Archive for May, 2024

« Older Entries
Newer Entries »

It Appears That I Was Targeted In Either A Pig Butchering #Scam Or A Romance Scam On Mastodon

Posted in Commentary with tags on May 29, 2024 by itnerd

Before I do anything else, let me explain what a Pig Butchering Scam is. Wired will help me with this part:

Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well.

Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.

Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.

Though the swindle has some new twists, you can still see where it’s going. Once the victim has deposited all the money they have and everything the scammers can get them to borrow, the attackers shut down the account and disappear.

As for the romance scam, the RCMP will help me with that:

A romance scam is when a person creates a false identity and pretends to have romantic feelings for a victim to gain their trust and affection for the purpose of obtaining their money. The scam usually unfolds like this:

Step 1: Fraudsters research potential victims online, including reviewing their social media posts, to develop a tailored strategy for each victim and improve their chances of success.

Step 2: After developing an online relationship and gaining the victim’s trust, the fraudster usually fakes a scenario where they need quick money — such as a crisis or an investment opportunity.

Step 3: The scammer then requests money, cryptocurrency, gifts, or investments. They might also send money to the victim to build further trust or engage the victim as a money mule or courier in an illegal transaction. Eventually the victim becomes aware of the scam, many times after they’ve handed over thousands of dollars, at which point the fraudster stops communicating with them.

So with those explanations out of the way, let me explain why I feel I was targeted in one or the other type of scam.

Early today I got this message over Mastodon after I got followed by this person:

Now I was immediately suspicious right out of the gate as this fits the hallmarks of either type of scam. But in the interest of science. I played along. But at the same time, I poked around this Mastodon profile. In short:

  • They had been a member of Mastodon since October 2023
  • They had 14 posts.

Those are sort of red flags. But I needed more evidence to confirm what I was suspecting. And after interacting with this person for a while, I got it:

Scammers will often try to take you off the platform that you meet them on to a place like Telegram to continue the conversation and lead you down the path to separate you from your money. Thus this confirmed that this was some sort of scam. As a result I blocked this person on Mastodon. Honestly, I am surprised that something like this hasn’t happened sooner on Mastodon. Or maybe it has and I wasn’t aware of it. I say that because these scams are easy enough to perpetrate on other types of social media. But the decentralized nature of Mastodon make it way easier to pull something like this off because if a scammer gets caught out, they can set up another account on another Mastodon server and try again.

Regardless of what social media platform that you use, you need to be aware of this sort of thing so that you don’t become a victim. And now, back to your regular scheduled programming.

Leave a comment »

Sage Announces Powerful New Features For Sage Intacct

Posted in Commentary with tags on May 29, 2024 by itnerd

Sage – the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs) – announced powerful new capabilities and updates for Sage Intacct.

The newest enhancements allow for more streamlined workflows and will boost productivity for businesses. The enhancements will also give organizations deeper financial insights and advancements in financial reporting, asset management, and operational efficiency!

Sage Intacct Product Release 2 2024 Enhancements Include:

  • PwC Control Insights now generally available: Designed with compliance and growth in mind, this tool helps organizations strengthen their financial control environment as they scale with Sage Intacct. It provides a live dashboard allowing organizations to maintain strong financial controls and offer actionable insights with recommendations.
    • Availability: US, Canada, UK, South Africa, and Australia
  • Bank transaction assistant file import: With this new guided import experience, users can streamline the process of importing bank data and improving reconciliation efficiency. This saves time and reduces the likelihood of errors, improving the overall reliability of financial data and simplifying the monthly close process.
    • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • AI timesheets: This AI-powered timesheet solution, Sage Intelligent Time (SIT), is embedded in Sage Intacct to help users gather, organize, and suggest activities for inclusion in timesheets, alongside client, project, and task information. This maximizes billable time and improves the accuracy and efficiency of time tracking, leading to more precise invoicing and revenue recognition.
    • Availability: US, Canada, UK, South Africa, and Australia
  • Employee expense allocations: This feature helps to streamline the expense reporting process by allowing users to quickly code expense receipts and leverage the power of transaction allocations. It reduces time-consuming administrative tasks related to expenses and helps maintain compliance with internal policies and external regulations.
    • Availability: US only

Sage Fixed Asset Management – Purchasing integration: Building on the recent release, this expanded feature helps users create assets directly from purchasing transactions such as vendor invoices. It simplifies data entry and improves asset management, significantly reducing manual efforts. This enhancement also increases the accuracy of asset tracking and ensures that asset-related financials are updated in real-time. As a result, it supports a smoother process from the purchase of assets through to their depreciation and maintenance, providing more streamlined asset lifecycle management.

  • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • Boosted revenue management: The latest revenue recognition updates drill down into supporting documents meaning that organizations can now more easily understand how deferred revenue progresses and what to expect in the future. Providing an expedited path for recognizing revenue and achieving reconciliations, it now comes with smarter search and filter options, helping organizations to be clear on revenue schedules faster with dimension group filters.
    • Availability: US, Canada, UK, Ireland, Australia, France & South Africa
  • Construction enhancements: The latest enhancements mean that construction organizations can automatically calculate key metrics related to project revenue and profitability and review project-based costs and billing with Project-level Work in progress.
    • Availability: US, Canada, Australia and Early Adopters in the UK
  • Supplies inventory: This streamlined ordering process provides the ability to track supplies, requisitions and gain insights into usage trends and cost insights across periods. Also manage inventory levels and reorder when needed to avoid availability delays. Employees can enter requisitions for items designated as supplies inventory, such as office or program supplies. Users can easily process requests and monitor status using the workbench.
    • Availability: Early Adopters in US and Canada


You can get a lot more detail here: Sage Intacct unveils new updates to advance productivity and control for SMBs

Leave a comment »

ThreatLocker Expands Security Footprint With New Data Infrastructure in Canada

Posted in Commentary with tags on May 29, 2024 by itnerd

ThreatLocker, a leading provider of Zero Trust cybersecurity solutions, is proud to announce the launch of its latest data center in Toronto, Canada, less than three months after opening its data center in Sydney, Australia. This initiative will significantly bolster cybersecurity capabilities for Canadian businesses and organizations across various sectors, including the private sector, commonwealth, state, territory, and local governments.

The development of this data center by ThreatLocker® will assist Canadian entities in aligning with baseline cybersecurity controls recommended by the Canadian Centre for Cyber Security, which stem from compliance frameworks like NIST, CISC, ISO/IEC, and ITSG-33. More specifically, ThreatLocker® offers Zero Trust, Least Privilege capabilities in the form of Application Control, Ringfencing, Network Control, and Privilege Access Management solutions, amongst many other options.

ThreatLocker®, founded in 2017 by CEO Danny Jenkins, COO Sami Jenkins, and VP of Quality Assurance John Carolan, protects over 2 million endpoints across more than 40,000 organizations globally. The company provides 24/7/365 Cyber Hero support with an average response time of 60 seconds or less. ThreatLocker®offers a powerful Zero Trust endpoint security platform designed to enable organizations to stop ransomware and other cyberattacks by controlling what software can run in their environments. The combined solutions of ThreatLocker®, including Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, and Endpoint Network Control, lead the cybersecurity market towards a more secure approach by blocking the exploits of unknown application vulnerabilities.

Leave a comment »

2.8 Million People Impacted By A Prescription Management Company Getting Pwned

Posted in Commentary with tags on May 29, 2024 by itnerd

On Friday, Sav-Rx, a prescription management company, filed a breach notification disclosing that it suffered a cyberattack in October 2023, compromising the personal data of over 2,812,336 people in the US.
 
A&A Services, operating as Sav-RX, is a company that provides prescription drug management services to employers, unions, and other organizations across the U.S.
 
The impact on its business operations was minimal, systems were restored in a day and prescriptions were shipped on time.
 
The data exposed included:

  • Full names
  • DOBs
  • SSNs
  • Emails
  • Addresses
  • Phone numbers
  • Eligibility data
  • Insurance ID numbers

The breach notification revealed that the hackers first accessed customer data on October 3, 2023.
 
Sav-Rx stated that it took eight months to send out notices because their initial priority was minimizing interruption to patient care before launching the investigation on the impact of the incident.
 
In response to the incident, Sav-Rx is setting up a 24/7 security operations center, implementing MFA on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.

BullWall Executive, Carol Volk had this to say:

   “While Sav-Rx managed to restore operations swiftly, the compromised data—ranging from full names and Social Security numbers to insurance ID numbers—highlights the grave risks posed to individuals’ personal information. The delayed breach notification, which took eight months, reflects the challenges organizations face in balancing immediate operational needs with comprehensive incident response.

   “This incident is a stark reminder that cybersecurity cannot be an afterthought. Sav-Rx’s response, including the establishment of a 24/7 security operations center and implementation of multi-factor authentication, network segmentation, and advanced encryption, is commendable. However, these steps, including ransomware containment, should have been proactive measures rather than reactive responses.


