Posted in Commentary with tags Asus on May 16, 2024 by itnerd
You might recall that earlier this week, I posted a story about ASUS doing all sorts of shady things when it came to warranty claims that were sent into ASUS by customers, and their crappy tech support. When it comes to the first part, I said this:
That brings me to the second point. Which is ASUS not supporting their customers warranty claims by bullying them into paying for repairs that they don’t need.
I encourage you to look at the original story as it goes into way more detail about this. This morning I woke up to this document from ASUS trending on Reddit. ASUS is claiming that based on the feedback that surfaced in the last few days, they will be making changes to their RMA process and they apologize for any “communication of frustration”.
The thing is that I don’t buy this at all. This is not the first time that ASUS has been in a situation like this. Last year Gamers Nexus highlighted ASUS and their questionable behaviour in terms of their motherboards and how they worked with AMD Rizen 7000 CPUs. Which at the time was not well. The TL:DR is this: Some users had problems with their Ryzen 7000 processors on Asus motherboards. And ASUS completely mishandled the situation in epic fashion, resulting in tech YouTube calling them out on it. Gamers Nexus was one of the loudest voices on YouTube calling them out as evidenced by this video:
As a result, ASUS had to do all sorts of damage control to deal with this issue. And they pledged to do better. Here’s the Gamers Nexus video that details that:
Fast forward to today and ASUS is again pledging to do better when they are caught red handed in a bad situation, and tech YouTube calls them on it. What this looks like to me is not a genuine attempt to address their issues and make things better for their customers, but more of a “let’s say something that sounds warm and fuzzy to make this go away as quickly as possible.” In other words, I am calling BS on this.
My advice from earlier this week remains the same. In short, don’t buy ASUS products as they need to be taught a lesson that this sort of behaviour isn’t acceptable and has a cost to it. And this change to their RMA process doesn’t change the fact that this company has issues that have a direct impact on you the consumer should you need assistance from them. There are plenty of other companies who have better service than ASUS. And you should make sure those companies get your hard earned money instead of ASUS.
The 2024 Emerging Technology Adoption Report reveals that 61% of CIOs say their investments are often driven by fear of missing out (FOMO), and 69% say predicting the ROI is a ‘finger in the air’ exercise. Four in five argue they have to take risks on emerging technologies or they will ‘go the way of the dinosaurs’.
Unsurprisingly – barely half (53%) of emerging tech adoption projects deliver measurable value. Other key findings of the report include:
66% of CIOs say competitors will ‘eat them for lunch’ if they don’t move quickly on AI.
Yet 65% say AI is the most high-risk technology they’ve ever invested in, and 81% feel a ‘moral pressure’ to get it right.
82% of CIOs say it’s easy to ‘AI wash’ products by implementing new capabilities, without necessarily creating any tangible business benefits.
89% of CIOs say it’s difficult to maintain visibility and control of risk, and anticipate the impact of evolving regulations in emerging technology adoption projects.
Nearly half (49%) of CIOs fear there is a risk their company could run into trouble when the EU AI Act comes into force.
68% of CIOs say if they didn’t constantly alter course, it’s unlikely any of their emerging technology adoption projects would succeed.
Posted in Commentary with tags HP on May 16, 2024 by itnerd
The Q1 Threat Insight Report is live from HP Wolf Security this morning and it reveals that cybercriminals are ‘Cat-Phishing’ users with open redirects and overdue invoice lures to infect victims with malware? Notable threats analyzed in the report include:
In an advanced WikiLoader campaign, cybercriminals directed users to trustworthy invoice sites, before sending them to malicious ones using open redirect vulnerabilities in ad embedding. This attack is almost impossible for users to spot.
A low-cost AsyncRAT campaign, saw threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware.
Attackers used Living-off-the-Land (LotL) techniques – using legitimate tools like the Windows Background Intelligence Transfer Service (BITS) to upload or download malicious files to web servers and file shares.
Other findings include:
At least 12% of email threats identified by HP Sure Click Enterprise bypassed one or more email gateway scanners.
The top threat vectors in Q1 were email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (21%).
This quarter, at least 65% of Excel document threats relied on an exploit to execute code, rather than macros.
Conversations are now the world’s largest dataset. Millions of hours of meetings happen everyday over video conferencing platforms, and hundreds of companies try to make sense of these meetings using AI-powered meeting bots that take months to build. Today, the universal API for meeting bots Recall.ai has announced a $10 million funding round to allow engineers to integrate with any meeting platform, including Zoom, Google Meet, Microsoft Teams, Slack Huddles, and even platforms with no API. This funding round comes hot on the heels of 10x growth over the past 12 months.
