Archive for April, 2024

« Older Entries
Newer Entries »

Freedom Mobile Expands Apple Watch Support To Their Nationwide Network… And Gives You More Data As Well

Posted in Commentary with tags on April 18, 2024 by itnerd

About an hour ago, I got this text from Freedom Mobile about their Apple Watch support. Something that my wife and I use:

So there’s some explanation that’s required to allow you to understand why this is a big deal. Let’s start with the fact that Apple Watch support is now available on their Nationwide network. Freedom Mobile’s Apple Watch support only worked on their own network. If you were outside of their network, as in you connected to a Rogers or Bell cell tower for example, your Apple Watch won’t get data. This is something that I admit that I never tested as that wasn’t top of mind for me when I did my testing of Freedom Mobile’s network a few months ago. That changes today as clearly Freedom Mobile have worked out some sort of an agreement with presumably Rogers and/or Bell and/or TELUS to allow Apple Watches belonging to Freedom Mobile customers to work on their networks.

That brings me to the second piece of news. Freedom Mobile has jacked Apple Watch users data buckets to 5GB up from 1GB at no extra charge. Now my wife and I are paying $10 a month each so that is a win for us. And to give you some points of comparison:

  • Bell wants $15 a month for 1GB of data
  • Rogers wants $15 a month for 1GB of data
  • I wasn’t able to find what TELUS charges. But they’re likely $15 a month for 1GB of data as well as all of the “big 3” tend to copy each other. Any who can point me towards a definitive price on their website can leave a link in the comments below.

Now to be clear, the most that I have ever used with my Apple Watch during one billing cycle is about 500 MB. So 5 GB is overkill. But it’s still welcome as it is not costing my wife and I anything. I’ll be interested to see how it performs and once the weather warms up a bit more, I’ll be sure to do some testing and report back to you.

In the meantime, you have to wonder what if anything the “big 3” will do to respond to Freedom Mobile and how they have priced their Apple Watch support. This is a pretty big gauntlet that they’ve thrown down, and you have to think that they will respond to it at some point.

1 Comment »

Trash Panda Partners With Goodfood To Give Real Life Rewards To Mark Zero Food Waste Day

Posted in Commentary with tags on April 18, 2024 by itnerd

 Trash Panda – the popular simulator where players act as scrap-scouring raccoons on garbage night in Toronto –  has partnered with Goodfood to give players real-life rewards to mark Zero Food Waste Day on April 24.

To generate attention around the need to fight food waste, the video game will give players bonus points and even real meal-kits (up to $250 OFF) when they find and unlock scrapless meal-kit boxes, as a reward for reducing food waste online – and hopefully offline!

The unexpected  partnership aims to shed light on Goodood’s commitment to reduce leftover scraps by offering meal-kits with zero  food waste – despite the disappointment of a few hungry trash pandas!

The LTO will be available to Canadians on Steam from April 24 (Zero Food Waste Day) until late May.

Leave a comment »

GuidePoint Security Finds Increased Ransomware Activity, New Group Behavior Patterns in Q1 2024 Ransomware Report

Posted in Commentary on April 18, 2024 by itnerd

 GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report.

In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. 

The GRIT Q1 2024 Ransomware Report takes an in-depth look at the shifting RaaS ecosystem, including the residual impact on LockBit from the Operation Cronos Task Force, an international law enforcement effort helmed by the UK National Crime Agency (NCA). Other notable Q1 ransomware events include an apparent exit scam from Alphv following its highly-publicized Change Healthcare ransomware attack, re-extortion attempts from Phobos affiliates and self-proclaimed renewed collaboration from members of the “Five Families” cybercrime collective.

Key Highlights of the Report: 

  • Q1 2024 resulted in a nearly 20% increase in reported victims over Q1 2023, despite the disruption of LockBit and the disbandment of Alphv, two of the largest and most prolific ransomware groups. 
  • The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024. 
  • The top three most active ransomware groups were LockBit, Blackbasta and Play. Even with significant law enforcement disruption in February 2024, LockBit maintained the top spot among RaaS service operations at 219 victims, albeit with a lower operational tempo compared to previous quarters. LockBit claimed an average of almost 3 victims per day before the disruption occurred on February 20th, and had an average of about 2 victims per day from February 24th through the end of March.
  • The industries most impacted by ransomware in Q1 2024 were manufacturing, retail & wholesale and healthcare, respectively. The retail & wholesale industry experienced a surge in observed activity during the quarter, accounting for 7% of all observed posts and overtaking healthcare to become the second-most impacted industry.
  • For the first time since Q2 2023, over half of all observed ransomware victims were based in the United States, making it the most targeted country with a total of 537 victims. Though the United Kingdom saw the largest decrease in observed victims by country (-26%), it still held the second highest number of observed ransomware attacks (60). 

