ineffective third-party penetration tests, lack of exploitable vulnerability prioritization, and how the use of siloed or underperforming security tools led to poor insights. Readers will also learn how NodeZero improved the interviewed organizations’ security operations productivity, provided measurable and quantifiable benefits, delivered reductions in cost for previous solutions, and enabled a long list of other benefits.

The identities of the customers are not disclosed in “The Total Economic Impact of the NodeZero Platform, October 2023.”

For organizations that face similar challenges and must make comparable decisions as those found in the Forrester TEI study, Horizon3.ai suggests they download the study and see for themselves what these customers said about NodeZero. These customers note that it has considerably improved their company’s security postures, while providing a notable return on their investment over previous cyber risk assessment approaches.

To read the full TEI study, visit https://www.horizon3.ai/tei-study/

Leave a comment »

A New Rogers Email #Scam Is Making The Rounds

Posted in Commentary with tags , on October 26, 2023 by itnerd

My wife and I haven’t been customers of Rogers for well over a year now. Thus when this email hit my inbox, I knew immediately that it was a scam:

Now besides the fact that my wife and I aren’t customers of Rogers, here’s the other reason why it’s a scam:

This email was not sent from a Rogers.com or an rci.rogers.com email address. Which means it was not sent by Rogers.

But the question is, what is the threat actor up to? To find out, I clicked on the Review Refund button which you should never do and got this:

This is a very, very bad copy of the login screen for “my Rogers” which is Rogers account management website. Here’s the real one:

Besides the look and feel of the website, there’s the fact that the fake one is clearly not being hosted by Rogers:

This is highlighted by the fact that you don’t see Rogers.com anywhere in the web address. Contrast that with the real one:

The real one has “account.rogers.com” in it.

My initial thought was that this looks like your classic credential harvesting scam to me. By that I mean that this scam wants to grab your credentials so that the threat actors can log into your account and do who knows what. Perhaps order an iPhone or two like I’ve seen in this scam involving Rogers. But I would be wrong. Entering a fake email address and password took me to this page:

It looks like they’re trying to steal your credit card details and using the “refund” that you’re supposed to get as a pretext for that. Not exactly new and it likely won’t fool most people. But as I’ve always said, scams don’t have to be successful in volume to be successful. I’ll be alerting Rogers about this so that they are aware. And the fact that you’ve read this means that you’re aware also. Which means that the level of success that this scam could have has decreased.

Leave a comment »

73% Of Small Businesses Reported Cyber Attacks Last Year 

Posted in Commentary with tags on October 26, 2023 by itnerd

According to the Identity Theft Resource Center’s 2023 2023 Business Impact Report, of the 551 US small business owners and employees interviewed, 73% reported a cyber-attack last year targeting employee and customer data.  

Despite only 20-34% following cybersecurity best practices such as MFA, mandatory strong passwords or role-based access, 85% of respondents said they felt ready to respond to a cyber incident. 50% claimed to have taken steps to prevent future breaches through training (65%) and utilizing new security tools (53%).

Although the overall number of small businesses suffering a financial impact from a cyber-attack dropped three percentage points from last year to 42%, more respondents said they saw other impacts, such as customers losing trust (32%) and higher employee turnover (32%).

“The good news is that small business leaders are focused on data security and privacy protection. However, we still have a lot of work to do. We must accelerate the transition to newer protections and continue to develop new resources to assist victims based on solid research and unmistakable evidence,” ITRC president, Eva Velasquez said.

George McGregor, VP, Approov Mobile Security had this to say:

   “This is disappointing, with very poor levels of implementation of basic best practices and only half of the companies taking steps to stop breaches.

   “I also think the “good news” in the report – a reported reduced financial impact of breaches – is  probably not to be taken too seriously either. If self-reported it may not be accurate.

   “There will be more and more pressure on small businesses as new reporting requirements come into force and they will be forced to take the issue of cybersecurity more seriously.”

I deal with a number of small businesses. Some get cybersecurity and some think that they aren’t big enough to be to be a target. Or they don’t have the resources to make a serious effort in terms of protecting themselves. All of that is wrong and needs to change in a hurry before something happens that makes them rethink their stance on this.

Leave a comment »

« Older Entries
Newer Entries »