   “The healthcare sector must prioritize cybersecurity investments and adopt proactive strategies to protect patient data and critical infrastructure. The Sav-Rx breach emphasizes the importance of preparedness and the need for continuous vigilance to safeguard against future attacks.”


Dave Ratner, CEO, HYAS follows with this:

   “The remediation and implementation plan being conducted post-breach is necessary and good — and if other organizations haven’t done this yet then they are behind — but unfortunately in today’s era it is not sufficient. Given the prolific onslaught of attacks, and the fact that criminals continue to evolve their techniques and attack vectors, everyone needs to include the implementation of cyber resiliency and Protective DNS in their 2024 security plans.”

Everything that this organization is doing now is too late to prevent the damage that is sure to come to those who are affected by this breach. Hopefully someone in Washington is going to call this company on the carpet to explain themselves in detail.

Leave a comment »

Another Day, Another Third Party Breach

Posted in Commentary with tags on May 29, 2024 by itnerd

Late last week, ABN Amro Bank NV announced that unauthorized parties may have accessed the data of some of its clients after supplier AddComm was the victim of a ransom-ware attack this month.

AddComm, which distributes documents and tokens to clients and employees for ABN Amro, said in a statement that the hack took place between May 5 and May 17 and disrupted its services for a few days.

At this time, it is not clear what type of data was involved, and ABN Amro said it has no indication that the unauthorized parties have used the data of its clients and that the lender’s systems were not affected.

This comes in the same month that Banco Santander SA said that information of clients and staff managed by a third-party was accessed without authorization, and Deutsche Bank, Commerzbank and ING Groep were among dozens of companies to suffer from the MOVEit file transfer tool breach.

Meanwhile, the European Central Bank, which oversees lenders in the region, conducted a stress test to examine how banks respond to and recover from cyber attacks and observed the extensive use of outsourced functions as one of the main challenges impacting 88% of banks that claim they are at least partially reliant on service providers to operate their core banking system.

Dave Ratner, CEO, HYAS had this to say:

   “The fact is that every exploit has to do one thing before it wreaks havoc: communicate with the threat actor controlling it. Identifying and thwarting that communication is the first, last and best chance an organization has to prevent an attack. Third-party breaches will continue to escalate and be a critical pain point for organizations of all sizes until true cyber resiliency implementations are put into effect and organizations have not just the operational internal visibility that they require, but also the capability to detect those telltale signs of a breach and imminent attack, early in the kill chain, and stop it before damage ensues.”


Emily Phelps, Director, Cyware:

   “The recent ransomware attack underscores the critical need for proactive cybersecurity measures in the financial sector. To address these challenges, modernizing traditional SOCs into cyber fusion centers can enable real-time threat intelligence sharing and collaboration across institutions, fostering a collective defense approach. By integrating strategic AI-driven cybersecurity solutions, financial institutions can proactively detect and mitigate threats, ensuring the resilience and integrity of their operations.”

Third party attacks are a danger that every business needs to wrap their heads around. If they don’t, they’ll be the next victim through no fault of their own.

Leave a comment »

Investors At Amazon’s AGM Show That Support For Workers Rights At An All Time High

Posted in Commentary with tags on May 28, 2024 by itnerd

This is a follow up to this recent story involving Amazon and workers rights. 

Investors of Amazon.com continued to lend their support to a shareholder proposal on freedom of association and collective bargaining during the company’s recent annual general meeting (AGM).  

The proposal, put forward by an international coalition of responsible investors representing 3.5-trillion USD in assets under management (AUM), called for Amazon to undergo a third-party assessment reviewing the extent to which it has been living up to its promises to respect international labour standards. 

According to Company filings that were published on Friday, approximately 32 per cent of votes were cast in favour of the proposal — the second-highest level of investor support for any of the 14 shareholder proposals voted on at last Wednesday’s AGM. Accounting for the large number of shares controlled by board member and former Amazon CEO Jeff Bezos, roughly 37 per cent of independent votes were cast in favour of the proposal. 

This vote comes amid a number of recent concerning developments in Amazon’s relationship with its workers. A major British trade union, GMB, recently announced legal action against the Company in the U.K. over allegations of anti-union practices; in the U.S., a federal administrative judge ruled that CEO Andy Jassy violated federal law by making comments on unions. 

These developments coincided with a surge in investor support for the shareholder proposal. In addition to the original coalition of 22 cofilers, the proposal was publicly supported in recent weeks by numerous major public funds and asset managers: 

  • the California Public Employees’ Retirement System (CalPERS) 
  • the California State Teachers’ Retirement System (CalSTRS) 
  • the Office of the New York City Comptroller  
  • the New York State Common Retirement Fund 
  • Norges Bank Investment Management (NBIM)  
  • Legal and General Investment Management (LGIM). 