The Series A funding round was led by Ridge Ventures with participation from Industry Ventures, Y Combinator, IrregEx, Bungalow Capital, Hack VC, and other existing investors. which will be used to scale Recall.ai’s product and team. This fresh investment brings the company’s total amount raised to over $12M, following a $2.7 million seed round in December 2022.
It can take over one year for a team of specialist engineers to build the infrastructure and integrations required for even the most basic AI-powered meeting bots. After they’re built, companies face the bigger and more labor-intensive challenge of hosting and maintaining the infrastructure on hundreds of thousands of servers. In comparison, Recall.ai lets a single engineer get up and running with a meeting bot in a few days, even if they don’t have expertise in real-time video processing. This lets companies focus on building their core product while Recall.ai runs, monitors, and scales complex, real-time video infrastructure.
“Recall has been a critical partner to us in rolling out Fellow.app’s new AI copilot functionality which has been a huge hit with customers,” explained Aydin Mirzaee, CEO of Fellow.app. “We love working with Recall because they are focused on the infrastructure so that we can focus on what we’re good at – solving meeting productivity for companies everywhere.”
Co-founders David Gu and Amanda Zhu launched Recall.ai as two important trends emerged: a worldwide shift to remote work, and advances in AI technology that simplified the processing of unstructured voice and video data. Gu and Zhu previously worked on a real-time transcription tool for video conferences, where the bulk of their engineering team’s effort was spent building and maintaining integrations with conferencing platforms. The duo realized companies building LLM tools to process data from virtual meetings today were running into the same integration and infrastructure hurdles they had already solved, and decided to start Recall.ai to enable the next generation of LLM-powered apps.
Over the last 12 months, Recall.ai has grown 10x and today ingests millions of hours of video meeting data for more than 300 companies. Customers are currently using the platform to build powerful tools that leverage conversation intelligence for sales enablement discussions, productivity, customer success, financial advising, telehealth applications, and virtual depositions, among other use cases. Recently, Recall also partnered with Zoom to release an official Meeting Bot Starter Kit that generates a transcript, requests a meeting summary, and provides it to participants in near real-time.
With this new funding, the company is primed for the next phase of growth. The same way that AWS provided common infrastructure that every company building a web application would need as they scale, Recall.ai is setting out to provide the common infrastructure for every company who needs to access and apply AI to conversations.
I have a pair of domains that I use for my business. There’s theitnerd.ca which is what I use for email and my website. And there’s itnerd.blog which strictly hosts my blog. That’s on top of the domain that my wife and I use for our personal email. I have been concerned for a while about someone spoofing me and my company and causing repetitional harm to my business or personal life as a result. Which is why I have been wanting to implement DMARC to stop that from happening. Now I’ve been kicking that can down the road until two things happened. The first is that I got a spoofing attack recently from someone who was pretending to have hacked my email in order to extort money from me. In fact, I have written about this sort of scam email here. But since I write about this stuff all the time, it along with the 80 copies of said email got deleted almost instantly as I recognized what it was and took the correct action as a result. But that episode showed that I could be spoofed by a threat actor. Which was of course a bad thing. The second thing was this report from Valimail about a North Korean spoofing attack where the North Koreans were taking advantage of people in my situation. That really got me to move on implementing DMARC because business email compromise as well as phishing are huge problems at the moment. And I don’t want to be part of the problem.
Now before I tell you what I did to address this, I want to explain what DMARC is and why anyone who has a domain that sends and receives email should care:
Domain-based Message Authentication Reporting & Conformance or DMARC is an email security protocol. DMARC verifies email senders are who they say that they are. And you as the sender can set things up to have receivers of emails do one of three things with any email that comes in that fails DMARC verification:
If an email fails DMARC verification, then do nothing other than report that it failed.
If an email fails DMARC verification, then quarantine it.
If an email fails DMARC verification, then reject it.
If you really want to go into the weeds on DMARC, click here to do so. The point of DMARC is to make sure that spoofed email never makes it to the inbox. Because any email that is spoofed is a hit to your online reputation. Or it leaves you open to things like the CEO email Scam or other forms of business email compromise. But the most important reason to implement DMARC is that by not doing so, it will make it harder to send people and companies legitimate emails to them. On top of all of that, Google and Yahoo are requiring DMARC to be implemented on the domains that send them email. And that’s likely to become a common thing with other organizations in the coming months and years. Meaning that if you own a domain, DMARC is a today problem for you.
