Archive for April 22, 2024

Spring Cleaning Your Tech? Mobile Klinik Is The One-Stop-Shop To Reuse, Repair And Refresh Your Devices

Posted in Commentary with tags on April 22, 2024 by itnerd

It’s Earth Month and spring is in full bloom! As Canadians begin to embrace the spirit of spring cleaning, Mobile Klinik is encouraging them to consider a green approach to upgrading their smartphones. This Earth Month, Mobile Klinik is inviting Canadians to refresh and repair their beloved devices at Mobile Klinik by offering customers a free phone check up and screen cleaning at any of their 150+ locations across Canada.

At Mobile Klinik, they’re on a mission to provide Canadians with quality device repair and resale options that help Canadians save money and make a significant contribution to reducing their carbon footprint. Through Mobile Klinik’s device repair, resale and refurbishment services, their sustainability efforts to date have helped: 

  • Prevent over 825,000 devices and 5.4 metric tons of e-waste from ending up in landfills
  • Divert 5.6 metric tons in CO2 Emissions – that’s the equivalent of powering approximately 660 homes with electricity for one year!

With over 715,000 successful device repairs completed by WISE certified technicians, Mobile Klinik is dedicated to extending the lifespan of smartphones – ensuring each device gets a new lease on life with expert repairs that Canadians can rely on, with every repair contributing to a greener planet.

You can visit mobilekinik.ca for more information and to find the closest Mobile Klinik store near you. 

Leave a comment »

HYAS Documents Risepro Stealer Malware C2 Campaign 

Posted in Commentary with tags on April 22, 2024 by itnerd

David Brunsdon, Threat Intelligence Security Engineer with HYAS, has published “Risepro Malware Campaign On The Rise.”

Brunsdon says: “we saw a surge in activity related to the Risepro malware, particularly targeting IP address 147.45.47.93 – its C2 ‘mother ship.’ This signifies a concerning development in the cyber threat landscape, as Risepro, akin to StealC, is a notorious form of stealer malware designed to exfiltrate sensitive information from compromised systems.

The HYAS threat analysis provide an in-depth understanding of the Risepro malware campaign based on the provided information, focusing on the actor’s tactics, techniques, and procedures (TTPs).  It includes a risk assessment of data compromise, operational disruption and IP theft, and offers mitigation strategies.

Today’s HYAS Threat Intelligence Report also notes the top five ASNs identified in HYAS Insight this last week.

You can read the analysis here.

Leave a comment »

EnGenius Now Shipping The FitXpress Gateway

Posted in Commentary with tags on April 22, 2024 by itnerd

EnGenius has announced that the new FitXpress Security Gateway is now ready for purchase. This advanced security gateway is explicitly designed for small businesses, branch offices, and work-from-home (WFH) environments, providing simple installation, unparalleled efficiency, and reliable security to the market. This solution provides SMBs with an easy-to-use connectivity solution and offers a comprehensive range of features that empower service providers to deliver an efficient and secure solution for a wide range of use cases. 

Complete and Seamless Security Solution 

One of the XG60-FIT Gateway’s distinctive features is to simplify connectivity between two or more physical locations to create a secure network connection for small businesses. Small businesses can seamlessly collaborate, share resources, and communicate across geographical locations. The XG60-FIT Gateway offers a streamlined auto-VPN setup to remove the complexity for users of varying levels with a rapid 900 Mbps speed to connect branch offices or remote workers, enabling efficient communication. EnGenius has also incorporated a VPN self-healing capability that automatically monitors connectivity and corrects issues, providing peace of mind for business owners and network administrators. 

Optimized Remote Connectivity with SecuPoint 

The SecuPoint VPN client feature on the gateway allows for secure and easy remote connections with automatic VPN networking managed in the cloud. EnGenius’s SecuPoint simplifies SSL VPN setup with auto-configuration and flexible certificate authentication, enhancing network administrators’ efficiency.  This feature allows remote workers to access corporate networks safely and securely with encryption. SecuPoint VPN provides unified device connectivity with multi-platform support for Windows, Mac, iOS, and Android. It removes the complexity of remote VPN setup, enabling businesses to run hassle-free. 

Streamlined Management through FitXpress Platform 

Gateway XG60-FIT can be easily managed through the FitXpress platform, which helps small business owners handle operations without the need for IT staff. It offers complete visibility, control, and insightful data to make informed business decisions. FitXpress is a comprehensive network management system that simplifies the installation, configuration, and monitoring of EnGenius network devices, letting business owners focus on their operations rather than dealing with network issues. It provides an intuitive web portal and app enabling remote network management from any location, which enhances network security and operational efficiency for small businesses. 

The XG60-FIT gateway comes with additional key features for connection flexibility and reliability.  