The GRIT Q1 2024 Ransomware Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.

For more information:

Leave a comment »

Several Senators Release A Framework to Mitigate Extreme AI Risks

Posted in Commentary with tags on April 18, 2024 by itnerd

Yesterday, U.S. Senators Mitt Romney (R-UT), Jack Reed (D-RI), Jerry Moran (R-KS), and Angus King (I-ME) released a letter to the Senate artificial intelligence (AI) working group leaders outlining a framework to mitigate extreme AI risks. I encourage you to read the letter, but here’s the TL:DR:

Congress should consider a permanent framework to mitigate extreme risks. This framework should also serve as the basis for international coordination to mitigate extreme risks posed by AI. This letter is an attempt to start a dialogue about the need for such a framework, which would be in addition to, not at the exclusion of, proposals focused on other risks presented by developments in AI.

Under this potential framework, the most advanced model developers in the future would be required to safeguard against four extreme risks – the development of biological, chemical, cyber, or nuclear weapons. An agency or federal coordinating body would be tasked to oversee the implementation of these proposed requirements, which would apply to only the very largest and most advanced models. Such requirements would be reevaluated on a recurring basis as we gain a better understanding of the threat landscape and the technology.

Sounds interesting. But is it useful? Here’s what Kevin Surace, Chair, Token had to say:

This is great politics and important to state publicly, but it won’t protect anyone from these threats. The major model providers already have strong safeguards in place for these and similar threats (you cannot get an answer from ChatGPT on how to create a chemical weapon).

This changes nothing from all major US providers. They already strongly limit access to such content. However open source models being used by bad actors and rogue countries are not subject to these laws and will misuse the technology anyway.

Anyone can already Google how to create a biological weapon. Having the answers faster doesn’t really help someone with the chemistry, procurement, production and so on anymore than Google already did. But AI could create perhaps new compounds not well documented elsewhere. And the bad actors are already taking advantage of that with open source models.

This has zero impact on OpenAI, Microsoft, Google and so on. And it has zero impact on a rogue country using open source models.

I’m all for guardrails and safeguards. But they have to be useful. I am not yet convinced that this effort by these senators is useful. But I am free to be convinced otherwise. Let’s see if they can convince myself and others that this is a useful exercise.

UPDATE: I have additional commentary from Madison Horn, Congressional Candidate (OK-5) and cybersecurity leader:

The plan proposed by the Senators is crucial. We are in the midst of a new kind of Cold War with China, one that includes the race to harness AI. A comprehensive strategy to not only secure but also to fully harness the potential of AI is essential. The nation that leads in AI will not only dictate global markets but also define international norms for decades to come.

Executing a plan to mitigate AI risks is loaded with challenges. First, we need a solid strategy to retain top talent for any new agencies we might set up, and we must also forge strong partnerships with the private sector. Then there’s Congress—sometimes it seems like they’re in a tech time warp, which doesn’t help. Plus, we can’t let our drive for security strangle American innovation. We need to stay agile, adapting as new models and classifications emerge, and ensure we’re not shutting out new startups or inadvertently creating monopolies.

And let’s not overlook cybersecurity challenges. Ensuring these AI models aren’t leaked or stolen is crucial—our adversaries are definitely taking notes and will be trying to tap into this wealth of information that will be retained.

Artificial intelligence poses a significant threat, one that reshapes the global landscape in ways we haven’t witnessed since the post-WWII era. With new alliances forming, notably between Russia and China, the stakes in the AI war are extraordinarily high. The power of AI doesn’t just accelerate a country’s ability to dominate global markets; it also has the potential to shift global values depending on who emerges as the leader in this technology. In the most extreme scenarios, the misuse of AI could lead to catastrophic outcomes, potentially destroying the world in a matter of seconds. The race to harness AI, therefore, is not just about technological superiority but also about steering the future ethical and moral compass of our entire planet.