The proxy advisory firms International Shareholder Services (ISS) and Glass-Lewis also backed the proposal, despite management’s opposition. 

Sarah Couturier-Tanoh, Director of Shareholder Advocacy for SHARE, the Shareholder Association for Research and Education, which led the investor coalition behind the proposal had this comment: 

“Once again, shareholders have sent a clear message to Amazon’s board and management that the Company must do better in delivering on its commitment to workers’ rights,”

“Given the widespread support the proposal received, we expect the board to demonstrate — at a minimum — what it is doing to comply with international human rights standards and mitigate the labour-rights related risks shareholders are seeing.” 

Leave a comment »

RansomHub Threatens Christie’s With The Release Of Stolen Data If They Don’t Get Paid

Posted in Commentary with tags on May 28, 2024 by itnerd

News has emerged that the hacker group known as RansomHub is threatening to release the sensitive data of high-end Christie’s art auction house in New York, including financial data and client addresses by the end of May, if no ransom is paid:

Now, RansomHub has posted a new thread on a dark web site, assuming responsibility for the attack, and claiming it grabbed customer names and birth dates. At this moment it is impossible to verify the authenticity of the claims, but with RansomHub’s history, it’s possible they are telling the truth.

RansomHub was born out of the disappearance of the ransomware-as-a-service known as ALPHV, or BlackCat. 

With a ransomware-as-a-service model, one group builds and maintains the malware while others, called affiliates, do the actual breaching and encrypting. When affiliates successfully extort money from a victim, they get a piece of it, while a piece goes to the developers. When an ALPHV affiliate breached Change Healthcare earlier this year, they allegedly successfully extorted the healthcare giant for $22 million. However, when it was time to split the prize, the developers took all of it and just disappeared, leaving the affiliate with roughly 4TB of stolen sensitive data.

This affiliate was later named RansomHub and it tried, on its own, to extort Change Healthcare again. 

In Christie’s case, the group said it would release the timer by the end of May, since it couldn’t come to an agreement with the company.

Darren Williams, CEO and Founder, Blackfog had this to say:

 “The clock is ticking for Christies Art House who has a major decision to make now that criminal gang RansomHub has implemented a payment deadline.  With the personal and financial data belonging to their high-profile clients at risk, this is indeed quite worrying. 

The ‘to pay or not to pay’ dilemma is a serious issue for all types of organisations who are facing a rising wave of ransomware attacks. High profile organisations such as Christie’s, which sells high value items upwards of £600 million, will always be on the radar or cyber attackers looking for a quick win with large financial gain. 

Once the data is in the hands of the attackers, the focus must be on handling the incident and repercussions as quickly as possible, leaning on experts to help ease the process when possible.  Once the clean up is done, the focus must shift to preventing these attacks in the future by implementing technology designed to prevent the exfiltration of data, mitigating the risks of future attacks and extortion.”

RansomHub, the attacker group behind this attack, is quite new, first identified by BlackFog in February of this year. The criminal gang has since claimed attacks on multiple organisations – notably UnitedHealth Group, American Clinical Solutions and now Christie’s art auction house in New York.

It will be interesting to see what happens next as we’re only two days from the end of May. I’m pretty sure that this group will release some sort of data in retaliation for not getting paid. But not paying them is the correct course of action as cybercrime groups cannot be allowed to succeed in terms of extorting money from their victims.

1 Comment »

BforeAI Launches PreCrime Guarantee Program for Seamless Cyber Risk Coverage

Posted in Commentary with tags on May 28, 2024 by itnerd

BforeAI, the world’s fastest and most accurate predictive attack intelligence and digital risk protection solution, announced today the launch of PreCrime Guarantee, the company’s new breach protection pledge that underlines confidence in their cybersecurity solutions platform. In partnership with the leading global provider of cyber insurance, PreCrime Guarantee reimburses customers up to ten times the value of their service contract if impacted by a cyberattack due to a failure by BforeAI’s predictive solution.

BforeAI’s PreCrime platform predicts, blocks, and preempts malicious campaigns before they can impact an organization. With a false positive rate of 0.05%, the company’s automated preemption can stop attacks within minutes,before the customer falls victim. PreCrime Guarantee provides customers with additional peace of mind as they assess the platform’s effectiveness in the field and further validates the powerful insights and resources that the PreCrime platform provides security teams.