  • Dual-GbE WAN and Dual-GbE LAN ports for maximum performance.  
  • Enhanced connectivity through dual-WAN load balancing.  
  • WAN and cellular failover mechanisms provide continuous connectivity without interruptions. 
  • Dedicated 2 GE LAN Ports, optional 3rd LAN, and 1x SFP uplink for flexible connectivity. 
  • Seamless integration with existing network gateways and routers via passthrough functionality. 
  • High-performance dual-core 2.1 GHz processor for greater speed and power.  
  • Cloud-based management unifies EnGenius Fit Gateways, Wi-Fi Access Points, and Switches.  

The XG60-FIT Gateway, with an MSRP of $375, is now available for immediate shipping through the EnGenius Store and EnGenius authorized partners. Discover more about the XG60-FIT.

Leave a comment »

New Dependency Confusion Vulnerability Discovered In Archived Apache Project

Posted in Commentary with tags on April 22, 2024 by itnerd

Legit Security has disclosed that its research team has recently discovered a dependency confusion, aka dependency hijacking or substitution attack, vulnerability in an archived Apache project, underscoring the urgent need to consider third-party projects and dependencies as potential weak links in software development, especially archived open-source projects that may not receive regular updates or security patches. 

Legit’s researchers found the Apache Cordova app harness archived open-source project and explored the exploit of this misconfiguration in the wild, analyzing that the attacker could execute arbitrary code on the host machine where the vulnerable application is deployed by utilizing the privileges granted to the application, meaning the attack exploitation can result in remote code execution within the production environment. 

Legit explores the implications of this attack, provides the disclosure timeline, spotlights the importance of proper configuration for package managers, and delivers recommendations. 

You can read this disclosure here.

Leave a comment »

Today Is Earth Day 

Posted in Commentary with tags on April 22, 2024 by itnerd

According to EARTHDAY.ORG, prior to the 1960s, Americans widely used leaded gasoline and tolerated high levels of industrial pollution, viewing air pollution as a sign of prosperity, largely ignoring the environmental and health impacts. Then, in 1970, Earth Day was established by Senator Gaylord Nelson to harness the energy of the student anti-war movement for environmental activism, inspired by widespread environmental degradation and the publication of Rachel Carson’s “Silent Spring.” The first Earth Day mobilized 20 million Americans, leading to significant environmental legislation and the creation of the U.S. Environmental Protection Agency.

Today, Earth Day continues to be celebrated globally – on April 22 in the United States and on either April 22 or the day the spring equinox occurs throughout the rest of the world.

According to National Geographic, it is now “…an annual celebration that honors the achievements of the environmental movement and raises awareness of the need to protect Earth’s natural resources for future generations.”

Oleksandr Maidaniuk, VP of Technology, Intellias had this to say about this important day: 

“Earth Day is an ideal time to ‘think globally, and act locally.’ What I mean by this is that regardless of what industry you are in, or organization you work for, you can make a difference. For instance, for those of us in high-tech, we know that innovations like the Internet of Things (IoT), artificial intelligence (AI), and big data have the potential to provide a virtually limitless level of business value — now it’s time to think more about how to apply these technologies to saving our planet.

We are already seeing IoT being used in smart grids to reduce our carbon footprint — via their unique use of sensors and smart appliances to control the production and distribution of electricity. “Environmentally sustainable smart cities” are being constructed with the help of AI, IoT, and big data. AI can help detect potential poachers by analyzing data from drones, infrared cameras, and audio sensors, as well as analyzing satellite images and other environmental data to assess changes in habitats.

Of course, while Earth Day champions environmental consciousness, it’s important to acknowledge that one day of awareness isn’t enough; real change demands that we, especially in the tech industry, integrate sustainability into our daily operations, pushing beyond performative activism toward genuine, impactful action every day.” 

Leave a comment »

House Passes Bill To Force TikTok Sale Or Face A Ban

Posted in Commentary with tags on April 22, 2024 by itnerd

Over the weekend, The House passed a huge bill that among other things forces TikTok parent company ByteDance to sell the social media company, or face having it banned in the US:

The bill passed with a vote of 360-58 in the House, according to AP. It’ll now move on to the Senate, which could vote on it in just a matter of days. Senate Majority Leader Chuck Schumer said today that the Senate is working to reach an agreement on when the next vote will be for the foreign aid package that the TikTok bill is attached to, but it is expected to happen this coming Tuesday. President Joe Biden has previously said he would support the bill if Congress passes it.

This is going put pressure on TikTok. And they’re getting ready for a fight:

TikTok’s head of public policy for the Americas, Michael Beckerman, told staff in a memo after the vote that the bill was unconstitutional and TikTok would fight it in the courts.

“At the stage that the bill is signed, we will move to the courts for a legal challenge,” he wrote in the memo, which was first reported by the tech news website The Information. Beckerman claimed that the bill violated the first amendment of the US constitution, which protects freedom of speech.

“We’ll continue to fight, as this legislation is a clear violation of the first amendment rights of the 170 million Americans on TikTok,” he wrote.

It’s an avenue that TikTok that have used before and they have had success with. I am not a lawyer. But success with this at the state level doesn’t mean that they will have success with the same argument at the Supreme Court. But I am free to be proven wrong.

Get your popcorn ready.

1 Comment »