We need to keep the spark of American innovation alive—it’s also crucial for our national security. Collaboration with the private sector? Non-negotiable. With many of the few qualified individuals in Congress retiring or being pushed out of office by partisan politics, it’s up to the American people to step up. We must elect leaders who are not just filling a seat but who truly understand the complexities of today’s tech challenges. Leaders who have the understanding to craft and pass laws that safeguard our citizens without choking out our innovation and economic growth. This is about securing a future where America continues to lead, not follow.

1 Comment »

Australians Exposed In Smoke Alarm Service Provider Data Breach 

Posted in Commentary with tags on April 17, 2024 by itnerd

Over 700,000 documents belonging to Smoke Alarm Solutions, Australia’s largest smoke alarm installation and service provider, were exposed according to cybersecurity researcher Jeremiah Fowler. 

The key findings are as follows: 

  • 762,856 documents with a total size of 107 GB; 
  • 355,384 unique documents marked as invoices revealing Customers’ PII; 
  • Documents such as inspections, compliance reports and more. 

Should this data had been discovered by ill-intentioned hackers could have put their customers across Australia at risk to phishing attacks, financial fraud and even non-digital criminal activity, such as burglary or vandalism and more.

You can read all the details here:  https://www.vpnmentor.com/news/report-smokealarmsolutions-breach/

Leave a comment »

Legit Security Now Offered Through GuidePoint Security

Posted in Commentary with tags , on April 17, 2024 by itnerd

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

As organizations build scalable application security programs, they face many challenges, including enforcing consistent policies across disparate product and application teams and demonstrating compliance to various regulations and security frameworks. GuidePoint Security’s expertise and services, paired with Legit’s platform, will enable joint customers to help strengthen their application security posture without slowing the innovation critical to their bottom line.

Legit’s platform enables security teams, including CISOs, product security leaders, and security architects, to gain comprehensive visibility into risks across the development pipeline from the infrastructure to the application layer. With a crystal-clear view of the development lifecycle, customers ensure the code deployed is secure and compliant. Legit’s capabilities that help companies manage their application security posture include:

  • SDLC Visibility & Security: Gain a complete view of your software factory, including development assets and security controls; discover unknown assets and activities, such as developers’ use of GenAI code.
  • Software Supply Chain Security: Automatically discover, analyze, and secure your software supply chain; maintain a continuous inventory of SDLC assets; and produce current software bill of materials (SBOMs).
  • Compliance: Align regulatory compliance to regulatory compliance and map application security to frameworks such as CISA SSDF, SLSA, FedRAMP and ISO 27001; leverage findings to support internal and external audit requirements.
  • Application Vulnerability Management: Consolidate findings from multiple AppSec tools and make sense of these results – supported by contextual understanding of the developer environment – to effectively prioritize remediation.
  • Secrets Detection & Remediation: An AI-powered solution that enables secrets discovery beyond source code, Legit enables organizations to detect, remediate, and prevent secrets exposure across the software development pipeline.

Leave a comment »

Uber’s 2024 Lost & Found Index Is Out

Posted in Commentary with tags on April 17, 2024 by itnerd

Did you lose your Santa costume riding with Uber? Because someone did…

On the heels of the total solar eclipse, Mercury is heading into Retrograde, ushering in a period of cosmic chaos that astrologists say increases forgetfulness. Naturally, we’re back with the eighth annual Uber Lost & Found Index, revealing the most surprising and most popular items left behind by riders over the past year. 

Vapes, phones and bags made the list of the most commonly forgotten items this year, but riders aren’t just leaving their everyday essentials behind – they’re forgetting everything from amethyst crystals to gold dentures to a segway – and that’s just to name a few. 

And ever wonder what the most popular days are for losing stuff? On the mornings after major partying holidays, we see an uptick in items lost on Uber rides home. The two most “forgetful” days this past year were New Year’s Day 2024 and Halloween weekend 2023 (October 29, 2023). When the party’s over, it seems Canadians leave more than just the memories behind.

Here’s Uber’s full 2024 Lost & Found Index, along with easy instructions on how Canadians can retrieve lost items.

