Archive for May 7, 2024

« Older Entries

Fubo Canada Serves Up A Limited Time Promo Offer

Posted in Commentary with tags on May 7, 2024 by itnerd

Fubo is offering Canadians another exciting, limited time offer for subscribers on its Sports Quarterly or Annual plan, starting as low as $9.99 a month!

Until July 19, 2024, new subscribers can save 54 per cent for three months (savings of $35.00) on the Quarterly plan, or 32 per cent off for twelve months (savings of $70.00) on the Annual Sports plan, bringing Canadians more of the content they love, for less. 

Canadians can learn more and take advantage of this limited time offer at this link: Watch the Premier League all season | Fubo

Leave a comment »

ESET Opens First Local Data Center In Canada

Posted in Commentary with tags on May 7, 2024 by itnerd

ESET has announced the establishment of its first local data centre in Canada, marking a significant milestone in its commitment to delivering unparalleled service and security to its customers across the country. 

The local data centre plays a crucial role in accelerating the delivery of ESET’s innovative cybersecurity solutions to Canadian businesses and individuals. By leveraging state-of-the-art technology and robust infrastructure, ESET will be able to deploy updates and patches more efficiently, ensuring that customers are always protected against the latest threats.

The launch of the new data centre represents a strategic investment in Canada’s cybersecurity infrastructure, enabling ESET to better serve its growing customer base with faster response times, enhanced data protection and improved overall performance.

The importance of a local data centre is critical with cybersecurity threats evolving rapidly. By housing critical data and infrastructure within Canada’s borders, ESET ensures compliance with local regulations and provides customers with peace of mind knowing that their sensitive information remains secure and protected.

ESET Canada remains dedicated to empowering Canadians to enjoy the full potential of the digital world without compromise. With the establishment of its local data centre, ESET reaffirms its position as a trusted partner in cybersecurity, committed to safeguarding the digital lives of individuals and businesses across the country.

Current ESET customers can rest assured that a local representative will reach out to discuss options available for transferring data.

Leave a comment »

North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

Posted in Commentary with tags on May 7, 2024 by itnerd

So let’s do a bit of quick education before we get to the story.

DMARC: Domain-based Message Authentication, Reporting and Conformance is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. 

With that out of the way, this story will now make a bit more sense. The NSA has put out a statement about North Koreans who are using weak security policies related to DMARC to facilitate their efforts to spearfish targets in the US and beyond:

The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications.

“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said NSA Cybersecurity Director Dave Luber. 

The report contains background on the DPRK’s cyber program and past information-gathering examples, an explanation of how a strong Domain-based Message Authentication Reporting and Conformance (DMARC) policy can help block DPRK actors, red flag indicators of malicious activity, two sample emails used by DPRK cyber actors, and mitigation measures.

Al Iverson, Industry Research and Community Engagement Lead for Valimail had this comment: 

“North Korea found a way to exploit something that security and deliverability experts have been worried about over these past few months; there’s a whole bunch of domain owners out there who are not necessarily security savvy, and perhaps focused more on email marketing efforts. Those domain owners (and there are more than a million of them out there) were quick to implement a bare minimum DMARC policy to comply with new mailbox provider sender requirements. What they didn’t realize, is that this can leave the domain unprotected against phishing and spoofing. 

People must protect their domain by fully implementing DMARC properly to ensure that bad guys find no phishing or spoofing success when they work their way down the list of domains… to yours.

The NSA, the FBI and the U.S. Department of State have identified this as an issue already and Valimail is fully aligned with the advisory they issued at the end of the week.”

If I were the person in charge of email in an organization, I’d be reading this report, and then get about figuring out how to not be the North Korean’s next victim. Because clearly this is a today problem and not something that you can get to whenever.

1 Comment »

What Apple Didn’t Mention In Their Let Loose Event

Posted in Commentary with tags on May 7, 2024 by itnerd

Apple this morning had their “Let Loose” event which announced a bunch of new iPads and accessories along with the M4 processor that is being used in the new iPad Pro. But Apple didn’t mention a bunch of things during the event. And that can be more interesting in my opinion. Here’s my list of what they didn’t mention:

