Archive for May 29, 2024

Black Entrepreneurs Shine At DMZ’s Black Innovation Summit

Posted in Commentary with tags on May 29, 2024 by itnerd

DMZ at Toronto Metropolitan University held its fourth annual Black Innovation Summit, where 10 Black-led tech startups from across Canada had the opportunity to pitch their business to a panel of judges for the chance to secure grant prizes to accelerate their growth. Designed to bring together the Black tech ecosystem and celebrate Black excellence, this year’s Black Innovation Summit theme addressed rapid tech advancements and global economic uncertainty, empowering attendees with the tools to navigate today’s startup landscape and build resilience in an ever-changing market.

As a full-day event, the Summit included three curated activities: a networking event that revealed DMZ’s inaugural Black Youth Entrepreneurship Award, roundtable discussions to share insights and foster connections among entrepreneurs, investors, and corporate executives, and a startup pitch competition exclusively for Black founders.

The pitch competition awarded $55,000 CAD in total grant prizes to the top three pitch finalists. Award winners included: 

  • Cleanster, a Montreal-based startup that connects property managers to top-rated cleaners, was named the first-place winner and took home $30,000 CAD. 
  • Woveo, a Calgary-based digital credit union-like fintech platform that offers low-cost credit and helps users build credit, was named the second-place winner, taking home $15,000 CAD. 
  • Outlit, an Ottawa-based startup that helps sales teams close deals by developing AI agents to accelerate contract reviews and shorten sales cycles, was named the third-place winner, taking home $5,000 CAD. 

First-place winner Cleanster also received the esteemed People’s Choice Award at the Pitch Competition, awarded by Summit attendees, along with an additional $5,000 CAD prize.

The Black Innovation Summit also unveiled its inaugural Black Youth Entrepreneurship Award, designed to recognize the efforts of a young Black entrepreneur who demonstrates exceptional innovation, leadership, and community impact within Ontario. Taneesha Greaves, a content creator, social media specialist, and Founder of Greaves Media, was awarded the 2024 Black Youth Entrepreneurship Award and a $5,000 grant prize.

The annual Black Innovation Summit serves as the marquee event for DMZ’s Black Innovation Programs (BIP), which were launched in 2019. A first-of-its-kind initiative in Canada, DMZ’s Black Innovation Programs were created to see more Black-led startups in the tech ecosystem and break the perpetual cycle of inequity. To date, DMZ has supported over 1,000 Black-identifying founders and has distributed $2.5 million CAD worth of grants and services. 

Black founders in DMZ’s Black Innovation Programs receive additional opportunities and specialized support like grant funding, mentorship opportunities, a peer network, exclusive events, and connections to investors dedicated to supporting Black-led innovation—on top of the standard programming all DMZ founders get.

Black founders looking for hands-on, tailored support to take their business to the next level can learn more about DMZ’s Black Innovation Programs at dmz.to/bip

Leave a comment »

It Appears That I Was Targeted In Either A Pig Butchering #Scam Or A Romance Scam On Mastodon

Posted in Commentary with tags on May 29, 2024 by itnerd

Before I do anything else, let me explain what a Pig Butchering Scam is. Wired will help me with this part:

Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well.

Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.

Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.

Though the swindle has some new twists, you can still see where it’s going. Once the victim has deposited all the money they have and everything the scammers can get them to borrow, the attackers shut down the account and disappear.

As for the romance scam, the RCMP will help me with that:

A romance scam is when a person creates a false identity and pretends to have romantic feelings for a victim to gain their trust and affection for the purpose of obtaining their money. The scam usually unfolds like this:

Step 1: Fraudsters research potential victims online, including reviewing their social media posts, to develop a tailored strategy for each victim and improve their chances of success.

Step 2: After developing an online relationship and gaining the victim’s trust, the fraudster usually fakes a scenario where they need quick money — such as a crisis or an investment opportunity.

Step 3: The scammer then requests money, cryptocurrency, gifts, or investments. They might also send money to the victim to build further trust or engage the victim as a money mule or courier in an illegal transaction. Eventually the victim becomes aware of the scam, many times after they’ve handed over thousands of dollars, at which point the fraudster stops communicating with them.

So with those explanations out of the way, let me explain why I feel I was targeted in one or the other type of scam.

Early today I got this message over Mastodon after I got followed by this person:

Now I was immediately suspicious right out of the gate as this fits the hallmarks of either type of scam. But in the interest of science. I played along. But at the same time, I poked around this Mastodon profile. In short:

  • They had been a member of Mastodon since October 2023
  • They had 14 posts.

Those are sort of red flags. But I needed more evidence to confirm what I was suspecting. And after interacting with this person for a while, I got it:

Scammers will often try to take you off the platform that you meet them on to a place like Telegram to continue the conversation and lead you down the path to separate you from your money. Thus this confirmed that this was some sort of scam. As a result I blocked this person on Mastodon. Honestly, I am surprised that something like this hasn’t happened sooner on Mastodon. Or maybe it has and I wasn’t aware of it. I say that because these scams are easy enough to perpetrate on other types of social media. But the decentralized nature of Mastodon make it way easier to pull something like this off because if a scammer gets caught out, they can set up another account on another Mastodon server and try again.