Top 10 most forgetful cities across Canada

  1. Montreal
  2. Saskatoon
  3. Winnipeg
  4. Kingston
  5. Vancouver
  6. Hamilton
  7. Toronto
  8. Regina
  9. Edmonton
  10. Niagara Region

Top 10 most commonly forgotten items across Canada 

  1. Article of clothing 
  2. Backpack or bag 
  3. Headphones
  4. Jewellery / watch / make-up
  5. Wallet / purse
  6. Phone / camera
  7. Vape / e-cig
  8. Umbrella
  9. Laptop
  10. Watch

The most forgetful day and time in Canada 

  • New Year’s Day – 2024-01-01 
  • Halloween weekend – 2023-10-29 

The 10 most unique items lost across Canada (item and city) 

  • My girlfriend’s designer heels – Toronto 
  • Fishing rod – Vancouver 
  • Green arm cast – Winnipeg
  • Two amethyst crystals – Ottawa
  • Crocs with a “Proud to Serve” jibbitz – London, ON
  • Deep fryer – Edmonton
  • Japanese chef’s knife – Edmonton
  • A segway – Toronto
  • Gold dentures – Toronto
  • Santa costume – Calgary

The 10 most commonly forgotten items in Toronto 

  1. Article of clothing 
  2. Backpack or bag 
  3. Headphones
  4. jewelry
  5. wallet / purse
  6. phone
  7. laptop
  8. vape / e-cig
  9. watch
  10. groceries

If you’re one of those people who left something behind, look no further than this help page, which outlines the simple steps you can take the next time you leave something behind when riding with Uber. 

The best way to retrieve a lost item is to call the driver – but if you leave your phone itself in your car, you can login to your account on a computer. Please note there is a $20 fee to get your items returned, and that fee goes entirely to the driver because of the inconvenience of returning the item.

Here’s what to do:

  1. Tap “Your Trips” and select the trip where you left something
  2. Scroll down and tap “Find lost item”
  3. Tap “Contact driver about a lost item”
  4. Scroll down and enter the phone number you would like to be contacted at. Tap submit.
  5. If you lost your personal phone, enter a friend’s phone number instead (you can do this by logging into your account on a computer, or using a friend’s phone).
  6. Your phone will ring and connect you directly with your driver’s mobile number.
  7. If your driver picks up and confirms that your item has been found, coordinate a mutually convenient time and place to meet for its return to you.
  8. If your driver doesn’t pick up, leave a detailed voicemail describing your item and the best way to contact you.

Leave a comment »

Cineplex Appears To Be Under Attack…. Again

Posted in Commentary with tags , on April 17, 2024 by itnerd

I’ve been tipped off to Canadian movie theatre chain Cineplex being under a credential stuffing attack. This is not the first time that this has happened from what I can tell. Which makes me wonder why Cineplex is a frequent target of this.

In any case, users who are affected by this credential stuffing attack will get an email that looks like this:

Now when one gets an email like this, they should validate that the email is legitimate by checking the email addresses of who sent it and the reply to email address. Both of those checked out when I examined the email that a reader of this blog got. But that doesn’t mean that you’re in the clear. What you should always do if you get one of these emails is go directly to the website and try to log in. If you can’t log in, you should reset the password from there. Or put another way, you should not trust the links that are in any email because even if the email addresses check out, they could have been spoofed.

In the case of this user, they followed my advice to the letter, but Cineplex never sent them a password reset email. That’s a sure sign that Cineplex has larger issues at the moment that are not good for Cineplex. I don’t expect the company to say anything on this. But if they did, I suspect the news will not be positive. In the meantime, if you get one of these email, you should try to take action as soon as you can.

2 Comments »

Scam Call Turns Deadly With An Uber Driver Being Killed

Posted in Commentary with tags on April 16, 2024 by itnerd

I have dealt with scammers for years. But this is the first time that I have heard of a scam leading to someone to being killed. I have for you a news report where a man in Ohio was being bombarded with scam calls, which lead to an Uber driver being shot and killed by said man. Here’s the video that describes what happened. And I will say that this is not for the faint of heart:

What this appears to be is a scam where instead of the scammers using electronic means to steal money from you, they somehow get you to withdraw cash and then have someone pick it up from you. That someone may be an intermediary who delivers it to someone else who sends the money to its final destination, or they may do that themselves. This is sometimes referred to as a “Hawala” which you can get more info here.

Now the police have arrested this man for shooting the Uber driver. But what I wish would also happen, but I don’t see it happening, is that the scumbags behind this scam get tracked down and arrested as well as they are just as guilty in this Uber driver’s death. I’ve said it before and I will say it again. Scammers are the lowest forms of life out there. They need to be treated like cockroaches and exterminated with extreme prejudice. And the fact that this happened illustrates why that needs to happen sooner rather than later.