BforeAI underwent a stringent, nine-month process in which the insurance partner validated the effectiveness of the artificial intelligence platform against BforeAI’s go-to-market claims.

Because AI systems are not deterministic but based on probability, it is critical that they are developed to deliver reliable, business process-friendly results. PreCrime delivers best-in-class false positive/false negative and recall performance with extreme reliability. As BforeAI’s AI models were evaluated for their performance, the insurance partner’s team of experts were impressed by the quality of the underlying technology and its controls to limit deviation from performance claims.

The PreCrime Guarantee launch comes on the heels of a recent $15 million Series A funding round led by SYN Ventures, with renewed participation from early investors Karma Ventures, Karista, Addendum Capital, and a new investment from the Partnership Fund for New York City. The program will be instrumental in new customer engagements as BforeAI looks to expand further in the U.S. market in 2024.

Leave a comment »

Make Sure You Update Chrome ASAP To Mitigate An Actively Exploited Vulnerability…. Along With Some Others

Posted in Commentary with tags on May 27, 2024 by itnerd

If you’re a Google Chrome user, you should make sure that you’re on 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux. If you’re not, update ASAP as this update addresses a zero day vulnerability that is being actively exploited. Here’s what Google said:

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20

Google is aware that an exploit for CVE-2024-5274 exists in the wild.

Fun fact, this is the fourth zero day that Google has patched this month. Here are the other three:

  • CVE-2024-4947 patched on 15 May. This was another type confusion flaw in V8 that was reported by Vasily Berdnikov and Boris Larin of Kaspersky Lab and which was used in targeted attacks according to Kaspersky.
  • CVE-2024-4761 patched on 13 May. An out of bounds memory write in V8 reported by an Anonymous researcher.
  • CVE-2024-4671 patched on 9 May. A use after free flaw in the browser’s Visuals component that was reported by an Anonymous researcher.

So if you haven’t updated Chrome, consider this a today problem.

Leave a comment »

Why I Think Spotify’s Handling Of The Demise Of It’s Car Thing Device Quite Frankly Sucks

Posted in Commentary with tags on May 26, 2024 by itnerd

First some background. Back in October 2021, Spotify announced the Car Thing. This was a $90 USD device that went in your car and allowed you to stream from Spotify in your car. The device had a 4-inch touchscreen and knob for easy navigation, as well as support for Apple CarPlay, Android Auto, and voice control. But you needed a data connection of some sort and you also needed to be a Spotify Premium account holder to use it. I at the time questioned how useful this would be. But clearly Spotify felt there was a need for this device. Though it killed the product in 2022 as I am guessing that the money wasn’t rolling in because this product existed.

Fast forward to earlier this week when it was announced by Spotify that it was going to remote brick this device and users could dispose of it responsibly as e-waste. Effectively, Spotify was killing the product and making sure there was no possibility that it could return.

Cue the outrage on multiple fronts. Reddit and Spotify own forum among other places were soon filled with angry owners of the device venting their frustration at the company for this move. Some called this move unacceptable and many wanted a refund. Some even wanted the company to open source the device to keep it alive. Thus while I had my reservations about the usefulness of such a device, there are clearly many who found it useful.

Here’s my thoughts on this. What this seems like to me is that Spotify used its user base as a beta test group for a product. And now they want to kill the product because it didn’t work out the way the company wanted it to. Which is code for it didn’t make Spotify a pile of money from this device. Now if someone wants to pay up to be part of this beta test, is up to them. But for Spotify to brick the device and tell users to throw it away is completely unacceptable. Yes they did say to dispose of it responsibly as e-waste, but that’s still the wrong message. Because the message I would be getting if I were a Spotify customer is not to support them in terms of getting any other piece of hardware that they might come out with. And in an extreme case, I might be rethinking my support of Spotify in general. As in cancelling my subscription. So far from what I can tell, Spotify really isn’t saying anything than what is in the document that I linked to above. Nor have they answered questions about the possibility of open sourcing the device. But if they did open source the device, it would make them look a whole lot better than they do right now. Spotify really needs to recognize that they have stuffed the handling of this situation and rethink this. Because right now, they look like a bunch of clowns who don’t care about this subset of their user base. And for those like me who don’t have a Spotify account and who are watching this from afar, this situation and how it is being handled doesn’t give me an incentive to get a Spotify account. Even a free one.

Over to you Spotify. Though given your past track record in handling bad situations, I fully expect you to continue to screw up the response to this bad situation.

1 Comment »

« Older Entries
Newer Entries »