  • Apple mentioned Vision Pro at the top of the event. They highlighted how it is being used by doctors and even Porsche, but they didn’t mention when it would go on sale outside the US which I find curious. After all, why mention something that is unrelated to what your event is all about just to say how it’s being used. That doesn’t make sense.
  • At the end of the event, Apple mentioned that the entry level 10th generation iPad had dropped in price. But what they didn’t mention is that the 9th generation iPad has been killed off. That means that Apple no longer sells an iPad with a physical home button. RIP.
  • Apple mentioned during the introduction of the new iPad Pro an option for nano texture glass to reduce glare. What they didn’t mention is that this option is only available on the 1TB and 2TB models. Which is a typical Apple move to separate you from your money.
  • Apple didn’t mention that the base 256/512GB iPad Pro models come with a 9-core M4 chip which is made up of 3 Performance cores. If you want all 4 Performance cores, you’ll need to buy the 1TB model. In effect, if you want the best performance, you need to spend more money.
  • Apple also didn’t mention that in the new iPad Pro and iPad Air cellular models, there’s no 5G mmWave antenna. Instead it’s straight 5G. It’s an interesting omission as a few years ago, Apple made a really big deal about 5G mmWave as you could get insanely fast speeds with it. As in above gigabit speeds if you were in the right place. However, the rollout of mmWave has been rocky in the US. And mmWave really doesn’t exist outside the US. So I guess Apple decided to ditch it. While I’m at it, I should mention that these models are now eSIM only as well. So no physical SIM card for you iPad fans.
  • If you’re buying a new iPad Pro and you were hoping to use your old Apple Pencil, not so fast. Unless you have the USB-C version of the Apple Pencil, these new iPads will only work with that USB-C model and the new Apple Pencil Pro. By the way, am I the only person who finds the name “Apple Pencil Pro” to be a bit odd? What makes a pencil “Pro”? Serious question.
  • The ultra wide camera is gone from the new iPad Pro. This is an odd move as well.
  • The iPad Pro loses a microphone. The previous generation had 5 microphones. The new one has 4. What difference does that make? Who knows? But it is worth noting.

That’s everything that I noted that Apple did not mention. But it is likely that I missed something. If I did, pop a comment down below and share it with all of us.

Leave a comment »

Developers Spending More Time Firefighting Issues Than Delivering Innovation: Cisco

Posted in Commentary with tags on May 7, 2024 by itnerd

Cisco today unveiled findings from a survey that details how software developers are spending more than 57% of their time being dragged into ‘war rooms’ to solve application performance issues, rather than investing their time developing new, cutting-edge software applications as part of their organization’s innovation strategy.  

Software developers play a critical role in building, launching and maintaining the applications and digital services that are essential to the way modern organizations operate today, and the pressure on them has never been higher. Globally, 85% of those surveyed report encountering increased pressure to accelerate release velocity, while 77% point to mounting pressure to deliver seamless and secure digital experiences.  

But while developers are being expected to deliver new tools and functionality at ever faster speeds, they also find themselves on the receiving end of endless demands to help Site Reliability Engineers (SREs) and IT operations teams manage the ongoing availability and performance of applications. The result is teams of developers spending hours in war room meetings and debugging applications, instead of creating code and building new applications.  

 
Lack of Critical Insight into Application Performance 
 

Developers report that the issue is down to their organizations not having the right tools and visibility required to understand the root cause of application issues. They believe this stems from IT departments lacking a full and unified view into applications and the supporting IT stack. Developers are acutely concerned about the potential consequences this could have, with three quarters (75%) of those surveyed fearing that the lack of visibility and insight into IT performance is increasing the chances of their organization suffering downtime and disruption to business-critical applications. 

The situation is significantly affecting morale amongst developers, with 82% admitting that they feel frustrated and demotivated, and 54% increasingly inclined to leave their current job. These findings should ring alarm bells for organizations who are now dependent on developers to create the compelling, intuitive digital experiences that customers and users expect. With demand for developer skills at an all-time high and a finite pool of talent, businesses cannot afford an exodus of talent simply because their IT teams don’t have the tools they need to do their jobs.  

The Potential for Full-Stack Observability 

Encouragingly, developers are acutely aware that there are solutions available to address these concerns, and as many as 91% feel that they should be playing a bigger role in shaping and deciding on the solutions needed within their organization. Above all else, developers point to full-stack observability as being a potential game changer, providing SREs and IT operations teams with unified visibility into applications and supporting infrastructure, across both cloud-native and on premises environments. 

While developers themselves may not be the primary users of full-stack observability solutions – focusing instead on their specific areas of domain expertise – 78% believe that implementing full-stack observability within their organization would be beneficial. Developers recognize the benefits of having unified visibility across the IT estate and acknowledge that full-stack observability would make it much easier and quicker for operations teams to identify issues, understand root causes, and carry out necessary remediation. In turn, this would result in fewer technologists from multiple domain teams being required to attend war room sessions, and free up that talent – including developers – to focus on their day jobs. 

76% of developers went so far as to state that it’s becoming impossible for them to do their job because SREs and IT operations teams don’t have the insights they need to effectively manage IT performance. This explains why 94% point to full-stack observability as the single thing that would most help them to escape war rooms and focus on innovation. 

