Archive for December 7, 2023

KOHO Raises an Additional C$86 Million in Funding and Surpasses One Million Users

Posted in Commentary with tags on December 7, 2023 by itnerd

 KOHO Financial Inc., a leading Canadian fintech company, announced today it successfully raised an additional $86 million in a series D extension at an $800 million valuation. New and existing KOHO investors provided the capital, including Drive Capital, Eldridge Industries, HOOPP, Portage, Round13, BDC, and TTV.

Despite a decline in Canadian fintech investment during the first half of 2023, KOHO shines as an exceptional success story in the industry. Notably, it has sustained a consistently positive valuation since the 2021 funding round.

The company’s overarching success is attributed to the continuous growth of its innovative product range which includes Credit Building, Cover, the ability to check your credit score for free, and an industry-leading 5 percent savings rate. Complementing these products is KOHO’s subscription model, known as KOHO Plans.

Looking ahead to 2024, KOHO is dedicated to enhancing Canadians’ financial well-being through innovative features such as increased credit offerings, in-app bill splitting, access to government benefits, and a wide range of other exciting capabilities. In the app, users have the opportunity to remain informed as KOHO’s roadmap is public and open for comments.

Leave a comment »

Governments Spy On Users Using Push Notifications

Posted in Commentary with tags , , on December 7, 2023 by itnerd

From the “I didn’t see this one coming” department comes the revelation that governments have been using push notifications to spy on people for some time. This came to light when Oregon Senator Ron Wyden wrote in a letter to the Department of Justice on December 6 asking the Justice Department to lift restrictions in terms of informing the public of this practise:

Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information

So why should you care? A government could force Apple or Google to hand over data related to push notifications to show how you interact with your phone and the apps on it, as well as give them access to a notification’s complete text and disclose some unencrypted content. All of which is bad of course.

Apple said in a statement published by Reuters the following:

Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests.

True to their word, Apple has now updated its Legal Process Guidelines document to reflect this new reality. Google for its part said this:

Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

But beyond that, I haven’t seen Google update anything. And the thing is that beyond the US who clearly has been using push notifications to spy on people, it isn’t clear who else is doing it. And it is likely that we won’t get a straight answer on that. Thus it might be wise for Apple and Google to rework how push notifications work so that this sort of spying isn’t a possibility.

Leave a comment »

EnGenius Adds New SD-WAN Cloud Gateway

Posted in Commentary with tags on December 7, 2023 by itnerd

EnGenius, a leading provider of intelligent connectivity solutions for enterprises, proudly announces the expansion of its SD-WAN Gateway portfolio with the launch of the EnGenius ESG620 Gateway, that will be shipping this month. This new device combines innovative technology with exceptional performance to deliver secure, efficient, and effective networking solutions for SME’s (Small & Medium-Sized Enterprise) that simplify network deployment and management.   

The EnGenius ESG620 Gateway is a powerful, rack-mountable, and versatile solution that provides network engineers with effortless setup, high-performance, and enterprise-level security solutions. With features like Auto-VPN with healing, Auto-NAT traversal for multi-peer SD-WAN setup, and EnGenius’ new client VPN feature (SecuPoint), it assures enhanced security and simplified business connectivity. Designed with advanced cloud management, it’s compatible with various environments and consolidates everything under a unified and intuitive interface. The enhanced cloud interface allows users to oversee and control every aspect of their network seamlessly. From power distribution units to access points, switches, and gateways, each device can now be explored for detailed visibility and a myriad of options. 

Key Features   

  • Effortless control with the easiest enterprise-level cloud management platform in the industry.  
  • Dual-WAN, fiber SFP+ and 2.5 GbE with USB 3.0 port for max performance, load balancing, and cellular failover.   
  • WAN failover preference for enhanced flexibility and reliability.
  • Eight 2.5 GbE PoE+ ports and one SFP+ port for multi-gigabit switching and powering up Wi-Fi 7 access points, IP cameras, or IP phones.     
  • Effortlessly maintain network connections with self-healing Auto VPN   
  • Streamlined, seamless, and secure VPN Client support, SecuPoint to ensure hassle-free remote connections.  
  • Sleek rack mountable compact design.    
  • No licensing or subscription fees needed.   

Leveraging the capabilities of EnGenius Cloud, all SD-WAN gateways, ESG510, ESG610 and ESG620 benefit from seamless system maintenance, automatic updates, and the integration of new features. 

The ESG620 is scheduled to be available for purchase this month, December 2023 through authorized EnGenius resellers and distributors. For more information about the ESG620, visit https://www.engeniustech.com/engenius-products/cloud-managed-sd-wan-security-gateway-with-quad-core-2-2ghz-and-8x-2-5g-ports/     

Leave a comment »

WARNING: A Dangerous New Text Message Targets Freedom Mobile Users On Android With Malware

Posted in Commentary with tags , on December 7, 2023 by itnerd

If you’re on Freedom Mobile here in Canada, and you have an Android phone, there is a super dangerous text message that you need to be aware of. Here’s the text message in question:

Now what’s dangerous about this message is if you click the link, you will be prompted to download and Android .APK file and give it all sorts of permissions. If you do that, it will not end well for you because the .APK file in question looks like this on Virus Total:

In short, a lot of the antivirus sites detect this as malware that likely does all sorts of nasty things to your Android phone. And what’s really crafty about this is if you try to access this website from anything other than an Android phone, it will not download the payload as it checks the browser that you’re using. Thus it evades detection for a longer period of time.

Here’s some quick facts: Freedom Mobile, nor any other carrier will ask you to download a software update of any sort to “continue to use your services”. Thus if you get a text like this, you need to delete it ASAP and not click on any links. Nor should you install anything if prompted. And if you’re on an Android phone, this reinforces that you need to be super careful of what you install. Because it doesn’t take much to get pwned by a threat actor.