Regardless of what social media platform that you use, you need to be aware of this sort of thing so that you don’t become a victim. And now, back to your regular scheduled programming.

Leave a comment »

Sage Announces Powerful New Features For Sage Intacct

Posted in Commentary with tags on May 29, 2024 by itnerd

Sage – the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs) – announced powerful new capabilities and updates for Sage Intacct.

The newest enhancements allow for more streamlined workflows and will boost productivity for businesses. The enhancements will also give organizations deeper financial insights and advancements in financial reporting, asset management, and operational efficiency!

Sage Intacct Product Release 2 2024 Enhancements Include:

  • PwC Control Insights now generally available: Designed with compliance and growth in mind, this tool helps organizations strengthen their financial control environment as they scale with Sage Intacct. It provides a live dashboard allowing organizations to maintain strong financial controls and offer actionable insights with recommendations.
    • Availability: US, Canada, UK, South Africa, and Australia
  • Bank transaction assistant file import: With this new guided import experience, users can streamline the process of importing bank data and improving reconciliation efficiency. This saves time and reduces the likelihood of errors, improving the overall reliability of financial data and simplifying the monthly close process.
    • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • AI timesheets: This AI-powered timesheet solution, Sage Intelligent Time (SIT), is embedded in Sage Intacct to help users gather, organize, and suggest activities for inclusion in timesheets, alongside client, project, and task information. This maximizes billable time and improves the accuracy and efficiency of time tracking, leading to more precise invoicing and revenue recognition.
    • Availability: US, Canada, UK, South Africa, and Australia
  • Employee expense allocations: This feature helps to streamline the expense reporting process by allowing users to quickly code expense receipts and leverage the power of transaction allocations. It reduces time-consuming administrative tasks related to expenses and helps maintain compliance with internal policies and external regulations.
    • Availability: US only

Sage Fixed Asset Management – Purchasing integration: Building on the recent release, this expanded feature helps users create assets directly from purchasing transactions such as vendor invoices. It simplifies data entry and improves asset management, significantly reducing manual efforts. This enhancement also increases the accuracy of asset tracking and ensures that asset-related financials are updated in real-time. As a result, it supports a smoother process from the purchase of assets through to their depreciation and maintenance, providing more streamlined asset lifecycle management.

  • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • Boosted revenue management: The latest revenue recognition updates drill down into supporting documents meaning that organizations can now more easily understand how deferred revenue progresses and what to expect in the future. Providing an expedited path for recognizing revenue and achieving reconciliations, it now comes with smarter search and filter options, helping organizations to be clear on revenue schedules faster with dimension group filters.
    • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • Construction enhancements: The latest enhancements mean that construction organizations can automatically calculate key metrics related to project revenue and profitability and review project-based costs and billing with Project-level Work in progress.
    • Availability: US, Canada, Australia and Early Adopters in the UK
  • Supplies inventory: This streamlined ordering process provides the ability to track supplies, requisitions and gain insights into usage trends and cost insights across periods. Also manage inventory levels and reorder when needed to avoid availability delays. Employees can enter requisitions for items designated as supplies inventory, such as office or program supplies. Users can easily process requests and monitor status using the workbench.
    • Availability: Early Adopters in US and Canada


You can get a lot more detail here: Sage Intacct unveils new updates to advance productivity and control for SMBs

Leave a comment »

ThreatLocker Expands Security Footprint With New Data Infrastructure in Canada

Posted in Commentary with tags on May 29, 2024 by itnerd

ThreatLocker, a leading provider of Zero Trust cybersecurity solutions, is proud to announce the launch of its latest data center in Toronto, Canada, less than three months after opening its data center in Sydney, Australia. This initiative will significantly bolster cybersecurity capabilities for Canadian businesses and organizations across various sectors, including the private sector, commonwealth, state, territory, and local governments.

The development of this data center by ThreatLocker® will assist Canadian entities in aligning with baseline cybersecurity controls recommended by the Canadian Centre for Cyber Security, which stem from compliance frameworks like NIST, CISC, ISO/IEC, and ITSG-33. More specifically, ThreatLocker® offers Zero Trust, Least Privilege capabilities in the form of Application Control, Ringfencing, Network Control, and Privilege Access Management solutions, amongst many other options.

ThreatLocker®, founded in 2017 by CEO Danny Jenkins, COO Sami Jenkins, and VP of Quality Assurance John Carolan, protects over 2 million endpoints across more than 40,000 organizations globally. The company provides 24/7/365 Cyber Hero support with an average response time of 60 seconds or less. ThreatLocker®offers a powerful Zero Trust endpoint security platform designed to enable organizations to stop ransomware and other cyberattacks by controlling what software can run in their environments. The combined solutions of ThreatLocker®, including Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, and Endpoint Network Control, lead the cybersecurity market towards a more secure approach by blocking the exploits of unknown application vulnerabilities.