The Role of AI 

Alongside full-stack observability, many developers (39%) also feel that their organization (and they themselves) would benefit from deploying AI to automate application issue detection and resolution. Rather than relying on manual processes, AI can enable IT teams to cut through overwhelming volumes of application data to identify the most serious issues and apply fixes in real-time.  

In addition, developers are ready to embrace new ways of working within the IT department to drive greater efficiency and productivity, and a more streamlined approach to managing application performance. The majority (57%) believe that there needs to be greater ongoing collaboration between developers and IT teams. This is already being seen in shift left testing and widespread adoption of DevOps and DevSecOps methodologies, so that application availability, performance and security considerations are embedded into the development lifecycle from the outset. 

The research can be found here.

Leave a comment »

Seeq Announces Industrial Enterprise Monitoring Capabilities

Posted in Commentary with tags on May 7, 2024 by itnerd

Seeq, a leader in industrial analytics and AI, today announced the launch of the Seeq Industrial Enterprise Monitoring Suite with the release of Seeq Vantage, the company’s first industrial enterprise monitoring app, at the company’s global industry conference, Conneqt, in Miami.

Today’s industrial operations face numerous enterprise-level reliability, performance, and sustainability challenges, which are difficult to systematically identify, prioritize and correct to maximize operational potential. With siloed teams and information, and limited visibility to historical knowledge and insights from previous operations and events, it can be challenging for organizations to achieve measurable impact.

The Seeq Industrial Enterprise Monitoring Suite provides a comprehensive, automated view into operational performance-past and present. This broader view enables better decision making and continuous improvement across today’s complex, industrial ecosystems. The Seeq Industrial Enterprise Monitoring Suite leverages the combined power of the Seeq Industrial Analytics and AI Suite and the context that only teams of experts can provide-all at the scale needed to drive truly impactful results across the operational footprint.

The Seeq Industrial Enterprise Monitoring Suite provides the flexibility, speed, and robust capabilities needed to operationalize a condition-based prioritization and decision strategy. Grounded in frontline expertise and insights, Seeq Industrial Enterprise Monitoring helps ensure decision-makers have key insights at their fingertips, allowing for faster, better decisions and actions.

Through the Seeq Vantage app, industrial organizations can tailor, deploy and automate enterprise-level use cases, such as asset and process monitoring, condition-based maintenance, reliability and downtime tracking and more. Coupled with the Seeq Industrial Analytics and AI Suite, customers now have an integrated ecosystem to capture, analyze, aggregate, monitor, triage, investigate, and document insights and actions at the local level and the enterprise level. The app provides proactive and automated enterprise surveillance for daily operational decisions, and comprehensive assembly of operational effectiveness and utilization understanding to prioritize longer-term investment decisions.

Seeq Vantage is scheduled for general release in June 2024 and will be showcased at Conneqt from May 6-8, 2024.

Themed “Unleash,” Conneqt 2024 will bring together Seeq customers, partners, and other industry experts for interactive sessions examining how industrial organizations can unleash the power of their operational data and people with industrial analytics and AI.

Conneqt 2024 will feature main stage and breakout sessions from industrial leaders representing various industries, such as oil & gas, chemicals, pharmaceuticals, and mining, metals, and materials. Customer presentations will showcase Seeq industrial analytics and AI use cases and best practices for addressing digital transformation, workforce empowerment, profitability, and sustainability initiatives.

Sessions will be recorded at Conneqt and offered on-demand on the Seeq website following the conference.

Conneqt 2024 has garnered support from key Seeq partners, including:

  • Executive Sponsor – AVEVA
  • Gold Sponsor – Amazon Web Services
  • Silver Sponsor – BKO AI
  • Silver Sponsor – IOTA Software

Seeq and sponsors will showcase their newest technologies at Conneqt at the Sponsor Expo. To learn more about Seeq, Conneqt, and future events, visit Seeq.com

Leave a comment »

TikTok Sues The US Government

Posted in Commentary with tags on May 7, 2024 by itnerd

We all knew this was coming, and the much expected lawsuit by TikTok against the US government has been filed:

TikTok and ByteDance filed the lawsuit Tuesday in the U.S. District Court of Appeals for the District of Columbia.

“Congress has taken the unprecedented step of expressly singling out and banning TikTok: a vibrant online forum for protected speech and expression used by 170 million Americans to create, share, and view videos over the Internet,” the company said in the suit. “For the first time in history, Congress has enacted a law that subjects a single, named speech platform to a permanent, nationwide ban, and bars every American from participating in a unique online community with more than 1 billion people worldwide.”

