Archive for April 17, 2024

Australians Exposed In Smoke Alarm Service Provider Data Breach 

Posted in Commentary with tags on April 17, 2024 by itnerd

Over 700,000 documents belonging to Smoke Alarm Solutions, Australia’s largest smoke alarm installation and service provider, were exposed according to cybersecurity researcher Jeremiah Fowler. 

The key findings are as follows: 

  • 762,856 documents with a total size of 107 GB; 
  • 355,384 unique documents marked as invoices revealing Customers’ PII; 
  • Documents such as inspections, compliance reports and more. 

Should this data had been discovered by ill-intentioned hackers could have put their customers across Australia at risk to phishing attacks, financial fraud and even non-digital criminal activity, such as burglary or vandalism and more.

You can read all the details here:  https://www.vpnmentor.com/news/report-smokealarmsolutions-breach/

Leave a comment »

Legit Security Now Offered Through GuidePoint Security

Posted in Commentary with tags , on April 17, 2024 by itnerd

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

As organizations build scalable application security programs, they face many challenges, including enforcing consistent policies across disparate product and application teams and demonstrating compliance to various regulations and security frameworks. GuidePoint Security’s expertise and services, paired with Legit’s platform, will enable joint customers to help strengthen their application security posture without slowing the innovation critical to their bottom line.

Legit’s platform enables security teams, including CISOs, product security leaders, and security architects, to gain comprehensive visibility into risks across the development pipeline from the infrastructure to the application layer. With a crystal-clear view of the development lifecycle, customers ensure the code deployed is secure and compliant. Legit’s capabilities that help companies manage their application security posture include:

  • SDLC Visibility & Security: Gain a complete view of your software factory, including development assets and security controls; discover unknown assets and activities, such as developers’ use of GenAI code.
  • Software Supply Chain Security: Automatically discover, analyze, and secure your software supply chain; maintain a continuous inventory of SDLC assets; and produce current software bill of materials (SBOMs).
  • Compliance: Align regulatory compliance to regulatory compliance and map application security to frameworks such as CISA SSDF, SLSA, FedRAMP and ISO 27001; leverage findings to support internal and external audit requirements.
  • Application Vulnerability Management: Consolidate findings from multiple AppSec tools and make sense of these results – supported by contextual understanding of the developer environment – to effectively prioritize remediation.
  • Secrets Detection & Remediation: An AI-powered solution that enables secrets discovery beyond source code, Legit enables organizations to detect, remediate, and prevent secrets exposure across the software development pipeline.

Leave a comment »

Uber’s 2024 Lost & Found Index Is Out

Posted in Commentary with tags on April 17, 2024 by itnerd

Did you lose your Santa costume riding with Uber? Because someone did…

On the heels of the total solar eclipse, Mercury is heading into Retrograde, ushering in a period of cosmic chaos that astrologists say increases forgetfulness. Naturally, we’re back with the eighth annual Uber Lost & Found Index, revealing the most surprising and most popular items left behind by riders over the past year. 

Vapes, phones and bags made the list of the most commonly forgotten items this year, but riders aren’t just leaving their everyday essentials behind – they’re forgetting everything from amethyst crystals to gold dentures to a segway – and that’s just to name a few. 

And ever wonder what the most popular days are for losing stuff? On the mornings after major partying holidays, we see an uptick in items lost on Uber rides home. The two most “forgetful” days this past year were New Year’s Day 2024 and Halloween weekend 2023 (October 29, 2023). When the party’s over, it seems Canadians leave more than just the memories behind.

Here’s Uber’s full 2024 Lost & Found Index, along with easy instructions on how Canadians can retrieve lost items.

Top 10 most forgetful cities across Canada

  1. Montreal
  2. Saskatoon
  3. Winnipeg
  4. Kingston
  5. Vancouver
  6. Hamilton
  7. Toronto
  8. Regina
  9. Edmonton
  10. Niagara Region

Top 10 most commonly forgotten items across Canada 

  1. Article of clothing 
  2. Backpack or bag 
  3. Headphones
  4. Jewellery / watch / make-up
  5. Wallet / purse
  6. Phone / camera
  7. Vape / e-cig
  8. Umbrella
  9. Laptop
  10. Watch

The most forgetful day and time in Canada 

  • New Year’s Day – 2024-01-01 
  • Halloween weekend – 2023-10-29 

The 10 most unique items lost across Canada (item and city) 

  • My girlfriend’s designer heels – Toronto 
  • Fishing rod – Vancouver 
  • Green arm cast – Winnipeg
  • Two amethyst crystals – Ottawa
  • Crocs with a “Proud to Serve” jibbitz – London, ON
  • Deep fryer – Edmonton
  • Japanese chef’s knife – Edmonton
  • A segway – Toronto
  • Gold dentures – Toronto
  • Santa costume – Calgary

The 10 most commonly forgotten items in Toronto 

  1. Article of clothing 
  2. Backpack or bag 
  3. Headphones
  4. jewelry
  5. wallet / purse
  6. phone
  7. laptop
  8. vape / e-cig
  9. watch
  10. groceries

If you’re one of those people who left something behind, look no further than this help page, which outlines the simple steps you can take the next time you leave something behind when riding with Uber. 

The best way to retrieve a lost item is to call the driver – but if you leave your phone itself in your car, you can login to your account on a computer. Please note there is a $20 fee to get your items returned, and that fee goes entirely to the driver because of the inconvenience of returning the item.

Here’s what to do:

  1. Tap “Your Trips” and select the trip where you left something
  2. Scroll down and tap “Find lost item”
  3. Tap “Contact driver about a lost item”
  4. Scroll down and enter the phone number you would like to be contacted at. Tap submit.
  5. If you lost your personal phone, enter a friend’s phone number instead (you can do this by logging into your account on a computer, or using a friend’s phone).
  6. Your phone will ring and connect you directly with your driver’s mobile number.
  7. If your driver picks up and confirms that your item has been found, coordinate a mutually convenient time and place to meet for its return to you.
  8. If your driver doesn’t pick up, leave a detailed voicemail describing your item and the best way to contact you.

Leave a comment »

Cineplex Appears To Be Under Attack…. Again

Posted in Commentary with tags , on April 17, 2024 by itnerd

I’ve been tipped off to Canadian movie theatre chain Cineplex being under a credential stuffing attack. This is not the first time that this has happened from what I can tell. Which makes me wonder why Cineplex is a frequent target of this.

In any case, users who are affected by this credential stuffing attack will get an email that looks like this:

Now when one gets an email like this, they should validate that the email is legitimate by checking the email addresses of who sent it and the reply to email address. Both of those checked out when I examined the email that a reader of this blog got. But that doesn’t mean that you’re in the clear. What you should always do if you get one of these emails is go directly to the website and try to log in. If you can’t log in, you should reset the password from there. Or put another way, you should not trust the links that are in any email because even if the email addresses check out, they could have been spoofed.

In the case of this user, they followed my advice to the letter, but Cineplex never sent them a password reset email. That’s a sure sign that Cineplex has larger issues at the moment that are not good for Cineplex. I don’t expect the company to say anything on this. But if they did, I suspect the news will not be positive. In the meantime, if you get one of these email, you should try to take action as soon as you can.

2 Comments »