Now in most cases, you may already have a DMARC policy set up in your domain name server (DNS) records as I did. But chances are that it will likely do next to nothing for you. I will use my domain as an example of this so that you can see what I mean. Here’s the DMARC records that I started out with:
The important thing to note is the “p=none” part. The “p” stands for policy. And while simply having it set to “none” meets the minimum requirements of DMARC that Google and Yahoo stipulate, it does next to nothing to stop the issues that I highlighted above. This is where I started my journey. And it was a bit bumpy from start to finish.
I started with my hosting provider to see if they could assist me. But their tech support people had no clue how to implement DMARC in a way to protect my domain from spoofing and the like. That forced me to do a fair amount of research on my own to figure out what I needed to do. Which often led to contradictory information that I had to sort through. After a few days of doing research and figuring out what was valid information and what was bogus information, I came up with this DMARC policy (click to enlarge):
You’ll notice that this is a whole lot more expansive. Here’s what’s changed:
I now have p=quarantine along with sp=quarantine. What that means that it is directing the receiver of any email claiming to come from my domain or any sub domain that I have to quarantine any email that fails the DMARC check. Now if I were really strict, I would go for the reject option. But my logic at the time, which I will admit that I am currently rethinking for reasons that I will get to in a minute is that at suspect emails won’t make it to the inbox. Thus quarantine is fine.
You’ll also notice an “rua” and “ruf” entry with a redacted email address. These are tags that are designed for reporting what’s going on in terms of email being received by other domains. Google for example. Here’s the detail on those two tags:
The “rua” tag is for aggregate data reports. The best way to explain that is that these are reports that say “this server connected to me saying that it was you and it passed or failed a DMARC check” at a very high level.
The “ruf” tag is for message-specific forensic information that is to be reported to you. As in a specific email had an issue and the receiving server is reporting on it in detail. I will admit that I am rethinking using this for reasons that I will get to in a minute.
As for the redacted email addresses, that’s the email addresses where the reports will be sent to.
Now, let’s talk about the reports that I mentioned earlier. They show up in your inbox in xml format that isn’t human readable. To solve that problem, I use the MX Tools DMARC Report analyzer which makes these reports human readable. That way I have visibility into what’s going on from an email perspective. And I set aside a few minutes every day to read these reports. I admit that it’s bit time consuming. But it ensures that I don’t find out about my bad news from CNN so to speak.
As an aside, the above is not meant to be a how to guide. I’m offering this up to help to illustrate the process of implementing DMARC. If you’re planning on doing this, you should seek professional assistance from an expert on the subject if you are not sure how to proceed.
Clearly, this is a lot of work. And I had to do versions of this for not only both my business domains, but my personal one as well. And I wished at the time that there was some sort of best practise guide or something similar that would have made it easier for me to do this. Then it dawned on me that I can’t be the only person who has this challenge. Thus I decided to reach out to DMARC experts Valimail as I had been writing about them for some time on this very topic. At the same time I could run my DMARC setup by them as they are the experts in DMARC and see what I could improve on as I admit that I kind of YOLO‘ed this. The result of that request was that Valimail or more accurately Seth Blank the CTO of Valimail was kind enough set aside some time for me to flesh out what DMARC is and why you should care, along with having a quick look at my setup.
Now I’ve already covered the what DMARC is and why you should care part above. But during our discussion, I asked him what the best practise in terms of a DMARC policy is as I could not find a straight answer on that. His answer is that in short, your DMARC policy should be set to reject any email that doesn’t come from your domain. However quarantine works as well because emails will not be hitting the inbox as well. And if emails are not hitting the inbox and being routed to being put into quarantine, people are more likely to take a more critical look at what’s in there. Or to put it another way, the receivers of your email are less likely to get compromised by a threat actor. Now using the quarantine policy is one of the things that I am rethinking at the moment as I am now toying with the idea with switching to the reject policy. That I am going to take a wait and see approach on my personal and company domains based on what’s in the reports that get sent to me. Though, on my itnerd.blog domain, I made the switch to the reject policy as I don’t send or receive email from that domain at all. Thus if anyone gets an email that ends in “@itnerd.blog”, it’s guaranteed to be a spoofed email. Making the reject policy the right choice. The other thing that Mr. Blank pointed out is that I have a “ruf” tag in my DMARC setup. The potential problem with that tag is that I am going to get reports about specific emails that have issues, and they may have information in those reports that potentially violates the GDPR. Also, the reports that this tag enables goes deep into the weeds. And chances are that going deep into the weeds will not be required 99% of the time. So I’ll be removing this tag later today.