Leave a comment »

Guest Post: New Tools Are Needed by Technologists to Thrive in an ‘Experience is Everything’ World 

Posted in Commentary with tags on April 16, 2024 by itnerd

By Gregg Ostrowski, CTO Advisor, Cisco Observability 
 

Digital experience is now positioned at the heart of almost every organization’s strategic priorities. Whether it’s driving employee engagement to address skills gaps and boost productivity, reaching new and diverse audiences, or deepening relationships (and expanding revenue streams) with existing customers, businesses must deliver exceptional digital experiences to be successful. We’ve reached the point where “experience is everything.”  

Globally, consumer demand for applications and digital services is on the rise, focused on innovative, personalized, and intuitive experiences. Brands failing to meet these expectations are being abandoned. Consequently, digital experiences have become a crucial battleground for businesses. Success here can attract customers, strengthen relationships, and boost sales, while failure results in losing customers, revenue, and reputation.  

Not surprisingly, experience is now a key focus in boardrooms around the world. Recent research from Cisco reveals that 75 per cent of senior global business leaders emphasize the increased importance of digital experience for C-level executives in their organizations over the past three years. Consequently, they are pushing their IT teams to ensure applications and digital services are available, secure and performing at an optimal level at all times. 

Visibility into application performance enables business leaders to identify opportunities and manage risk 

In 80 per cent of organizations, C-level executives routinely receive reports on the performance of business-critical applications, digital services and their business impact. Business leaders are now diving deeper into application performance data to gain a comprehensive understanding of the experiences customers and employees have with their brand.  

This trend is driven by two primary factors. First, leaders need insights into application performance to identify trends, highlight areas bringing substantial business value, and capitalize on these opportunities. Second, they aim to pinpoint potential availability, performance, and security issues that could significantly jeopardize digital experiences. They’re urgently looking to mitigate risk and avoid a revenue-impacting incident. 

For example, in the retail sector, business leaders now want to be able to scrutinize the performance of every stage of the user journey, from sign-up to check-out. They want to analyze the speed and efficiency of every phase of the workflow, identify what is working well and where improvements could be made. And crucially, they want to know where vulnerabilities exist within applications in order to manage risk. 

It’s a similar story in other industries. Leaders in financial services firms are placing a massive focus on digital experience monitoring to compete and win against emerging and disruptive digital-first competition, and within manufacturing, leaders are scrutinizing the performance of each process across their vast SAP landscapes. 

Threats to Digital Experience Arise from Escalating IT Complexity 

For IT teams tasked with developing, deploying, and sustaining applications, the stakes are higher than ever. They understand that even minor lapses in digital experiences could yield significant repercussions for their organizations.  

The reality though is that most IT teams simply don’t have the tools and insights they need to manage modern application environments in an effective and sustainable manner. And, as a result, they’re stuck in a never-ending cycle of firefighting, trying to identify and fix application performance issues ideally before the end user experience is impacted. 

Anybody working in or around an IT department will know how much more complex enterprise IT environments have become over recent years. The shift to cloud native technologies has left technologists trying to manage an increasingly fragmented and dynamic landscape, where everything is continually changing. Additionally, it has also exposed major visibility gaps across hybrid IT environments, where organizations are still deploying separate and siloed monitoring tools for on-premises and cloud native technologies. 

Observability is essential for technologists to deliver exceptional digital experiences 

To overcome this challenge, IT teams need to progress from traditional monitoring approaches and implement full-stack observability, to generate unified visibility across both cloud native and on-premises environments. With observability, IT teams can get real-time insights into IT availability and performance up and down the IT stack, from customer-facing applications right through to core infrastructure. And they can integrate security into the development lifecycle from day one, speeding up innovation and resulting in more robust applications. 

With full-stack observability, IT teams can provide business leaders with a comprehensive set of metrics and insights related to experience – from number of unique sessions, average revenue per session and average revenue per transaction, through to ‘revenue at risk’ from potential outages, and overall user experience (based on defined workflows). 

Ultimately, full-stack observability not only ensures seamless alignment with IT and broader business strategies, it also cultivates a common language between IT and business stakeholders, including C-level executives. This cohesion is essential for organizations looking to excel in a market where digital experience increasingly dictates commercial success. 

Leave a comment »

« Older Entries
Newer Entries »