Leave a comment »

2.8 Million People Impacted By A Prescription Management Company Getting Pwned

Posted in Commentary with tags on May 29, 2024 by itnerd

On Friday, Sav-Rx, a prescription management company, filed a breach notification disclosing that it suffered a cyberattack in October 2023, compromising the personal data of over 2,812,336 people in the US.
 
A&A Services, operating as Sav-RX, is a company that provides prescription drug management services to employers, unions, and other organizations across the U.S.
 
The impact on its business operations was minimal, systems were restored in a day and prescriptions were shipped on time.
 
The data exposed included:

  • Full names
  • DOBs
  • SSNs
  • Emails
  • Addresses
  • Phone numbers
  • Eligibility data
  • Insurance ID numbers

The breach notification revealed that the hackers first accessed customer data on October 3, 2023.
 
Sav-Rx stated that it took eight months to send out notices because their initial priority was minimizing interruption to patient care before launching the investigation on the impact of the incident.
 
In response to the incident, Sav-Rx is setting up a 24/7 security operations center, implementing MFA on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.

BullWall Executive, Carol Volk had this to say:

   “While Sav-Rx managed to restore operations swiftly, the compromised data—ranging from full names and Social Security numbers to insurance ID numbers—highlights the grave risks posed to individuals’ personal information. The delayed breach notification, which took eight months, reflects the challenges organizations face in balancing immediate operational needs with comprehensive incident response.

   “This incident is a stark reminder that cybersecurity cannot be an afterthought. Sav-Rx’s response, including the establishment of a 24/7 security operations center and implementation of multi-factor authentication, network segmentation, and advanced encryption, is commendable. However, these steps, including ransomware containment, should have been proactive measures rather than reactive responses.


   “The healthcare sector must prioritize cybersecurity investments and adopt proactive strategies to protect patient data and critical infrastructure. The Sav-Rx breach emphasizes the importance of preparedness and the need for continuous vigilance to safeguard against future attacks.”


Dave Ratner, CEO, HYAS follows with this:

   “The remediation and implementation plan being conducted post-breach is necessary and good — and if other organizations haven’t done this yet then they are behind — but unfortunately in today’s era it is not sufficient. Given the prolific onslaught of attacks, and the fact that criminals continue to evolve their techniques and attack vectors, everyone needs to include the implementation of cyber resiliency and Protective DNS in their 2024 security plans.”

Everything that this organization is doing now is too late to prevent the damage that is sure to come to those who are affected by this breach. Hopefully someone in Washington is going to call this company on the carpet to explain themselves in detail.

Leave a comment »

Another Day, Another Third Party Breach

Posted in Commentary with tags on May 29, 2024 by itnerd

Late last week, ABN Amro Bank NV announced that unauthorized parties may have accessed the data of some of its clients after supplier AddComm was the victim of a ransom-ware attack this month.

AddComm, which distributes documents and tokens to clients and employees for ABN Amro, said in a statement that the hack took place between May 5 and May 17 and disrupted its services for a few days.

At this time, it is not clear what type of data was involved, and ABN Amro said it has no indication that the unauthorized parties have used the data of its clients and that the lender’s systems were not affected.

This comes in the same month that Banco Santander SA said that information of clients and staff managed by a third-party was accessed without authorization, and Deutsche Bank, Commerzbank and ING Groep were among dozens of companies to suffer from the MOVEit file transfer tool breach.

Meanwhile, the European Central Bank, which oversees lenders in the region, conducted a stress test to examine how banks respond to and recover from cyber attacks and observed the extensive use of outsourced functions as one of the main challenges impacting 88% of banks that claim they are at least partially reliant on service providers to operate their core banking system.

Dave Ratner, CEO, HYAS had this to say:

   “The fact is that every exploit has to do one thing before it wreaks havoc: communicate with the threat actor controlling it. Identifying and thwarting that communication is the first, last and best chance an organization has to prevent an attack. Third-party breaches will continue to escalate and be a critical pain point for organizations of all sizes until true cyber resiliency implementations are put into effect and organizations have not just the operational internal visibility that they require, but also the capability to detect those telltale signs of a breach and imminent attack, early in the kill chain, and stop it before damage ensues.”


Emily Phelps, Director, Cyware:

   “The recent ransomware attack underscores the critical need for proactive cybersecurity measures in the financial sector. To address these challenges, modernizing traditional SOCs into cyber fusion centers can enable real-time threat intelligence sharing and collaboration across institutions, fostering a collective defense approach. By integrating strategic AI-driven cybersecurity solutions, financial institutions can proactively detect and mitigate threats, ensuring the resilience and integrity of their operations.”

Third party attacks are a danger that every business needs to wrap their heads around. If they don’t, they’ll be the next victim through no fault of their own.

Leave a comment »