The one thing that Mr. Blank emphasized to me was that besides brand protection and stopping things like spoofing and business email compromise is the fact that implementing DMARC properly can increase the deliverability of emails to your recipients. Mr. Blank cited the HMRC in the UK and its battle with fraudsters. Prior to implementing DMARC, fraud using the HRMC domain was out of control. And legitimate HMRC emails were not making it to the inbox. But after implementing DMARC, this happened:
HMRC was able to reduce spoofing by half a billion emails, which is fantastic. But we also improved delivery rates of genuine emails from 18% to 98%, all through the implementation of Dmarc. Nothing extra – the very same thing that reduced the spoofing also increased the delivery of genuine emails.
Now nobody should expect that stunning result by implementing DMARC, but as Mr. Blank put it, implementing DMARC reduces the noise. And forces threat actors to change their tactics as a domain with DMARC that is properly implemented is simply not as vulnerable to spoofing or business email compromise. At the same time, your legitimate emails are much more likely to hit the inbox. Meaning your communications are more likely to be seen and more likely to be effective. Thus implementing DMARC is unquestionably a worthwhile exercise.
Here’s the bottom line. If you own a .com, .ca, .biz or some other domain, you should be looking at setting up DMARC. It’s going to make sure that your emails are more likely to reach their intended recipients. And it’s going to ensure that your online reputation remains intact. Both of which are very good things.
I’d like to thank Seth Blank of Valimail for his time in terms of researching this story and his guidance in terms of getting my DMARC setup right.
Shareholders of Amazon.com, Inc. are urging the company to assess whether it has lived up to its own commitment to respect workers’ rights to freedom of association and collective bargaining.
Amazon’s upcoming annual general meeting (AGM) on May 22 comes amid ongoing unionization efforts at the company – including recent applications in the U.S. and U.K. – and media reports alleging intimidation, retaliation, and surveillance. In Canada, British Columbia and Quebec-based unions have recently filed applications to represent Amazon employees, following numerous concerns about working conditions at Amazon Canada’s facilities.
To get to the bottom of these complaints, a group of more than 20 global investors led by SHARE, the Shareholder Association for Research and Education, has filed a shareholder proposal urging Amazon’s Board of Directors to assess how the company’s actions align with its own policies and obligations to respect international human rights law, including the Core Conventions of the International Labour Organization (ILO), the ILO Declaration on Fundamental Principles and Rights at Work.
The investors maintain that effective and transparent due diligence on human rights and policy implementation is needed to reassure shareholders when allegations of misconduct arise.
The proposal’s 22 co-filers represent approximately $US 3.5 trillion in assets under management (AUM) and include investors from across Europe and North America. Both major proxy advisory services, ISS and Glass Lewis, are now recommending voting for a shareholder proposal urging Amazon’s Board of Directors to assess how the company’s actions align with its own policies and obligations to respect international human rights law.
Sarah Couturier-Tanoh, Director, Shareholder Advocacy for SHARE had this to say:
“Beyond the ethical imperative to respect human rights, any failure to align workforce practices with internationally recognized human rights norms represents a threat to shareholder long-term value. That’s why, in the past couple of years, we have seen global investors taking stances in favor of better labor relations in an effort to mitigate those risks in their investment portfolio. In the past six months, several companies answered the call, including Starbucks and Apple. We are still waiting for Amazon to follow suit and, frankly, to do even better.”
This will be interesting to see what happens, and if Amazon will fight this. Stay tuned.
On Tuesday, Santander bank confirmed in an online statement that customer and employee data was breached following “unauthorized access to a Santander database hosted by a third-party provider.”
Santander, the euro zone’s second-biggest bank by market value, said that “certain information” relating to customers in Chile, Spain and Uruguay, and 200,000 current and former employees had been accessed.
The bank said it immediately took measures to mitigate the incident, including blocking access to the database and reinforcing fraud prevention to protect customers.
Santander hasn’t disclosed how many customers have been affected or the nature of the stolen data.
“In the database there is no transactional information or access credentials or internet banking passwords that would allow transactions with the bank,” Santander said.
Santander added that its operations and systems have not been affected and customers can continue transactions securely.
“Yet another report of an unfortunate third-party breach. While it’s a good thing that no transaction details, credentials, or passwords were exposed, other third-party breach victims may not be so lucky, and these events will unfortunately continue across the industry until organizations adopt appropriate cyber resiliency approaches.”
Third party breaches are a thing. Companies need to take that into account when choosing their partners and ensure that their partners are as secure as they are at the very least. Otherwise, you will get pwned through no fault of your own.
Earlier this week, the Singing River Health System issued a data breach notification stating that it is now estimating that 895,204 people were impacted by an August 2023 ransomware attack.