Speaking of this threat actor, it’s clear that this is someone who on the surface appears to be skilled and is likely to target Bell, Rogers, and TELUS customers next when their luck with Freedom Mobile runs out. So customers of all phone carriers need to be aware of this as it is highly likely that this is coming for you next.

Leave a comment »

Former Twitter Exec Says Elon Musk Fired Him For Raising Security Concerns

Posted in Commentary with tags on December 7, 2023 by itnerd

Proving once again that Elon Musk doesn’t appear to care about anything substantial when it comes to Twitter, other than driving it into the ground that is, comes this Reuters report that presents the latest example of what a clown Elon is:

A former executive at Twitter Inc, now called X Corp, has filed a lawsuit claiming he was fired after Elon Musk acquired the company for objecting to budget cuts that would prevent the company from complying with a U.S. government settlement over its security practices.

Alan Rosa, who was Twitter’s global head of information security, filed the lawsuit late Tuesday in New Jersey federal court alleging breach of contract, wrongful termination and retaliation, among other claims.

X Corp did not immediately respond to a request for comment. 

Rosa claims that late last year, after Musk acquired the company, he was told to cut his department’s budget for physical security by 50% and to shut down software that enabled Twitter to share information with law enforcement agencies around the world. 

Rosa says he objected because the cuts would put Twitter at risk of violating a $150 million settlement it entered into earlier in 2022 with the U.S. Federal Trade Commission (FTC), which claimed Twitter had misused users’ personal information. The agreement required Twitter to implement privacy and information security controls to protect confidential data.

He was fired days after raising those concerns, according to the lawsuit. Rosa is seeking unspecified compensatory and punitive damages, and legal fees.

So in short, Elon would rather fan the flames of antisemitism, racism, Nazi behaviour, and the like rather than comply with a legal agreement that comes from a government entity who has the power to make his life miserable. That’s not a smart strategy on the part of Elon. But then, I’ve never considered him to be that smart. You have to wonder what the FTC is going to do now that this is out there. I for one hope that they use this to lower the boom on Elon. Because he really does deserve to be put in his place and found out for being the charlatan that he is.

Leave a comment »

US Agencies Constrained By Failed Incident Response Requirements 

Posted in Commentary with tags on December 7, 2023 by itnerd

In a new report published by the Government Accountability Office (GAO), 20 US federal agencies have failed to meet the deadline to implement advanced level cyber event logging and incident response capabilities required by law.

According to a 2021 Executive Order, all US federal agencies needed reach event logging tier three by August 2023. Currently, only 3 of the 23 agencies were at tier three, 3 agencies had reached the tier one level and 17 had not gone past the tier zero level.

“Until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained,” reads the GAO report.

After a recent investigation, the GAO found the critical challenges for agencies included:

  • The lack of staff
  • Event logging technical challenges
  • Limitations in cyber threat information sharing

Efforts to address these challenges include:

  • Onsite cyber incident response assistance from CISA
  • Event logging workshops and guidance
  • Enhancements to a cyber threat information-sharing platform
  • Implementation of the National Workforce and Education Strategy  
  • A new threat intelligence platform from CISA


Emily Phelps, Director, Cyware had this comment:
 
   “The GAO report findings are both concerning and indicative of broader challenges in the cybersecurity landscape, especially within the public sector. There is a critical gap in the government’s cybersecurity posture at a time when the threat landscape is increasingly complex and aggressive. These findings also underscore the urgent need for modernized cybersecurity measures and collaboration.

   “The proposed remedies are steps in the right direction, potentially enabling more real-time threat intelligence sharing and collaborative defense. To outpace adversaries, federal entities must have reliable intel sharing and security automation capabilities to defend against potential threats more effectively and efficiently.”

Hopefully someone within government is paying attention to this report as this is a pretty major alarm bell that is ringing.

Leave a comment »

US Gov HR Launches Rotational Cyber Workforce Program

Posted in Commentary with tags on December 7, 2023 by itnerd

As of Dec. 4th, federal government, cybersecurity employees can now apply for roles at other agencies via a new listing of open opportunities published by the Office of Personnel Management.

The new Federal Rotational Cyber Workforce Program, which stems from a 2022 law, aims to provide federal cybersecurity professionals with additional opportunities to learn how to defend networks from complicated and evolving threats benefitting agencies in the process.

Across 12 participating agencies, there are currently 53 postings representing 65, six-month to year-long rotations. Those interested will have to already be in a cyber-coded federal job, get approval from their home agency, and have the right level of security clearance.

According to Jason Barke, OPM’s deputy associate director for strategic workforce planning, agencies are excited and interest has exceeded expectations.

George McGregor, VP, Approov Mobile Security had this to say:

   “This is a creative way to offer a development opportunity to federal cybersecurity employees to allow them to enrich their skills. It also should improve retention in a highly competitive market.

   “Some programs must also focus on bringing in new talent of course, but this rotation scheme should help here too, offering an attractive path to achieving broad skills that private companies will struggle to match.”


Troy Batterberry, CEO and Founder, EchoMark follows with this:

   “Encouraging cross-pollination of individual and team skills is a wonderful technique I also utilized during my 30+ years at US Department of Defense, Sony, Microsoft, and now EchoMark. Leaders who selflessly lean in and actively participate in these “knowledge transfer” programs will see their overall organizational effectiveness and team morale grow. They will also see their professional network grow quickly as existing and potentially new team members see such leaders as acting on what is best for the team members and the broader community, and not just optimizing for themselves.”

This is an interesting strategy that I think will pay dividends in the long term as it will serve to be a great force multiplier in terms of having people available and able to defend against cyberattacks.

Leave a comment »