“Banning TikTok is so obviously unconstitutional, in fact, that even the Act’s sponsors recognized that reality, and therefore have tried mightily to depict the law not as a ban at all, but merely a regulation of TikTok’s ownership. According to its sponsors, the Act responds to TikTok’s ultimate ownership by ByteDance Ltd., a company with Chinese subsidiaries whose employees support various ByteDance businesses, including TikTok. They claim that the Act is not a ban because it offers ByteDance a choice: divest TikTok’s U.S. business or be shut down.”

TikTok added in the complaint, “If Congress can do this, it can circumvent the First Amendment by invoking national security and ordering the publisher of any individual newspaper or website to sell to avoid being shut down.”

This should be fun to watch. I say that because while I am not a lawyer, actual lawyers have said that courts tend to side with the US government when it comes to national security issues. So this might be a last roll of the dice by TikTok and ByteDance. And if it fails, we’ll likely see if all their talk of not selling out is just talk or not.

Leave a comment »

26M Americans Ready to Remove their Data From the Web: Security.org

Posted in Commentary with tags on May 7, 2024 by itnerd

Americans are increasingly concerned about the exposure of their personal data online. Despite these worries, new research from Security.org revealed only 6 percent of U.S. adults currently utilize data removal services. 

This underscores a significant market opportunity, one that has prompted major players such as Mozilla and DuckDuckGo to introduce their own services this year. Security.org found that 26 million more users could adopt data removal services in the next 12 months, a 90 percent increase.

The new Security.org research also revealed:

  • About 14 million U.S. adults currently rely on data removal services to increase privacy and prevent their information from being bought and sold by data brokers
  • Early adopters were interested in clearing personally identifying information from the web, thus reducing their risk of identity theft and the number of robo-calls they receive
  • Fifty-three percent didn’t know what a data broker was, and more than half of consumers weren’t even aware that data removal services existed
  • 40 percent of Americans were unaware of that data brokers sometimes sell their data to the U.S. government, which uses it for law enforcement, immigration, and homeland security purposes

Complete details at: https://www.security.org/resources/data-removal-service-usage-study/

Leave a comment »

Fortra Launches Unified Cybersecurity Platform

Posted in Commentary with tags on May 7, 2024 by itnerd

Fortra today unveiled its highly anticipated cybersecurity platform, named Fortra, uniting cutting edge solutions under a single umbrella for powerful defense against multi-vector attacks.

Fortra’s platform comes to market with an approach that is smart and simple. With security products feeding the platform over time, it will detect attacks from many threat sources, aggregate and correlate them using artificial intelligence (AI) to recognize patterns, and then help customers mitigate risk, leading to a more resilient and secure organization.

The current version of the Fortra platform includes popular solutions like Fortra Cloud Email ProtectionFortra XDR, and Fortra Vulnerability Management. Coming later this year is Fortra Data Protection.

Key features of the Fortra platform are:

  • Simple deployment, patching, and upgrades across solutions via a single agent framework
  • Threat intelligence from across the Fortra portfolio goes into the platform, gets normalized, and returns to strengthen all products
  • Clearer visibility into incident activity to prioritize and accelerate resolution

Fortra is showcasing its platform at the RSA Conference in San Francisco this week at the Moscone Center, South Hall, booth #527.

For more information about Fortra platform, visit: www.fortra.com/platform.

Leave a comment »

Action1 Unveils Free Vulnerability Assessment at RSAC 2024 

Posted in Commentary with tags on May 7, 2024 by itnerd

Action1 Corporation, a provider of the integrated real-time vulnerability discovery and patch management automation solution, today at RSAC 2024™ introduced free vulnerability assessment. This service allows enterprise-wide free one-time assessment of software vulnerabilities, enabling organizations to assess their susceptibility to known vulnerabilities and make informed decisions on their security posture.

According to the Action1 2023 State of Vulnerability Remediation Report, 47% of breaches resulted from known security vulnerabilities. The issue lies in most enterprises being unaware of vulnerabilities within their IT infrastructure, which prevents them from maintaining an effective patch management strategy. The Action1 free vulnerability assessment service provides organizations with comprehensive insights into vulnerabilities on their endpoints, including identifying CVEs persisting in applications and operating systems, missing updates, and outdated software. This service offers actionable insights to mitigate risks and improve an organization’s vulnerability management strategy by leveraging data from the National Vulnerability Database (NVD) and CISA’s Known Exploited Vulnerabilities (KEV) catalog.

To access the free vulnerability assessment service, organizations can create an Action1 account and install the agents on their endpoints. Organizations can deploy Action1 simultaneously or in stages across all endpoints, with unlimited time flexibility. Vulnerability analysis begins immediately upon installation. Vulnerability assessment on each endpoint is performed once, and the data is presented in the aggregated view on the Action1 console indefinitely.

Resources

Leave a comment »

« Older Entries