Singing River Health System is located in Mississippi and operates the 3 hospitals in the state totaling over 700 beds, as well as 2 hospices, 4 pharmacies, 6 imaging centers, 10 specialty centers, and 12 medical clinics all employing over 3,500 people.
The August 2023 ransomware attack resulted in operational disruptions at its hospitals and it was estimated that 501 individuals had personal data stolen. On September 13, the organization confirmed that data had been exfiltrated, and on December 18, it announced that the incident impacted 252,890 people.
According to the latest information in the notification and on the organization’s site, the exposed data includes:
Full name
DOBs
Physical address
SSNs
Medical information
Health information
The attack was claimed by the Rhysida ransomware gang which so far has leaked roughly 80% of the data they claim to hold, allegedly including 420,766 files totaling 754 GB.
“The Singing River Health System’s ransomware attack is a stark reminder of the cybersecurity siege that healthcare organizations are under. This breach is not just a statistic but a severe blow to the trust and safety of nearly a million people. These victims had their most sensitive information—names, dates of birth, addresses, Social Security numbers, and medical records—exposed, placing them at significant risk of identity theft and fraud.
“Hospitals and healthcare systems are prime targets for cybercriminals. The Rhysida ransomware gang’s claim to have leaked 80% of the data they stole highlights the immense challenges in protecting health information. Singing River Health System, with its extensive network of hospitals, clinics, and specialty centers, illustrates the vast attack surface and the inherent vulnerabilities within such a complex IT infrastructure.
“The operational disruptions, coupled with the personal data theft of a staggering 252,890, reveal the deep and lasting scars these attacks inflict on healthcare services. The fallout from such breaches is catastrophic, not only in terms of financial loss but also in the erosion of patient trust and the potential delay or cancellation of critical medical treatments.
“Healthcare organizations can assume they will be breached and must go beyond traditional defensive cybersecurity measures. It is imperative to implement robust ransomware containment defenses and maintain off-site backups to ensure continuity of care without succumbing to the demands of cyber extortionists. The Singing River Health System’s ordeal is a call to action for the entire healthcare sector to fortify its defenses and protect the sanctity of patient data and healthcare delivery.”
Once again I find myself in the position of having to say that healthcare needs more funding to protect themselves from attacks like these. The fact that I am constantly talking about this means that there’s a serious problem, which requires a real solution immediately.
ASUS Pledges To Do Better When It Comes To Their Shady Warranty Claim Behaviour…. And I Don’t Buy What They Are Saying
Posted in Commentary with tags Asus on May 16, 2024 by itnerdYou might recall that earlier this week, I posted a story about ASUS doing all sorts of shady things when it came to warranty claims that were sent into ASUS by customers, and their crappy tech support. When it comes to the first part, I said this:
That brings me to the second point. Which is ASUS not supporting their customers warranty claims by bullying them into paying for repairs that they don’t need.
I encourage you to look at the original story as it goes into way more detail about this. This morning I woke up to this document from ASUS trending on Reddit. ASUS is claiming that based on the feedback that surfaced in the last few days, they will be making changes to their RMA process and they apologize for any “communication of frustration”.
The thing is that I don’t buy this at all. This is not the first time that ASUS has been in a situation like this. Last year Gamers Nexus highlighted ASUS and their questionable behaviour in terms of their motherboards and how they worked with AMD Rizen 7000 CPUs. Which at the time was not well. The TL:DR is this: Some users had problems with their Ryzen 7000 processors on Asus motherboards. And ASUS completely mishandled the situation in epic fashion, resulting in tech YouTube calling them out on it. Gamers Nexus was one of the loudest voices on YouTube calling them out as evidenced by this video:
As a result, ASUS had to do all sorts of damage control to deal with this issue. And they pledged to do better. Here’s the Gamers Nexus video that details that:
Fast forward to today and ASUS is again pledging to do better when they are caught red handed in a bad situation, and tech YouTube calls them on it. What this looks like to me is not a genuine attempt to address their issues and make things better for their customers, but more of a “let’s say something that sounds warm and fuzzy to make this go away as quickly as possible.” In other words, I am calling BS on this.
My advice from earlier this week remains the same. In short, don’t buy ASUS products as they need to be taught a lesson that this sort of behaviour isn’t acceptable and has a cost to it. And this change to their RMA process doesn’t change the fact that this company has issues that have a direct impact on you the consumer should you need assistance from them. There are plenty of other companies who have better service than ASUS. And you should make sure those companies get your hard earned money instead of ASUS.
Leave a comment »